Syslog Integration enables you to export your event data to a syslog server or a security information and events management (SIEM) system. With Syslog Integration, you can store your information and use it for tracking, analysis, and troubleshooting.
Setting Up Syslog Integration
To configure Syslog Integration:
- Open any firewall ports needed for communication with your syslog server/SIEM system.
Barracuda public IP addresses for Impersonation Protection are: 3.232.50.116 and 52.202.236.132 - Click the Settings icon
to access the administrative functions. - Select the Syslog Integration tab.
- Enter the IP Address/Hostname and Port for your syslog server/SIEM system. The default port is 6514.
- Click Save.
- Click Test to ensure that Barracuda can connect with your syslog server/SIEM system.
- If the test is successful, your message log data begins transferring to your syslog server/SIEM system.
- If the test is not successful, check the IP Address/Hostname and Port information and reenter it if needed. Then perform the test again.
To deactivate the syslog server, switch off the Active toggle. Then click Save.
Notes:
You can only connect one syslog server/SIEM system at a time. You can delete an existing entry and replace it, but you cannot have multiple entries.
This feature is available only for Transmission Control Protocol (TCP) with Transport Layer Security (TLS).
If your syslog server/SIEM system stops responding, data will not spool until the communication is re-established.
- After you enable or disable syslog integration, it can take up to 10 minutes for message transmission to either start or stop.
Data Sent
Barracuda sends the following objects to syslog:
Spear Phishing Threat
- Account Takeover Alert
Email
Sign Ins
Inbox Rules
Data Format
Data is sent to the syslog in JSON format. You can parse the data any way you choose to meet the needs of your organization.