How do I configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)

This article will walk through the steps required to send syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer

Enable Remote Logging

Screen Shot 2020-07-21 at 12.59.23 PM

1. Login to the Unifi Network Controller and click on Settings (gear icon) at the bottom of the navigation bar.

Screen Shot 2020-07-21 at 12.59.05 PM

2. Click on Network Settings

3. Click On Advanced

4. In the Remote Logging Section switch on Enable Syslog

5. In the Syslog Host field, enter the IP address of the RocketCyber Syslog Server

6. In the Syslog Port field, enter the Port for the RocketCyber Syslog Server (default is 514 recommended)

Screen Shot 2020-07-21 at 1.05.21 PM

7. Click Apply Changes at the bottom of the screen

Configure Firewall Rule Logging

Each firewall rule must be configured to allow logging. 

Screen Shot 2020-07-21 at 1.11.41 PM

8. From the Settings Menu, click on Internet Security

9. Click on Firewall

10. For each rule that you want to log events from click on Edit

Screen Shot 2020-07-21 at 1.13.55 PM

11. In the edit details dialog click on Advanced

Screen Shot 2020-07-21 at 1.14.56 PM

12. Switch on Enable Logging

Screen Shot 2020-07-21 at 1.15.42 PM

13. Click Apply

Configure Default Action Logging

Screen Shot 2020-07-21 at 1.18.48 PM

14. On the Firewall page, scroll down to the Settings section and click on Default Action Logging

Screen Shot 2020-07-21 at 1.19.59 PM

15. Switch on WAN Rules

16. Switch on LAN Rules

Screen Shot 2020-07-21 at 1.05.21 PM

17. Click on Apply Changes

 

The steps for this configuration were verified with Controller Software v5.13.29.