I love this. I used graylog two months ago to troubleshoot some 2.4ghz wap issues with some various types of U6 APs. It was an invaluable tool in the process.
Love Graylog. Been using it for years! It's also very handy at ingesting netflow data and applying geolocation information to public IP addresses in any logs.
Very cool wish I'd known about this syslog forward option earlier. I had a recent Unifi problem that I thought was an issue with a laptop. Periodically it would get 100% packet loss over wifi, it was still connected but nothing would go through then it would be fine for a few hours, frustrating for WFH. I logged into Unifi for something unrelated months later and noticed these Radar Detect log messages. I had no idea this was a thing, that 5Ghz wifi and Radar are on the same band and if your AP detects it it has to quiesce for a period, for Unifi this is 10 minutes. I live nowhere near an airport but the military had begun exercises in the area recently.
Other devices on that side of the house were connected on 2.4Ghz and continued to work so thought it had to be the laptop at issue and never suspected the AP until I saw the log messages.
on a similar subject, could you do a video on how to setup and configure a Pfsense firewall connected to the UDM Pro with the Pfsense as primary router / firewall on the WAN and behind (on LAN Side) the UDM PRO connected to the Pfsense via its WAN connection? Lot of contradictory papers on the net about this cascading configuration.
Nice video!! I want to learn more about Graylog. Is it possible to have a distributed graylog servers? Or local sysllgs that then can consolidate into Graylog? Also a tutorial to setup Graylog with Mikrotik devices (not just PFsense)
Do you use the Unifi controller API in supporting customers? If so how do you use it? Ive had success using the Unifi API to pull data that is then imported into Graylog. It seems the api provides some unique information that is not available from the built in syslog. Specifically the ability to pull the “last seen” or “time connected” status from the Unifi controller for all devices. The goal achieved was if a new device shows up on a specific Unifi network that you can have Graylog alert immediately a MAC address appeared that has not been seen before or was seen in the last 5 minutes for the first time. The problem solved by this was having the ability to alert admins a new device has appeared in certain secured networks as soon as a Unifi switch sees it, just in case they were unaware something was being added.
Hi Tom, great video. Love your channel. I was wondering how you decipher the Unifi syslog? I have a small home setup with logs going to Graylog. I get a lot of error level syslog from Unifi. Google searches usually don't work. Do you know of any documentation on Unifi syslog?
Hi Tom, @LAWRENCESYSTEMS I mean making sense of the syslog. Just a few examples I have looked for but cannot really find decent info: [wifi1] FWLOG: [23027944] WLAN_DEBUG_DBGID_PEER [wifi1] FWLOG: [23027943] WAL_DBGID_SECURITY_UCAST_KEY_SET HSM: scan: transition IDLE => SUSPENDING_TRAFFIC [wifi1] FWLOG: [21514438] WAL_DBGID_TX_BA_SETUP
@@jrdegruijt They are just general debug notices generated by the UniFi code which is not fully open source but you can hunt around and find it in the original code it was based on which I think was OpenWRT
Graylog has more features built around inputs, alerts and processing streams. I think it offers easier setup an management of Elastic Stack, but if you are familiar with doing that all on your own, then just use Elastic Stack.
Tom, I want to do some POC testing of Graylog and have tried spinning up a cloud instance (Vultr), but I could not get the instance to a usable state. Do you know of any other hosting cloud vendors where they offer a "1-click" setup process?
Can greylog tell me about packets my udm is blocking? I have a network that can't reach a certain IP for some reason that I've been trying to figure out
The traffic spike is from the amused non-americans offering advice on how to correctly pronounce 'console'. Hint: it's not 'council'. Otherwise, now I feel compelled to check out graylog, ty for the vids.
What if somehow Unifi had the ability to capture all of your corporate Wifi in some unknown section of their databases that then floods it out randomly to what you think are harmless sites.
