Overview

We are providing you with the steps to integrate your Ubiquiti router with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.

These instructions assume:

• The date, time and time zone are correctly set on the router.

• You have Telnet or SSH credentials and access to the Ubiquiti router.

• The IP address of your CCE Collector is known.

Access the router CLI

1. Telnet or SSH into the router.

2. Enter privileged mode by typing enable and entering your enable password.

Configure NetFlow export

Run the following command. Replace CollectorIP with the IP address of your CCE collector

...

set system flow-accounting netflow server <CollectorIP> port 9995
set system flow-accounting syslog-facility daemon
commit
save
exit

Varification

Confirm the settings

Run the following command to confirm the configuration: 

...