Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Barracuda Spam & Virus Firewall

You can integrate Barracuda Spam & Virus Firewall with JSA.

The Barracuda Spam & Virus Firewall DSM for JSA accepts both mail syslog events and web syslog events from Barracuda Spam & Virus Firewall appliances.

Mail syslog events contain the event and action that is taken when the firewall processes email. Web syslog events record information on user activity, and configuration changes that occur on your Barracuda Spam & Virus Firewall appliance.

Before You Begin

Syslog messages are sent to JSA from Barracuda Spam & Virus Firewall by using UDP port 514. You must verify that any firewalls between JSA and your Barracuda Spam & Virus Firewall appliance allow UDP traffic on port 514.

Configuring Syslog Event Forwarding

You can configure syslog forwarding for Barracuda Spam & Virus Firewall.

  1. Log in to the Barracuda Spam & Virus Firewall web interface.

  2. Click the Advanced tab.

  3. From the Advanced menu, select Advanced Networking.

  4. In the Mail Syslog field, type the IP address of your JSA console or Event Collector.

  5. Click Add.

  6. In the Web Interface Syslog field, type the IP address of your JSA console or Event Collector.

  7. Click Add.

Syslog Log Source Parameters for Barracuda Spam Firewall

If JSA does not automatically detect the log source, add a Barracuda Spam Firewall log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Barracuda Spam & Virus Firewall:

Table 1: Syslog Parameters for Barracuda Spam & Virus Firewall DSM

Parameter

Value

Log Source Name

Type a name for the log source.

Log Source Description

Type a description for the log source.

Log Source type

Barracuda Spam & Virus Firewall

Protocol Configuration

Syslog

Protocol Configuration

Type the IP address or host name for the log source.

Barracuda Spam and Virus Firewall Sample Event Messages

Use these sample event messages to verify a successful integration with JSA.

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Barracuda Spam & Virus Firewall Sample Message when you use the Syslog Protocol

Sample 1: This sample event shows that a message is blocked because the user doesn’t exist.

Table 2: Highlighted Values in the Barracuda Spam & Virus Firewall Event

JSA field name

Highlighted values in the event payload

Event ID

Blocked Message is extracted from the Event ID field in JSA

Event Category

No such user

Source IP

192.168.0.1

Username

x7ZYJv5uCwenuD/3xNuYx0cYIAkqevlHLIZSj4XeuVOySIBOB8EwFiQ9lpD3MAgI

Device time

Apr 11 11:24:37 2012

Sample 2: This sample event shows that a message is blocked because of political intentions.

Table 3: Highlighted Values in the Barracuda Spam & Virus Firewall Sample Event

JSA field name

Highlighted values in the event payload

Event ID

Blocked Message is extracted from the Event ID field in JSA

Event Category

Intent - political is extracted from the Event Category field in JSA

Source IP

192.168.0.1

Username

qIWHXoYEpfP+Ut0/6KYPSBB/+f368IWMkt7vCt/wP0iySIBOB8EwFiQ9lpD3MAgI