This article will walk through the steps required to send syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer
Enable Remote Logging
1. Login to the Unifi Network Controller and click on Settings (gear icon) at the bottom of the navigation bar.
2. Click on Network Settings
3. Click On Advanced
4. In the Remote Logging Section switch on Enable Syslog
5. In the Syslog Host field, enter the IP address of the RocketCyber Syslog Server
6. In the Syslog Port field, enter the Port for the RocketCyber Syslog Server (default is 514 recommended)
7. Click Apply Changes at the bottom of the screen
Configure Firewall Rule Logging
Each firewall rule must be configured to allow logging.
8. From the Settings Menu, click on Internet Security
9. Click on Firewall
10. For each rule that you want to log events from click on Edit
11. In the edit details dialog click on Advanced
12. Switch on Enable Logging
13. Click Apply
Configure Default Action Logging
14. On the Firewall page, scroll down to the Settings section and click on Default Action Logging
15. Switch on WAN Rules
16. Switch on LAN Rules
17. Click on Apply Changes
The steps for this configuration were verified with Controller Software v5.13.29.