How it Works
Barracuda
Loading...
WEB FILTER
Quick Start Guide
2 pgs73.5 Kb0
User Manual
2 pgs73.69 Kb0
Administrator's Guide
99 pgs4.23 Mb0
User Guide
5 pgs100.3 Kb0
Quick Start Guide [fr]
2 pgs253.01 Kb0
Quick Start Guide [ja]
2 pgs368.88 Kb0
Quick Start Guide [ko]
3 pgs271.96 Kb0
Quick Start Guide [zh]
2 pgs619.13 Kb0
Table of contents
Loading...

Barracuda Web Filter User Guide

Understanding Syslog Messages
for the Barracuda Web Filter

Overview

This document describes each element of a syslog message so you can better analyze why your Barracuda Web Filter performs a particular action for each traffic request.
The Barracuda Web Filter uses syslog messages to log what happens to each traffic req uest performed by your users. The syslog messages are sent to a text file on the Barracuda Web Filter, as well as to a remote server specified by the Barracuda Web Filter administrator.
To enable syslog reporting on your Barracuda Web Filter, go to the Advanced > Syslog page in the admin interface, and enter the IP address of the syslog server that you want to direct messages to. If you are running syslog on a UNIX machine, be sure to start the syslog daemon process with the “-r” option so that it can receive messages from sources other than itself. Windows users will have to install a separate program to use syslog because the Windows OS does not include syslog capabilities. Kiwi Syslog is a popul ar solution, but many others are available that are both free and commercial.
Syslog messages are sent to the standard syslog UDP port 514. If there are any firewalls between the Barracuda Web Filter and the server receiving the syslog messages, be sure that port 514 is open on the firewalls. The syslog messages arrive on the mail facility at the debug priority level. As the Barracuda Web Filter uses the syslog messages internally for its own message logging, it is not possible to change the facility or the priority level. For more information about where the syslog messages will be placed, refer to the documentation of your syslog server.

Syslog Format

Each syslog message contains three types of information:
Section 1: Basic Information
Section 2: Transparent Proxy Information
Section 3: Policy Engine Information
This section identifies each element of the syslog using based on the following example:
Sep 19 17:07:07 Barracuda httpscan[3365]: 1158710827 1 10.1.1.8 172.27.72.27 text/html 10.1.1.8 http://www.sex.com/ 2704 3767734cc16059e52447ee498d31f822 ALLOWED CLEAN 2 1 0 1 3 - 1 adult 0 - 0 sex.com adult,porn ANON
Understanding the Syslog Messages 1

Syslog Examples

This section shows three syslog examples.

Example 1. Clean, policy-allowed traffic

The following example shows a syslog message for clean traffic going to an allowed Web site (CNN.com). The term “clean” represents traffic that does not contain viruses or spyware.
Sep 19 17:06:59 Barracuda httpscan[3365]: 1158710819 1 10.1.1.8 64.236.16.139 image/gif 10.1.1.8 http://i.cnn.net/cnn/.element/img/1.3/video/tab.middle.on.gif 1744 3767734cc16059e52447ee498d31f822 ALLOWED CLEAN 2 0 0 0 0 - 0 - 0 - 0 cnn.net news ANON

Example 2: Clean, policy-denied traffic

The following example shows “clean” traffic going to a Web site that is blocke d by one of the Barracuda Web Filter policies. In this example, the web site sex.com is blocked by the…
Sep 19 17:07:07 Barracuda httpscan[3365]: 1158710827 1 10.1.1.8 172.27.72.27 text/html 10.1.1.8 http://www.sex.com/ 2704 3767734cc16059e52447ee498d31f822 ALLOWED CLEAN 2 1 0 1 3 - 1 adult 0 - 0 sex.com adult,porn ANON
Understanding the Syslog Messages 2
Loading...
+ 3 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use