Ubiquiti Syslog Server
Ubiquiti’s Unifi line doesn’t really provide any logging and sometimes I need to see a little more to diagnose an issue. Here’s my setup for a quick an dirty Syslog server.
Syslog Installation
Syslog is available in the default Ubuntu repositories
sudo apt install rsyslog
Once installed, edit the conf file
sudo nano /etc/rsyslog.conf
Uncomment the following lines
# provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") # provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514")
Add the following lines under the modules we uncommented. This will store the logs by the system name
$template remote-incoming-logs, "/var/log/unifi/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?remote-incoming-logs
Restrart the service for the changes to become active
sudo systemctl restart rsyslog
If necessary, alow ports 514 for TCP and UDP to come through the firewall
sudo ufw allow 514/tcp sudo ufw allow 514/udp
Ubiquiti Settings
Log into the Unifi Controller web interface and navigate to the site that you need to check the logs for. Click on Settings > Site and enable the following:
- Enable remote Syslog server
- Remote IP or Hostname: [IP of your syslog server]
- Port: 514
Apply changes and when the site provisions, all events will be sent to the syslog server
Viewing Logs
To view the logs, you’ll need to be SSH’d into the Syslog server. Once logged in you can view the name of the logs from the devices by running the following commands
sudo ls /var/log/unifi
Once you know the name of the file, you can either view the file as is or tail the file to see the latest entries as they come in. To view the file
sudo cat /var/log/unifi/[hostname]/logfile
If you want to tail the file to watch as thing are happening, run the following
sudo tail -f /var/log/unifi/[hostname]/logfile
I’m sure there are better ways for this, but it works for me!