All Apps and Add-ons

Looking for Barracuda app that's compatible with Splunk 7x

johnward4
Communicator

Hey guys,
My having trouble finding a compatible Barracuda app with Splunk Enterprise 7x.. I've tried configuring 3 of the apps currently available with the logs that being sent to my Splunk instance via syslog over udp 514 but no luck so far.

0 Karma

twitek
New Member

Hi @johnward4,

which Barracuda product are you using?

The plugin provided by @deepashri_123 if for the WAF/ADC. If you are looking for the NextGen Firewall, the plugin would be: https://splunkbase.splunk.com/app/2634/

Hope this helps!

0 Karma

johnward4
Communicator

I have that add-on installed but the only eventtype that I'm seeing is err0r. The fields don't appear to be being extracted/normalized via the add-ons props and transforms. I have been testing the other apps available in splunkbase but most are outdated for my version of Splunk and having a difficult time finding an app that displays the barracuda data collected in dashboard visualization

0 Karma

twitek
New Member

There is a page that documents the required setup: https://campus.barracuda.com/product/cloudgenfirewall/doc/73719600/splunk-integration/?sl=AWK4o5wZN7...

It's worth noting that there are a few specific settings on the firewall that need to be configured in order for the dashboards to work correctly, in particular:

In "General Firewall Configuration"
* Application Control Logging: Log-All-Applications
* Activity Log Mode: Log-Pipe-Separated-Key-Value-List

If you look at the "Search" app of Splunk, do you see the raw data there?

Hope this helps!

0 Karma

deepashri_123
Motivator

Hey@johnward4,

You can refer this add-on:
https://splunkbase.splunk.com/app/3776/#/details

Let me know if this helps!!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...