Re: How can i parse syslog barracuda email securit...

darkwall · ‎02-12-2019

How can i parse syslog barracuda email security gateway in splunk 7.2

The Barracuda Spam/Virus Firewall Add-on support Splunk Versions: 6.5, 6.4, 6.3, 6.2 Is there an other APPS/ADD-on?
Or any how to that will help us will be great?

Thanks

mussab · ‎03-14-2019

I have used the same Add-on and it works fine for me
it is CIM comply.

darkwall · ‎03-14-2019

Hi Mussab

In fact some of the feature work but when i try to check the field REASON and ACTION didn't work only REASON_ID and ACTION_ID work So it's look the transform.conf did not work so What i've done is to create a custom app to make it work like I want.

The field REASON and ACTION dont work at all
In fact it's look like the transform.conf not working everything else look fine.

With the custom appp i can make it work.
Thanks

lakshman239 · ‎02-12-2019

Have you tried the add-on to parse your data? Are you seeing any issues? Hopefully they are version compatible.

darkwall · ‎02-12-2019

I've got no error on the installation of the add-on and it's look like everything work fine for now.

I'll monitore for the next few days and will see.

Thanks

darkwall · ‎02-13-2019

Hi I've tested the add-on and it works but not all the field are extrated some field like reason code, Barracuda process, info, etc...

Thanks

How can i parse syslog barracuda email security gateway in splunk 7.2 Barracuda Spam/Virus Firewall Add-onsupport 6.5...

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?