circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Barracuda

hashtag
Overview

Barracuda ingests and normalizes logs from Barracuda security appliances in Logpoint. Once ingested, you can explore and analyze the data using Logpoint's search capabilities and available analytics for this integration, including search templates and dashboards. This gives you clear visibility into firewall activity, web application security, email security, web filtering, and threat detection, enabling faster detection, compliance, and response.

The integration includes:

  • Syslog Collector to retrieve raw logs from Barracuda devices and ingest them into Logpoint for processing.

  • Syslog Parser to extract key fields from raw Barracuda logs.

  • BarracudaCompiledNormalizer (modularized) to convert the parsed logs into a standardized format for consistent analysis across Logpoint. The modularized normalizer includes specialized modules like BarracudaNGFirewallCompiledNormalizer, BarracudaEmailSGCompiledNormalizer, and BarracudaEmailSecurityServiceCompiledNormalizer that handle specific Barracuda product lines independently.

  • Dashboard packages (LP_Barracuda Web Application Firewall, LP_Barracuda SV Firewall, LP_Barracuda Web Filter), which provide a graphical and interactive overview of Barracuda activities, highlighting patterns including attack trends, email security events, web filtering actions, and firewall traffic. It allows you to quickly spot unusual behavior, monitor compliance, and track operational changes over time.

  • Search template (LP_BarracudaWAF) that provides pre-built queries for common Barracuda WAF monitoring and investigation use cases.

  • Label packages (LP_Barracuda NG Firewall, LP_Barracuda Web Filter) that provide relevant reference data for enrichment and correlation.

hashtag
Supported Events

  • Barracuda versions:

    • Barracuda NG Firewall (Model F600) - version 5.4.3-182

    • Barracuda System and Firewall

    • Barracuda Web Application Firewall (including CEF format)

    • Barracuda Firewall

    • Barracuda Web Filter

    • Barracuda Spam And Virus Firewall

    • Barracuda WAF

    • Barracuda Load Balancer and ADC 540Vx Loadbalancer

    • Barracuda Email Security Gateway

    • Barracuda Cloud Email Filter

    • Barracuda Email Security Service

  • Barracuda log types:

    • Web Application Firewall Events: Attack detection (DDOS, SQL injection, XSS), protocol violations, access logs, audit logs, traffic actions

    • Firewall Events: Allow/deny actions, network traffic, connection states, IPS alerts, session management

    • Email Security Events: Spam detection, virus scanning, banned attachments, message processing (RECV, SCAN, SEND), blocklist management

    • Web Filter Events: URL filtering, content type filtering, category matching, access control actions

    • Threat Detection: Intrusion prevention, malware detection, GeoIP-based blocking, application control

Last updated

Was this helpful?