The Barracuda NextGen Firewall F-Series is equipped with an elaborate event-based notification model to help you keep track of events and system access on all levels (operating system, Barracuda Networks infrastructure, and Barracuda NextGen Firewall F-Series services). The event system of the Barracuda NextGen Firewall F-Series creates events for special system processes and for all services that are configured on the unit. Some events are generated per default, some as configured according to system and service requirements.
Security and operational events
All security and operational events are classified according to their severity and notification type.
Viewing and managing events
The event monitor lists all events generated on the Barracuda NextGen Firewall F-Series. Icons and fonts indicate the type and importance of the events on the list, helping you determine which actions must be taken. You can view event properties, delete events, filter and refresh the list of events. Some events, such as error events or events that are displayed in black bold text, require acknowledgement. If an event has an alarm, you can also either reset or disable the alarm.
For more information, see the NextGen Admin Events tab.
Configure event settings
The Eventing configuration page in the config tree displays all available event types. From this page, you can assign severity levels and notifications to each event type, edit all available severity levels and add or edit notification types. Each notification specifies a server or client action (such as executing a program or sending emails and/or SNMP traps) to be performed by the firewall when an assigned event occurs. Server actions are performed by the firewall or Control Center, client actions are performed by the Windows client NextGen Admin is running on.
For more information, see How to Configure Basic, Severity, and Notification Settings for Events.
Each system access attempt poses a potential security risk. By configuring access control notifications, you can keep track of successful or unsuccessful system access attempts. Active notifications make it more difficult than simple log file based accounting for potential intruders to conceal their actions.
For more information, see How to Configure Access Notifications.
The firewall audit service allows propagating firewall events to the Control Center. Firewall Audit data is stored locally by default, but may be forwarded to the Barracuda NextGen Control Center or to a dedicated Barracuda NextGen Firewall F-Series running the Firewall Audit Log service for central audit log file collection.
For more information, see How to Enable the Firewall Audit Log Service.