Barracuda Web Filter logstash filters.
These were built for a Web Filter 410 vX, they should work for other models too.
For more details see my blog post about this here: https://sysadminblog.net/2016/05/barracuda-web-filter-logstash/
Add the filter files to your logstash configuration directory, eg. /etc/logstash/conf.d
.
Log into your Barracuda Appliance and go to the Advanced tab and click Syslog. Set up both the Web Interface and Web Traffic syslogs to point to your logstash server.
You must edit the 05-syslog-parse_barracuda.conf
file and set the correct IP address of your web filter.
This file will do an initial parse of the syslog entry.
This file will grok the syslog entry and pull out all the useful information.