Process Unifi Network Application syslog #9
Comments
|
I'm sure you don't need any pointers, but I did some of the unifi (syslog) -> promtail -> loki work using docker-compose and you might be able to leverage that. https://github.com/bossjones/docker-compose-prometheus/tree/feature-perf/outputs (those are all of my rendered files). some of it is redundant, but i'm lazy at times haha. Also, fluent-bit is great and all, but i've been having fun with Vector lately (having played with syslog-ng, rsyslogd, promtail, beats, fluent-bit, fluentd and vector at this point haha). Goodluck! (btw I came across your repo while looking for inspiration on setting up my k3d local env w/ argocd / etc ) |
|
@bossjones Thanks for the recommendations! I don't use docker but the fundamentals are similar. I have a mild preference for fluent-bit due to it being a bit more resource efficient in various benchmarks. Vector is very cool. I should check it out again. However, it looks like there's no easy and reliable way to configure Unifi OS to send syslog over TLS. And I can't send unencrypted logs over UDP due to my threat model (I try to keep my work on network security minimum). So, realistically speaking, I will probably end up spinning up an unpoller to pull logs over API(HTTPS) and push to loki. |
|
Well this is totally unexpected, but turned out unpoller does not support firewall log API at the moment and I went with vector:
Now I am wondering if I can do more with my unifi gears. I may never be able to manage them the Kubernetes way, but at least Ansible has been working well so far. This gives me the answer to #8: I need an ansible execution system that periodically reconciles machines, so AWX it is. |
The text was updated successfully, but these errors were encountered: