Configuring Network Device - Ubiquiti Unifi Security Gateway (USG)

This article will walk through the steps required to send Syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer

Enable Remote Logging

Screen_Shot_2020-07-21_at_12.59.23_PM.png

  1. Log in to the Unifi Network Controller and click on Settings (gear icon) on the left menu.
    Screen_Shot_2020-07-21_at_12.59.05_PM.png
  2. Click on Network Settings
  3. Click On Advanced
  4. In the Remote Logging Section switch on Enable Syslog
  5. In the Syslog Host field, enter the IP address of the RocketCyber Syslog Server
  6. In the Syslog Port field, enter the Port for the RocketCyber Syslog Server (default is 514 recommended).
    Screen_Shot_2020-07-21_at_1.05.21_PM.png
  7. Click Apply Changes at the bottom of the screen

Configure Firewall Rule Logging

Each firewall rule must be configured to allow logging. 
Screen_Shot_2020-07-21_at_1.11.41_PM.png

  1. From the Settings Menu, click on Internet Security
  2. Click on Firewall
  3. For each rule that you want to log events from click on Edit.
    Screen_Shot_2020-07-21_at_1.13.55_PM.png
  4. In the edit details dialog click on Advanced.
    Screen_Shot_2020-07-21_at_1.14.56_PM.png
  5. Switch on Enable Logging.
    Screen_Shot_2020-07-21_at_1.15.42_PM.png
  6. Click Apply

Configure Default Action Logging

Screen_Shot_2020-07-21_at_1.18.48_PM.png

  1. On the Firewall page, scroll down to the Settings section and click on Default Action Logging.
    Screen_Shot_2020-07-21_at_1.19.59_PM.png
  2. Switch on WAN Rules
  3. Switch on LAN Rules.
    Screen_Shot_2020-07-21_at_1.05.21_PM__1_.png
  4. Click on Apply Changes.

The steps for this configuration were verified with Controller Software v5.13.29.