UnifiOS UDM Pro
Ubiquiti Unifi Dream Machine Pro (UDM Pro) is an all-in-one networking console that runs every UniFi OS application, like Network and Protect. It has a built-in security gateway, 10G SFP+ WAN support, an 8-port Gigabit switch, and network video recorder that supports compatible 3.5" hard disk drives (HDDs).
Rule Function
This rule has three functions:
- Fix poorly formatted host information sent from the device. The actual source IP is in the message sent by the device.
- SSH authorization messages are recognized and extra user tags are set.
- Some events are recognized as non-actionable and are marked accordingly.
Vendor Documentation
Documentation of the Ubiquiti Unifi log process and format is unfortunately minimal.
Incoming Log Format
The incoming log format is that of standard linux syslog log messages.
The Ubiquiti UDM Pro log messages are received as syslog data packets,
containing source host information. The UDM Pro populates this host
information with an identifier configured by and particular to that
device (such as UDM-RDC,f2e3fac05cfb,udm-1.11.0.3921), thus mangling the actual host source name.
SSH User Tags
| Tagged | Tag Name | Example | Description |
|---|---|---|---|
| ☑ | program |
SSH Auth |
designation of ssh authorization |
| ☑ | user |
root |
linux user |
| ☑ | SrcIP |
192.168.0.1 |
source IPv4 address |
| ☑ | SrcPort |
12345 |
source port |
Log Examples
UDM Child Connection (to be set non-actionable)
UDM Parsed Request (to be set non-actionable)