circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Barracuda Log Reference

hashtag
Log Samples

Learn what raw Barracuda events look like before they're processed in Logpoint:

Barracuda Cloud Email Filter

<6> 2021-10-27T04:41:43Z ip-100.internal ESS91785[1]: {"message_id":"1633444894-105481-5298-10428-1","src_ip":"192.168.97.25","hdr_from":"\"Logpoint Publications\" <[email protected]>","account_id":"abc123","domain_id":"189043","ptr_record":"s1.asa1.acem.com","attachments":null,"recipients":[{"action":"allowed","reason":"m","reason_extra":"m","delivered":"delivered","delivery_detail":"logpoint-edu.mail.protection.outlook.com:25:250 2.6.0..."}],"hdr_to":"\"Leon Pedraza\" <[email protected]>","recipient_count":1,"dst_domain":"logpoint.edu","size":97272,"subject":"Develop deep knowledge of faculty development","env_from":"bounce-529093-2847-29700-lpedraza=logpoint.edu@s1.csa1.acemsa3.com","timestamp":"2021-10-05T14:41:40+0000","geoip":"USA","tls":true}

Intrusion Prevention System (IPS)

<12>Jul 06 07:40:54 xxxxxxx 1/sssss/ssss/box_Firewall_threat: Warning host firewall: [Request] Allow: IPS ALLIP(0) 1.1.1.1 -> 0.0.0.0:0 |[ID: 5000002 TCPIP Port or IP Address Scan]||2|Probing

Web Firewall Logs

2014-04-11 10:50:30.411 +0530 wafbox1 WF ALER PRE_1_0_REQUEST xx.xx.x.xxx 34006 xx.xx.xxx.x 80 global GLOBAL LOG NONE [POST /index.cgi] POST xx.xx.xxx.x /index.cgi HTTP REQ-0+RES-0 "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0" xx.xx.xxx.x 34005 ABC http://xx.xx.xxx.x /index.cgi

Barracuda System and Firewall

2010-02-03 01:49:09.077 -0800 logpointbox WF ALER SQL_INJECTION_IN_PARAM 1.1.1.7 361 1.1.1.20 webapp1:deny_ban GLOBAL LOG NONE "[type=""sql-injection-medium"" pattern=""sql-quote"" token=""' or "" Parameter=""address"" value=""hi' or 1=1--""]" POST 1.1.1.2/xxx-bin/process.xxx HTTP REQ-0+RES-0...

Barracuda NG Firewall

<14>Jun 15 07:52:08 LOGPOINT 1/DEBUxxx/LOGPOINT2/box_Firewall_Activity: Info LOGPOINT2 Allow: type=FWD|proto=TCP|srcIF=p2.1|srcIP=xxx.xx.xxx.x|srcPort=49609|srcMAC=xx:xx:xx:xx:xx:xx|dstIP=xxx.xx.x.xxx|dstPort=49155|dstService=|dstIF=p1|rule=INSIDELYNCAUDIOWAN|info=TF-Sync...

Barracuda Web Filter

<164>http_scan[15983]: 1418826306 1 1.1.1.1 1.1.1.2 application/javascript 1.1.1.3 http://1.1.1.4/lp/logpoint.com/warn.xx.10918xxxxxx/lp.ab.0328.0397/lp.cd.0329.0424?&tag=0&time=&eventid=&callback=PushStreamManager_0_onmessage_1418826313069&_=1418826313069 584 BYF ALLOWED CLEAN 2 1 0 5 3 (-) 1 - 0 - 0 - - [ldap0:pp.op] http://www.abc.com/push/

hashtag
Log Source Labels

Learn how Barracuda events are given their own labels in Logpoint.

LP_Barracuda NG Firewall Labels

Label
Description

Allow

Events with the Allow or LocalAllow action.

Deny

Events with the Deny or LocalDeny action.

Drop

Events with the Drop and LocalDrop action.

Detect

Events with the Detect or LocalDetect action.

Block

Events with the Block or LocalBlock action.

Remove

Events with the Remove or LocalRemove action.

Fail

Events with the Remove or LocalRemove action.

ARP

Events with the ARP action.

Normal, Operation

Events with the Normal Operation message.

Balance, Session, Idle, Timeout

Events with the Balanced Session Idle Timeout message.

Block, Rule

Events with the Block by Rule message.

Connection, Reset, Source

Events with the Connection Reset by Source message.

Session, Idle, Timeout

Events with the Session Idle Timeout message.

Connection, Reset

Events with the Connection Reset by Destination message.

Acknowledge, Timeout

Events with the Last ACK Timeout message.

TCP, Packet, Not, Active, Session

Events with the TCP Packet Belongs to no Active Session message.

ARP, Duplicate, MAC

Events with the ARP reply duplicate and MAC differs message.

ICMP, Packet, Ignore

Events with the ICMP Packet is Ignored message.

Connection, Timeout

Events with the Connect Timeout message.

Timeout

Events with the Unreachable Timeout message.

Block, Broadcast

Events with the Block Broadcast message.

Application, Control

Events with the Application Control message.

Detect, Not, Allow, Port

Events with the Unallowed Port Protocol Detected message.

Reverse, Routing, Interface, Mismatch

Events with the Reverse Routing Interface Mismatch message.

Accept, Timeout

Events with the Accept Timeout message.

TCP, Header, Invalid

Events with the TCP Header has an Invalid SEQ Number message or TCP Header has an Invalid ACK Number message.

IPS, Warning

Events with the IPS Warning message.

IPS, Drop, Log

Events with the IPS Drop Log message.

IPS, Alert

Events with the IPS Alert message.

Drop, Not, Allow, Port, Detect

Events with the Drop due to Unallowed Port Protocol message.

MAC, Address, Change

Events with the MAC Address Change message.

Local, Socket, Not, Present

Events with the No Local Socket Present message.

Policy, Block, URL, Category

Events with the URL Category Blocked by Policy message.

Block, Not, Rule, Match

Events with the Block no Rule Match message.

Not, Active, Session, ICMP, Packet

Events with the ICMP Packet Belongs to no Active Session message.

Internal, SSL, Error

Events with the Internal SSL Error message.

Invalid, Synchronization, Establish, TCP, Session

Events with the Invalid SYN for Established TCP Session message.

Drop, TCP, RST

Events with the Drop guessed TCP RST message.

Block, Local, Loop

Events with the Block Local Loop message.

Terminate, Content

Events with the Terminated due to content message.

IP, Header, Incomplete

Events with the IP Header is Incomplete message.

Request, IPS, Policy, Terminate

Events with the IPS Policy Requested Termination message.

Duplicate, IP, Detect, Match

Events with the Duplicate IP Detection Matched message.

TCP, Header, Incomplete

Events with the TCP Header is Incomplete message.

TCP, Header, Checksum, Invalid

Events with the TCP Header Checksum is Invalid message.

TF-Sync

Events with the TF-Sync message.

LP_Barracuda Web Filter Labels

Label
Description

Allow

Events with the ALLOWED action.

Block

Events with the BLOCKED action.

Detect

Events with the DETECTED action.

Clean

Events with the CLEAN reason.

Virus

Events with the VIRUS reason.

Spyware

Events with the SPYWARE reason.

Last updated

Was this helpful?