What is Barracuda Syslog and how to get it?
The Barracuda uses syslog messages as a means of logging what happens to each message as the Barracuda Spam Firewall processes the message. The syslog messages are sent to a text file on the Spam Firewall, as well as to a remote server configurable by the Barracuda administrator. With the syslog messages, the administrator can perform analysis for either reporting purposes, or for a better understanding of the message processing on the Barracuda Spam Firewall.
To enable syslog, navigate to Advanced->Syslog in the web GUI and enter the IP address of the syslog server you wish to direct the messages.
Note: There is a section for web GUI syslog notifications available on the same screen in the web GUI – that format is not covered in this document.
Syslog messages are sent UDP to the standard syslog port of 514. If there are any firewalls between the Barracuda and the server receiving the syslog messages, then be sure that port 514 is open on the firewalls. The syslog messages will arrive on the mail facility at the debug priority level. As the barracuda uses the syslog messages internally for its own message logging it is not possible to change the facility, or the priority level.
Barracuda Syslog Format
The Barracuda Spam Firewall will send syslog messages in the following format. Whenever an action is taken on a message it is logged with syslog. A message sent to multiple recipients will be logged separately for each recipient. Please be aware that the various syslog implementations may not display the messages in this exact format. However, the sections should still be present in the syslog lines. The following is the main part of the syslog line.
Timestamp Host Barracuda Process Client IP Message ID Start End Service Info
Sep 8 17:38:48 dev1 inbound/pass1[27564]: XX.XX.XX.XX 1126226282-27564-2-0 1126226286 1126226328 RECV [. . . . .]