- Log into the Barracuda Web Application Firewall web interface that needs to be connected to the OMS server.
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Add Export Log Server.
- In the Add Export Log Server window:
- Name: Enter a name for the Microsoft Azure OMS server.
- Log Server Type: Select Microsoft Azure OMS.
- OMS Workspace ID: Enter the Workspace ID copied in step 13.b in the Deploying the ARM Template article.
- OMS Primary Key: Enter the primary key copied in step 13.b in the Deploying the ARM Template article.
- Log Event Type: Select which log events you want to send as custom logs to the Microsoft Azure OMS server.
- All - When selected, the Barracuda Web Application Firewall sends all logs (Access Logs, Audit Logs, Web Firewall Logs, Network Firewall Logs and System Logs) as custom logs to the Microsoft Azure OMS portal. In this case, Web Firewall Logs are also sent as CommonSecurityEvents logs.
- Click Add.
- In the Logs Format section:
- Select ArcSight Log Header as Syslog Header.
- Select Microsoft Azure OMS for all log types (Web Firewall Logs Format, Access Logs Format, Audit Logs Format, Network Firewall Logs Format and System Logs Format).
- Click Save.
- In the Export Logs section, click Export Log Settings.
- In the Export Logs Settings window, scroll down to the Syslog Settings section, and set Web Firewall Logs Facility to local0 and all other log’s facility (Access Logs Facility, Audit Logs Facility, System Logs Facility and Network Logs Facility) should be anything other than local0 (i.e. local1 to local7)
- Click Save.
Continue with Log Search.