The Barracuda CloudGen Firewall generates Audit Log entries for both local and/or forwarding traffic. The Firewall Audit Info viewer is accessible by selecting the Firewall tab and clicking the Audit Log icon in the ribbon bar. The local Audit Info viewer is available on every Barracuda CloudGen Firewall generating a Firewall Audit log file.
Enable Audit Logs
Activate the generation of Firewall Audit data. From the Audit Delivery list, you can select how audit log data is stored or processed:
- Local-DB – Store audit data within a local sqlite3 DB.
- Forward-Only – Forward natively to an audit collector service.
- Local-DB-And-Forward – The combination of both.
- Send-IPFIX – Hand off data to separate IPFIX exporter.
- Forward-and-Send-IPFIX – Combination of forwarding and sending data to an IPFIX exporter.
- Regular Log File – Plain ASCII-based log file.
- Syslog-Proxy – Generate syslog messages.
- Executable – Feed into custom executable on stdin.
- Send-UDP-Packet – Send via plain UDP stream.
To enable the Firewall Audit Log service:
- Go to CONFIGURATION > Full Configuration > Box > Infrastructure Services > General Firewall Configuration.
- In the left menu, select Audit and Reporting.
- Expand the Configuration Mode menu and select Switch to Advanced View.
- Click Lock.
- In the Log Policy section, enable Generate Audit Log.
- Click Set/Edit next to Audit Log Data.
- From the Audit Delivery drop-down list, select how audit log data should be processed. For example, select Regular Logfile.
- Click OK.
- Click Send Changes and Activate.
Firewall Audit data is stored locally by default, but may be forwarded to the Barracuda Firewall Control Center or to a dedicated Barracuda CloudGen Firewall running the Firewall Audit Log service for central audit log file collection. For more information, see FW Audit.