Barracuda Web Filter
You can integrate Barracuda Web Filter appliance events with JSA.
The Barracuda Web Filter DSM for JSA accepts web traffic and web interface events in syslog format that are forwarded by Barracuda Web Filter appliances.
Web traffic events contain the events, and any actions that are taken when the appliance processes web traffic. Web interface events contain user login activity and configuration changes to the Web Filter appliance.
Before You Begin
Syslog messages are forward to JSA by using UDP port 514. You must verify that any firewalls between JSA and your Barracuda Web Filter appliance allow UDP traffic on port 514.
Configuring Syslog Event Forwarding
Configure syslog forwarding for Barracuda Web Filter.
Log in to the Barracuda Web Filter web interface.
Click the Advanced tab.
From the Advanced menu, select Syslog.
From the Web Traffic Syslog field, type the IP address of your JSA console or Event Collector.
Click Add.
From the Web Interface Syslog field, type the IP address of your JSA console or Event Collector.
Click Add.
The syslog configuration is complete.
Syslog Log Source Parameters for Barracuda Web Filter
If JSA does not automatically detect the log source, add a Barracuda Web Filter log source on the JSA Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect syslog events from Barracuda Web Filter:
Parameter |
Value |
---|---|
Log Source Name |
Type a name for the log source. |
Log Source Description |
Type a description for the log source. |
Log Source type |
Barracuda Web Filter |
Protocol Configuration |
Syslog |
Protocol Configuration |
Type the IP address or host name for the log source as an identifier for events from your Barracuda Web Filter appliance. |
Barracuda Web Filter Sample Event Message
Use this sample event messages to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Barracuda Web Filter sample message when you use the Syslog protocol
The following sample event message shows a failed login.
<142> web: [10.22.111.109] FAILED_LOGIN (leec)
JSA field name |
Highlighted payload field name |
---|---|
Event ID |
FAILED_LOGIN |
FAILED_LOGIN |
10.22.111.109 |
Username |
leec |