/
Infoblox.txt
21 lines (21 loc) · 1.66 KB
/
Infoblox.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
// Title: Infoblox consolidated parser for DHCP and DNS
// Author: Microsoft
// Version: 1.1
// Last Updated: 23/05/2022
// Comment: Updated to only parse the MSG (RFC3164) part of the Syslog message. Excluded the Header.
//
// DESCRIPTION:
// This parser takes union of 18 functions - Infoblox_dnsclient,Infoblox_dnsgss,Infoblox_dnszone,Infoblox_allotherdnsTypes,Infoblox_dhcpadded,
//Infoblox_dhcpbindupdate,Infoblox_dhcpdiscover,Infoblox_dhcpexpire,Infoblox_dhcpinform,Infoblox_dhcpoffer,Infoblox_dhcpoption,Infoblox_dhcpother,
//Infoblox_dhcprelease,Infoblox_dhcpremoved,Infoblox_dhcprequest,Infoblox_dhcpsession,Infoblox_dnsclient,Infoblox_allotherdhcpdTypes
// REFERENCES:
// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
// Infoblox NIOS logging formats: https://docs.infoblox.com/display/NAG8/Using+a+Syslog+Server
//
// LOG SAMPLES:
// This parser assumes the raw log are formatted as follows:
//
// May 13 12:05:52 10.0.0.0 dhcpd[30174]: DHCPDISCOVER from 0a:0b:0c:0d::0f via eth2 TransID 5daf9374: network //10.0.0.0/24: no free leases
// May 13 12:05:52 10.1.1.1 named[11325]: zone voip.abc.com/IN: ZRQ applied transaction 0101010 with SOA //serial 9191919. Zone version is now 0202020.
union
Infoblox_dnsclient,Infoblox_dnsgss,Infoblox_dnszone,Infoblox_allotherdnsTypes,Infoblox_dhcpadded, Infoblox_dhcpbindupdate,Infoblox_dhcpdiscover,Infoblox_dhcpexpire,Infoblox_dhcpinform,Infoblox_dhcpoffer,Infoblox_dhcpoption,Infoblox_dhcpother,Infoblox_dhcprelease,Infoblox_dhcpremoved,Infoblox_dhcprequest,Infoblox_dhcpsession,Infoblox_dnsclient,Infoblox_allotherdhcpdTypes