Skip to content




Infoblox, formerly, is a privately held IT automation and security company based in California's Silicon Valley. The company focuses on managing and identifying devices connected to networks—specifically for the Domain Name System, Dynamic Host Configuration.

Infoblox NIOS is the world's leading on-premises platform for automating DNS, DHCP and IPAM (DDI)—and simplifying complex, dynamic network services for any sizeProtocol, and IP address management.

Product Details

Vendor URL: Infoblox | Cloud-First Security & Networking

Product Type: DNS, DHCP

Product Tier: Tier I

Integration Method: Syslog

Integration URL: Configuring Syslog Forwarding - Infoblox Documentation Portal

Log Guide: Infoblox Log Guide

Parser Details

Log Format: Syslog

Expected Normalization Rate: 75%

Data Label: INFOBLOX

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
_q network.dns.questions
act metadata.product_event_type
app metadata.product_event_type
cat metadata.description
dhost target.hostname
dhost target.ip
dipaddress target.ip
dpt target.port
dvc src.ip
dvchost src.hostname
ipaddress principal.ip
msg metadata.description
msg_json_log.additional.0.value principal.hostname
msg_json_log.metadata.description metadata.description
msg_json_log.metadata.product_name metadata.product_name
msg_json_log.metadata.product_version metadata.product_version
msg_json_log.metadata.vendor_name metadata.vendor_name
prod_version metadata.product_version
product metadata.product_name
rule_name sr.summary
ruleID sr.rule_id
shost principal.hostname
shost principal.ip
spt principal.port
vendor metadata.vendor_name

Product Event Types

type,subtype severity UDM Event Classification alerting enabled
Login_success USER_LOGIN

Log Sample

<28>Dec  1 15:23:47 OBSERVER.DOMAIN.COM hostservice: 410 Login_success, Username: john.doe, Src: hostname1.SUBDOMAIN.US.DOMAIN.COM, Src IP:, Dst IFace: default, Dst IP:, Src Port: 65384, Dst Port: 22, Ver: SSH-2.0-OpenSSH_5.2 Secure_Shell-v6, Session-Id: 1234

Sample Parsing

metadata.event_timestamp = "2021-12-01T15:23:47Z"
metadata.event_type = "USER_LOGIN"
metadata.product_event_type = "Login_success"
metadata.description = "SSH-2.0-OpenSSH_5.2 Secure_Shell-v6"
metadata.ingested_timestamp = "2021-12-01T19:23:49.914177Z"
additional.Dst IFace = "default"
additional.Session-Id = "1234"
principal.hostname = "hostname1"
principal.user.userid = "john.doe"
principal.ip = ""
principal.port = 65384
principal.administrative_domain = "SUBDOMAIN.US.DOMAIN.COM"
principal.application = "SSH-2.0-OpenSSH_5.2"
principal.namespace = "DOMAIN"
principal.asset.ip = ""
target.ip = ""
target.port = 22
target.namespace = "DOMAIN"
target.asset.ip = ""
observer.hostname = "OBSERVER.DOMAIN.COM"

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon