It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How to Export Logs to ArcSight SIEM Devices

  • Last updated on

Exporting Logs to ArcSight Logger

Configure ArcSight Logger

  1. Download ArcSight Logger from the HP website.
  2. Configure ArcSight Logger using the HP ArcSight Logger Admin Guide.

Ensure the logger is listening on UDP/TCP port. Example: 514.

Configure the Barracuda Web Application Firewall

  1. Log into the Barracuda Web Application Firewall web interface.
  2. Go to ADVANCED > Export Logs.
  3. In the Syslog section, click Add Syslog Server and specify the following:
    • Name - Enter a name for the syslog server.
    • IP Address – Enter the IP address of the configured ArcSight Logger.
    • Port – Enter the port number on which the logger listens.
    • Connection Type – Set the connection type to transmit logs from the Barracuda Web Application Firewall to the syslog server.
    • Specify values for other parameters as required and click Add.
  4. In the Logs Format section:
    1. Set ArcSight Log Header to Syslog Header.
    2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight)  log format.
    3. Click Save.
  5. Send logs to the configured syslog server.
  6. Verify the ArcSight Logger displays the logs.

Exporting Logs to ArcSight SmartConnector

 Configure SmartConnector

  1. Download the latest version of ArcSight SmartConnector from the HP website.
  2. Install ArcSight SmartConnector on Windows, Linux, or another supported platform by following the steps in the Smart Connector admin guide.
  3. Ensure SmartConnector listens on the UDP/TCP port, and that the port is connected to a logger or other device where the logs can be forwarded.

Configure the Barracuda Web Application Firewall

  1. Log into the Barracuda Web Application Firewall web interface.
  2. Go to ADVANCED > Export Logs.
  3. In the Syslog section, click Add Syslog Server and specify the following:
    • Name - Enter a name for the syslog server.
    • IP Address – Enter the IP address of the configured ArcSight SmartConnector.
    • Port – Enter the port number on which the SmartConnector listens.
    • Connection Type – Set the connection type to transmit the logs from the Barracuda Web Application Firewall to the syslog server.
    • Specify values for other parameters as required and click Add.
  4. In the Logs Format section:
    1. Set ArcSight Log Header to Syslog Header.
    2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight) log format.
    3. Click Save.
  5. Send logs to the configured syslog server.
  6. Verify that the ArcSight Logger, or system where the SmartConnector forwards the logs, displays the logs.

 

The image below shows the configuration:

arcsight_logger-01.png