DEVICE INTEGRATION
      Back to home
      1. KNOWLEDGE BASE
      2. DEVICE INTEGRATION

      Barracuda WAF Syslog

      This article describes the steps to configure Barracuda WAF Syslog with DNIF.

      The following properties are specific to the Barracuda Networks WAF:

      • Collection method: Syslog
      • Format: Regex
      • Functionality: Web Application Firewall

      Prerequisites

      Before you connect Barracuda Networks WAF, obtain the IP address of the Remote Server and verify that firewalls between the Barracuda appliance and Remote Server allow UDP traffic on port 514.

      References

      Configuring the Barracuda Networks WAF connection:

      1. Log in to the Barracuda Web Application Firewall web interface.
      2. Click the Advanced tab.
      3. Select Export Logs from the Advanced menu.
      4. Click Export Log Settings in the Export Logs section. The Export Log Settings window opens.
      5. Select the appropriate facility (Local0 to Local7) from the drop-down list In the Syslog Settings section for each log type.
      6. Click Save.
      7. Configure a syslog facility value for the following options:

        Option

        Description

        Web Firewall Logs Facility

        Select a syslog facility between Local0 and Local7.

        Access Logs Facility

        Select a syslog facility between Local0 and Local7.

        Audit Logs Facility

        Select a syslog facility between Local0 and Local7.

        System Logs Facility

        Select a syslog facility between Local0 and Local7.
      8. Click Add Export Log Server in the Export Logs section. The Add Export Log Server window opens.
      9. Specify values for the following:

        Option

        Description

        Name

        The name of the Remote Console or Event Collector

        Syslog Server

        The IP address of your Remote Server or Event Collector.

        Port

        The port that is associated with the IP address of your Remote Server or Event Collector.

        If syslog messages are sent by UDP, use the default port, 514.

        Connection Type

        The connection type transmits the logs from the Barracuda Web Application Firewall to the Remote Server or Event Collector. UDP is the default protocol for syslog communication.

        Validate Server Certificate

        No
      10. Select Yes from the Log Unit Name option.
      11. Select the default format from the list box for the following log types in the Log Formats pane:
        1. Web Firewall Logs Format
        2. Access Logs Format
        3. Audit Logs Format
        4. Network Firewall Logs Format
        5. System Logs Format
      12. Click Save Changes.
      13. Go to Menu > Basic > Administration.
      14. Click Restart from the System/Reload/Shutdown pane.
      15. Configuring Syslog Connector in DNIF:

      NOTE: By Default, a Syslog Connector is already configured and present in the Data Source with listener port on 514, but if it is not present then only proceed with the below steps to configure a new syslog connector. 

      1. Go to System > Data Sources.
      2. Click ‘+’ icon in the top right corner to add a new data source.
      3. Select Syslog and then click Next.
      4. Provide a suitable name for the Syslog Connector.
      5. Provide the Listener port value as ‘514’.
      6. Click Next.