Martyt1988
asked on
Barracuda Log Files
I have a barracuda spam and virus firewall 400. I have reason to believe there has been one of our coworkers viewing other peoples emails using this as a way to SPY on people.. Is there any way to view logs and see what kinds of activities have been done by someone with credentials to look at this info?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I was also thinking to export its log into csvto perform keyword search for this userid and activities and any associated sign of compromise...e.g. brute force attempts, login timing during lunch time and "off" office hours, visiting certain site not typical or have spyware or of low reputation (flagged from web filter) etc
https://www.barracuda.com/support/knowledgebase/50160000000GTbjAAG
But pushing ahead, SIEMS is another typical tool used in overall organisation SOC where all monitored devices such as FW, NIPS, policy servers, Windows/Linux servers, proxy etc piped their syslog (in general) into it. Correlated rules are fired upon the condition met that trigger scenario of such invasion.
Other cheatsheet for info on sign of compromise
Critical Log Review Checklist for Security Incidents
http://zeltser.com/log-management/security-incident-log-review-checklist.html
Security Incident Survey Cheat Sheet for Server Administrators
http://zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
https://www.barracuda.com/support/knowledgebase/50160000000GTbjAAG
But pushing ahead, SIEMS is another typical tool used in overall organisation SOC where all monitored devices such as FW, NIPS, policy servers, Windows/Linux servers, proxy etc piped their syslog (in general) into it. Correlated rules are fired upon the condition met that trigger scenario of such invasion.
Other cheatsheet for info on sign of compromise
Critical Log Review Checklist for Security Incidents
http://zeltser.com/log-management/security-incident-log-review-checklist.html
Security Incident Survey Cheat Sheet for Server Administrators
http://zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
I've requested that this question be closed as follows:
Accepted answer: 500 points for maqsoodjee's comment #a39479417
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Accepted answer: 500 points for maqsoodjee's comment #a39479417
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Apologies but has the award being wrongly accepted?
Tracking Changes to the Configuration and User Login Activities
You can view User Login activities and any configuration changes.
Data related to mail flow.
From the ADVANCED > Troubleshooting page, use the Monitor Web Syslog button view the web syslog output. You can also configure a syslog server as described in Using a Syslog Server to Centrally Monitor System Logs.