The article covers the prerequisites and procedure to configure Barracuda firewall syslogs and export them to Chronicle.
The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target applications hosted on web servers and in the cloud. With the help of Barracuda Web Application Firewall KP items, we can monitor the network firewall logs, access logs, web firewall logs, system logs and audit logs on web applications. It also triggers the alert for authentication hijacking, buffer overflow attack, command injection attack, denial of service attack, and obfuscation attack.
Prerequisites
- Barracuda Web Application Firewall should be installed and proper access permissions to make configuration changes.
Configuring Barracuda Firewall syslog
Adding Export Log Server
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Add Export Log Server.
The Add Export Log Server window appears, specify values for the following:
-
- Name: Enter a name.
- Log Server Type: Select Syslog NG.
- IP Address: Enter the Forwarder IP address.
- Port: Enter the Syslog server (11726) port.
- Connection Type: Select the connection type to transmit the logs from the Barracuda Web Application Firewall to the Forwarder.
- Validate Server Certificate: Select No.
- Client Certificate: Select No.
- Log Timestamp: Select Yes.
3.Click Add
Adding Export Log Settings
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Export Log Settings.
The Export Log Settings window appears, specify values for the following:
3. In the syslog settings section of the Export Log Settings dialog box, follow the below-mentioned screenshot process.
4. Click Save.
6. Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.
Comments
0 comments
Please sign in to leave a comment.