Configure Barracuda Firewall
Firewall Analyzer supports most versions of Barracuda Firewall device.
Configure Barracuda Firewall
Follow the below steps to configure Barracuda firewall:
Step 1. Enable the Syslog Service
- Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
- Click Lock.
- Set Enable Syslog Streaming to yes.
- Click Send Changes and Activate.
Step 2. Configure Logdata Filters
- Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
- In the left menu, select Logdata Filters.
- Expand the Configuration Mode menu and select Switch to Advanced View.
- Click Lock.
- Click the + icon to add a new entry.
- Enter a descriptive name in the Filters dialog and click OK.
- In the Data Selection table, add the log files to be streamed. You can select:
- Fatal_log – Log contents of the fatal log (log instance name: fatal)
- Firewall_Audit_Log – The log contents of the firewall's machine readable audit data stream. Whether data is streamed into the Firewall_Audit_Log has to be configured in the General Firewall Configuration settings on box-level, section Audit Log Handling > Audit-Delivery: Syslog-Proxy (see: FW Audit). The log instance name corresponding to Syslog-Proxy selected will be trans7.
- Panic_log – log contents of the panic log (log instance name: panic)
When Log-File is selected in the firewall's configuration, the data will go into a log file named Box > Firewall > audit (which means the instance is named box_Firewall_audit) and thus this filter setting is not applicable. The pertinent one then would be a selection of category Firewall within the box selection portion of the filter. |
- In the Affected Box Logdata section, define what kind of box logs are to be affected by the syslog daemon from the Data Selection list.
- When choosing Selection (default),
- Click the + icon next to Data Selection to add an entry.
- Enter a descriptive name for the group and click OK. The Data Selection window opens.
- Add the Log Groups for selection or select Other and specify an explicit selection. For more information, see User Defined Log Groups.
- Set a Log Message Filter. When choosing Selection, add the explicit log type to the Selected Message Types table.
- Click OK.
- In the Affected Service Logdata section, define what kind of logs created by services are to be affected by the syslog daemon from the Data Selection list.
- When choosing Selection (default),
- Click the + icon next to Data Selection to add an entry.
- Enter a descriptive name for the group and click OK. The Data Selection window opens.
- In the Log Groups table, add the server and services where log messages are streamed from, or select Other and specify a more granulated selection. For more information, see User Defined Log Groups.
- Set a Log Message Filter. When choosing Selection, add the explicit log type to the Selected Message Types table.
- Click OK.
- Click Send Changes and Activate.
Step 3. Configure Logstream Destinations
- Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
- In the left menu, select Logstream Destinations.
- Expand the Configuration Mode menu and select Switch to Advanced View.
- Click Lock.
- Click the + icon to add a new entry.
- Enter a descriptive name in the upcoming dialog and click OK. The Destinations window opens.
- Select Explicit IP (default).
- Enter the the Firewall Analyzer IP address in the Destination IP Address field.
- Enter the Destination Port for delivering syslog messages.
- Enter 1514 in the Destination Port field. (Firewall Analyzer use 1514 as default syslog server port.)
Note: |
Default Syslog server ports in Barracuda device are 5143 (encrypted streaming) and 5144 (unencrypted streaming). The default is to use encryption for delivery, therefore port 5143 is pre-configured. You must also adapt the host firewall rule for syslog traffic to use the new port (1514). |
- Select the Transmission Mode as UDP.
- Click OK.
- Click Send Changes and Activate.
Step 4. Configure Logdata Streams
- Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
- In the left menu, select Logdata Streams.
- Expand the Configuration Mode menu and select Switch to Advanced View.
- Click the + icon to add a new entry.
- Enter a descriptive name in the upcoming dialog and click OK.
- Configure the following settings:
- Active Streams – This parameter allows you to activate/deactivate the selected log stream profile. By default, for example when creating a new profile, this parameter is set to yes.
- Log Destinations – Here the available log destinations (defined in the section Logstream Destinations) can be selected.
- Log Filters – Here the available log patterns (defined in the section Logdata Filters) can be selected.
- Click Send Changes and Activate.
Step 5. Configure Web Log Streaming
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.
- Click Lock.
- In the left menu, click Web Log Streaming.
- From the Enable Web Log Streaming list, select yes.
- Enter the Streaming Template as below,
%timestamp% 1 %srcip% %dstip% %content-type% %srcip% %uri% %content-length% BYF ALLOWED CLEAN 2 1 0 %actionnum% 0 (-) %actionnum% %urlcat% 0 - 0 %host% %urlcat% [%user%] %host% - - 0
- Select the Streaming Protocol as UDP.
- Enter the Destination IP Address.
- Enter the the Firewall Analyzer IP address in the Destination IP Address field.
- Enter the Destination Port.
- Enter 1514 in the Destination Port field. (Firewall Analyzer use 1514 as default syslog server port.)
- Click Send Changes and Activate.
Configure SNMP in Barracuda firewall using the below help link:
https://campus.barracuda.com/product/nextgenfirewallf/doc/53248593/how-to-configure-the-snmp-service/
Once SNMP configured in Barracuda firewall, add the SNMP credentials in Firewall Analyzer > Settings > SNMP Settings.
References: