We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall


  • Last updated on

The firewall incorporates hardware and software fail-safe mechanisms that are indicated via system alerts and logs. You can inspect the logs to see what is happening with the traffic.

Do NOT write, rename, or put any files into this directory. Editing the contents of this directory can cause logs to be displayed incorrectly.

Configure Log Streaming

By default, log files are stored on the local file system of the firewall. In addition, log files can be sent to external Syslog servers.

For more information, see Log File Handling.

Viewing Log Files

To access the logs on the CloudGen Firewall web interface:

  1. Go to LOGS.
  2. Expand Select Log file drop-down list
  3. Choose the log file type.


From the LOGS tab, you can view a number of log files to monitor and troubleshoot the firewall.

Authentication Log

The Authentication Log (Auth) displays messages from the authentication service. This includes logins for the web interface and messages from the various authentication methods. For example, if a client cannot access a service, the unsuccessful authentications are written into the log. Successful authentications are also recorded. 

Firewall Log

The Firewall Log (NGFW) displays firewall activity, such as rules that have been executed and traffic that has been dropped. It lists all connections on the firewall. You can filter the log by criteria such as a source IP address or network, or the time that the connections occurred.


The HTTP Log displays the activities of the firewall's connection to the Barracuda Web Security Service. There are several codes in the log. For details on these codes, see the HTTP Log Codes Overview section.

Network Log

Use the Network Log to investigate why network configuration changes are not working properly or cannot be activated. The messages in the Network Log might explain the problem. If not, check the network configuration again for any problems or conflicts.


The VPN Log displays information for all client-to-site and site-to-site VPN tunnels. Use this log to investigate why VPN tunnels and PPTP connections are disconnecting or not being established. To see the messages for specific VPN connections, you can also filter the log by IP addresses.

HTTP Log Codes Overview

The following tables provide details on the codes that you might see on the LOGS > HTTP Log page.

TCP Codes

TCP_" refers to requests on the HTTP port (3128)




A valid copy of the requested object was in the cache.


The requested object was not in the cache.


An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request, and the response was "Not Modified."


An expired copy of the requested object was in the cache. Squid attempted to make an If-Modified-Since request, but it failed. The old (stale) object was delivered to the client.


An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request and received a new object.


The client issued a request with the "no-cache" pragma. ("reload" - handled as MISS)


An If-Modified-Since GET request was received from the client. A valid copy of the object was in the cache (fresh).


An If-Modified-Since GET request was received from the client. The requested object was not in the cache (stale).


The object was believed to be in the cache, but could not be accessed.


Access was denied for this request.

ERR Codes




The remote site or network is unreachable; it may be down.


The remote site or network may be too slow or down.


All clients went away before transmission completed, and the object is too big to cache.


The remote site or network may be down.


Client dropped connection before transmission completed. Squid fetched the Object according to its settings for `quick_abort'.


The remote site or server may be down.


Invalid HTTP request.


Unsupported request.


Invalid URL syntax.


Out of file descriptors.


DNS name lookup failure.


Protocol not supported.


The requested URL cannot currently be retrieved.


There is no WAIS relay host defined for this cache.


The system disk is out of space or failing.


The remote server closed the connection before sending any data.


This cache is not configured to retrieve FTP objects.


Access denied. Users must be authenticated before accessing this cache.

Last updated on