Log Retention and Location
Barracuda WAF-as-a-Service generates four types of logs:
Access LogsΒ contain a record of each HTTP/HTTPS request processed by BarracudaΒ WAF-as-a-Service.
Firewall LogsΒ contain a record of each policy violation found by BarracudaΒ WAF-as-a-Service, along with the associated action performed by BarracudaΒ WAF-as-a-Service.
Event Logs contain a record ofΒ specific network activity, including events related to Certificate, DDoS, or DNS.Β
Audit Logs contain a record of actions taken by the service Users, the System, Barracuda Support Technicians, and Engineering Operators.
Note that in some circumstances, a single HTTP/HTTPS request might generate more than one Firewall Log entry. For example, if Block Attacks is turned off, multiple violations might be detected in the same request and logged, but because none of them cause the request to be blocked, BarracudaΒ WAF-as-a-Service continues processing and finds more violations.
You can interact with these logs in multiple ways:
View the Access, Firewall, and Event logs in the Logs page for an application. SeeΒ Access, Firewall, and Event Logs.Β
View Audit logs for the account in the AUDIT LOGS tab. See Audit Logs.
Export as a CSV file, on-demand from the Logs page. SeeΒ Access, Firewall, and Event Logs, and Audit Logs.Β
Retrieve via theΒ Barracuda WAF-as-a-Service API.
Export in real time via the Syslog or Azure EventHub, using the Log Export component. For more information, refer toΒ Log Export.
Access, Firewall, and Event Logs are retained for 30 days for Advanced WAF-as-a-Service plans and 60 days for Premium WAF-as-a-Service plans, and 45 days for Legacy Licenses. Audit logs are retained for 180 days. After this time period the logs are deleted automatically. If you require longer retention, be sure to download or retrieve your logs using one of the above methods before they are automatically deleted.
If you require longer retention, be sure to download or retrieve your logs using one of the above methods before they are automatically deleted.
If you have specific data residency requirements, be sure to select deployment locations that meet those requirements, as described inΒ Understanding Deployment Locations. Your traffic will only be processed in the locations you select.