Looking to setup a syslog service for my home lab, more to better troubleshoot issues with random hardline disconnects from the switches. I was told that syslog stack would be the best thing especially for long term use. My question is, that the best option or would y’all suggestion something else? I have been looking at greylog/elk/Loki, but can’t decide nor does anyone in my circle use anything to help Collect syslogs 🙄
Splunk. The search tool is great, but has a bit of a learning curve to get it set up right. Watch some vids and you’ll be fine.
I only point a few devices at it and have been able to slide by with the free version for awhile now.
Does it work with Unifi?
If unifi supports syslog, then yes (I think it does but I don’t have it set up personally)
My udm is basically running either debian or Ubuntu with all the major apt packages so everything should work, though I don’t think most of the logs go through syslog, many go into their mongodb database I think.
Sure, you could set up any syslog receiver stack like Splunk (as the other OP suggested) or an ELK Stack or even just syslog-ng or rsyslog to disk. Anything that can ingest syslog format will handle Unifi logs.
Decide how you want to receive, store and parse your logstream data. Once you have a syslog receiver set up, set Unifi (System > Site > Enable Remote Logging) for the Syslog server remote address:port and start shipping logs.
Whatever you do with those logs is out of scope for this discussion, but your logger should at least ingest them and spool them.