Skip to content

Barracuda Email Security

The Barracuda Email Security Service is a cloud-based email security service that protects both inbound and outbound email against latest spam, viruses, worms, phishing, and denial of service attacks.

Reference: https://campus.barracuda.com/product/webapplicationfirewall/doc/4259935/how-to-configure-syslog-and-other-logs

If the instance of Barracuda WAF is deployed in Azure Security Center, an Azure Event Hub server is added with the preset custom log format for “Web Firewall Logs Format”. If a Microsoft Azure OMS server is added, some of the WAF object logs that are sent to the OMS server will have incorrect values. Therefore, it is recommended not to use the Microsoft Azure OMS server as an “Export Log” server when the instance is deployed in Azure Security Center.

Chronicle Data Types

  • BARRACUDA_EMAIL

Configuration - Add a Syslog Server (local)

  1. Navigate to ADVANCED > Export Logs

  2. In the Export Logs section, click Add Export Log Server. In the Add Export Log Server window, specify values for the following:

  3. Name - Enter a name for the CYCLOPS forwarder (ex. CYCLOPS)

  4. Log Server Type - Select Syslog NG
  5. IP Address or Hostname - Enter the IP address of the CYCLOPS forwarder
  6. Port - Enter the port number provided by Cyderes
  7. Connection Type - Select the connection type to transmit the logs from the Barracuda Appliance. UDP is the default protocol but TCP and SSL can be used as well. Note: TCP is recommended.
  8. Log Timestamp and Hostname – Set to Yes to log the date, time, and hostname configured in the BASIC > IP Configuration > Domain Configuration section

Click Add

Configuration - Add a Syslog Server (cloud)

  1. Navigate to ADVANCED > Export Logs

  2. In Export Logs section, click Add Export Log Server. In the Add Export Log Server window, specify values for the following:

  3. Name - Enter a name for the CYCLOPS forwarder (ex. CYCLOPS)

  4. Log Server Type - Select CloudSyslog Service
  5. IP Address or Hostname - Enter the IP address of the Cyderes Cloud Collector (provided by Cyderes)
  6. Port - Enter the port number provided by Cyderes
  7. Log Timestamp and Hostname – Set to Yes to log the date, time, and hostname configured in the BASIC > IP Configuration > Domain Configuration section

Click Add