Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Configuration-Barracuda WAF
- Customer Success & Engineering (Unlicensed)
- 1 Overview
- 2 Steps Of Integration
- 3 Verification
- 3.1 On Barracuda WAF
- 3.2 On CCE Server
- 3.3 On UI
Overview
In this document we will guide you with the steps to integrate Barracuda WAF to receive syslog to the Seceon SIEM server for better visibility of threats happening in your environment.
Steps Of Integration
Note: Make sure you have admin access of barracuda WAF .
Login to your barracuda WAF console.
Click the setting icon
to access the administrative functions.
Select the Syslog Integration tab
Enter the CCE IP in IP Address/Hostname section
Put the port as 514 in the Port section
Click on Save.
Verification
On Barracuda WAF
Click on Test to ensure that Barracuda can connect with syslog.
(Test must be successful , if not then match the CCE IP and Port again )
On CCE Server
Login with seceon user and run the following command
sudo tcpdump -i any port 514 and host <Barracuda WAF IP>
On UI
Login to UI >>System>>Logs Flow Collection Screen
Inside Source Device IP column, WAF IP will reflect .
Reference: How to Connect to a Syslog
Seceon Inc. All rights reserved. https://www.seceon.com