You must use port 5140/5141 because the Barracuda CloudGen Firewall Splunk app can only process data received on these ports. Verify that you have a Data input entry for TCP or UDP port 5140 or TCP port 5141 (SSL) that listens for the incoming syslog streaming connections. The Splunk server must be configured to receive the syslog data. In the Log Policy section, set Log Level to Full-Logging.Īll firewall log data is now being streamed to the Splunk server.In the Log Policy section, set Activity Log Data to Log-Info-Text.In the Log Policy section, set Activity Log Mode to Log-Pipe-Separated-Value-List.In the Log Policy section, set Application Control Logging to Log-All-Applications.In the section Statistics Policy, set Generate Monitor Information to yes.In the section Statistics Policy, set Generate Dashboard Information to yes.In the left menu, click Audit and Reporting.In the Configuration Mode section of the left menu, click Switch to Advanced View.Go to your CloudGen Firewall > Infrastructure Services > General Firewall Configuration.In the Log Filters table, click + and select the Log Filter created in Step 1.2.In the Log Destinations table, click + and select the Log Destination created in Step 1.3.In the left menu, select Logdata Streams.Ĭreate a logdata stream configuration combining the previously configured Log Destinations and Log Filters. Loghost Port – Enter 5140 for plaintext or 5141 for SSL-encrypted connections.Ĭonfigure the Splunk server to receive SSL-encrypted connections. Loghost IP Address – Enter the IP address of the Splunk server. Configure the Splunk server logstream destination:.In the left menu, select Logstream Destinations.You can optionally choose to send all syslog data via an SSL-encrypted connection. Step 1.3 Configure the Logstream DestinationsĬonfigure the data transfer settings for the Splunk server. In the Affected Service Logdata section, select None from the Data Selector dropdown.In the Log Groups table, click + and select Firewall-Activity-Only from the list. In the Affected Box Logdata section select Selection from the Data Selector dropdown.The Filters window opens.Ĭlick + in the Data Selection table and select Firewall_Audit_Log.įatal_log and Panic_log data can also be streamed to the Splunk server, but are currently not processed by the Barracuda CloudGen Firewall F Series Splunk app.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |