Configure your Barracuda Web Application Firewall appliance to send syslog events to
IBM®
QRadar®.
Before you begin
Verify that firewalls between the Barracuda appliance and QRadar allow UDP
traffic on port 514.
Procedure
-
Log in to the Barracuda Web Application Firewall web interface.
-
Click the Advanced tab.
-
From the Advanced menu, select Export
Logs.
-
Click Add Syslog Server.
-
Configure the parameters:
| Option |
Description |
|---|
| Name |
The name of the QRadar Console or Event Collector |
| Syslog Server |
The IP address of your QRadar Console or Event Collector. |
| Port |
The port that is associated with the IP address of your QRadar Console or Event Collector.
If syslog messages are sent by UDP, use the default port, 514.
|
| Connection Type |
The connection type that transmits the logs from the Barracuda Web
Application Firewall to the QRadar Console or Event Collector. UDP is the default protocol for syslog
communication. |
| Validate Server Certificate |
No |
-
In the Log Formats pane, select a format from the list
box for each log type.
- If you are using newer versions of Barracuda Web Application Firewall,
select LEEF 1.0 (QRadar).
- If you are using older versions of Barracuda Web Application Firewall,
select Custom Format.
-
Click Save Changes.