Does anyone know of any documentation for configuring Graylog to modify incoming UniFi network messages so that they can be used with the built-in World Map and geo logging? Specifically, I am trying to build a dashboard that has the World Map widget that shows the geographical location of network traffic. I realize that Graylog has a commercial product for this with Illuminate, but this is for my home lab and I c an’t justify spending money on it.
This should get you started
Thanks for sharing that link, xMAXIMUSx., looks like a good starting point. I’m also curious if anyone here has had success specifically with parsing UniFi messages for this purpose. From what I’ve seen, some of the message fields (like source/destination IPs) may need to be extracted and normalized before the geolocation lookup works properly in Graylog. If anyone has a working pipeline or extractor config for UniFi logs, it would be great to see an example.
Thanks for the link! I will take a look at this and see if I can get it working. The biggest issue that I have run into is that the extractors I have is normalizing the data so that source and destination addresses are stored as SRC and DST while the World Map plugin is lookyfor src_ip and dst_ip.
I updated my extractors a few weeks ago for UniFi and you can get them here:
Does anyone know if there is a way to feed in the flow/activity logs in the latest UNifiOS / Network releases. Im looking to specifically obtain per device bandwidth stats and looks like these traffics stats would be useful to pull in. Anyone been able to do this?