Barracuda Web Security Gateway
Web filters and web proxies filters content and URLs, protecting any web browsing from malware, inappropriate content, and more.
Learn more about Barracuda Web Security Gateway here: https://campus.barracuda.com/product/websecuritygateway/doc/6160435/syslog-and-the-barracuda-web-security-gateway/?sl=AWuK6zMxgApyUO0LKStN&so=1
Before You Begin
You must enable syslog logging in the proper format in your Barracuda Web Filter appliance before configuring this event source in InsightIDR.
To enable syslog logging:
- Go to your Barracuda appliance.
- Select the Advanced tab.
- Select Syslog from the available options. A syslog configuration page appears.
- For “Enable W3C Logs,” select the No radio button.
- In the “Web Traffic Syslog” table, enter the port of your Barracuda appliance.
- Click the Add button on the right.
- Then enter the IP address and port of your InsightIDR collector.
- In the “Web Interface Syslog” table, repeat steps 6 and 7.
- Enter a comment in the “Comment” cell to identify these logs.
- Click the Save button.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the Web Proxy icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unfiltered logs.
- Select Listen for Syslog and specify the port you entered in the appliance, and a protocol.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.
After this event source is running, you will see data populating the Ingress map and the Ingress card on the Users & Accounts page.