It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Web Application Firewall
Overview Documentation Training Certification Materials

You are currently viewing the legacy Barracuda Campus portal

Due to ongoing compatibility requirements during the migration, some users are still being redirected here. All content is being transitioned to the new Campus Training Portal and Campus Documentation Portal, and this legacy portal will be fully retired once the migration is complete.

Please visit https://campus.barracuda.com for more information.

How to Export Logs to ArcSight SIEM Devices

  • Last updated on

Exporting Logs to ArcSight Logger

Configure ArcSight Logger

  1. Download ArcSight Logger from the HP website.
  2. Configure ArcSight Logger using the HP ArcSight Logger Admin Guide.

Ensure the logger is listening on UDP/TCP port. Example: 514.

Configure the Barracuda Web Application Firewall

  1. Log into the Barracuda Web Application Firewall web interface.
  2. Go to ADVANCED > Export Logs.
  3. In the Syslog section, click Add Syslog Server and specify the following:
    • Name - Enter a name for the syslog server.
    • IP Address – Enter the IP address of the configured ArcSight Logger.
    • Port – Enter the port number on which the logger listens.
    • Connection Type – Set the connection type to transmit logs from the Barracuda Web Application Firewall to the syslog server.
    • Specify values for other parameters as required and click Add.
  4. In the Logs Format section:
    1. Set ArcSight Log Header to Syslog Header.
    2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight)  log format.
    3. Click Save.
  5. Send logs to the configured syslog server.
  6. Verify the ArcSight Logger displays the logs.

Exporting Logs to ArcSight SmartConnector

 Configure SmartConnector

  1. Download the latest version of ArcSight SmartConnector from the HP website.
  2. Install ArcSight SmartConnector on Windows, Linux, or another supported platform by following the steps in the Smart Connector admin guide.
  3. Ensure SmartConnector listens on the UDP/TCP port, and that the port is connected to a logger or other device where the logs can be forwarded.

Configure the Barracuda Web Application Firewall

  1. Log into the Barracuda Web Application Firewall web interface.
  2. Go to ADVANCED > Export Logs.
  3. In the Syslog section, click Add Syslog Server and specify the following:
    • Name - Enter a name for the syslog server.
    • IP Address – Enter the IP address of the configured ArcSight SmartConnector.
    • Port – Enter the port number on which the SmartConnector listens.
    • Connection Type – Set the connection type to transmit the logs from the Barracuda Web Application Firewall to the syslog server.
    • Specify values for other parameters as required and click Add.
  4. In the Logs Format section:
    1. Set ArcSight Log Header to Syslog Header.
    2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight) log format.
    3. Click Save.
  5. Send logs to the configured syslog server.
  6. Verify that the ArcSight Logger, or system where the SmartConnector forwards the logs, displays the logs.

 

The image below shows the configuration:

arcsight_logger-01.png