Configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)

Configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)

This article will walk through the steps required to send Syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer

Enable Remote Logging

1. Log in to the Unifi Network Controller and click on Settings (gear icon) at the bottom of the navigation bar.

Screen_Shot_2020-07-21_at_12.59.23_PM.png

2. Click on Network Settings
3. Click On Advanced
4. In the Remote Logging Section switch on Enable Syslog
5. In the Syslog Host field, enter the IP address of the RocketCyber Syslog Server
6. In the Syslog Port field, enter the Port for the RocketCyber Syslog Server (default is 514 recommended)

Screen_Shot_2020-07-21_at_12.59.05_PM.png

7. Click Apply Changes at the bottom of the screen

Screen_Shot_2020-07-21_at_1.05.21_PM.png

Configure Firewall Rule Logging

Each firewall rule must be configured to allow logging. 

1. From the Settings Menu, click on Internet Security
2. Click on Firewall
3. For each rule that you want to log events from click on Edit

Screen_Shot_2020-07-21_at_1.11.41_PM.png

4. In the edit details dialog click on Advanced

Screen_Shot_2020-07-21_at_1.13.55_PM.png

5. Switch on Enable Logging

Screen_Shot_2020-07-21_at_1.14.56_PM.png

6. Click Apply

Screen_Shot_2020-07-21_at_1.15.42_PM.png

Configure Default Action Logging

1. On the Firewall page, scroll down to the Settings section and click on Default Action Logging

Screen_Shot_2020-07-21_at_1.18.48_PM.png

2. Switch on WAN Rules
3. Switch on LAN Rules

Screen_Shot_2020-07-21_at_1.19.59_PM.png

4. Click on Apply Changes

Screen_Shot_2020-07-21_at_1.05.21_PM__1_.png

The steps for this configuration were verified with Controller Software v5.13.29.

    • Related Articles

    • Configure syslog remote logging for a Sophos firewall

      This article provides instruction on how to set up and enable Syslog forwarding on a Sophos firewall Configure Syslog Server Navigate to System Services > Log Settings and click Add to configure a Syslog server. Enter a Name for the Syslog server. ...

    • Configure syslog remote logging for a SonicWall firewall

      This article provides instruction on how to set up and enable Syslog forwarding on a SonicWall firewall. Logon to the firewall as admin. Navigate to Manage | Log Settings | SYSLOG Click on the Add button Select the Name or IP address of the Syslog ...

    • Configure remote syslog logging for a Fortinet Firewall

      This article describes the steps to configure Fortinet Firewalls to send syslog data to the RocketCyber Firewall Analyzer Configure your FortiGate firewall settings Configure the FortiGate firewall settings for your specific FortiOS operating system. ...

    • Configure remote syslog logging for a WatchGuard Firewall

      This article describes the steps required to configure a WatchGuard firewall to send Syslog messages to the RocketAgent Syslog Server To Configure the FireBox to send Syslog messages to the RocketAgent Syslog Server Select System > Logging. Click the ...

    • Configure remote syslog forwarding for Palo Alto firewalls

      This article will describe the steps required to configure Palo Alto to send Syslog messages to the RocketAgent Syslog Server Create Syslog Profile Open your Palo Alto dashboard. Navigate to Devices > Server Profiles > Syslog Click Add and enter a ...