It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Configuration of Selective Syslog Streaming by means of Logdata Filters

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005304 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.6 and above

 
Symptoms:
This article describes how to configure selective syslog streaming on NG Firewall. Selective syslog streaming means, that a NG Firewall gateway only streams a selective assortment of logfiles to a control center or a dedicated syslog server.

Prerequisites

To be able to configure Selective Syslog Streaming, a configured Logstream Destination is needed. This can either be a control center or a dedicated 3rd party syslog server.


 
Solution:
The configuration of selective syslog streaming takes place in "Infrastructure Services" > "Syslog Streaming" > "Logdata Filters"


Step 1:
Click "Insert" to create a New Filter

Step 2: Within the "Filters:<Your_Filter_Name>" configuration window, three types of Logdata are configurable:
- Top Level Logdata
- Affected Box Logdata
- Affected Service Logdata

Step 3: Except for "Top Level Logdata", for every type of logdata the "Data Selector" must be set to:
 - Selection

Step 4: Click "Insert" to create a new "Data Selection"

Step 5: The drop-down menu "Log Groups" provides variety of pre-defined selections



Variant:
User Defined Selective syslog Streaming:

For a more granulated selection, select "Other" and enter a string up to sample:

<modulname>_<logfile>
Example (for Affected Service Logdata):
virscan_cas
firewall_auth
firewall_Rule*


This selection would stream:

              srv_<virscan-servername>_<virscan-servicename>_cas.log
              srv_<firewall-servername>_<firewall-servicename>_auth.log
              srv_<firewall-servername>_<firewall-servicename>_Rule*.log

This selection would not stream:
              srv_<virscan-servername>_<virscan-servicename>.log
              srv_<virscan-servername>_<virscan-servicename>_clamav.log
              srv_<firewall-servername>_<firewall-servicename>.log


List of available box-module names (single box, managed box, control center box and reporter box):
Auth: Auth
Config: Config
Control: Control
Event: Event
Firewall: Firewall
Logs: Logs
Network: Network
Release: Release
Settings: Settings
SSH: SSH
Statistics: Statistics
System: System
Watchdog: Watchdog


List of available control center managed box modules (managed box):
AV-Scanner: virscan
DHCP-Enterprise-Server: dhcpe
DHCP-Relay: dhcprelay
DNS: dns
Firewall: firewall
FW-Audit-Service: fwaudit
C-Firewall: cfirewall
FTP-Gateway: ftpgw
HTTP-Proxy: proxy
HTTP/HTTPS-Proxy: sslprx
Mail-Gateway: mailgw
OSPFv2-Router: ospf
Policy-Service: policyserver
Secure-Web-Proxy: sslprx
SPAM-Filter: spamfilter
SNMP-Service: snmp
SSH-Proxy: sshprx
ISS-ProventiaWebFilter: cofs
VPN-Server: vpnserver


List of available single box module names (single box):
AV-Scanner: virscan
DHCP-Enterprise-Server: dhcpe
DHCP-Relay: dhcprelay
DNS: dns
Firewall: firewall
FTP-Gateway: ftpgw
HTTP-Proxy: proxy
HTTP/HTTPS-Proxy: sslprx
ISS-ProventiaWebFilter: cofs
Mail-Gateway: mailgw
OSPFv2-Router: ospf
Policy-Service: policyserver
Secure-Web-Proxy: sslprx
SNMP-Service: snmp
SPAM-Filter: spamfilter
SSH-Proxy: sshprx
VPN-Server: vpnserver


List of available control center-module names (control center box):
DNS: dns
Firewall: firewall
MC-Audit: fwaudit
MC-Conf: rangeconf
MC-Event: mevent
MC-Log: msyslog
MC-PKI: pki
MC-Entegra: mpolicyserver
MC-Reporter: rsdstats
MC-StatView: qstatm
MC-StatCollect: dstatm
MC-VPN: mastervpn


List of available Reporter module names (reporter box):
Reporter DB: reporter