We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Configuration of Selective Syslog Streaming by means of Logdata Filters

  • Type: Knowledgebase
  • Date changed: 6 months ago
Solution 00005304 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.6 and above

 
Symptoms:
This article describes how to configure selective syslog streaming on NG Firewall. Selective syslog streaming means, that a NG Firewall gateway only streams a selective assortment of logfiles to a control center or a dedicated syslog server.

Prerequisites

To be able to configure Selective Syslog Streaming, a configured Logstream Destination is needed. This can either be a control center or a dedicated 3rd party syslog server.


 
Solution:
The configuration of selective syslog streaming takes place in "Infrastructure Services" > "Syslog Streaming" > "Logdata Filters"


Step 1:
Click "Insert" to create a New Filter

Step 2: Within the "Filters:<Your_Filter_Name>" configuration window, three types of Logdata are configurable:
- Top Level Logdata
- Affected Box Logdata
- Affected Service Logdata

Step 3: Except for "Top Level Logdata", for every type of logdata the "Data Selector" must be set to:
 - Selection

Step 4: Click "Insert" to create a new "Data Selection"

Step 5: The drop-down menu "Log Groups" provides variety of pre-defined selections



Variant:
User Defined Selective syslog Streaming:

For a more granulated selection, select "Other" and enter a string up to sample:

<modulname>_<logfile>
Example (for Affected Service Logdata):
virscan_cas
firewall_auth
firewall_Rule*


This selection would stream:

              srv_<virscan-servername>_<virscan-servicename>_cas.log
              srv_<firewall-servername>_<firewall-servicename>_auth.log
              srv_<firewall-servername>_<firewall-servicename>_Rule*.log

This selection would not stream:
              srv_<virscan-servername>_<virscan-servicename>.log
              srv_<virscan-servername>_<virscan-servicename>_clamav.log
              srv_<firewall-servername>_<firewall-servicename>.log


List of available box-module names (single box, managed box, control center box and reporter box):
Auth: Auth
Config: Config
Control: Control
Event: Event
Firewall: Firewall
Logs: Logs
Network: Network
Release: Release
Settings: Settings
SSH: SSH
Statistics: Statistics
System: System
Watchdog: Watchdog


List of available control center managed box modules (managed box):
AV-Scanner: virscan
DHCP-Enterprise-Server: dhcpe
DHCP-Relay: dhcprelay
DNS: dns
Firewall: firewall
FW-Audit-Service: fwaudit
C-Firewall: cfirewall
FTP-Gateway: ftpgw
HTTP-Proxy: proxy
HTTP/HTTPS-Proxy: sslprx
Mail-Gateway: mailgw
OSPFv2-Router: ospf
Policy-Service: policyserver
Secure-Web-Proxy: sslprx
SPAM-Filter: spamfilter
SNMP-Service: snmp
SSH-Proxy: sshprx
ISS-ProventiaWebFilter: cofs
VPN-Server: vpnserver


List of available single box module names (single box):
AV-Scanner: virscan
DHCP-Enterprise-Server: dhcpe
DHCP-Relay: dhcprelay
DNS: dns
Firewall: firewall
FTP-Gateway: ftpgw
HTTP-Proxy: proxy
HTTP/HTTPS-Proxy: sslprx
ISS-ProventiaWebFilter: cofs
Mail-Gateway: mailgw
OSPFv2-Router: ospf
Policy-Service: policyserver
Secure-Web-Proxy: sslprx
SNMP-Service: snmp
SPAM-Filter: spamfilter
SSH-Proxy: sshprx
VPN-Server: vpnserver


List of available control center-module names (control center box):
DNS: dns
Firewall: firewall
MC-Audit: fwaudit
MC-Conf: rangeconf
MC-Event: mevent
MC-Log: msyslog
MC-PKI: pki
MC-Entegra: mpolicyserver
MC-Reporter: rsdstats
MC-StatView: qstatm
MC-StatCollect: dstatm
MC-VPN: mastervpn


List of available Reporter module names (reporter box):
Reporter DB: reporter