I have been looking for a means to add useful firewall logging information from my UDM Pro to my SIEM. The default logging is inadequate as it doesn’t provide info on whether the traffic was allowed or denied or the policy rule used. I believe I may have found a solution on github. See links below:
UDM / UDMPro Boot Script
Enable log tags on your UDM
Has anyone in the community who are running version 1.11.4 and version 7.0.23 of the network app used these scripts before? If so, I’d like to know if the scripts still work with this setup.
Would you happen to know the answers to the following:
Is there perhaps a setting hidden somewhere in the Network app GUI or maybe a CLI command that would add the allowed or denied outcome and policy name to be added to the firewall logs?
If the answer to question 1 is no, are there any plans to fix the firewall logging problem? This has been ongoing for years with many users requesting a fix and no official response from anyone at Ubiquiti.
Any insight from you would be helpful as I’ve seen some of your videos on YouTube and you seem very knowledgeable about the platform.
They lack a clear product roadmap which is why we don’t deploy their firewalls commercially. I have not deeply looked into those feature as I doubt they have them and I doubt they will add them.