Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Syslog Configuration from Ubiquiti Firewall

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Jan 29, 2023
2 min read

Overview

We will do the configuration on CLI for the Syslog forwarding to the CCE. We can see the logs in /var/log/messages just fine.

Steps to Configure

We would configure /etc/rsyslog.d/vyatta-log.conf as *.* @remotesysloghost and all work just fine. host IP Address of CCE Server { facility all { level info } facility kern { level debug } facility protocols { level debug } }

 

Below is the prefered link -

Sending firewall logs to remote Syslog | Ubiquiti Community

 

Verification of configuration

 

Verification can be done in 2 ways  either on CCE or on UI 

  • VERIFICATION THROUGH UI

1. Open UI >>Systems

  1. Dropdown systems and go inside -

logs and flows collection status.

  1. Under -

The source device IP address section of the device configured will reflect.

 

  • Verification Through the CCE server

“sudo tcpdump -i any host 514 and host <IP address> -AAA”

The above command should be run on the CCE server to check whether or not we are getting logs.

 

 

 

Seceon Inc. All rights reserved. https://www.seceon.com