We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

EVENTS Tab

  • Last updated on

The EVENTS tab lets you monitor and manage events that are generated by your Barracuda NG Control Center and Barracuda NG Firewalls. Before using this tab, you need to activate the generation of Firewall Audit data as described in How to Configure Event Notifications.

In this article:

events_61.png

On the Events page, you can determine the type and importance of each event by its icon and the font that it is displayed in. The following tables explain the meaning of each event icon and font:

IconEvent Type
information.pngInformation
warning.pngWarning
error.pngError
notice.pngNotice
security.pngSecurity
IconEvent Type
black normal textUncritical or confirmed event.
blue normal textNew and unread event.
black bold textIndicates that changes were made to default values in the event configuration, such as Propagate to CCFor more information, see How to Configure Event Settings.

Acknowledging Events and Alarms

Some events, such as error events or events that are displayed in black bold text, require acknowledgement. You can also determine if an event needs acknowledgment by double-clicking it to view its properties. When you acknowledge an event, it is then displayed in black normal text. If an event has an alarm, you can also either reset or disable the alarm.

If an event must be confirmed and is in alarm condition, deleting the alarm will also delete the request for acknowledgement. If an alarm is stopped, any configured repeating server actions are also stopped.

To acknowledge an event that requires confirmation, right-click the event and select Send - Acknowledgement. Acknowledging the event also terminates any alarms (such as a sound playing or an email notification) that have been set for it.

  • To acknowledge an event and remove a warning icon from it, select Send - Reset Alarm.
  • To mark an uncritical event as read, select Send - Mark as Read.
  • To temporarily disable the event alarm, select Temporary Disable. The event is then displayed in italic font.

Managing Events

To manage the list of events that are displayed, you can refresh the list automatically or manually, delete events, and specify which columns are displayed or hidden. To delete an event, right-click it and select Delete Event. To verify that an event has been properly deleted, refresh the event list. To automatically refresh the list of events in Live mode, click No Auto Refresh and then click Live.

Notification messages are only enabled in Live mode. This mode enables pop-up windows and sound. Hence to have the event monitor in normal mode can be seen as a display of the current event system status. To manually refresh the list of events. Click Refresh. To hide and show columns, right-click the list of events and select Columns. In the Show / Hide Event Columns window, select the columns that you want to be displayed.

Filtering Events

To filter the list of events that are displayed, click Filter. To enter values for a filter setting, click the setting button. For example, to enter a layer ID, click Layer ID. In the Add Criterion window, add the values to the setting list and then click Add. After adding all of the required values for the filter, click Activate.

event_filter.jpg

Viewing Event Properties

To view detailed information for an event, you can either double-click it or right-click it and select Properties. From the Page 1 tab, you can view the system, layer, class, and type for the event, as well as its event ID.

FieldDescription
BoxThe IP address of the system that created the event.
Layer

There are three layers:

  • 1—Boot layer.
  • 2—Box-layer.
  • 3—Server/service layer.
Class

There are there classes:

  • 1—Operative
  • 2—Resources
  • 3—Security
TypeThe event ID.

From the Page 2 tab, you can view the dates and times of when the event was confirmed, acknowledged, or had its alarm disabled. You can also view information about the administrator who confirmed the event.

  • by Admin – The administrator who confirmed the event. If the event is unconfirmed, this field is empty.
  • by Peer – The IP address for the workstation of the administrator who confirmed the event. If the event is unconfirmed, this field is empty.
  • Date – The date and time of when the event was read or confirmed. If the event is unconfirmed, this field is empty.
  • Insert – The date and time of when the event was generated.
  • Box – Internal system information related to the insert time (please ignore this value).
  • Update – The date and time of any status changes for the event, such as when it was acknowledged or marked as read.
  • Alarm – The date and time of when the alarm was sent.
  • t. disabled – The date and time of when the alarm was disabled temporarily.
Last updated on