1. Describe your incident:
Ingest UDP syslog from Unifi network equipment
2. Describe your environment:
OS Information: Ubuntu
Package Version: Graylog 5.2.1
3. What steps have you already taken to try and solve the problem?
Following guide to ingest unifi data
4. How can the community help?
Before defining a stream, I expected the traffic to come in to my default stream, but nothing. I fixed the router ingest by tweaking the config on the Unifi devices following the generic syslog guide to use RSYSLOG_SyslogProtocol23Format - but there is no equivalent for the wireless devices. Whats the suggested next steps to ingest this data?
If this new GrayLog installation, is there any Input configured to receive messages ?
You need configure Input (use 514 or 1514 UDP port or what ever your requirement for the Graylog to receive the Logs)
on Ubiquity you need to configure syslog point to graylog IP with defined port.
So. I had done all of the required things. Ports were correct. I did tcpdump’s to verify traffic was reaching Graylog. Ultimately, it was not working. BUT, fun fact. I came back today and found it started working a day after my initial configuration. I dont know what it was, but it’s now ingesting. I’ll do more work to parse it later. Thanks…
