Barracuda Web Application Firewall
Barracuda WAF attack, access and config logs showing OWASP rule hits, SSL handshakes, load-balancing outcomes and admin changes.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (51)
| Field | Type |
|---|---|
barracudaWaf.AttackType Type or category of web attack detected (e.g., SQL injection, XSS) | text_general |
barracudaWaf.ServiceIP IP address of the WAF-protected service | text_general |
barracudaWaf.DestinationIP IP address of the requested backend server | text_general |
barracudaWaf.SourcePort Client port number from which the request originated | pint |
barracudaWaf.BytesReceived Number of bytes received from the client | plong |
barracudaWaf.ActName Name of the WAF action taken (e.g., BLOCK, ALLOW) | text_general |
barracudaWaf.QueryString HTTP query string from the client request | string |
barracudaWaf.Host Host header value from the HTTP request | text_general |
barracudaWaf.Version WAF software version processing the request | string |
barracudaWaf.AclPolicy Name of the ACL policy applied to this request | string |
barracudaWaf.Time Timestamp when the request was processed by the WAF | pdate |
barracudaWaf.ServerIP IP address of the WAF appliance itself | text_general |
barracudaWaf.FollowUpAction Subsequent action performed after initial WAF decision | text_general |
barracudaWaf.Cookie Value of the Cookie header in the HTTP request | string |
barracudaWaf.ClientIP IP address of the end-user client | text_general |
barracudaWaf.Protocol Transport protocol used (e.g., HTTP, HTTPS) | string |
barracudaWaf.UnitName Identifier of the WAF unit or cluster member | string |
barracudaWaf.Referrer Value of the HTTP Referer header | text_general |
barracudaWaf.ProxyIP IP address of any proxy between client and WAF | text_general |
barracudaWaf.ServicePort Port number on which the WAF listens for incoming requests | pint |
barracudaWaf.Action Final verdict for the request (ALLOW, DENY, etc.) | string |
barracudaWaf.RuleType Type of WAF rule triggered (e.g., signature, anomaly) | string |
barracudaWaf.Method HTTP method used (GET, POST, PUT, etc.) | string |
barracudaWaf.ServerTimeMs Time taken by the backend server to respond, in milliseconds | plong |
barracudaWaf.DestinationPort Port on the backend server to which the request was forwarded | pint |
barracudaWaf.ModuleName Name of the specific WAF module that handled the request | string |
barracudaWaf.BytesSent Number of bytes sent back to the client | plong |
barracudaWaf.Severity Severity level of the detected event (e.g., low, medium, high) | string |
barracudaWaf.HttpStatus HTTP status code returned to the client | pint |
barracudaWaf.WFMatched Identifier of the WAF filter or pattern matched | string |
barracudaWaf.CacheHit Whether the response was served from cache (true/false) | boolean |
barracudaWaf.EventID Unique identifier for the WAF log event | string |
barracudaWaf.UserAgent User-Agent header sent by the client | text_general |
barracudaWaf.LogType Type of log record (access, attack, error) | text_general |
barracudaWaf.trTail Trailing details or parameters from the request URL | string |
barracudaWaf.Rule Name or ID of the specific WAF rule triggered | text_general |
barracudaWaf.LogLevel Logging level (debug, info, warn, error) | string |
barracudaWaf.Message Human-readable description of the log entry | text_general |
barracudaWaf.AuthenticatedUser Username authenticated (if any) for the request | text_general |
barracudaWaf.ClientPort Port on the client side used for the connection | pint |
barracudaWaf.SeverPort | pint |
barracudaWaf.SourceIP IP address from which the web request originated | text_general |
barracudaWaf.Protected Identifier of the protected resource or URL | string |
barracudaWaf.ResponseType Type of response served (e.g., HTML, JSON) | string |
barracudaWaf.Details Additional contextual details about the event | text_general |
barracudaWaf.TimeTakenMs Total time taken by WAF to process the request, in ms | plong |
barracudaWaf.Category Classification category assigned to the event | string |
barracudaWaf.URL Full URL requested by the client | text_general |
barracudaWaf.ProxyPort Port of any proxy used between client and WAF | pint |
barracudaWaf.ProfileMatched Name of the security profile that matched the request | string |
barracudaWaf.AttackDetails | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.