Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
How to configue flows from Ubiquiti Routers
Overview
We are providing you with the steps to integrate your Ubiquiti router with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.
These instructions assume:
The date, time and time zone are correctly set on the router.
You have Telnet or SSH credentials and access to the Ubiquiti router.
The IP address of your CCE Collector is known.
Access the router CLI
Telnet or SSH into the router.
Enter privileged mode by typing enable and entering your enable password.
Configure NetFlow export
Run the following command. Replace CollectorIP with the IP address of your CCE collector
configure
set system flow-accounting interface <interface>
# Optional parameter if flows should be collected for egress traffic.
set system flow-accounting netflow enable-egress
set system flow-accounting netflow engine-id <0-255>
set system flow-accounting netflow server <CollectorIP> port 9995
set system flow-accounting netflow version 9
commit
Set up the NetFlow sampler
Run the following command:
set system flow-accounting netflow sampling-rate <128, 256, 512, 1024>
Enable and configure export of NetFlow packets
Run the following command. Replace <CollectorIP> with the IP address of your CCE collector.
set system flow-accounting netflow server <CollectorIP> port 9995
set system flow-accounting syslog-facility daemon
commit
save
exit
Varification
Confirm the settings
Run the following command to confirm the configuration:
Ref:
https://help.ui.com/hc/en-us/articles/360008732414-UNMS-v1-NetFlow
Seceon Inc. All rights reserved. https://www.seceon.com