KB ID 0001296 Dtd 03/04/17
I installed a Barracuda Web Filter 410 hardware appliance last week for a client on a 30 day trial. It was in ‘inline’ mode in front of their firewall and was happily logging all web activity and sites that were getting blocked. The problem was when you looked in the log this is what you saw;
With other vendors you simply need to put an agent in to fix this, and as it turns out Barracuda is no different.
I went onto the web and tried to get the agent, but you can download it straight from the appliance. (Users and Groups > Authentication Tab)
To proceed you need to add your domain controllers onto the Barracuda
Note: You will need a domain account (a simple domain user is fine, it does not need any additional rights). Here I’m connecting via 389, if you wanted to connect with LDAPS see the following article.
Once you have installed the ADAgent.exe, (on each domain controller), run it and enter your domain user account, and test it connects properly.
Then add in your Barracuda device.
Note: Theres nothing else you need to do in the agent but while you are setting it up I suggest you see the logging level to debugging.
Now, before the successful logon events can be uploaded to the barracuda, the domain controllers need to have auditing enabled for;
- Audit account logon events (success)
- Audit logon events (success)
Set this in the ‘local security policy’ on each of the domain controllers, (administrative tools local security policy).
On the Barracuda itself you now have to register the agent for each one you have deployed, after a few minutes they should ‘go green’ this is done on the same tab you specified the domain controllers.
You now need to wait until your users have logged off and back on again before it starts logging properly so leave it a while to slowly populate.