It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Web Application Firewall
Overview Documentation Training Certification Materials

How to Integrate Barracuda Web Application Firewall with AlienVault® USM Anywhere™

  • Last updated on

Overview

AlienVault® USM Anywhere™ is a software-as-a-service (SaaS) security monitoring solution that centralizes threat detection, incident response, and compliance management across your on-premises, cloud, or hybrid environments. The Barracuda Web Application Firewall is integrated with AlienVault® USM Anywhere™ to send log data to the USM Anywhere.

Supported Versions

  • Firmware 8.1 or higher

Configure the Barracuda Web Application Firewall to Send Logs to USM Anywhere

For setting up the log formats for various logs, see this document .

Steps for adding a syslog server:

  1. Go to the  ADVANCED > Export Logs page.
  2. In the Export Logs section, click Add Export Log Server. The  Add Export Log Server window opens. Specify values for the following:
    • Name – Enter a name for the syslog NG server.
    • Log Server Type - Select Syslog NG.
    • IP Address or Hostname – Enter the IP address or the hostname of the syslog NG server.
    • Port – Enter the port associated with the IP address of the syslog NG server.
    • Connection Type – Select the connection type to transmit the logs from the Barracuda Web Application Firewall to the syslog server. UDP is the default port for syslog communication. UDP, TCP or SSL can be used in case of NG Syslog server.
    • Validate Server Certificate – Set to Yes to validate the syslog server certificate using the internal bundle of Certificate Authority (CA) certificates packaged with the system. If set to No, any certificate from the syslog server is accepted.
    • Client Certificate – When set to Yes, the Barracuda Web Application Firewall presents the certificate while connecting to the syslog server.
    • Certificate – Select a certificate for the Barracuda Web Application Firewall to present when connecting to the syslog server. Certificates can be uploaded on the BASIC > Certificates page. For more information on how to upload a certificate, see How to Add an SSL Certificate.
    • Log Timestamp and Hostname - Set to Yes if you want to log the date and time of the event, and the hostname configured on the BASIC > IP Configuration > Domain Configuration section.
  3. Click Add.
    VSMAnywhere_1.png

To configure facilities for different log types:

  1. Go to ADVANCED > Export Logs.
  2. In Export Logs, select  Export Log Settings .

  3. In the  Syslog Settings section of the Export Log Settings dialog box, select the appropriate facility (Local0 to Local7) from the list for each log type, and click  Save .

    You can set the same facility for all log types. For example, you can set Local0 for System Logs, Web Firewall Logs, Access Logs, Audit Logs, and Network Firewall Logs.

    In the  Export Log Settings  dialog box, you can do the following:

    • Enable or disable the logs that need to be exported to the configured export log server(s) in  Export Log Settings

    • Set the severity level to export web firewall logs and system logs to the configured export log server(s) in  Export Log Filters

      The Barracuda Web Application Firewall exports the logs based on the selected severity level. For example, if Web Firewall Log Severity is set to 2-Critical, then logs with 0-2 are sent to the external log server (in other words, 0-Emergency, 1-Alert, and 2-Critical).

ASM Anywhere_2.png

Previous Article Next Article