Share via

How to setup a syslog server with Azure

Computer Gladiator 111 Reputation points
2024-07-27T20:00:42.83+00:00

Hello, I would like to setup a syslog server to capture logs from a Barracuda WAF. It does not appear I can setup a BLOB server. Is there another method. The Barracuda help files states... If you are using a cloud service, they will provide you with the server hostname, port, and protocol. Barracuda WAF-as-a-Service can export logs via UDP, TCP, or SSL protocols.

Any suggestions appreciated

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,657 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 104.2K Reputation points MVP
    2024-07-27T20:54:33.6866667+00:00

    Hi @Computer Gladiator ,

    maybe using an Azure Log Analytics Workspace for logging fits your requirement instead of using a syslog server.

    Please take a look here: Barracuda Web Application Firewall with Microsoft Azure Log Analytics

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

    0 comments
  2. Computer Gladiator 111 Reputation points
    2024-07-27T23:51:23.98+00:00

    Thank you for this suggestion but I am using the Barracuda WAAS not the VM. Sorry should have been specific.

    0 comments
  3. Nehruji R 4,846 Reputation points Microsoft Vendor
    2024-07-29T15:30:06.97+00:00

    Hello Computer Gladiator,

    Greetings! Welcome to Microsoft Q&A Platform.

     

    I understand that you would like to setup a syslog server to capture logs from a Barracuda WAF which is indeed possible. If you are running syslog on a UNIX machine, be sure to start the syslog daemon process with the “-r” option so it can receive messages from external sources or if you are running syslog on windows machine, it requires an external software.

     

    Syslog server can collect, store, and manage log messages from various network devices and applications. To setup this, configure the Barracuda WAF and send its logs to the IP address and port of your syslog server, if there are any firewalls between the Barracuda Web Application Firewall and the configured export log servers, ensure that the respective port is open on the firewalls.

     

    Here is the doc for your reference: https://campus.barracuda.com/product/loadbalanceradc/doc/21364919/how-to-configure-syslog-and-other-logs/, https://campus.barracuda.com/product/webapplicationfirewall/doc/4259935/how-to-export-logs-from-the-barracuda-web-application-firewall.

    There are no special IPs for Syslog. It encrypts the traffic using TSL 1.2 to the standard public endpoints. Both the AMA and MMA agents share the same firewall requirements. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent#firewall-requirements

    Similar thread for reference - https://learn.microsoft.com/en-us/answers/questions/780462/logs-through-ama-agents

     

    Hope this answer helps! please let us know if you have any further queries. I’m happy to assist you further.

     

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments
  4. Computer Gladiator 111 Reputation points
    2024-07-29T16:01:33.41+00:00

    I think the links provided are for Barracuda VM WAF. I am using the WAF as a Service option with Barracuda. The only option I have for a syslog server is setup with my Azure portal using Log Analytics. I think I need to configure the WAF header information but have not figured out where to access that in Azure.

    Thank you

    0 comments