Overview
Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS hybrid, on-premises applications, and infrastructure resources. With CloudWatch, you can collect and access all your performance and operational data in the form of logs and metrics from a single platform.
The integration of CloudWatch with the Barracuda Web Application Firewall provides data and actionable insights to monitor WAF applications. The integration helps in responding to system-wide performance changes, optimize resource utilization, and to get a unified view of operational health.
Before You Begin
- Create an IAM role with relevant permissions and attach to a WAF Linux instance. The following permissions need to be provided to the IAM Role:
- CreateLogStream
DescribeLogStreams
CreateLogGroup
PutLogEvents
Also, ensure that the IAM role attached to your WAF instance has the policy mentioned below to enable exporting logs from the Barracuda WAF to AWS CloudWatch.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}Adding a CloudWatch Server
Perform the following steps to add a CloudWatch server:
Go to the ADVANCED > Export Logs page.
In the Export Logs section, click Add Export Log Server. The Add ExportLog Server window opens. Specify values for the following:
Name – Enter a name for the syslog NG server.
Log Server Type - Select Cloudwatch.
Log Timestamp and Hostname - Set to Yes if you want to log the date and time of the event, and the hostname configured on the BASIC > IP Configuration > Domain Configuration section.
Log Group Name - Enter a name for the log group. If this field is left blank, Barracuda_CL is used by default.
Comment - (Optional) Enter comment about the new setting.
Click Add.