The Barracuda Firewall Control Center generates events for system processes and CC services and processes events from its administered Barracuda CloudGen Firewalls. Some events are generated by default, some are configured according to system and service requirements. On the Control Center, event forwarding is based on communication between the Box Event module running on the operative CloudGen Firewall (box) and the CC Event Service module running on the Control Center. The event severity defines both how urgent or critical an event is and the classification of the event. The notification type specifies if a server or client action (such as executing a program or sending emails and SNMP traps) is to be performed by the CloudGen Firewall or the Control Center when an assigned event occurs.
Viewing and Managing Events
From the Control Center EVENTS tab, you can view a list of all available event types. The event monitor lists all events that have been generated by the CC services and all events that were propagated from the managed CloudGen Firewalls. The mevent (Master Event) service only processes events that are generated by the CloudGen Firewall gateways. To view events generated by the Control Center box, log into the Control Center on box level and open the EVENTS tab.
Configure Event Notifications
Due to the hierarchical structure of the Control Center, events can be configured on several levels, depending on the requirements of your security policy. You can define global, range-specific, cluster-specific, or box-specific event settings and configure notifications for the following event types:
- Operational Events – Operative influences to the system, such as a high system load or low memory capacity.
- Security Events – Possible security vulnerabilities and attacks, such as port scans or incorrect login attempts.
You can assign severity levels and properties to each event. The propagation of firewall events to the Control Center must be configured in the box configuration.
For more information, see How to Configure Event Notifications.
Configure Access Notifications
Each system-access attempt poses a potential security risk. To keep track of successful or unsuccessful system-access attempts on the Control Center, you can adjust notifications on a per-service and per-administrator basis. The Barracuda Networks model provides multiple notification schemes that let you link an administrator with a particular service-specific notification setting:
- Service Default – Default notification settings for all Barracuda Networks and system services capable of allowing access to the system. These settings are always in effect for user root. The same applies to all system-only users.
- Silent – Automatically assigned to invisible users ha and master. The scheme suppresses notifications for successful access attempts. Unsuccessful attempts are treated according to the Service Default scheme.
- Type 1, 2, 3 – Multi-admin option, freely customizable.
Access control settings assign particular notification types to each firewall service or otherwise relevant system service (for example, SSHd or console login). Notifications for success and failure events can usually be configured individually, except for one notable exception - direct system access failure or access by an unknown user will always trigger an event.
To configure access notifications on a managed firewall, proceed with the steps described in How to Configure Access Notifications.