It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How to Integrate the Barracuda Web Application Firewall with Amazon CloudWatch

  • Last updated on

Overview

Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS hybrid, on-premises applications, and infrastructure resources. With CloudWatch, you can collect and access all your performance and operational data in the form of logs and metrics from a single platform.  

The integration of CloudWatch with the Barracuda Web Application Firewall provides data and actionable insights to monitor WAF applications. The integration helps in responding to system-wide performance changes, optimize resource utilization, and to get a unified view of operational health. 

The integration with CloudWatch works only on AWS instances that have an IAM role created and proper permissions attached.

Before You Begin

  1. Create an IAM role with relevant permissions and attach to a WAF Linux instance. The following permissions need to be provided to the IAM Role:
    • CreateLogStream
    • DescribeLogStreams

    • CreateLogGroup

    • PutLogEvents

Also, ensure that the IAM role attached to your WAF instance has the policy mentioned below to enable exporting logs from the Barracuda WAF to AWS CloudWatch.  

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        }
    ]
}

Adding a CloudWatch Server

Perform the following steps to add a CloudWatch server:

  1. Go to the  ADVANCED > Export Logs page.

  2. In the Export Logs section, click Add Export Log Server. The Add ExportLog Server window opens. Specify values for the following:

    • Name – Enter a name for the syslog NG server.

    • Log Server Type - Select Cloudwatch.

    • Log Timestamp and Hostname - Set to Yes if you want to log the date and time of the event, and the hostname configured on the BASIC > IP Configuration > Domain Configuration section.

    • Log Group Name - Enter a name for the log group. If this field is left blank, Barracuda_CL is used by default.

  3. Comment - (Optional) Enter comment about the new setting.

  4. Click Add.