We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Control Center Syslog Service

  • Last updated on

The CC Syslog service collects log messages from Barracuda NG Firewalls that are managed by the Barracuda NG Control Center and streams those log messages to an external log host or sends them to the HA partner. Syslog streaming consists of three major steps: 

Log Reception

Log reception via port 5144 and/or 5143:

syslog.jpg

SSL-encrypted connections on port 5143 are used for log reception of managed boxes that do not use management tunnels. Using SSL allows for both encryption and authentication.

Managed NG Firewalls using a remote management tunnel connect to the syslog engine on port 5144. These connections are unencrypted and unauthenticated, so the default firewall rules restrict access managed boxes and access via VPN tunnel.

Log Processing

flow.jpg

 

Log Delivery

Log Delivery to Local Disk

log_del.jpg

 

Log Delivery via Private Uplink (HA Sync)

Using override IP addresses is mandatory in this scenario:

p_uplink.jpg

Log Delivery by Relaying

The Barracuda NG Firewall supports active querying and passive receiving via SSL-encrypted connection or passive receiving without encryption. 

Active SSL querying

If read access is not possible (for example, because log host is down), transferring log messages is not possible. This method of transferring is not recommended for use in an HA Barracuda NG Control Center cluster.

fifo.jpg

SSL passive receiving

Used for an HA Barracuda NG Control Center cluster because the external log host does not need to know which partner is currently active for syslog streaming to work.

ssl_pass.jpg

Plain passive

You can also do standard syslog streaming without an SSL connection if needed.

Last updated on