The Barracuda NG Control Center generates events for system processes and CC services and processes events from its administered Barracuda NG Firewall systems. Some events are generated by default, some are configured according to system and service requirements. On the Barracuda NG Control Center, e vent forwarding is based on communication between the Box Event module running on the operative Barracuda NG Firewall (box) and the CC Event Service module running on the Barracuda NG Control Center. The event severity defines both how urgent or critical an event is and the classification of the event. The notification type specifies if a server or client action (such as executing a program or sending emails and SNMP traps) is be performed by the Barracuda NG Firewall or Barracuda NG Control Center when an assigned event occurs.
In this article:
Viewing and Managing Events
From the Barracuda NG Control Center Events Tab, you can view a list of all available event types. The event monitor lists all events that have been generated by the CC services and all events that were propagated from the managed Barracuda NG Firewall systems. The mevent (Master Event) service only processes events that are generated by the Barracuda NG Firewall gateways. To view events generated by the Barracuda NG Control Center box, log into the Barracuda NG Control Center on box level and open the Events Tab .
Configure Event Notifications
Due to the hierarchical structure of the Barracuda NG Control Center, events can be configured on several levels, depending on the requirements of your security policy. You can define global, range-specific, cluster-specific, or box-specific event settings and configure notifications for the following event types:
- Operational Events – Operative influences to the system, such as a high system load or low memory capacity.
- Security Events – Possible security vulnerabilities and attacks, such as port scans or incorrect login attempts.
You can assign severity levels and properties to each event. The propagation of Barracuda NG Firewall events to the Barracuda NG Control Center must be configured in the box configuration.
For more information, see How to Configure Event Notifications.
Configure Access Notifications
Each system-access attempt poses a potential security risk. To keep track of successful or unsuccessful system-access attempts on the Barracuda NG Control Center, you can adjust notifications on a per service and per administrator basis. The Barracuda Networks model provides multiple notification schemes that let you link an administrator with a particular service-specific notification setting:
- Service Default – Default notification settings for all Barracuda Networks and system services capable of allowing access to the system. These settings are always in effect for user root. The same applies to all system-only users.
- Silent – Automatically assigned to invisible users ha and master. The scheme suppresses notifications for successful access attempts. Unsuccessful attempts are treated according to the Service Default scheme.
- Type 1, 2, 3 – Multi-admin option, freely customizable.
Access control settings assign particular notification types to each Barracuda NG Firewall service or otherwise relevant system service (for example, sshd or console login). Notifications for success and failure events can usually be configured individually, except for one notable exception - direct system access failure or access by an unknown user will always trigger an event.
To configure access notifications on a managed Barracuda NG Firewall unit, proceed with the steps described in How to Configure Access Notifications.