The Barracuda Web Application Firewall generates five types of logs that can be exported to the configured external log servers. These logs also reside on the Barracuda Web Application Firewall log database, viewable on the web interface on various tabs. In addition, logs can be exported in CSV format to external files. This article describes each element of log messages, so that an administrator can analyze events and understand how the Barracuda Web Application Firewall handles each logged event. The log format details can help you use external parsers or other agents, available starting with version 7.0.x of the firmware, to process the log messages sent from the Barracuda Web Application Firewall.
The following logs are explained briefly here. These logs can be segregated and distributed using the LOCAL 0 through LOCAL 7 facilities, making management of these logs on the external log servers easier.
- : Logs events generated by the system showing the general activity of the system.
- : Logs events that indicate the web firewall activity such as allowing, blocking, or modifying the incoming requests and responses as defined in the Barracuda Web Application Firewall rules and policies.
- : Logs events pertaining to traffic activity and various elements of the incoming HTTP request and the responses from the backend servers.
- : Logs events pertaining to the auditing events generated by the system including configuration and UI activity by users like admin.
- Network Firewall Logs: Logs events generated whenever network traffic passing through the interfaces (WAN, LAN, and MGMT) matches the configured Network ACL rule.
If you have any questions after reading this document, please Barracuda Networks Technical Support.