User manual BARRACUDA VIRUS FIREWALL 4.X SYSLOG GUIDE
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual BARRACUDA VIRUS FIREWALL 4.X. We hope that this BARRACUDA VIRUS FIREWALL 4.X user guide will be useful to you.
Lastmanuals help download the user guide BARRACUDA VIRUS FIREWALL 4.X.
Manual abstract: user guide BARRACUDA VIRUS FIREWALL 4.XSYSLOG GUIDE
Detailed instructions for use are in the User's Guide.
[. . . ] The Web syslog contains information about user login activities and any configuration changes made to the Barracuda Spam & Virus Firewall Web interface. User activity data appears on the local facility with login information at the info priority level, and configuration changes appear at the debug priority level on the specified syslog server. See the Syslog section of the ADVANCED > Troubleshooting page for the facility to open a browser window and view the Web syslog output. [. . . ] Whenever an action is taken on a message, it is logged with the syslog. A message sent to multiple recipients will be logged separately for each recipient. Please be aware that the various syslog implementations may not display the messages in this exact format. However, the sections should still be present in the syslog lines as shown in the table below. The following represents the main part of the syslog line. :
Timestamp
Sep 8 17:38:48
Host Barracuda Process
Client IP
Message ID
Start
End
Service
Info
dev1 inbound/pass1[27564]: XX. XX. XX. XX 1126226282-27564-2-0 1126226286 1126226328 RECV [. . ]
Syslog Section:
Timestamp
The time that the syslog message was logged. For reporting purposes, this section of the syslog line can be ignored. It is useful when analyzing the logs by hand, but is not needed for compiling reports.
Syslog Section:
Host
Indicates the host that generated the syslog message. Useful if you have multiple Barracuda appliances and need to know which host sent the message.
Syslog Section:
Barracuda Process
Indicates the process that the email message was in when the syslog message was generated. outbound/smtp
Syslog Section:
Barracuda Message ID
The most important piece of the syslog entry. This ID is used to uniquely identify a message. The ID may occur in one of two formats (a different format is used for the inbound process and for the scan process). For example, this ID 1126226282-27564-2-0 is used for RECV transactions and it means the following: 1126226282 = UNIX timestamp 27564-2= Internal Process ID 0 = Message number in SMTP session this number indicates how many messages have been sent in that single SMTP session
Syslog Section:
Start
The start time of the message in UNIX timestamp format, indicating when the sender began giving us the "From" information for the message.
Syslog Section:
End
The end time of the message in UNIX timestamp format, indicating when the sending server terminated sending of the message.
Syslog Section:
Service
The service that produced the message. The following services are available: RECV: This service indicates a message was handled by the MTA and processing stopped. SCAN: This service indicates the message was scanned and processing may have stopped or it may have been sent to the outbound processing for delivery. SEND: This service indicates status of outbound delivery. It is the only message that may appear multiple times for a given message ID since delivery may initially have been deferred before succeeding later on.
Copyright 2004-2010, Barracuda Networks Inc.
Page 2 of 6
Syslog Guide
Barracuda Spam & Virus Firewall
Version 4. x
Syslog Section:
Info
This section contains the actual information about what happened to a given message. It is dependent on the service that sent the information, and the following formats are used: RECV: Sender Recipient Action Reason ReasonExtra SCAN: Encrypted Sender Recipient Score Action Reason ReasonExtra "SUBJ:"Subject SEND: Encrypted Action QueueID Response The possible fields have the following meanings: Sender: The address of the sender if available, and `-` if not available. [. . . ] Response: The response given back by the mail server if available.
Copyright 2004-2010, Barracuda Networks Inc.
Page 3 of 6
Syslog Guide
Barracuda Spam & Virus Firewall
Version 4. x
Barracuda Action/Reason Codes Barracuda Action Codes (RECV and SCAN services) Meaning Allowed Message Aborted Message Blocked Message Quarantined Message Tagged Message Deferred Message Per-User Quarantined Message Whitelisted Message Barracuda Action Codes (SEND service) Meaning Delivered Message Rejected Message Deferred Message Expired Message
ID 0 1 2 3 4 5 6 7
ID 1 2 3 4
ID 1 2 3 4 5 6 7 8 9 11 12 13 14 15 17 18 19 20 21 22 23 24 25 27 30 31 34 35 36 37 38 39 40
Barracuda Reason Codes (RECV and SCAN services) Meaning ID Meaning 41 Client Host Rejected Virus 44 Authentication Not Enabled Banned Attachment 45 Allowed Message Size Exceeded RBL Match 46 Too Many Recipients Rate Control 47 Need RCPT Command Too Many Message In Session 48 DATA Syntax Error Timeout Exceeded 49 Internal Error No Such Domain 50 Too Many Hops No Such User 51 Mail Protocol Error Subject Filter Match 55 Invalid Parameter Syntax Client IP 56 STARTTLS Syntax Error Recipient Address 57 TLS Already Active No Valid Recipients 58 Too Many Errors Domain Not Found 59 Need STARTTLS First Sender Address 60 Spam Fingerprint Found Need Fully Qualified Recipient 61 Barracuda Whitelist Need Fully Qualified Sender 62 Barracuda Blocklist Unsupported Command 63 DomainKeys MAIL FROM Syntax Error 64 Recipient Verification Unavailable Bad Address Syntax 65 Realtime Intent RCPT TO Syntax Error 66 Client Reverse DNS Send EHLO/HELO First 67 Email Registry Need MAIL Command 68 Invalid Bounce Nested MAIL Command 69 Intent - Adult EHLO/HELO Syntax Error 70 Intent - Political Mail Protocol Violation 71 Multi-Level Intent Score 72 Attachment Limit Exceeded Header Filter Match 73 System Busy Sender Block/Accept 74 BRTS Intent Recipient Block/Accept 75 Per-Domain Recipient Body Filter Match 76 Per-Domain Sender Message Size Bypass 77 Per Domain Client IP Intention Analysis Match 78 Sender spoofed SPF/Caller-ID
Copyright 2004-2010, Barracuda Networks Inc.
Page 4 of 6
Syslog Guide
Barracuda Spam & Virus Firewall
Version 4. x
For Programmers: Parsing the Barracuda Syslog
Syslog messages generated by the Barracuda Spam & Virus Firewall can be parsed for reporting purposes or for building of a custom message log. It is easiest to think of each syslog line in terms of the main components, and the INFO portion can then be parsed based on that service. The following Perl code illustrates a simple parsing of the log lines. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE BARRACUDA VIRUS FIREWALL 4.X
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual BARRACUDA VIRUS FIREWALL 4.X will begin.