We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How do I investigate an infection activity on the Barracuda Web Filter?

  • Type: Knowledgebase
  • Date changed: 5 years ago
Solution #00006243

Scope:
Applies to all Barracuda Web Filter appliances on all versions of firmware.

Answer:
The Barracuda Web Filter documents spyware infection activity blocking under the Basic>Infection Activity log. Log entries display the spyware name, the last time the infection activity block occurred, and the source IP of the request. Infection activity blocks can occur when an IP or port number matches an entry on a list Barracuda distributes with our Energize Updates. Currently, the infection activity page does not list the destination IP that triggered the block. In order to view this and other information, perform the following steps:
  1. Navigate to Basic>Infection Activity.
  2. For the investigated infection, collect the “Last Seen” time and the IP.
  3. Now, navigate to Basic>Reports.
  4. Under “Time Frame”, change the Start time to 1 minute before the “Last Seen” time. Also, change the End time to 1 minute after the “Last Seen” time.
  5. Under the “Limit Report to” dropbox, select “IP Address”.
  6. Enter the IP listed on the Infection Activity page. Click Add.
  7. Under “Web Activity”, view the ”Destination IPs by Request”.
  8. You will see a report with all spysite IPs that the host visited during the infection time.
  9. You can also view the “Domains by Request” for the associated domain, if applicable.
  10. Finally, view “Users by Requests” to determine the user or machine name associated with the request.

Additional Notes:
The Infection Activity page will not display blocked virus download attempts. This page only displays blocks based on destination IP or port. To view virus download activity, go to Basic>Reports, and click view next to Virus Downloads.

Link to This Page:

https://www.barracuda.com/kb?id=
501600000013MQQ