Link to home
Create AccountLog in
Avatar of Martyt1988
Martyt1988Flag for United States of America

asked on

Barracuda Log Files

I have a barracuda spam and virus firewall 400. I have reason to believe there has been one of our coworkers viewing other peoples emails using this as a way to SPY on people.. Is there any way to view logs and see what kinds of activities have been done by someone with credentials to look at this info?
Avatar of btan

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of maqsoodjee

If your talking about Barracuda activity log you can do this by enabling syslog feature .

Tracking Changes to the Configuration and User Login Activities

You can view User Login activities and any configuration changes.
Data related to mail flow.

From the ADVANCED > Troubleshooting page, use the Monitor Web Syslog button view the web syslog output. You can also configure a syslog server as described in Using a Syslog Server to Centrally Monitor System Logs.
I was also thinking to export its log into csvto perform keyword search for this userid and activities and any associated sign of compromise...e.g. brute force attempts, login timing during lunch time and "off" office hours, visiting certain site not typical or have spyware or of low reputation (flagged from web filter) etc

But pushing ahead, SIEMS is another typical tool used in overall organisation SOC where all monitored devices such as FW, NIPS, policy servers, Windows/Linux servers, proxy etc piped their syslog (in general) into it. Correlated rules are fired upon the condition met that trigger scenario of such invasion.

Other cheatsheet for info on sign of compromise

Critical Log Review Checklist for Security Incidents

Security Incident Survey Cheat Sheet for Server Administrators
I've requested that this question be closed as follows:

Accepted answer: 500 points for maqsoodjee's comment #a39479417

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Apologies but has the award being wrongly accepted?