Barracuda WAF-as-a-Service generates three types of logs:
- Access Logs contain a record of each HTTP/HTTPS request processed by Barracuda WAF-as-a-Service.
- Firewall Logs contain a record of each policy violation found by Barracuda WAF-as-a-Service, along with the associated action performed by Barracuda WAF-as-a-Service.
- Event Logs contain a record of specific network activity, including events related to Certificate, DDoS, or DNS.
Note that in some circumstances, a single HTTP/HTTPS request might generate more than one Firewall Log entry. For example, if Block Attacks is turned off, multiple violations might be detected in the same request and logged, but because none of them cause the request to be blocked, Barracuda WAF-as-a-Service continues processing and finds more violations.
You can interact with these logs in multiple ways:
- View on the Logs page. See Access, Firewall, and Event Logs.
- Export as a CSV file, on-demand from the Logs page. See Access, Firewall, and Event Logs.
- Retrieve via the Barracuda WAF-as-a-Service API.
- Export in real time via the Syslog protocol, using the Log Export component. For more information, refer to Log Export.
Barracuda WAF-as-a-Service retains logs for 45 days, and then deletes them automatically. If you require longer retention, be sure to download or retrieve your logs using one of the above methods before they are automatically deleted.
If you have specific data residency requirements, be sure to select deployment locations that meet those requirements, as described in Understanding Deployment Locations. Your traffic will only be processed in the locations you select.