Barracuda Web Application Firewall
The IBM® QRadar® DSM for Barracuda Web Application Firewall collects syslog LEEF and custom events from Barracuda Web Application Firewall devices.
The following table identifies the specifications for the Barracuda
Web Application Firewall DSM:
| Specification | Value |
|---|---|
| Manufacturer | Barracuda |
| DSM name | Web Application Firewall |
| RPM file name | DSM-BarracudaWebApplicationFirewall-QRadar_version-build_number.noarch.rpm |
| Supported versions | V7.0.x and later |
| Protocol type | Syslog |
| QRadar recorded event types | System Web Access Audit |
| Automatically discovered? | If LEEF-formatted payloads, the log source is automatically discovered. If custom-formatted payloads, the log source is not automatically discovered. |
| Included identity? | Yes |
| More information | Barracuda Networks website (https://www.barracuda.com) |
To collect syslog events from Barracuda Web Application Firewall,
use the following steps:
- If automatic updates are not enabled, download the most recent version of the following RPMs
from the IBM Support Website onto your QRadar
Console:
- Barracuda Web Application Firewall DSM RPM
- DSMCommon RPM
- Configure your Barracuda Web Application Firewall device to send syslog events to QRadar.
- Add a Barracuda Web Application Firewall log source on the QRadar
Console. The following table describes the parameters
that require specific values that are required
for Barracuda Web Application Firewall event
collection:
Table 2. Barracuda Web Application Firewall log source parameters Parameter Value Log Source type Barracuda Web Application Firewall Protocol Configuration Syslog