AlienVault® USM Anywhere™

Barracuda NextGen Firewalls Traffic

When you configure Barracuda NextGen Firewalls to send traffic log data to USM Anywhere, you can use the Barracuda NextGen Firewall Traffic plugin to translate the raw traffic log data into normalized events for analysis.

Device Details
Vendor Barracuda
Device Type Firewall
Connection Type Syslog

Integrating Barracuda NextGen Firewalls Traffic Log

Before you configure the Barracuda NextGen Firewalls integration, you must have the IP Address of the USM Anywhere Sensor.

To configure Barracuda NextGen Firewalls to forward traffic log data to USM Anywhere

  1. Log in to the NG Admin console as root and select Box.
  2. In the Primary Navigation bar, select Configuration.
  3. Go to Box > Infrastructure Services > Syslog Streaming.

  4. Right-click Syslog Streaming and select Lock.
  5. On Syslog Streaming, under Basic Setup, select Yes for Enable Syslog Streaming.

    If using SSL for log file streaming, you may require a certificate different from the key and certificate by which the box is routinely identified

    • select Switch to Advanced View in the left Configuration Mode menu
    • disable Use Box Certificate/Key
    • export the certificate and keye

      This certificate must be imported on the destination server for SSL-based authentication.

  6. In the top-right corner of the page, under the Task bar, click Send Changes.

  7. Select Activation Pending.

  8. Select Activate.

Plugin Enablement

The Barracuda Next Gen (NG) Firewall Traffic plugin automatically processes all messages when the raw message contains "httpscan,http_scan,sniff".

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • audit_reason
  • bytes_in
  • bytes_out
  • content_category
  • destination_address
  • event_action
  • event_name
  • file_hash
  • matched_value
  • plugin_rule
  • request_content_type
  • request_url
  • source_address
  • source_username
  • timestamp_occured
  • timestamp_received

Additional Resources and Troubleshooting

For troubleshooting, refer to the vendor documentation: