It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Integrating Linux Server

Last updated on 2023-12-06 15:28:15

By default, recent releases across most Linux distributions will have the rsyslog package already installed and enabled by default.

To send logs using syslog to the sensor please perform the following tasks as root:

Verify that rsyslog is installed, enabled and running.
systemctl status rsyslog
Create filename /etc/rsyslog.d/sensor.conf and enter the following rule with the sensor's static IP address:
*.notice @IP_ADDRESS
Restart rsyslog service.
systemctl restart rsyslog

Troubleshooting

Service for rsyslog is installed but not enabled or running.

systemctl enable --now rsyslog

Service for rsyslog is not installed.

SUSE: yast -i rsyslog

Fedora/RHEL/CentOS: yum install rsyslog

Ubuntu/Debian: apt-get install rsyslog

Traffic for syslog is not sent to sensor from client.

Verify that client can ping sensor.
Open two terminal windows on the client.
In the first terminal, enter the following command to determine the primary LAN interface (e.g. eth0 ):
ip a | grep UP
In the same terminal, run the following command to inspect egress traffic on the primary interface for syslog traffic:
tcpdump -ni eth0 -Q out port 514
In a second terminal generate syslog traffic:
logger "test message from log client"
Monitor output in the first terminal to confirm outbound syslog traffic. An abbreviated example output is indicated below:
IP 172.29.91.84.40644 > 172.29.88.253.514: SYSLOG user.notice
If outbound syslog traffic if observed on client then verify that no ACLs in network are dropping traffic sent to port 514.

For Linux servers, forward your rsyslogs from your server to your Barracuda XDR sensor over UDP port 514.

Depending on your version of Linux, the configuration may vary.