Lumu Log Forwarder Ubiquiti Unifi Cloud Gateway Configuration
Requirements
- A Unifi Cloud Gateway device
- Refer to Unifi Cloud Gateways for further reference
- Have admin access to the device via the Unifi Site Manager Portal to create a new Forwarding configuration.
- A configured Virtual Appliance or Log Forwarder Agent.
Configure Ubiquiti Unifi to Send Metadata to Lumu Log Forwarder
You will need to configure your Ubiquiti Unifi device to send logs to the Virtual Appliance. This requires the following:
- A SIEM Server destination
- A Firewall Action Logging rule
Configure a SIEM Server destination
1. First, login to the Unifi Site Manager portal2. Head to the left side panel. Click on the Sites icon to open the Sites menu. Then, click on the Site where your Unifi device is enrolled.3. In the Network panel, head to the left side panel. Click on the Settings (Gear) icon.4. In the Settings panel, you must do the following:a. First, click on the System(1) menu.b. Select the SIEM server(2) option under the Activity Logging section.c. In the Contents(3) section, select the following : Devices, Firewall Default Policy. Make sure you click on the Save button when done.d. Input the address of the Virtual Appliance you want to send logs to under the Server Address(4) fielde. Input the corresponding port for the remote address of the Virtual Appliance you want to send logs to under the Port(5) field.f. Once you’re done, click on the Apply Changes(6) button.
Configure Firewall Logging rule
We recommend enabling logging for all your custom rules to have full visibility.
1. You can add a Default Action Logging or configure specific rules to be logged. To do so, you must configure each rule to generate a Syslog entry when matched. From the window accessed in Step 3 of the Configure a SIEM Server destination section, do the following:a. Click on the Security(1) menub. Click on the Traffic & Firewall Rules(2) tab.c. Select one of the listed rules(3).d. In the panel that opens, enable the Logging toggle at the end of the configuration window, and save your changes by clicking on the Apply Changes button.
Related Articles
Deploy Collectors with Log Forwarder for Linux
The Lumu Log Forwarder Agent is available for Linux-based operating systems. In this article, you will find the installation procedures, both automatic and manual, for all the supported distributions. Log Forwarder is designed to streamline the data ...Deploy Collectors with Log Forwarder for Windows
Log Forwarder is designed to streamline the data collection processes from third party data collection services. While not as optimized as a fully-fledged Virtual Appliance deployment, it is a great alternative for fast and accessible deployment. ...Lumu Log Forwarder FortiGate Configuration
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...Lumu Log Forwarder MikroTik Configuration
Requirements MikroTik Router OS 6 or newer. A configured Log Forwarder Agent. Log Forwarder Agent for Linux Log Forwarder Agent for Windows Configure MikroTik to Send Metadata to Lumu Log Forwarder You will need to configure MikroTik in order to ...Log Forwarder Agent Command Reference and Installer Troubleshooting
The Log Forwarder Agent is part of the larger family of Lumu Agents. As such, it shares several features and processes with them that are outlined below. Command Quick Reference for Windows Agent Support The Lumu Log Forwarder Agent for Windows ...