
How to configure syslog servers in UniFi
Want to monitor and manage your UniFi network logs in one place? Setting up a syslog server with UniFi helps you track network events, troubleshoot issues, enhance security, and meet compliance requirements. Here's a quick guide to get started:
1. Log Categories: UniFi supports logs like Admin Activity, Client Events, Security Detections, Device Status, and more.
2. Requirements: Ensure your UniFi Network Application is version 7.3.76 or later, with a syslog server using UDP and a static IP for that server.
3. Setup Steps:
- Enable Remote Logging in **Settings > System > Advanced Features**. - Configure your syslog server details (IP, port, protocol). - Select the log types you want to monitor.
4. Device Configuration: Enable syslog on individual UniFi devices like Gateways, Access Points, and Switches.
5. Testing: Verify logs are being transmitted using tools like
ping
or tail -f /var/log/syslog
.
Pro Tip: Use advanced settings like log rotation, compression, and severity levels to optimize storage and performance.
Keep reading for detailed instructions, troubleshooting tips, and integration with tools like LogCentral for enhanced log management.
Setup Requirements
Before setting up syslog in your UniFi environment, make sure you meet the following requirements.
System Requirements
Your system must meet these minimum specifications to enable syslog:
Component | Minimum Requirement |
---|---|
UniFi Network Application | Version 7.3.76 or later |
Network Controller | 2GB RAM, 2 CPU cores |
Storage Space | 20GB available |
Network Connection | Static IP for syslog server |
Supported Devices | UniFi Gateway, Access Points, Switches |
Network Ports | UDP 514 (default syslog) or a custom port |
Also, ensure all UniFi devices are running the latest firmware. You can check this through the UniFi Network Application dashboard.
Syslog Server Setup
Follow these steps to prepare your syslog server for smooth log collection:
-
Server Configuration: Use a dedicated server or virtual machine for syslog. Ensure it has enough storage for logs and is set up with a static IP.
-
Network Requirements: Update your firewall to allow UDP 514 traffic or the port of your choice. If you're using hostnames instead of IP addresses, set up proper DNS resolution. Reliable connectivity between UniFi devices and the syslog server is crucial.
-
Performance Tips: Implement log rotation to manage storage usage effectively. For long-term storage, consider compressing logs. During deployment, keep an eye on server resources to address any performance issues.
Keep at least 50% of storage space free to handle log growth and avoid potential slowdowns. Regularly monitor and maintain your syslog setup to ensure it runs smoothly.
UniFi Syslog Configuration Steps
Set up syslog forwarding in the UniFi Network Application by following these steps.
Login and Navigation
After setting up your syslog server, configure the UniFi Controller:
-
Log in to the UniFi Controller.
-
Go to Settings > System.
-
In Advanced Features, open Remote Logging.
Server Configuration
Once in the Remote Logging settings:
-
Enable Remote Logging.
-
Enter your server details:
-
Server Address: Provide the IP address or hostname of your syslog server.
-
Port Number: Use the default port (514) or specify a custom port.
-
Protocol: You cannot change that setting
-
-
Select the log categories you want to monitor, such as:
-
Admin Activity
-
Client Events
-
Critical Events
-
Device Status
-
Security Detections
-
System Updates
-
VPN Activity
-
Network Triggers
-
Advanced Settings
Once you've completed the basic syslog setup, you can take it a step further by tweaking advanced configuration options. UniFi's syslog settings offer detailed control over how logs are managed and stored, giving you the flexibility to tailor the system to your needs.
Storage Settings
Manage your log storage effectively to maintain performance without overloading resources. Here are some options:
-
Set log rotation intervals to handle high-volume environments efficiently
-
Define maximum log file sizes and enable compression to save space
-
Use backup-forwarding features if your server setup supports them
-
Adjust buffering settings based on the size of your network
These advanced settings allow you to fine-tune your syslog configuration, ensuring it fits your specific requirements.
sbb-itb-fdb6fcc
Testing and Fixes
Start by checking your syslog configuration to confirm logs are being transmitted correctly.
Connection Tests
Test the connection between your UniFi devices and the syslog server:
-
Use
to check the server's availability.ping
-
Make sure UDP port 514 (or your designated custom port) is open.
-
Confirm that firewalls on both UniFi devices and the server allow syslog traffic.
Run the following command to test port listening:
nc -uvl 514
Log Verification
Keep an eye on incoming logs using this command:
tail -f /var/log/syslog
When reviewing logs, check for:
-
Correct source IP addresses
-
Accurate timestamps
-
Relevant event categories
-
Properly formatted messages
To ensure logging is functioning, trigger specific events such as:
-
Performing an admin action
-
Connecting a new client
-
Making configuration changes
-
Generating a security alert
Common Problems
Time Synchronization Issues
-
Confirm all UniFi devices and the syslog server are using the same NTP server.
-
Check that timezone settings are consistent across your network.
Missing Logs
-
Review your syslog daemon configuration.
-
Ensure log rotation settings aren't deleting entries too soon.
-
Verify the syslog server has enough storage space.
Connection Failures
-
Double-check the server address and port configuration.
-
Verify there are no routing issues between UniFi devices and the syslog server.
-
If using hostnames, confirm DNS resolution is working properly.
Performance Problems
-
Monitor the syslog server's resource usage.
-
Adjust log buffering settings if needed.
-
Use log filtering for high-traffic networks to reduce load.
If logs still don't appear, restart both the UniFi Controller and the syslog service. Address these issues promptly to maintain a steady flow of logs.
Once everything is functioning as expected, you can move on to integrating your logs with LogCentral for better management.
LogCentral Setup
LogCentral is a GDPR-compliant syslog tool designed to manage and monitor UniFi logs effectively.
Key Features of LogCentral
LogCentral offers several tools to simplify UniFi syslog management:
-
24/7 Monitoring: Keep an eye on network events in real time.
-
Live Visualization: Filter and view logs dynamically as they come in.
-
Long-term Retention: Securely store logs for future reference.
-
Automated Alerts: Get notified of critical events automatically.
-
Multi-tenant Support: Manage logs across different user segments.
-
Role-based Access: Control access with user-specific permissions.
Configuring LogCentral
Once your UniFi syslog server is ready, you can integrate it with LogCentral for enhanced monitoring. Here's how to get started:
1. Create an Account
- Sign up for a LogCentral account. - Activate the free trial. - Select the subscription plan that fits your needs.
2. Set Up the Receiver
- Locate the syslog receiver address and port in your [LogCentral dashboard](https://logcentral.io/features). - Enable syslog reception to start collecting logs.
3. Configure UniFi
- Input LogCentral's syslog details into your UniFi controller settings. - Ensure the required log categories are enabled. - Verify the connection status within LogCentral.
4. Et voilà
- You’re up and running
Summary
Here's a quick recap of the key configuration points for setting up syslog servers in UniFi.
Main Points
When working with UniFi syslog servers, focus on these areas:
-
Log Types: UniFi devices generate logs for categories like Admin Activity, Clients, Critical Events, Devices, Security, Triggers, Updates, and VPN.
-
Server Integration: Ensure your syslog server is configured with the correct port settings and has a stable connection.
-
LogCentral Features: Provides 24/7 monitoring, automated alerts, and compliance with GDPR standards.
Keep these points in mind as you move on to further optimizing your setup.
Further Steps
Here’s how to fine-tune your UniFi syslog configuration:
-
Regular Checks: Review logs on a monthly basis.
-
Storage Planning: Assess and update retention policies every quarter.
-
Security Settings: Set up custom alerts for critical events to stay ahead of issues.
-
Documentation: Maintain a record of all configuration changes for reference.
-
Performance Monitoring: Keep an eye on system performance and adjust log levels to avoid overloading the server.