How To Export Logs To Arcsight Siem Devices

This document provides instructions for configuring a Barracuda Web Application Firewall to export logs to ArcSight SIEM devices, including ArcSight Logger and SmartConnector. It involves downloading and configuring the ArcSight device, then configuring the Barracuda firewall to send logs to the ArcSight device in CEF format over syslog. The logs can then be verified in the ArcSight system.

Uploaded by

alesia1990

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

245 views3 pages

How To Export Logs To Arcsight Siem Devices

Uploaded by

alesia1990

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Barracuda Web Application Firewall

How to Export Logs to ArcSight SIEM Devices

Exporting Logs to ArcSight Logger

Conﬁgure ArcSight Logger

Conﬁgure the Barracuda Web Application Firewall

Conﬁgure ArcSight Logger

1. Download ArcSight Logger[1] from the HP website.

2. Conﬁgure ArcSight Logger using the HP ArcSight Logger Admin Guide[2].

Ensure the logger is listening on UDP/TCP port. Example: 514.

Conﬁgure the Barracuda Web Application Firewall

1. Log into the Barracuda Web Application Firewall web interface.

2. Go to ADVANCED > Export Logs.
3. In the Syslog section, click Add Syslog Server and specify the following:
1. Name - Enter a name for the syslog server.
2. IP Address – Enter the IP address of the conﬁgured ArcSight Logger.
3. Port – Enter the port number on which the logger listens.
4. Connection Type – Set the connection type to transmit logs from the Barracuda Web Application
Firewall to the syslog server.
5. Specify values for other parameters as required and click Add.
4. In the Logs Format section:
1. Set ArcSight Log Header to Syslog Header.
2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight) log format.
3. Click Save.
5. Send logs to the conﬁgured syslog server.
6. Verify the ArcSight Logger displays the logs.

Exporting Logs to ArcSight SmartConnector

Conﬁgure SmartConnector
Conﬁgure the Barracuda Web Application Firewall

Conﬁgure SmartConnector

1. Download the latest version of ArcSight SmartConnector[3] from the HP website.

2. Install ArcSight SmartConnector on Windows, Linux, or another supported platform by following the steps
in the Smart Connector admin guide.
3. Ensure SmartConnector listens on the UDP/TCP port, and that the port is connected to a logger or other
device where the logs can be forwarded.

Conﬁgure the Barracuda Web Application Firewall

1. Log into the Barracuda Web Application Firewall web interface.

How to Export Logs to ArcSight SIEM Devices

1/3
Barracuda Web Application Firewall

4. Connection Type – Set the connection type to transmit the logs from the Barracuda Web
Application Firewall to the syslog server.
5. Specify values for other parameters as required and click Add.
4. In the Logs Format section:
1. Set ArcSight Log Header to Syslog Header.
2. Set Web Firewall Logs, Access Logs and Audit Logs to CEF:0 (ArcSight) log format.
3. Click Save.
5. Send logs to the conﬁgured syslog server.
6. Verify that the ArcSight Logger, or system where the SmartConnector forwards the logs, displays the
logs.