It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SecureEdge

How to Configure Log Streaming to Microsoft Azure Log Analytics Workspace

  • Last updated on

To stream log data to a Log Analytics workspace in Microsoft Azure, you must connect your Barracuda SecureEdge with the Log Analytics workspace. For more information on Microsoft Azure Log Analytics workspaces, see https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal.

Step 1. Create Log Analytics Workspace

  1. Log into the Azure portal: https://portal.azure.com

  2. In the left menu, click All services and go to Log Analytics workspaces.

    goto-allservice-log.png
  3. In the Log Analytics workspaces menu, click Create

    click-create.png

  4. The Create Log Analytics workspace blade opens. In the Basics blade, enter values for the following:

    • Subscription – Select your subscription.

    • Resource Group – Select an existing resource group, or create a new, dedicated resource group for your workspace. 

    • Name – Enter a name for the Log Analytics workspace.

    • Region – Select the geographical location where the data for your workspace will be stored.

      create-logAnalytic.png

  5. Click Next : Tags.

  6. The Tags blade opens. Specify values for your tags.

  7. Click Review + Create.

  8. The Review + Create blade opens. Verify your settings:

    logAnalytic-validation.png

  9. Click Create.

  10. Click Refresh in the Log Analytics workspaces blade to display the new Log Analytics workspace.

    LogAnalytic-ws.png

Step 2. Retrieve Workspace ID and Workspace Key

To connect Barracuda SecureEdge with the newly created Log Analytics workspace, you need the Workspace ID and Workspace Key

  1. Log into the Azure portal: https://portal.azure.com

  2. In the left menu, click All services and go to Log Analytics workspaces

  3. Click on the Log Analytics workspace created in Step 1.

  4. In the left menu, click Agents.

    LAW-agents.png

  5. In the Agents window, select Linux servers

    goto-linux-servers.png

  6. Copy WORKSPACE ID and PRIMARY KEY and save it locally. 

    workspace-ID-key.png

Step 3. Connect Barracuda SecureEdge with Microsoft Azure Log Analytics Workspace

  1. Log into Barracuda SecureEdge: https://se.barracudanetworks.com/

  2. Go to Integration > Azure Monitor.

    azure-monitor.png

  3. The Azure Monitor page opens, specify values for the following:

    • Azure Log Analytics (OMS) – Set the switch to Enable

    • Workspace ID – Enter the WORKSPACE ID retrieved in Step 2.

    • Workspace Key – Enter the PRIMARY KEY retrieved in Step 2.

      oms.png

  4. Click Save.

Additional Information

(Optional) Configure Azure Log Analytics as the Logstream Destination on the CloudGen Firewall

If you want to configure the CloudGen Firewall to send the logstream to Microsoft Azure Log Analytics, select Microsoft OMS Security from the Logstream Destination list. For more information, see How to Configure Log Streaming to Microsoft Azure Log Analytics.

select_dest_oms_security_via_cef-CGF.png

To stream logs to Microsoft Azure Log Analytics using the CEF format, you must configure Microsoft OMS Security as the streaming destination.

Data sent to Log Analytics will show up under the Syslog tag in Azure Log Analytics. Data sent to Microsoft OMS Security can be found under CommonSecurityLog, which requires Security and Audit to be enabled in the workspace (select Configure monitoring solutions and search for the solution).