How do I configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)

This article will walk through the steps required to send Syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer

Screen_Shot_2020-07-21_at_12.59.23_PM.png

1. Log in to the Unifi Network Controller and click on Settings (gear icon) at the bottom of the navigation bar.

Screen_Shot_2020-07-21_at_12.59.05_PM.png

2. Click on Network Settings

3. Click On Advanced

4. In the Remote Logging Section switch on Enable Syslog

5. In the Syslog Host field, enter the IP address of the RocketCyber Syslog Server

6. In the Syslog Port field, enter the Port for the RocketCyber Syslog Server (default is 514 recommended)

Screen_Shot_2020-07-21_at_1.05.21_PM.png

7. Click Apply Changes at the bottom of the screen

Each firewall rule must be configured to allow logging.

Screen_Shot_2020-07-21_at_1.11.41_PM.png

8. From the Settings Menu, click on Internet Security

9. Click on Firewall

10. For each rule that you want to log events from click on Edit

Screen_Shot_2020-07-21_at_1.13.55_PM.png

11. In the edit details dialog click on Advanced

Screen_Shot_2020-07-21_at_1.14.56_PM.png

12. Switch on Enable Logging

Screen_Shot_2020-07-21_at_1.15.42_PM.png

13. Click Apply

Screen_Shot_2020-07-21_at_1.18.48_PM.png

14. On the Firewall page, scroll down to the Settings section and click on Default Action Logging

Screen_Shot_2020-07-21_at_1.19.59_PM.png

15. Switch on WAN Rules

16. Switch on LAN Rules

Screen_Shot_2020-07-21_at_1.05.21_PM__1_.png

17. Click on Apply Changes

The steps for this configuration were verified with Controller Software v5.13.29.