Hey guys,
My having trouble finding a compatible Barracuda app with Splunk Enterprise 7x.. I've tried configuring 3 of the apps currently available with the logs that being sent to my Splunk instance via syslog over udp 514 but no luck so far.
Hi @johnward4,
which Barracuda product are you using?
The plugin provided by @deepashri_123 if for the WAF/ADC. If you are looking for the NextGen Firewall, the plugin would be: https://splunkbase.splunk.com/app/2634/
Hope this helps!
I have that add-on installed but the only eventtype that I'm seeing is err0r. The fields don't appear to be being extracted/normalized via the add-ons props and transforms. I have been testing the other apps available in splunkbase but most are outdated for my version of Splunk and having a difficult time finding an app that displays the barracuda data collected in dashboard visualization
There is a page that documents the required setup: https://campus.barracuda.com/product/cloudgenfirewall/doc/73719600/splunk-integration/?sl=AWK4o5wZN7...
It's worth noting that there are a few specific settings on the firewall that need to be configured in order for the dashboards to work correctly, in particular:
In "General Firewall Configuration"
* Application Control Logging: Log-All-Applications
* Activity Log Mode: Log-Pipe-Separated-Key-Value-List
If you look at the "Search" app of Splunk, do you see the raw data there?
Hope this helps!
Hey@johnward4,
You can refer this add-on:
https://splunkbase.splunk.com/app/3776/#/details
Let me know if this helps!!