2 Replies Latest reply on Aug 7, 2014 1:13 PM by gavinl

    Getting mail syslogs from a Barracuda Spam & Virus Firewall

    gavinl

      Hi,

       

      I have a Barracuda Spam & Virus Firewall, which comes with the ability to send out a couple of different types of syslog.  The ones I'm most interested in getting into my LEM is the mail syslogs.  So I entered the IP of my LEM in there and saved changes.  So far so good.

       

      Now back in the LEM I see a few different built-in connectors for Barracuda products, but not specifically for the Web & Virus Firewalls.  I tried a couple of different ones, and tried changing the facility to "local2" for mail (totally guessing here), but no syslogs are coming through.

       

      What else might I need to do in order to successfully make a connection to the Barracuda?

       

      I'm running LEM v6.0 with the most recent connectors as of two days ago.

       

      Thanks!

       

      Gavin

        • Re: Getting mail syslogs from a Barracuda Spam & Virus Firewall
          nicole pauls

          Hey Gavin,

           

          First, have you tried using the "Add Node" wizard to have it scan your syslog and suggest the right connector? It'll scan through your logs and match against the connectors to try to figure out what goes where.

           

          Next, I am not quickly finding what/whether a connector matches up, so if in doubt that there is a connector or add node wizard doesn't find one, feel free to submit a support request - if we don't have coverage, we should be able to add it (this seems weird to me for the virus logs especially, but maybe it's just not come up since most people are using the web filter).  I know for sure the Barracuda Admin connector will catch the device changes, that one is universal across all the native Barracuda devices.

          1 of 1 people found this helpful
            • Re: Getting mail syslogs from a Barracuda Spam & Virus Firewall
              gavinl

              Hi Nicole,

               

              Thanks for your response.  The Barracuda Admin connector successfully pulls in syslogs from our load balancers, but not our spam & virus firewalls...  Edit: The Admin side works after using generating an event with a failed login.  So that's good!  But I still need to figure out the mail-side syslogs.

               

              I tried a Node discovery yesterday, and got a couple of results, but they were erroneous: an F5 appliance and something else that we don't have.  I'm not sure if this was from the Barracuda syslogs or not to be honest, so I'll try again today and update this thread if something works out.

               

              I will submit a support request for a connector specific to the Spam & Virus firewall.  Thank you for that suggestion.  In the meantime if you or anyone else have any further advice I'll gladly try it!

               

              Much appreciated,

               

              Gavin