×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
dgraham7
New Member
Member since: ‎05-30-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-30-2018
View All

Re: Reports from Barracuda Load Balancer ADC

by in All Apps and Add-ons
‎05-30-2018 11:19 AM
‎05-30-2018 11:19 AM
Thanks, Josh. Trying to get Splunk up and running as a proof of concept so this has been fun. Not sure if the ADC should send as W3C format, Default format, Splunk format or any other format types. The data comes back as barracuda:log (first 2) and barracuda:wf (last 2) respectively below. May 30 13:01:08 172.16.1.233 May 30 13:01:20 INWDPLB01 2018-05-30 13:01:20.783 -0500 209.41.122.98 "-" POST "-" "-" /form.aspx/CheckUnlockStatus https://site.mysite.com/form.aspx?pid=44026f71-62a6-43dd-ad40-fb294ffeba58&formid=&forminstid=b75a90e8-efb3-4d32-bee1-80e71 May 30 13:04:09 172.16.1.233 May 30 13:04:21 INWDPLB01 2018-05-30 13:04:21.788 -0500 209.41.122.98 "-" POST "-" "-" /form.aspx/CheckUnlockStatus https://site.mysite.com/form.aspx?pid=44026f71-62a6-43dd-ad40-fb294ffeba58&formid=&forminstid=2512cde7-dc5b-47c7-a91d-a602c May 30 13:04:09 172.16.1.233 May 30 13:04:21 INWDPLB01 2018-05-30 13:04:21.915 -0500 INWDPLB01 WF ALER UNKNOWN_CONTENT_TYPE 209.41.122.98 24706 172.16.1.233 443 LOG NONE [Content-type="application/json" PathInfo="CheckUnlockStatus"] POST site.mysite.com/form.aspx TLSv1.2 209.41.122.98 24706 May 30 13:03:56 172.16.1.233 May 30 13:04:08 INWDPLB01 2018-05-30 13:04:08.604 -0500 INWDPLB01 WF ALER UNKNOWN_CONTENT_TYPE 209.41.122.100 35419 172.16.1.233 443 LOG NONE [Content-type="application/json"] POST site2.mysite.com/owa/service.svc TLSv1.2 209.41.122.100 35419 Seems like it should be a simple web parsing, but my lack of Splunk knowledge and pulling things in just may be the problem here. Hope that helps clear this up some. Cheers ... View more

Reports from Barracuda Load Balancer ADC

by in All Apps and Add-ons
‎05-30-2018 09:41 AM
‎05-30-2018 09:41 AM
I am using the Barracuda Load Balancer ADC for handling incoming traffic to our web servers. I currently do not have it passing the source IP to the web server so the web server is not showing the IP address of the user, just the IP address of the Load Balancer. I can change the Load Balancer to forward that but really do not want to muck with things if I do not have to. There are also other web sites that I would like to grab some info on but I do not want to install Splunk on. So, All of the information is coming through the Load Balancer and I have sent the logs to Splunk on UDP 514. I have installed the Barracuda WAF/ADC add-on for Splunk. To try to read that information I installed the Barracuda Web Filter, but that does not seem to be working. I see the logs and some have the source type of Barracuda:waf and some with barracuda:log, both with an index of Barracuda. I have added the Barracuda index as on of the default indexes. But I get no data in Barracuda Web Filter. I guess the main question is should I use the Barracuda Web Filter for this? I tried using the Web Analytics and other IIS tools (passing over W3C formats) before installing the WAF/ADC add-on and those did not seem to work. Any ideas with what I am doing wrong or am I overcomplicating things? Cheers ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM