When you configure Barracuda NextGen Firewalls to send traffic log data to USM Anywhere, you can use the Barracuda NextGen Firewall Traffic plugin to translate the raw traffic log data into normalized events for analysis.
Integrating Barracuda NextGen Firewalls Traffic Log
Before you configure the Barracuda NextGen Firewalls integration, you must have the IP Address of the USM Anywhere Sensor.
To configure Barracuda NextGen Firewalls to forward traffic log data to USM Anywhere
- Log into the NG Admin console as root and select Box.
- In the Primary Navigation bar, select Configuration.
Go to Box > Infrastructure Services > Syslog Streaming.
- Right-click Syslog Streaming and select Lock.
On Syslog Streaming, under Basic Setup, select Yes for Enable Syslog Streaming.
If using SSL for log file streaming, you may require a certificate different from the key and certificate by which the box is routinely identified
- select Switch to Advanced View in the left Configuration Mode menu
- disable Use Box Certificate/Key
export the certificate and keye
This certificate must be imported on the destination server for SSL-based authentication.
In the top-right corner of the page, under the Task bar, click Send Changes.
Select Activation Pending.
The Barracuda Next Gen (NG) Firewall Traffic plugin will automatically process all messages when the raw message contains "httpscan,http_scan,sniff".
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: