Documentation Center
AlienVault® USM Anywhere™

Barracuda Web Filter

When you configure the Barracuda Web Filter integration to send log data to USM Anywhere, you can use the Barracuda Web Filter plugin to translate the raw log data into normalized events for analysis.

Device Details
Device vendor Barracuda
Device type Web filter
Connection type syslog
Vendor link https://www.barracuda.com/

Barracuda Web Filter Integration

Before you configure the integration, you must have the IP Address of the USM AnywhereUSM Appliance Sensor.

To send log data from Barracuda Web Filter to USM Anywhere

  1. Go to the Advanced tab and SYSLOG.
  2. Specify the IP Address of the USM Anywhere Sensor in both Web Traffic Syslog and Web Interface Syslog.

Plugin Enablement

The Barracuda Web Filter plugin automatically processes all messages whose syslog tag matches one of the following values "httpscan,http_scan,sniff".

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • audit_reason
  • bytes_in
  • bytes_out
  • content_category
  • destination_address
  • event_action
  • event_name
  • file_hash
  • matched_value
  • plugin_rule
  • request_content_type
  • request_url
  • source_address
  • source_username
  • timestamp_occured
  • timestamp_received

Troubleshooting

For troubleshooting, refer to the vendor documentation:

https://www.barracuda.com/support/knowledgebase

Note: In some instances, users with older firmware have reported event information being improperly parsed from syslog messages. As of the Web Security Gateway 12.0 firmware update, syslog messages are correctly parsed.