How to configure syslog servers in UniFi

How to configure syslog servers in UniFi

Want to monitor and manage your UniFi network logs in one place? Setting up a syslog server with UniFi helps you track network events, troubleshoot issues, enhance security, and meet compliance requirements. Here's a quick guide to get started:

1. Log Categories: UniFi supports logs like Admin Activity, Client Events, Security Detections, Device Status, and more.

2. Requirements: Ensure your UniFi Network Application is version 7.3.76 or later, with a syslog server using UDP and a static IP for that server.

3. Setup Steps:

-   Enable Remote Logging in **Settings > System > Advanced Features**.
    
-   Configure your syslog server details (IP, port, protocol).
    
-   Select the log types you want to monitor.
    

4. Device Configuration: Enable syslog on individual UniFi devices like Gateways, Access Points, and Switches.

5. Testing: Verify logs are being transmitted using tools like

ping
or
tail -f /var/log/syslog
.

Pro Tip: Use advanced settings like log rotation, compression, and severity levels to optimize storage and performance.

Keep reading for detailed instructions, troubleshooting tips, and integration with tools like LogCentral for enhanced log management.

Setup Requirements

Before setting up syslog in your UniFi environment, make sure you meet the following requirements.

System Requirements

Your system must meet these minimum specifications to enable syslog:

ComponentMinimum Requirement
UniFi Network ApplicationVersion 7.3.76 or later
Network Controller2GB RAM, 2 CPU cores
Storage Space20GB available
Network ConnectionStatic IP for syslog server
Supported DevicesUniFi Gateway, Access Points, Switches
Network PortsUDP 514 (default syslog) or a custom port

Also, ensure all UniFi devices are running the latest firmware. You can check this through the UniFi Network Application dashboard.

Syslog Server Setup

Follow these steps to prepare your syslog server for smooth log collection:

  • Server Configuration: Use a dedicated server or virtual machine for syslog. Ensure it has enough storage for logs and is set up with a static IP.

  • Network Requirements: Update your firewall to allow UDP 514 traffic or the port of your choice. If you're using hostnames instead of IP addresses, set up proper DNS resolution. Reliable connectivity between UniFi devices and the syslog server is crucial.

  • Performance Tips: Implement log rotation to manage storage usage effectively. For long-term storage, consider compressing logs. During deployment, keep an eye on server resources to address any performance issues.

Keep at least 50% of storage space free to handle log growth and avoid potential slowdowns. Regularly monitor and maintain your syslog setup to ensure it runs smoothly.

UniFi Syslog Configuration Steps

UniFi

Set up syslog forwarding in the UniFi Network Application by following these steps.

Login and Navigation

After setting up your syslog server, configure the UniFi Controller:

  • Log in to the UniFi Controller.

  • Go to Settings > System.

  • In Advanced Features, open Remote Logging.

Server Configuration

Once in the Remote Logging settings:

  • Enable Remote Logging.

  • Enter your server details:

    • Server Address: Provide the IP address or hostname of your syslog server.

    • Port Number: Use the default port (514) or specify a custom port.

    • Protocol: You cannot change that setting

  • Select the log categories you want to monitor, such as:

    • Admin Activity

    • Client Events

    • Critical Events

    • Device Status

    • Security Detections

    • System Updates

    • VPN Activity

    • Network Triggers

Advanced Settings

Once you've completed the basic syslog setup, you can take it a step further by tweaking advanced configuration options. UniFi's syslog settings offer detailed control over how logs are managed and stored, giving you the flexibility to tailor the system to your needs.

Storage Settings

Manage your log storage effectively to maintain performance without overloading resources. Here are some options:

  • Set log rotation intervals to handle high-volume environments efficiently

  • Define maximum log file sizes and enable compression to save space

  • Use backup-forwarding features if your server setup supports them

  • Adjust buffering settings based on the size of your network

These advanced settings allow you to fine-tune your syslog configuration, ensuring it fits your specific requirements.

sbb-itb-fdb6fcc

Testing and Fixes

Start by checking your syslog configuration to confirm logs are being transmitted correctly.

Connection Tests

Test the connection between your UniFi devices and the syslog server:

  • Use

    ping
    to check the server's availability.

  • Make sure UDP port 514 (or your designated custom port) is open.

  • Confirm that firewalls on both UniFi devices and the server allow syslog traffic.

Run the following command to test port listening:

nc -uvl 514

Log Verification

Keep an eye on incoming logs using this command:

tail -f /var/log/syslog

When reviewing logs, check for:

  • Correct source IP addresses

  • Accurate timestamps

  • Relevant event categories

  • Properly formatted messages

To ensure logging is functioning, trigger specific events such as:

  • Performing an admin action

  • Connecting a new client

  • Making configuration changes

  • Generating a security alert

Common Problems

Time Synchronization Issues

  • Confirm all UniFi devices and the syslog server are using the same NTP server.

  • Check that timezone settings are consistent across your network.

Missing Logs

  • Review your syslog daemon configuration.

  • Ensure log rotation settings aren't deleting entries too soon.

  • Verify the syslog server has enough storage space.

Connection Failures

  • Double-check the server address and port configuration.

  • Verify there are no routing issues between UniFi devices and the syslog server.

  • If using hostnames, confirm DNS resolution is working properly.

Performance Problems

  • Monitor the syslog server's resource usage.

  • Adjust log buffering settings if needed.

  • Use log filtering for high-traffic networks to reduce load.

If logs still don't appear, restart both the UniFi Controller and the syslog service. Address these issues promptly to maintain a steady flow of logs.

Once everything is functioning as expected, you can move on to integrating your logs with LogCentral for better management.

LogCentral Setup

LogCentral

LogCentral is a GDPR-compliant syslog tool designed to manage and monitor UniFi logs effectively.

Key Features of LogCentral

LogCentral offers several tools to simplify UniFi syslog management:

  • 24/7 Monitoring: Keep an eye on network events in real time.

  • Live Visualization: Filter and view logs dynamically as they come in.

  • Long-term Retention: Securely store logs for future reference.

  • Automated Alerts: Get notified of critical events automatically.

  • Multi-tenant Support: Manage logs across different user segments.

  • Role-based Access: Control access with user-specific permissions.

Configuring LogCentral

Once your UniFi syslog server is ready, you can integrate it with LogCentral for enhanced monitoring. Here's how to get started:

1. Create an Account

-   Sign up for a LogCentral account.
    
-   Activate the free trial.
    
-   Select the subscription plan that fits your needs.
    

2. Set Up the Receiver

-   Locate the syslog receiver address and port in your [LogCentral dashboard](https://logcentral.io/features).
    
-   Enable syslog reception to start collecting logs.
    

3. Configure UniFi

-   Input LogCentral's syslog details into your UniFi controller settings.
    
-   Ensure the required log categories are enabled.
    
-   Verify the connection status within LogCentral.
    

4. Et voilà

-   You’re up and running

Summary

Here's a quick recap of the key configuration points for setting up syslog servers in UniFi.

Main Points

When working with UniFi syslog servers, focus on these areas:

  • Log Types: UniFi devices generate logs for categories like Admin Activity, Clients, Critical Events, Devices, Security, Triggers, Updates, and VPN.

  • Server Integration: Ensure your syslog server is configured with the correct port settings and has a stable connection.

  • LogCentral Features: Provides 24/7 monitoring, automated alerts, and compliance with GDPR standards.

Keep these points in mind as you move on to further optimizing your setup.

Further Steps

Here’s how to fine-tune your UniFi syslog configuration:

  • Regular Checks: Review logs on a monthly basis.

  • Storage Planning: Assess and update retention policies every quarter.

  • Security Settings: Set up custom alerts for critical events to stay ahead of issues.

  • Documentation: Maintain a record of all configuration changes for reference.

  • Performance Monitoring: Keep an eye on system performance and adjust log levels to avoid overloading the server.