Chris Bisnett This is a great way to start the week! Is there any guide that you could share a link to?

Chris Bisnett thank you. i set my collectors to point to a server i set as the syslog agent. i will check in a couple of days.

Chris Bisnett is there any clarification on MSP's who host their own Unifi management portal where there might be multiple devices belonging to multiplte clients? It is set up to be a multitenanted environment but i beleive it would all funnel through the same SINGLE syslog setting in Unifi. ie mutliple clients logs going to same syslog host.

issue would be with attributing logs to the right customer in Huntress as well as billing.

Thanks.

Chris Bisnett I'd also appreciate clarification on how this is "Complete" for MSPs that host a centralized controller. We can't send syslog data to a Huntress agent - it needs to be an internet-accessible endpoint, similar to what exists for DNS Filter integration.

Alex Perrot I guess it depends on your setup. We have a few folks who have multiple Ubiquiti devices in their network and use a central Ubiquiti Controller to manage all of them and they were able to point them all to a single internal IP address and we collect and split the data out just fine.

It sounds like you're using a single controller to manage multiple different networks where having a single private IP address wouldn't be feasible. That seems like somewhat of a limitation with Ubiquiti that you can't define different Syslog targets for different devices, but I suppose you could specify a public IP address and have all of the devices send their logs that way. Does Ubiquiti support TCP and TLS encrypted logs? If not, then you would be sending all of your logs over potentially unreliable UDP without any encryption.

We've got the public Syslog endpoint on our short todo list so it shouldn't be much longer before it's available. I'll have someone reach out when we get a bit closer and see if you want to help us test this.

Chris Bisnett I think your scenario only works when you have a local controller (i.e. 1 controller per site). Most MSPs I know of have 1 centralized controller they host themselves/outsource to UniFi or HostiFi, and there's no practical way to connect that to a Huntress agent that I know of.

I'm not sure if the UniFi controller supports TCP/TLS or not, as there are limited options in the UI and no documentation I could find. Happy to test things out though!

Alex Perrot I've configured Hostifi for syslog and it works as expected. Each Unifi Site has to be configured with a syslog destination (under System -> Advanced -> Remote Logging) and that configuration applies to all devices within that UniFi site. You will need to repeat for each site, but the settings are segmented per Unifi Site so applying it once does not apply to all customers.

Jason Phelps That's great to hear. Once there's a Huntress syslog endpoint, we'll get this setup on our end as well.

Alex Perrot as you noted earlier, I don't think UniFi supports TLS (or TCP for that matter) unless they do some changes behind the scenes when you change the port.

Feel free to reach out if you have other questions - jason dot phelps at huntresslabs dot com.