It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Basic, Severity, and Notification Settings for Events

  • Last updated on

It is recommended to modify the default configuration for the events. You can modify the severity, notification, event propagation, and persistence of each event. Events are identified by ID numbers and classified by severity class as security or operational events.

  • Security Events – ID 6, 7, 8

  • Operative Events – ID 1, 2, 3, 9

Before You Begin

Look up the event IDs you want to change. For more information, see Operational Events and Security Events.

Step 1. Configure Basic Settings

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Eventing.

  2. Click Lock.

  3. Click on the Basics tab.

  4. To disable forward events to a Control Center, clear the Send Event to CC check box.

  5. Click Silent Box to collect events, but do not send notifications.

  6. Enter the maximum number of events in the Max Event Records. Records exceeding this limit are dropped.

    eventing_set_basic_conf_silent_logging.png
  7. Click Send Changes and Activate.

Step 2. Configure Event Notification Settings

Five notification IDs are available. Configure the notification types that each notification ID sends. To avoid being flooded by notifications, configure thresholds.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Eventing.

  2. Click Lock.

  3. Click on the Notifications tab.

  4. Double-click the notification ID you want to edit. The Detail window opens.

  5. (optional) Modify the Description.

  6. Click the Event must be confirmed check box to require the admin to acknowledge and mark the event as read in the EVENTS tab.

    events_04.png
  7. In the Server Action tab, configure the event notifications carried out by the firewall: 

    1. Select and configure the sever action Types:

      • Mail – It is possible to send notifications with email to multiple recipients. When using multiple recipients, separate them with a semicolon or a space character.

        Note that email notifications support SSL or authentication, using the System Notifications at Configuration Tree > Box > Administrative Settings > Notifications, but only if the checkbox for this is enabled while the details in the notification itself (server, addresses) are left blank.

        For sending notifications with email, the following configuration options are available:

        • "Legacy" Mode – If the edit fields for email are configured at Configuration Tree > Box > Administrative Settings > Notifications only and the check box STARTTLS is not selected, then notifications are sent unencrypted to the specified email receiver.

        • "Override" Mode – If you want to have your notifications to be sent to a different recipient as configured at Configuration Tree > Box > Administrative Settings > Notifications:

          1. Go to Configuration Tree > Box > Infrastructure Service > Eventing, tab Server Action.

          2. Activate the check box Mail.

          3. Fill out the edit fields From:, To:, and Mail Server: with the required email configuration information.

            server_action_checkbox_mail.png

            If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

      • Execute Program – Executes a script or other executable on the firewall. Enter the executable including the full path as the Parameter.

        server_action_checkbox_option_execute_program.png

        If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

      • SNMP – To send SNMP traps to a SNMP server, configure up to two SNMP servers and the SNMP Community and Spec Type settings.

        server_action_checkbox_option_SNMP_01.png

        If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

      • Apple Push Notification Service – To send push notifications to your iOS device running Barracuda Firewall Remote Control, enter the Device token shown on the Remote Control display. You can add multiple iOS devices.

        server_action_checkbox_option_apple_push.png

        If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

      • Slack Notification – To send a Slack notification, enter the name of your Slack channel and the name of the incoming web-hook.

        server_action_checkbox_option_slack_notification_01.png

        If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

      • MS Teams Notification – To send a notification via MS Teams, enter the web-hook URL of your MS Teams:

        server_action_checkbox_option_msteams_notification.png

        If this server action must be performed repeatedly, activate the Repeat Every check box and adjust the interval.

    2. Click OK.

    3. For a Control Center, add an access rule to permit traffic on port 2195 TCP to the Apple APN servers. For more information about how to add an Access Rule, see How to Create a Pass Access Rule.

  8. (optional) Click the Client Action tab. The EVENTS tab on Barracuda Firewall Admin must be set to LIVE for these notifications to be executed.

    1. Click the Enable check box.

    2. Select the Type:

      • Popup – A pop-up window opens for each notification on the client running Barracuda Firewall Admin.

      • Audio Alert – A WAV audio file is played.

        events_08a.png
    3. Click OK.

  9. Click the Thresholds tab.

    1. Click the check box to enable these thresholds before activating the notification. Note that notifications are activated if any of the configured thresholds are reached during the configured time interval.

    2. For each of the given time intervals – Adjust the minimum of events that are necessary during the related time interval to trigger a notification.
      Example: 2 during 5 min. If 2 events occur within the period of 5 minutes, then a notification will be sent.

      events_09.png
    3. Click OK.

  10. Click Send Changes and Activate.

Repeat this step until all notification IDs are configured to match your needs.

Step 3. Modify Event Severity Settings

Modify the notification type for the severity category and if it is forwarded to the Control Center (only when the firewall is managed).

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Eventing.

  2. Click Lock.

  3. Click on the Severity tab.

  4. Double-click on the severity ID you want to edit.  The Detail window opens.

  5. (optional) Modify the Description.

  6. From the Notification ID list, select the notification.

  7. To forward the event to the Control Center, click the Propagate to CC check box.

  8. Click the Drop Event check box to avoid displaying these events in the Events tab.

    events_02.png
  9. Click OK.

Repeat this step until all severity IDs are configured to match your needs.

Step 4. Modify the Event Default Severity and Notification IDs

Modify the severity and notification event IDs selected by default for the events.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Eventing.

  2. Enter the ID for the events in the Lookup field.

    events_01.png
  3. Double-click the highlighted event. The Detail window opens.

  4. Select the Severity ID.

  5. Select the Notification ID. Select from severity to use the default notification ID for the severity.

  6. Click the Persistent check box to forward the event only once to the Control Center, even it if occurs multiple times.

  7. Click the Propagate to CC check box to forward the event to the Control Center. This setting overrules the setting in the basic and severity configurations.

  8. Click the Drop Event check box to drop the event. 

    events_10.png
  9. Click OK.

  10. Click Send Changes and Activate.