icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Barracuda CloudGen Firewall
SHA256 checksum (barracuda-cloudgen-firewall_1010.tgz) 9a49fd0f022c2b4d0e45e35fc3ab36c054f625013b9d0d91c1debaedadd31441 SHA256 checksum (barracuda-cloudgen-firewall_109.tgz) a7ff26d103b354e41a5ee3ec769367b1554e22902cf47fc7a5f81e28d872f4db SHA256 checksum (barracuda-cloudgen-firewall_108.tgz) 773d10f96fcec6263a2c7ef1a657051b9e739784b0f55abf5dba9e434dd29953 SHA256 checksum (barracuda-cloudgen-firewall_107.tgz) 4ea01b14e6efd4f408516ca0880ac733b187bdb82064f841ac0cf0cb7c1e0ae2 SHA256 checksum (barracuda-cloudgen-firewall_106.tgz) e03b4e3cdd738419a28c3c1d1bb2ee310e6b33fb183987d8efb20d5aeeda0784 SHA256 checksum (barracuda-cloudgen-firewall_105.tgz) e9d60bb1a7a0ab900c218d12f03837c44fa7a79c4fb4ca611ad30af29a533d86 SHA256 checksum (barracuda-cloudgen-firewall_104.tgz) acd04c93cf20085c3898454936e43e88a22e679b04297bdef6eb29f174c3dfb7 SHA256 checksum (barracuda-cloudgen-firewall_101.tgz) a25e8fe3ea09494094b8ca4a0522aac39f8eb117ac936e912379b0454c1548b5 SHA256 checksum (barracuda-cloudgen-firewall_10.tgz) ec315dca350eb48c1cc62d9a7219378178803297a2ce33689e5d3ece650f84d6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Barracuda CloudGen Firewall

The Barracuda NG Firewall is an enterprise-grade next-generation firewall that was purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments. In addition to next-generation firewall protection, it provides industry-leading operations efficiency and added business value by safe-guarding network traffic against line outages and link quality degradation.

The Barracuda NG Firewall app shows information on matched access rules, detected applications, and applied URL filter polices on various fixed and real-time timelines.

Step 1. Configure Syslog Streaming on Barracuda NG Firewalls

Configure and enable syslog streaming for every Barracuda NG Firewall you want to include in the Splunk App.

Step 1.1. Enable Syslog Streaming

Open the Syslog Streaming page (Config > Full Config > Box > Infrastructure Services).
Click Lock.
Set Enable the Syslog service to yes.
Click Send Changes and Activate.

Step 1.2. Configure Logdata Filters

Define profiles specifying the log file types to be transferred / streamed.

Open the Syslog Streaming page (Config > Full Config > Box > Infrastructure Services).
In the left menu, select Logdata Filters .
Click Lock.
Click the + icon to add a new filter.
Enter a Name and click OK. The Filters window opens.
Click + in the Data Selection table and select Firewall_Audit_Log.

Fatal_log and Panic_log data can also be streamed to the Splunk server, but are currently not processed by the Barracuda NG Firewall Splunk app.
Select Selection from the Affected Box Logdata dropdown and click +. The Data Selection window opens.
Enter a Name and click OK.
In the Log Groups table, click + and select Firewall-Activity-Only from the list.

Click OK.
Select All from the Data Selector dropdown menu.
Click OK.
Click Send Changes and Activate.
Step 1.3. Configure the Logstream Destinations

Configure the data transfer settings for the Splunk server. You can optionally choose to send all syslog data via an SSL-encrypted connection.

Open the Syslog Streaming page (Config > Full Config > Box > Infrastructure Services).
In the left menu, click Logstream Destinations.
Click Lock.
Click + in the Destinations table. The Destinations window opens.
Configure the Splunk server logstream destination:
Remote Loghost – Select explicit-IP .
Loghost IP Address – Enter the IP address of the Splunk server.
Loghost Port – Enter 5140 for plaintext or 5141 for SSL-encrypted connections.
The Barracuda NG Firewall app can only process syslog data that is received on port 5140 (not encrypted) or 5141 for SSL-encrypted connections.
Transmission Mode – Select TCP or UDP (only for unencrypted connections).
Sender IP – Enter the management IP address of the Barracuda NG Firewall.
(optional) Use SSL Encapsulation – Select yes to send the syslog stream over an SSL-encrypted connection.
(optional) Peer SSL Certificate – Import the SSL certificate configured on the Splunk server for this data import.
Configure the Splunk server to receive SSL-encrypted connections. For more information, see http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf.
Override Node Name – Select no.
Click OK.
Click Send Changes and Activate.
Step 1.4. Configure Logdata Streams

Create a logdata stream configuration combining the previously configured Log Destinations and Log Filters.

Open the Syslog Streaming page (Config > Full Config > Box > Infrastructure Services).
In the left menu, click Logstream Stream .
Click Lock.
Click + in the Streams table.
Enter a Name and click OK. The Streams window opens.
In the Log Destinations table, click + and select the Log Destination created in Step 1.3.
In the Log Filters table, click + and select the Log Filter created in Step 1.2.
Click OK.
Click Send Changes and Activate.
All firewall log data is now being streamed to the Splunk server.

Step 2. Data Data Input on Splunk

The Splunk server must be configured to receive the syslog data. Verify that you have a Data input entry for TCP or UDP port 5140 or TCP port 5141 (SSL) that listens for the incoming syslog streaming connections. You must use port 5140/5141 because the Barracuda NG Firewall Splunk app can only process data received on these ports. For more information, see http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Monitornetworkports.

Step 3. (optional) Enable SSL Encryption for Barracuda NG Firewall Splunk App

If you want to SSL encrypt connections with Splunk, you must modify the inputs.conf configuration file for the Barracuda NG Firewall Splunk App.

Copy your SSL certificates to /opt/splunk-6.2/etc/auth/server.pem and /opt/splunk-6.2/etc/auth/box-cert.pem.
Login to the Splunk server via SSH.
Edit $SPLUNK_HOME/etc/apps/BarracudaNGFirewall/default/inputs.conf and add a section for SSL:

serverCert = /opt/splunk-6.2/etc/auth/server.pem
password = password
requireClientCert = true
rootCA = /opt/splunk-6.2/etc/box-cert.pem
Restart Splunk.
Certificate Troubleshooting

If you see log messages containing the string "alert bad certificate" in the bsyslog log file, the rootCA certificate is either missing or invalid. Set requireClientCert to false to disable the certificate check.

2014 12 16 09:43:34 Notice +01:00 Syslog connection established; fd='14', server='AF_INET(', local='AF_INET(' 2014 12 16 09:43:34 Error +01:00 [18697:4146318224] SSL_connect:14094412: error:14094412:SSL outines:SSL3_READ_BYTES:sslv3 alert bad certificate
Step 4. Enable Application Logging in the Firewall

Application data is collected on a per-access rule basis. Set the Application Log Policy to Log All Applications in the Advanced Firewall Rule Settings for each access rule that matches traffic you want to include in the data collected on the Splunk server. For more information, see Advanced Firewall Rule Settings.

Release Notes

Version 1.0.10
April 27, 2020
  • Fix sourcetype renaming
Version 1.0.9
April 27, 2020
  • Fix sourcetype renaming
Version 1.0.8
April 1, 2020
  • Updated app.conf to include build number
Version 1.0.7
April 1, 2020
  • Updated for Splunk v8.0
  • Fixed dashboard filters for All, Blocked, Allowed and Dropped
  • Separated Application and URL Category dashboards
Version 1.0.6
Feb. 27, 2020
Version 1.0.5
Feb. 27, 2020
Version 1.0.4
Feb. 27, 2020

Updated. icons

Version 1.0.1
Feb. 4, 2015
  • Added statistics for dropped firewall traffic
  • Fixed a problem with some tabular data
  • Removed aggregation into "other" for firewall action summary
Version 1.0
Feb. 2, 2015

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.