How do I configure remote syslog logging for a Barracuda Firewall - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

How do I configure remote syslog logging for a Barracuda Firewall - Connect IT Community | Kaseya

This article will walk through the steps to configure Barracuda firewalls to send Syslog messages to the RocketAgent Syslog Server

The following steps are performed from the Barracuda Firewall Management Interface

Enable Audit Logs

Activate the generation of Firewall Audit data:

Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > General Firewall Configuration.
In the left menu, select Audit and Reporting.
Expand the Configuration Mode menu and select Switch to Advanced View.
Click Lock.
In the Log Policy section enable Generate Audit Log.
Click Set next to Audit Log Data.
From the Audit, Delivery list select how to audit log data is stored or processed
Select Syslog-Proxy from the Audit Delivery drop-down.
Click OK.
Click Send Changes and Activate.

Enable the Syslog Service

Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
Click Lock.
Set Enable Syslog Streaming to yes.
Click Send Changes and Activate.

Configure Logdata Filters

Define profiles specifying the log file types to be transferred/streamed to the RocketAgent.

Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
In the left menu, select Log data Filters.
Expand the Configuration Mode menu and select Switch to Advanced View.
Click Lock.
Click the + icon to add a new entry.
Enter RocketCyber in the Filters dialog and click OK.
In the Data Selection table, add the log files to be streamed. Select:
- Firewall_Audit_Log – The log contents of the firewall's machine-readable audit data stream. Weather data is streamed into the Firewall_Audit_Log has to be configured in the General Firewall Configuration settings on box-level, section Audit Log Handling >Audit-Delivery: Syslog-Proxy (see: FW Audit). The log instance name corresponding to Syslog-Proxy selected will be trans7.
- Panic_log – log contents of the panic log (log instance name: panic)
  
  When Log-File is selected in the firewall's configuration, the data will go into a log file named Box->Firewall->audit (which means the instance is named box_Firewall_audit) and thus this filter setting is not applicable. The pertinent one then would be a selection of category Firewall within the box selection portion of the filter.
In the Affected Box Log data section, define what kind of box logs are to be affected by the Syslog daemon from the Data Selection list.
Choose Selection (default),
1. Click the + icon next to Data Selection to add an entry.
2. Enter a descriptive name for the group and click OK. The Data Selection window opens.
3. Add the Log Groups table select Other and specify the following:
  AuthEvent
  Firewall
  Network
  SSH
  virscan
  proxy
  sslprx
  cofs
  sslprx
  spamfilter
  sshprx
  vpnserver
4. (Optional) Set a Log Message Filter. When choosing Selection,
  - Add the explicit log type to the Selected Message Types table.
5. Click OK.
In the Affected Service Log data section, define what kind of logs created by services are to be sent by the Syslog daemon from the Data Selection list.
Choose Selection (default),
1. Click the + icon next to Data Selection to add an entry.
2. Enter a descriptive name for the group and click OK. The Data Selection window opens.
3. In the Log Groups table, select Other and specify the following:
  
  virscan_cas
  firewall_auth
  firewall_Rule*

1. (Optional) Set a Log Message Filter. When choosing Selection,
  - Add the explicit log type to the Selected Message Types table.
2. Click OK.
Click Send Changes and Activate.

Configure Logstream Destinations

Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > Syslog Streaming.
In the left menu, select Log stream Destinations.
Expand the Configuration Mode menu and select Switch to Advanced View.
Click Lock.
Click the + icon to add a new entry.
Enter RocketCyber in the upcoming dialog and click OK. The Destinations window opens.
Select the Logtream Destination. When an external log host is used,
1. Select Explicit IP.
2. Enter the destination IP address in the Destination IP Address field. This is the IP address of the RocketAgent Syslog Server
Enter the Destination Port for delivering Syslog messages, enter 514. This is the default port that the RocketCyber Syslog Server listens on.
Select the Transmission Mode UDP
Click OK.
Click Send Changes and Activate.