When you configure Barracuda NextGen Firewalls to send log data to USM Anywhere, you can use the Barracuda NextGen Firewall plugin to translate the raw log data into normalized events for analysis.
Integrating Barracuda NextGen Firewalls
To configure Barracuda NextGen Firewalls to forward log data over Syslog to USM Anywhere
Go to the LOGS > Log Streaming.
In the Stream target field, type the hostname or IP address of your USM Anywhere Sensor.
Note: Only one target can be defined.
In Protocol / Port, enter
- port 514 if you're using UDP
- port 601 if you're using TCP
Select the log streams you want to enable.
Click Save Changes.
Verify that a connection exists between the device and the USM Anywhere Sensor.
- Go to BASIC > Recent Connections.
Filter the list of connections for the Protocol, Service, and Destination IP of your USM Anywhere Sensor.
The Barracuda Next Gen (NG) Firewall plugin will automatically process all messages when the raw message contains "box_Auth,box_Control, box_System, box_Config, box_SSH, box_Event, box_Firewall" or "srv_S1"..
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation: