To stream log data to a Log Analytics workspace in Microsoft Azure, you must connect your Barracuda SecureEdge with the Log Analytics workspace. For more information on Microsoft Azure Log Analytics workspaces, see https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal.
Step 1. Create Log Analytics Workspace
Log into the Azure portal: https://portal.azure.com
In the left menu, click All services and go to Log Analytics workspaces.
In the Log Analytics workspaces menu, click Create.
The Create Log Analytics workspace blade opens. In the Basics blade, enter values for the following:
Subscription – Select your subscription.
Resource Group – Select an existing resource group, or create a new, dedicated resource group for your workspace.
Name – Enter a name for the Log Analytics workspace.
Region – Select the geographical location where the data for your workspace will be stored.
Click Next : Tags.
The Tags blade opens. Specify values for your tags.
Click Review + Create.
The Review + Create blade opens. Verify your settings:
Click Create.
Click Refresh in the Log Analytics workspaces blade to display the new Log Analytics workspace.
Step 2. Retrieve Workspace ID and Workspace Key
To connect Barracuda SecureEdge with the newly created Log Analytics workspace, you need the Workspace ID and Workspace Key.
Log into the Azure portal: https://portal.azure.com
In the left menu, click All services and go to Log Analytics workspaces.
Click on the Log Analytics workspace created in Step 1.
In the left menu, click Agents.
In the Agents window, select Linux servers.
Copy WORKSPACE ID and PRIMARY KEY and save it locally.
Step 3. Connect Barracuda SecureEdge with Microsoft Azure Log Analytics Workspace
Log into Barracuda SecureEdge: https://se.barracudanetworks.com/
Go to Integration > Azure Monitor.
The Azure Monitor page opens, specify values for the following:
Azure Log Analytics (OMS) – Set the switch to Enable.
Workspace ID – Enter the WORKSPACE ID retrieved in Step 2.
Workspace Key – Enter the PRIMARY KEY retrieved in Step 2.
Click Save.
Additional Information
(Optional) Configure Azure Log Analytics as the Logstream Destination on the CloudGen Firewall
If you want to configure the CloudGen Firewall to send the logstream to Microsoft Azure Log Analytics, select Microsoft OMS Security from the Logstream Destination list. For more information, see How to Configure Log Streaming to Microsoft Azure Log Analytics.
Data sent to Log Analytics will show up under the Syslog tag in Azure Log Analytics. Data sent to Microsoft OMS Security can be found under CommonSecurityLog, which requires Security and Audit to be enabled in the workspace (select Configure monitoring solutions and search for the solution).