Integrating Barracuda Web Application Firewall



Similar documents
Integrating Symantec Endpoint Protection

Integrate Cisco IronPort Security Appliance (ESA)

Integrating Juniper Netscreen (ScreenOS)

Integrate Websense Web Security Gateway (WSG)

Integrate Cisco IronPort Web Security Appliance (WSA)

Integrate Microsoft Windows Hyper V

Integrate Astaro Security Gateway

Integrate Check Point Firewall

Enable File and Folder Auditing

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

EventTracker: Support to Non English Systems

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

EventTracker: Integrating Imperva SecureSphere

IIS Web Server Configuration Guide

How To- Create Local Account and Active Directory Authentication EventTracker Enterprise

IIS Web Server Configuration Guide

Monitor Mobile Devices via ActiveSync Using EventTracker

Secure IIS Web Server with SSL

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

Apache: Analyze Logs for Malicious Activities & Monitor Server Performance

Upgrade Guide. Upgrading to EventTracker v6.0. Upgrade Guide Columbia Gateway Drive, Suite 250 Publication Date: Sep 20, 2007.

How to Install MS SQL Server Express

Fifty Critical Alerts for Monitoring Windows Servers Best practices

EventTracker Enterprise v7.3 Installation Guide

EventTracker Knowledge Update

Hardening Guide for EventTracker Server

How to - Install EventTracker and Change Audit Agent

Monitor DHCP Logs. EventTracker. EventTracker Centre Park Drive Columbia MD Publication Date: July 16, 2009

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

LepideAuditor Suite for File Server. Installation and Configuration Guide

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Deciding When to Deploy Microsoft Windows SharePoint Services and Microsoft Office SharePoint Portal Server White Paper

AD RMS Step-by-Step Guide

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Installation and configuration guide

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

vcenter Operations Management Pack for SAP HANA Installation and Configuration Guide

Technical Brief for Windows Home Server Remote Access

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Monitoring Windows Workstations Seven Important Events

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER

File Auditor for NAS, Net App Edition

How to Secure a Groove Manager Web Site

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Windows Azure Pack Installation and Initial Configuration

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Monitoring Microsoft SQL Server Audit Logs with EventTracker The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

Windows Server Update Services 3.0 SP2 Step By Step Guide

Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

ScriptLogic File System Auditor User Guide

Endpoint Security Console. Version 3.0 User Guide

BusinessObjects Enterprise XI Release 2

Integrating Business Portal 3.0 with Microsoft Office SharePoint Portal Server 2003: A Natural Fit

Management Reporter Integration Guide for Microsoft Dynamics GP

EventTracker Enterprise v7.5

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Deploying System Center 2012 R2 Configuration Manager

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Introduction to DirectAccess in Windows Server 2012

Configuration Example

AvePoint SearchAll for Microsoft Dynamics CRM

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Management Reporter Integration Guide for Microsoft Dynamics AX

Installation and configuration guide

Deploying the Workspace Application for Microsoft SharePoint Online

Monitoring Exchange Server Using EventTracker

Business Portal for Microsoft Dynamics GP Field Service Suite

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Copyright. Disclaimer. Introduction 1. System Requirements Installing the software 4

HP IMC Firewall Manager

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Microsoft Dynamics GP SQL Server Reporting Services Guide

HP A-IMC Firewall Manager

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Specops Command. Installation Guide

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

DriveLock Quick Start Guide

Implementing and Supporting Windows Intune

Immotec Systems, Inc. SQL Server 2005 Installation Document

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Windows Small Business Server 2003 Upgrade Best Practices

Symantec AntiVirus Corporate Edition Patch Update

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

Configuring SSL VPN on the Cisco ISA500 Security Appliance

IBM. Vulnerability scanning and best practices

Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide

LogLogic Symantec Endpoint Protection Log Configuration Guide

Knowledge Base Articles

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

Transcription:

Integrating Barracuda Web Application Firewall EventTracker v7.x Publication Date: July 28, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

Abstract This guide provides instructions to configure Barracuda Web Application Firewall to send the syslog events to EventTracker Enterprise. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later, and Barracuda Firewall 100 and later. Audience Barracuda Web Application Firewall users, who wish to forward syslog events to EventTracker manager. The information contained in this document represents the current view of Prism Microsystems Inc. on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, and Prism Microsystems cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2014 Prism Microsystems Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Contents Abstract... 1 Scope... 1 Audience... 1 Barracuda Firewall... 3 Prerequisites... 3 Integration of EventTracker with Barracuda Firewall... 3 EventTracker Knowledge Pack (KP)... 6 Import Barracuda Firewall Knowledge pack into EventTracker... 8 To import Category... 8 To import Alerts... 10 Verify Barracuda Firewall knowledge pack in EventTracker... 11 Verify Barracuda Firewall Categories... 11 Verify Barracuda Firewall Alerts... 11 2

Barracuda Firewall The Barracuda Firewall provides all next-generation application control and user identity functions in an easy-to-use. It outperforms traditional firewalls and UTMs by integrating a powerful next-generation firewall appliance with scalable cloud content security. While the appliance is optimized for bandwidth-sensitive tasks like packet forwarding and routing, Layer 7 application control, Intrusion Prevention (IPS), DNS/DHCP services, and VPN connectivity, the cloud component handles processor-intensive tasks like virus scanning, content filtering, and reporting. Syslog can be configured to send to Event Tracker manager, alerts and reports can be configured into EventTracker. Prerequisites Prior to configuring Barracuda Web Application Firewall and the EventTracker Enterprise, ensure that you meet the following prerequisites: EventTracker should be installed. Barracuda Web Application Firewall should be installed and proper access permissions to make configuration changes. Administrative access on the EventTracker Enterprise. Integration of EventTracker with Barracuda Firewall To configure Barracuda Web Application Firewall to forward all logs to EventTracker Enterprise: 1. Log in to the Barracuda Web Application Firewall web interface. 2. Click the Advanced tab. 3. From the Advanced menu, select Export Logs. 4. Click Syslog Settings. 5. Configure a syslog facility value for the following options: 3

o o o o Web Firewall Logs Facility - Select a syslog facility between Local0 and Local7. Access Logs Facility - Select a syslog facility between Local0 and Local7. Audit Logs Facility - Select a syslog facility between Local0 and Local7. System Logs Facility - Select a syslog facility between Local0 and Local7. Setting a unique syslog facility for each log type allows the Barracuda Web Application Firewall to divide the logs in to different files. 6. Click Save Changes. 7. In the Name field, type name of the syslog server. 8. In the Syslog field, type IP address of your EventTracker Console or Event Collector. 9. From the Log Time Stamp option, select Yes. 10. From the Log Unit Name option, select Yes. 11. Click Add. 12. From the Web Firewall Logs Format list box, select Custom Format. 13. In the Web Firewall Logs Format field, type the following custom event format: t=%t ad=%ad ci=%ci cp=%cp au=%au 14. From the Access Logs Format list box, select Custom Format. 15. In the Access Logs Format field, type the following custom event format: t=%t p=%p s=%s id=%id ai=%ai ap=%ap ci=%ci cp=%cp si=%si sp=%sp cu=%cu 16. From the Audit Logs Format list box, select Custom Format. 17. In the Audit Logs Format field, type the following custom event format: t=%t trt=%trt an=%an li=%li lp=%lp 18. Click Save Changes. 19. From the navigation menu, select Basic > Administration. 20. From the System/Reload/Shutdown pane, click Restart. 4

The syslog configuration is complete after your Barracuda Web Application Firewall restarts. Barracuda Web Application Firewall events are automatically discovered. Events forwarded to EventTracker by Barracuda Web Application Firewall are displayed on the Log Search tab of EventTracker Enterprise. 5

EventTracker Knowledge Pack (KP) Once logs are received in to EventTracker, Alerts and reports can be configured into EventTracker. The following Knowledge Packs are available in EventTracker v7 to support Barracuda Web Application Firewall monitoring: Categories:- Barracuda: Application platform exploit - This category based report provides information related to application platform exploit. Barracuda: Authentication hijacking - This category based report provides information related to authentication hijacking. Barracuda: Buffer overflow attack - This category based report provides information related to buffer overflow attack. Barracuda: Command injection attack - This category based report provides information related to command injection attack. Barracuda: Cookie poisoning attack - This category based report provides information related to cookie poisoning attack. Barracuda: Cross-site scripting attack - This category based report provides information related to cross-site scripting attack. Barracuda: Denial-of-service attack - This category based report provides information related to denial-of-service attack. Barracuda: Directory traversal attack - This category based report provides information related to directory traversal attack. Barracuda: Error message interception - This category based report provides information related to error message interception. Barracuda: Firewall received messages - This category based report provides information related to firewall received messages. Barracuda: Firewall scan messages - This category based report provides information related to firewall scan messages. Barracuda: Firewall sending messages - This category based report provides information related to firewall sending messages. 6

Barracuda: Forceful browsing attack - This category based report provides information related to forceful browsing attack. Barracuda: Form tampering attack - This category based report provides information related to form tampering attack. Barracuda: Malicious file execution attack - This category based report provides information related to malicious file execution attack. Barracuda: Obfuscation attack - This category based report provides information related to obfuscation attack. Barracuda: Protocol exploit attack - This category based report provides information related to protocol exploit attack. Barracuda: SQL injection attack - This category based report provides information related to SQL injection attack. Barracuda: Traffic allowed - This category based report provides information related to traffic allowed. Barracuda: Traffic denied- This category based report provides information related to traffic denied. Alerts:- Barracuda: Authentication hijacking- This alert is generated when authentication hijacking occurs. Barracuda: Buffer overflow attack- This alert is generated when buffer overflow attack occurs. Barracuda: Command injection attack- This alert is generated when command injection attack occurs. Barracuda: Cookie poisoning attack- This alert is generated when cookie poisoning attack occurs. Barracuda: Cross-site scripting attack- This alert is generated when cross-site scripting attack. Barracuda: Denial-of-service attack- This alert is generated when denial-of-service attack occurs. Barracuda: Error message interception- This alert is generated when error message interception occurs. 7

Barracuda: Malicious file execution attack- This alert is generated when malicious file execution attack occurs. Barracuda: Obfuscation attack- This alert is generated when obfuscation attack occurs. Import Barracuda Firewall Knowledge pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click Import Export Utility. Click the Import tab. Import Category/Alert as given below. To import Category 1. Click Category option, and then click the browse button 8

Figure 1 2. Locate All Barracuda firewall group of Categories.iscat file, and then click the Open button. 3. Click the Import button to import the categories. EventTracker displays success message. Figure 2 4. Click OK, and then click the Close button. 9

To import Alerts 1. Click Alert option, and then click the browse button. Figure 3 2. Locate All Barracuda firewall group of Alerts.isalt file, and then click the Open button. 3. Click the Import button to import the alerts. EventTracker displays success message. Figure 4 4. Click OK, and then click the Close button. 10

Verify Barracuda Firewall knowledge pack in EventTracker Verify Barracuda Firewall Categories 1. Logon to EventTracker Enterprise. 2. Click the Admin dropdown, and then click Categories. 3. In the Category Tree, expand Barracuda Firewall group folder to view imported categories. Figure 7 Verify Barracuda Firewall Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin dropdown, and then click Alerts. 3. In Search field, type Barracuda Firewall, and then click the Go button. Alert Management page will display all the imported Barracuda Firewall device alerts. 11

Figure 8 4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 9 5. Click the OK button, and then click the Activate now button. NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information