When you configure the Barracuda Web Filter integration to send log data to USM Anywhere, you can use the Barracuda Web Filter plugin to translate the raw log data into normalized events for analysis.
|Device type||Web filter|
Barracuda Web Filter Integration
Before you configure the integration, you must have the IP Address of the USM Anywhere Sensor.
To send log data from Barracuda Web Filter to USM Anywhere
- Go to the Advanced tab and SYSLOG.
- Specify the IP Address of the USM Anywhere Sensor in both Web Traffic Syslog and Web Interface Syslog.
Note: In some instances, users with older firmware have reported event information being improperly parsed from syslog messages. As of the Web Security Gateway 12.0 firmware update, syslog messages are correctly parsed.
The Barracuda Web Filter plugin automatically processes all messages whose syslog tag matches one of the following values "httpscan,http_scan,sniff".
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
For troubleshooting, refer to the vendor documentation: