Barracuda Web streaming logs in incorrect format

%3CLINGO-SUB%20id%3D%22lingo-sub-1328708%22%20slang%3D%22en-US%22%3EBarracuda%20Web%20streaming%20logs%20in%20incorrect%20format%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1328708%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20Barracuda%20F-Series%20Next%20Gen%20firewall%20being%20used%20for%20VPN.%20I%20would%20like%20to%20use%20the%20web%20streaming%20service%20available%20in%20Barracuda%20to%20send%20the%20log%20files%20to%20MCAS.%3C%2FP%3E%3CP%3EI've%20configured%20a%20log%20collector%20and%20the%20files%20are%20being%20received%20and%20sent%20onto%20MCAS.%20However%20the%20governance%20log%20is%20stating%20the%20format%20is%20incorrect.%3C%2FP%3E%3CP%3EI've%20raised%20the%20case%20with%20Barracuda%20as%20to%20what%20the%20format%20should%20be%20and%20they%20have%20validated%20that%20the%20config%20from%20their%20side%20looks%20correct.%3C%2FP%3E%3CP%3EHas%20anyone%20had%20experience%20with%20Barracuda%20web%20logs%20and%20MCAS%20setup%20and%20could%20anyone%20point%20me%20to%20how%20I%20can%20view%20the%20the%20log%20files%20being%20received%20by%20MCAS%20to%20share%20with%20Barracuda%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunatley%20I%20dont%20have%20an%20alternate%20Syslog%20server%20to%20send%20the%20files%20to.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1328708%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1329970%22%20slang%3D%22en-US%22%3ERe%3A%20Barracuda%20Web%20streaming%20logs%20in%20incorrect%20format%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1329970%22%20slang%3D%22en-US%22%3Ehello%2C%20you%20can%20get%20the%20actual%20data%20being%20received%20by%20the%20log%20collector%20in%20the%20'messages'%20file%20inside%20the%20container.%20following%20are%20to%20be%20executed%20on%20the%20host%20running%20the%20log%20collector%20container%3CBR%20%2F%3Edocker%20ps%20%26lt%3B-%20to%20get%20the%20name%20of%20the%20container%3CBR%20%2F%3Edocker%20exec%20-it%20%3CCONTAINERNAME%3E%20bash%20%26lt%3B-%20to%20open%20a%20terminal%20session%20in%20to%20the%20container%3CBR%20%2F%3Ecd%20var%2Fadallom%2Fsyslog%2F%3CPORTONWHICHDATAISRECEIVED%3E%20%26lt%3B-%20this%20is%20where%20you%20should%20find%20a%20'messages'%20file%20if%20the%20collector%20is%20receiving%20data%3CBR%20%2F%3Ecat%20messages%20%26lt%3B-%20will%20dump%20contents%3CBR%20%2F%3Eor%20you%20can%20copy%20the%20entire%20file%20out%20to%20the%20host%20using%20docker%20cp%3C%2FPORTONWHICHDATAISRECEIVED%3E%3C%2FCONTAINERNAME%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

We have a Barracuda F-Series Next Gen firewall being used for VPN. I would like to use the web streaming service available in Barracuda to send the log files to MCAS.

I've configured a log collector and the files are being received and sent onto MCAS. However the governance log is stating the format is incorrect.

I've raised the case with Barracuda as to what the format should be and they have validated that the config from their side looks correct.

Has anyone had experience with Barracuda web logs and MCAS setup and could anyone point me to how I can view the the log files being received by MCAS to share with Barracuda?

 

Unfortunatley I dont have an alternate Syslog server to send the files to.

 

Any advice would be appreciated.

3 Replies
hello, you can get the actual data being received by the log collector in the 'messages' file inside the container. following are to be executed on the host running the log collector container
docker ps <- to get the name of the container
docker exec -it <containerName> bash <- to open a terminal session in to the container
cd var/adallom/syslog/<portOnWhichDataIsReceived> <- this is where you should find a 'messages' file if the collector is receiving data
cat messages <- will dump contents
or you can copy the entire file out to the host using docker cp

@rajatm Thanks for the advice, I've now obtained the message file and provided to Barracuda for them to review.

I've received a response from Barracuda that they have now logged this as a BUG so will update this thread if and when its resolved