Skip to main content
Sumo Logic

Install the Barracuda WAF App and view the Dashboards

This page provides instructions on installing the Barracuda WAF App, as well as descriptions and examples of each of the dashboards.

This page provides  instructions for installing the Barracuda WAF App, as well as examples and descriptions for each of the app dashboards.

Install the App

Now that you have configured log collection for Barracuda WAF, install the Sumo Logic App for Barracuda WAF, and take advantage of predefined Searches and Dashboards.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

BarracudaWAF_Dashboard_Filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

BarracudaWAF_Panel_Filter.png

Dashboard organization

The Barracuda WAF App dashboards are organized according to the type of data they display:

  • Admin Activities
  • System Activities
  • Network Activities
  • Security Analysis folder
  • Traffic Analysis folder

Barracuda WAF - Admin Activities

The Barracuda WAF - Admin Activities Dashboard provides insights into all administrative activities performed on the WAF.

Use this dashboard to:

  • Make sure admins are accessing WAF units from expected physical locations.
  • Monitor admin actions as they relate to transaction types, modified object types, and client access types.
  • View trends for unsuccessful logins and change types.
  • Drill down into recent audit logs based on search templates.

BarracudaWAF_Admin_Activities.png

Barracuda WAF - System Activities

The Barracuda WAF - System Activities Dashboard provides insights into the performance of WAF units, cluster activities and recent alerts.

Use this dashboard to:

  • Review the top modules invoked and monitor log level severity.
  • Review recent cluster activities for troubleshooting WAF configuration issues.
  • Monitor and take action on recent alerts.

BarracudaWAF_System_Activities.png

Barracuda WAF - Network Activities

The Barracuda WAF - Network Activities Dashboard provides insights into blocked/allowed network traffic, source and destination locations, network log level severity and ACL rules.

Use this dashboard to:

  • Monitor source and destination traffic locations.
  • Monitor the severity of network log messages and unusual allowed and blocked traffic patterns.
  • Monitor the top 10 sources, destinations and ACL rules.

BarracudaWAF_Network_Activities.png

Barracuda WAF - Security Overview

The Barracuda WAF - Security Overview Dashboard provides an at-a-glance view of alerts, WAF rules triggered and attacks detected by both Sumo Logic Threat Intel and Barracuda WAF.

Use this dashboard to:

  • Get a high-level overview of your WAF security posture by understanding attack vectors and trends and rules triggered.
  • Determine which attack types, sources, and WAF rules that need further investigation.

 BarracudaWAF_Security_Overview.png

Barracuda WAF - Threat Analysis

The Barracuda WAF - Threat Analysis Dashboard provides detailed insights into attacks and rules triggered on the Barracuda WAF.

Use this dashboard to:

  • Monitor threats allowed through the WAF and those blocked by the WAF.
  • Investigate details of attacks detected by both the WAF and Sumo Logic Threat Intel.
  • Fine tune the WAF to prevent future attacks and eliminate false positives.

BarracudaWAF_Threat_Analysis.png

Barracuda WAF - Traffic Overview

The Barracuda WAF - Traffic Overview Dashboard provides an at-a-glance view of client geographic locations, performance, cache hit percentage, and unusual behaviors across the number of incoming requests and performance.

Use this dashboard to:

  • Monitor requests and performance across services.
  • Investigate how to improve performance via cache hit rates.
  • Analyze trends for requests and performance by Service IP.
  • Monitor client locations.
  • Monitor unusual patterns of client/server errors and service performance.

BarracudaWAF_Traffic_Overview.png 

Barracuda WAF - Service Traffic

The Barracuda WAF - Service Traffic Dashboard provides provides detailed insight into cache hit performance, request traffic and bandwidth.

Use this dashboard to:

  • Monitor trends for cache performance trends.
  • Monitor top services, URLs, and domains by both number of requests and bandwidth.
  • Improve performance by fine-tuning the cache and other WAF configurations.

BarracudaWAF_Service_Traffic.png

Barracuda WAF - Server Traffic

The Barracuda WAF - Server Traffic Dashboard provides a detailed information on server traffic, such as client and server errors, and HTTP request and response information. The dashboard is divided into three parts so you can compare client errors, server errors, and HTTP protocol information.

Use this dashboard to:

  • Identify trends across client/server errors, requests and responses.
  • Identify which clients and servers are responsible for the most errors and use this information to change the WAF configuration.

BarracudaWAF_Server_Traffic.png

Barracuda WAF - Client Traffic

The Barracuda WAF - Client Traffic Dashboard provides detailed information on clients, such as visits by country, user agent, platform, operating system (OS), devices, and top referrers.

Use this dashboard to:

  • Monitor incoming web traffic metrics to understand client geographical locations, browsers, and operating systems.
  • Determine top clients accessing your web applications and optimize WAF configurations as needed.

 BarracudaWAF_Client_Traffic.png