Overview
Configure Barracuda Web Application Firewall (WAF) to send event logs directly to Blumira. This integration will add several new data sources, which you can use for reporting and compliance. After completing the procedure below, the following Barracuda WAF logs will be sent to Blumira:
- Access logs
- Audit logs
- System logs
- Traffic logs
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- In the Overview section, next to Host Details, copy the IP address.
Configuring Barracuda WAF log export
To configure the Barracuda WAF, do the following:
- Log in to your Barracuda WAF as an administrator.
- Navigate to Advanced > Export Logs.
- Click Add Log Server.
-
In the Add Export Log Server window, do the following:
- In the Name box, type a name for this integration.
- In the Log Server Type box, select Syslog NG.
- In the IP Address or Hostname box, type your Blumira sensor's IP address.
- In the Port box, type 514.
- In the Connection Type options, select UDP.
- In the Validate Server Certificate options, select No.
- In the Client Certificate options, select No.
- In the Log Timestamp and Hostname options, select Yes.
- Click Add.
- Leave all default settings in place within the Logs Format section.