/
Splunk Integration

Splunk Integration

Jan 09, 2026

Splunk is a third-party platform for operational intelligence that allows you to monitor websites, application servers, and networks. The Barracuda CloudGen Firewall app shows the information on matched access rules, detected applications, and applied URL filter policies on various fixed and real-time timelines. Data is imported into Splunk via syslog streaming of the Firewall activity log. Currently, the following Splunk versions are supported: 6.0, 6.1, 6.2, 7.x, 8.x, and 9.x.

Before You Begin

Step 1. Configure Syslog Streaming on a Barracuda CloudGen Firewall

Configure and enable syslog streaming for every Barracuda CloudGen Firewall you want to include in the Splunk App.

Step 1.1. Enable Syslog Streaming

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.

  2. Click Lock.

  3. Set Enable the Syslog service to yes.

  4. Click Send Changes and Activate.

Step 1.2. Configure Logdata Filters

Define profiles specifying the log file types to be transferred/streamed.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.

  2. In the left menu, select Logdata Filters.

  3. Click Lock.

  4. Click the + icon to add a new filter. 

  5. Enter a Name and click OK. The Filters window opens.

  6. Click + in the Data Selection table and select Firewall_Audit_Log.

  7. In the Affected Box Logdata section select Selection from the Data Selector dropdown.

  8. Click + to add a Data Selection. The Data Selection window opens.

  9. Enter a Name and click OK.

  10. In the Log Groups table, click + and select Firewall-Activity-Only from the list.

  11. Click OK.

  12. In the Affected Service Logdata section, select None from the Data Selector dropdown.

  13. Click OK.

  14. Click Send Changes and Activate.

Step 1.3 Configure the Logstream Destinations

Configure the data transfer settings for the Splunk server. You can optionally choose to send all syslog data via an SSL-encrypted connection.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.

  2. In the left menu, select Logstream Destinations.

  3. Click Lock.    

  4. Click + in the Destinations table. The Destinations window opens.

  5. Configure the Splunk server logstream destination:

    • Remote Loghost – Select explicit-IP

    • Loghost IP Address – Enter the IP address of the Splunk server.

    • Loghost Port – Enter 5140 for plaintext or 5141 for SSL-encrypted connections.

    • Transmission Mode – Select TCP or UDP (only for unencrypted connections).

    • (optional) Sender IP – Enter the management IP address of the Barracuda CloudGen Firewall or leave blank for the CloudGen Firewall to do a routing lookup to determine the Sender IP address.

    • (optional) Use SSL Encapsulation – Select yes to send the syslog stream over an SSL-encrypted connection.

    • (optional) Peer SSL Certificate – Import the SSL certificate configured on the Splunk server for this data import. 

    • Override Node Name – Select no

  6. Click OK.

  7. Click Send Changes and Activate.

Step 1.4 Configure Logdata Streams

Create a logdata stream configuration combining the previously configured Log Destinations and Log Filters.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Syslog Streaming.

  2. In the left menu, select Logdata Streams.

  3. Click Lock.

  4. Click + in the Streams table.

  5. Enter a Name and click OK. The Streams window opens. 

  6. In the Log Destinations table, click + and select the  Log Destination created in Step 1.3.

  7. In the Log Filters table, click + and select the Log Filter created in Step 1.2.

  8. Click OK.

  9. Click Send Changes and Activate.

Step 1.5 Configure Audit and Reporting

Configure the settings for log policies:

  1. Go to your CloudGen Firewall > Infrastructure Services > General Firewall Configuration.

  2. In the Configuration Mode section of the left menu, click Switch to Advanced View.

  3. In the left menu, click Audit and Reporting.

  4. Click Lock.

  5. In the section Statistics Policy, set Generate Dashboard Information to yes.

  6. In the section Statistics Policy, set Generate Monitor Information to yes.

  7. In the Log Policy section, set Application Control Logging to Log-All-Applications.

  8. In the Log Policy section, set Activity Log Mode to Log-Pipe-Separated-Value-List.

  9. In the Log Policy section, set Activity Log Data to Log-Info-Text.

  10. In the Log Policy section, set Log Level to Full-Logging.

  11. Click Send Changes.

  12. Click Activate.

Contact Us
Barracuda Campus
Barracuda Support