Overview
We are providing you with the steps to integrate your Ubiquiti router with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.
These instructions assume:
The date, time and time zone are correctly set on the router.
You have Telnet or SSH credentials and access to the Ubiquiti router.
The IP address of your CCE Collector is known.
Access the router CLI
Telnet or SSH into the router.
Enter privileged mode by typing enable and entering your enable password.
Configure NetFlow export
Run the following command. Replace CollectorIP with the IP address of your CCE collector
...
Code Block |
---|
set system flow-accounting netflow server <CollectorIP> port 9995 set system flow-accounting syslog-facility daemon commit save exit |
Varification
Confirm the settings
Run the following command to confirm the configuration:
...