Symantec™ Managed Security Services (MSS) provides 24x7 real-time security monitoring, analysis and reporting, and early warning intelligence. The Barracuda Web Application Firewall is integrated with Symantec™ MSS and is configured to send logs to the Symantec MSS Log Collection Platform (LCP).
- Firmware 9.0 or higher
Configure the Barracuda Web Application Firewall to Send Logs to Symantec MSS
Steps to add a syslog server
- Go to the ADVANCED > Export Logs page.
- In the Export Logs section, click Add Export Log Server. The Add Export Log Server window opens. Specify values for the following:
- Name – Enter a name for the syslog NG server.
- Log Server Type - Select Syslog NG.
- IP Address or Hostname – Enter the IP address or the hostname of the syslog NG server.
- Port – Enter the port associated with the IP address of the syslog NG server.
- Connection Type – Select the connection type to transmit the logs from the Barracuda Web Application Firewall to the syslog server. UDP is the default port for syslog communication. UDP, TCP or SSL can be used in case of NG Syslog server.
- Validate Server Certificate – Set to Yes to validate the syslog server certificate using the internal bundle of Certificate Authority (CA) certificates packaged with the system. If set to No, any certificate from the syslog server is accepted.
- Client Certificate – When set to Yes, the Barracuda Web Application Firewall presents the certificate while connecting to the syslog server.
- Certificate – Select a certificate for the Barracuda Web Application Firewall to present when connecting to the syslog server. Certificates can be uploaded on the BASIC > Certificates page. For more information on how to upload a certificate, see How to Add an SSL Certificate.
- Log Timestamp and Hostname - Set to Yes if you want to log the date and time of the event, and the hostname configured on the BASIC > IP Configuration > Domain Configuration section.
- Click Add.
- To configure the logs format, in the Logs Format section, specify the following values for each feature:
- From the Syslog Header drop-down list, select ArcSight Log Header.
- From the Web Firewall Logs Format drop-down list, select HPE Arcsight CEF:0.
- From the Access Logs Format drop-down list, select HPE Arcsight CEF:0.
- From the Audit Logs Format drop-down list, select HPE Arcsight CEF:0.
- From the Network Firewall Logs Format drop-down list, select HPE Arcsight CEF:0.
- From the System Logs Format drop-down list, select HPE Arcsight CEF:0.