Skip to main content

Configuration Guide - Barracuda CloudGen Firewall

Tony Black
  • Updated

TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: Firewall Syslog
ENVIRONMENT: Barracuda CloudGen Firewall
SUMMARY: Configuration Guide for Barracuda CloudGen Firewalls

 

Vendor Information

Vendor

Barracuda

Supported Model Name/Number

CloudGen Firewall

Supported Software Version(s)

8.3, 9.0

Collection Method

Syslog

Provider Name

Syslog-BarracudaCloudGen

Additional Information

Barracuda CloudGen Log Files and Structure

Barracuda CloudGen Syslog Streaming Configuration

 

Device Configuration Checklist

Enable the Syslog Service

  1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming

  2. Click Lock

  3. Set Enable Syslog Streaming to yes

  4. Click Send Changes and Activate

Configure Logdata Filters

  1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming

  2. In the left menu, select Logdata Filters

  3. Expand the Configuration Mode menu and select Switch to Advanced View

  4. Click Lock

  5. Click the + icon to add a new entry

  6. Enter a descriptive name in the Filters dialog and click OK.

  7. In the Affected Box Logdata section, choose the box logs sent via syslog

    1. Click the + next to Data Selection to add an entry

    2. Enter a descriptive name for the group and click OK. The Data Selection window opens.

    3. Choose the following items from the Data Selection window: Auth-All, Config-All, Control-All, Event-All, Firewall-Activity-Only, Firewall-Threat-Only, Network-All, Settings-All, SSH-All, System-All, Watchdog-All

    4. Choose the following items from Message Types: Panic, Security, Fatal, Error, Warning, Notice

    5. Click OK

  8. Click Send Changes and Activate

Configure Logstream Destination

  1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming

  2. In the left menu, select Logstream Destinations

  3. Expand the Configuration Mode menu and select Switch to Advanced View

  4. Click Lock

  5. Click the + icon to add a new entry

  6. Enter a descriptive name for the destination (such as Huntress Collector) and click OK. The Destinations window opens.

  7. Select the Logstream Destination

    1. Select Explicit IP

    2. Set the Destination IP Address to the IP of the Huntress agent configured to receive syslog

  8. Set the Destination Port to 514

  9. Set the Transmission Mode to UDP

  10. Click OK

  11. Click Send Changes and Activate

Configure Logdata Streams

  1. Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming

  2. In the left menu, select Logdata Streams

  3. Expand the Configuration Mode menu and select Switch to Advanced View

  4. Click Lock

  5. Click the + icon to add a new entry

  6. Enter a descriptive name for the new configuration (such as Huntress Log Stream) and click OK

  7. Configure the following settings

    1. Active Streams to yes

    2. Log Destinations to the destination created above

    3. Log Filters to the filter created above

  8. Click Send Changes and Activate

 

Example Log Messages

Firewall Traffic

<14>Feb 6 19:14:59 hostname hostname/box_Firewall_Activity: Info hostname Allow: FWD|TCP|p1|10.36.87.167|63102|e4:54:e8:81:49:42|142.250.187.227|80|http|p2|BOX-LAN-2-INTERNET|0|195.224.222.166|142.250.187.227|0|1|0|0|0|0||||||

Related articles