TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: Firewall Syslog
ENVIRONMENT: Ubiquiti UniFi (USG, UXG, UDM)
SUMMARY: Configuration Guide for Ubiquiti UniFi firewalls
Device Configuration Checklist (Network Application v8.4.59 or older)
Device Configuration Checklist (Network Application v8.5.6 or newer)
This page only covers the device-specific configuration, you'll still need to read Huntress Managed SIEM Firewall guide to complete the Huntress Managed SIEM setup as well as opening a port in Microsoft Defender Firewall.
Vendor Information
Vendor |
UniFi / Ubiquiti |
---|---|
Supported Model Name/Number |
USG, UXG, UDM |
Supported Software Version(s) |
UniFi Network Controller 5.11.39+ UniFi Network Application 6.2.25+ |
Collection Method |
Syslog |
Provider Name |
Syslog-Unifi Networks or Syslog-Ubiquiti |
Additional Information |
https://help.ui.com/hc/en-us/articles/360049956374-Getting-Support-Files-and-Logs Network Application 8.5.6 Release Notes
|
This section applies to UniFi Network Application (or UniFi Network Controller) version 8.4.59 and older.
Device Configuration Checklist (versions 8.4.59 or older)
First, enable remote logging and then complete the setup in the Huntress platform.
- Open UniFi Network.
- Go to Settings > System > Advanced.
- In the Remote Logging Location section, select Remote Server and Syslog.
- Add the IP address of the Huntress Agent you enabled for Syslog collection.
- Confirm the port is set to 514.
- Confirm that Debug Logs is deselected.
- Click Apply Changes.
Your changes here will now be applied to all UniFi devices within this Site. If you have multiple UniFi Sites, you need to repeat these steps for each Site.
Example Configuration Screenshot
Device Configuration Checklist (version 8.5.6 or newer)
This section applies to UniFi Network Application Version 8.5.6+. Enable remote logging and then complete the setup in the Huntress platform.
-
Open UniFi Network.
-
Go to Settings > System > Integrations.
-
In the Activity Logging section, select SIEM Server
- In Contents, confirm that only these items are selected:
- Admin Activity
- Critical
- Security Detections
- Triggers
- VPN
- In the Server Address field, add the IP address of the Huntress Agent you enabled for Syslog collection.
-
Confirm the port is set to 514.
- Confirm that Debug Logs is deselected.
- Click Apply Changes.
Your changes here will now be applied to all UniFi devices within this Site. If you have multiple UniFi Sites, you need to repeat these steps for each Site.
At this time, all device types are included, there is no option to exclude specific types at this time.