Overview
AlienVault® USM Anywhere™ is a software-as-a-service (SaaS) security monitoring solution that centralizes threat detection, incident response, and compliance management across your on-premises, cloud, or hybrid environments. The Barracuda Web Application Firewall is integrated with AlienVault® USM Anywhere™ to send log data to the USM Anywhere.
Supported Versions
- Firmware 8.1 or higher
Configure the Barracuda Web Application Firewall to Send Logs to USM Anywhere
Steps for adding a syslog server:
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Add Export Log Server. The Add Export Log Server window opens. Specify values for the following:
- Name – Enter a name for the syslog NG server.
- Log Server Type - Select Syslog NG.
- IP Address or Hostname – Enter the IP address or the hostname of the syslog NG server.
- Port – Enter the port associated with the IP address of the syslog NG server.
- Connection Type – Select the connection type to transmit the logs from the Barracuda Web Application Firewall to the syslog server. UDP is the default port for syslog communication. UDP, TCP or SSL can be used in case of NG Syslog server.
- Validate Server Certificate – Set to Yes to validate the syslog server certificate using the internal bundle of Certificate Authority (CA) certificates packaged with the system. If set to No, any certificate from the syslog server is accepted.
- Client Certificate – When set to Yes, the Barracuda Web Application Firewall presents the certificate while connecting to the syslog server.
- Certificate – Select a certificate for the Barracuda Web Application Firewall to present when connecting to the syslog server. Certificates can be uploaded on the BASIC > Certificates page. For more information on how to upload a certificate, see How to Add an SSL Certificate.
- Log Timestamp and Hostname - Set to Yes if you want to log the date and time of the event, and the hostname configured on the BASIC > IP Configuration > Domain Configuration section.
- Click Add.
To configure facilities for different log types:
- Go to ADVANCED > Export Logs.
- In Export Logs, select Export Log Settings .
In the Syslog Settings section of the Export Log Settings dialog box, select the appropriate facility (Local0 to Local7) from the list for each log type, and click Save .
In the Export Log Settings dialog box, you can do the following:
- Enable or disable the logs that need to be exported to the configured export log server(s) in Export Log Settings
Set the severity level to export web firewall logs and system logs to the configured export log server(s) in Export Log Filters
The Barracuda Web Application Firewall exports the logs based on the selected severity level. For example, if Web Firewall Log Severity is set to 2-Critical, then logs with 0-2 are sent to the external log server (in other words, 0-Emergency, 1-Alert, and 2-Critical).