Configure your Barracuda Web Application Firewall appliance to send syslog events to
IBM
QRadar.
Before you begin
Verify that firewalls between the Barracuda appliance and QRadar allow UDP
traffic on port 514.
Procedure
-
Log in to the Barracuda Web Application Firewall web interface.
-
Click the Advanced tab.
-
From the Advanced menu, select Export
Logs.
-
Click Add Syslog Server.
-
Configure the parameters:
| Option |
Description |
|---|
| Name |
The name of the QRadar Console or Event Collector |
| Syslog Server |
The IP address of your QRadar Console or Event Collector. |
| Port |
The port that is associated with the IP address of your QRadar Console or Event Collector.
If syslog messages are sent by UDP, use the default port, 514.
|
| Connection Type |
The connection type that transmits the logs from the Barracuda Web
Application Firewall to the QRadar Console or Event Collector. UDP is the default protocol for syslog
communication. |
| Validate Server Certificate |
No |
-
In the Log Formats pane, select a format from the list
box for each log type.
- If you are using newer versions of Barracuda Web Application Firewall,
select LEEF 1.0 (QRadar).
- If you are using older versions of Barracuda Web Application Firewall,
select Custom Format.
-
Click Save Changes.