 time here from Lauren systems and we're going to talk about Unify and syslog. Syslog is your friend when it comes to troubleshooting. One of the first questions I frequently ask when people start describing problems is what's in the logs. Those logs can be very valuable. So I want to make sure people understand how to set up syslog with gray log. Now if you don't have a syslog server, I have a video link down below for gray log. It's my personal favorite syslog server. It's open source. They have a Docker image. The video references a VM image that's no longer available, but I'll get around to a new video or maybe you live in that future where I have a new gray log video. Either way, they have lots of documentation on their site. My video still is relevant for getting started with gray log and getting it going. Before we dive into the details of this video of how to set up Unify with syslog, let's first. Are you an individual or company looking for support on a network engineering, storage or virtualization project? Is your company or internal IT team looking for someone to proactively monitor your system security or offer strategic guidance to keep your IT systems operating smoothly? Not only would we love to help consulting your project, we also offer fully managed or co-managed IT service plans for businesses in need of IT administration or IT teams in need of additional support. With our expert install team, we can also assist you with all of your structure, cabling, and Wi-Fi planning projects. If any of this piques your interest, fill out our hire us form at laurancesystems.com so we can start crafting a solution that works for you. If you're not interested in hiring us but you're looking for other ways you want to support this channel, there's affiliate links down below to get your deals and discounts on products and services we talk about on this channel. And now back to our content. Now the first thing to note is that Unify does this on a per site basis. So if you have multiple sites, you'll have to change the setting to match the syslog settings you need for each individual site. Now this is our office site we already have set up. We're going to go here to the gear with the settings and you'll see I'm using version 7166, latest as of the release of this video. Bring it over here to system and then we'll scroll all the way down here to system logging. Log level, well this is fine to leave it auto but if you want you can have it more verbose if needed. I'm generally fine with log level normal but if you find some problem that you're not really seeing in the logs you may want to adjust those. Syslog or debug logs I haven't had a need for those in a while and then from here the syslog host. This is my gray log server at 192.1682.8 and gray log is set to receive at 1517 UDP. I didn't see any options in here for choosing TCP logging so it is pretty much just all going to be UDP. Now these systems are local to each other and let's talk about how that works. Now 192.1683.6 is actually the IP address of my Unify controller but we have each of these devices here are sending their individual logs. That's because when you set a syslog server there's just simply a Linux kernel running on each one of the unified devices whether it's a switch or an access point and it's updating those individual devices and saying hey send your logs over here. So it doesn't all come back to the controller and then get sent out the controller in addition to the devices does send all the logs. That's why you see each of these connections to 192.1682.8 port 1517 repeated so many times is because each individual device is establishing a connection and sending its logs there and this is really helpful because now the log from any switch or the log including all the little details especially if you turn up to a high level debugging are all heading to one individual device and not reaching a choke point of the server but this is where things are really important to note because if you are setting this up for an external controller for example our controller hosts many of our clients well you have to point it at the syslog relevant for each individual client I can't necessarily unless I wanted to pipe it back over VPN point it back at my syslog server because if you're managing remote sites they're remote and not necessarily going to be on the same network so you set it up on a per site basis as well so for each site you're putting in a syslog server and all those devices are going to try to beacon their data to that particular syslog that's just the way Unify has it set up there are some other out of scope things maybe I'll talk about if people want where there's a way to have Unify send device notices back but I've generally found it's better to have a local syslog server especially if you have a site with a high number of devices because that much traffic coming back at you especially if you turn on a verbose logging may cause some traffic choke points for you so this is my preferred way to set it up for local syslog server on a per site basis now I have at least a couple devices here that need a firmware update so one I want to click off a firmware update so click to update we'll go ahead and get that updated and now while that's updating let's go over here to gray log and look at some logs here and show you some interesting things you can pull from here now I have gray log ingesting all of my logs so I have my MAC address and we'll just hit load here to show you what this is this is Tom's Pixel 6 phone one was Tom at the office last actually a couple days ago on July 27th so here's all those logs from that and I can even go back further if I wanted all depends on how many logs in which your retention policies are but I would go back 30 days and see all the notices that Tom's phone may have generated and what you're seeing is the individual notices right here the hallway ACLR and Tom associated with it right here so we have the exact log information zoom in a little make it easier see here's each of the tracking events when I disassociated that's actually me leaving so we're going backwards in time here when I associated with it matter of fact let's go a little further we'll probably get the DHCP offer because I also have my pfSense log so here's where Tom's phone requested DHCP and go back a little further back a little further you'll see where the alerts and everything that are on here where it's associated where connected and everything else this is so if you're doing any type of tracking and this is a frequent request that people will have is you know what happened which person wandered to which AP or they're going back and forth by having the MAC address the device that's in question and being able to have all of those access points queried at once for a particular MAC address you can possibly start seeing and get some insights into different errors and like I said I'm using gray log here but really any logging server that you have would help consolidate all this even if you just set up a basic command line our syslog server to ingest of these it would give you a lot more insight into what's going on now we're going to go here and load and let's look at unify link status and all I'm doing here is looking for link up or link down and that's another thing that the switches will tell you which port was changed on status and from here you can even set your own type of triggering as people ask what about the unify notifications on triggering I'm like well we ingest everything into a log server and this allows us to get a better history and tracking of it and a lot more details because maybe there's other events going on that are associated around it and once you consolidate all your logging to one place you can say hey what's plugged into that link and let's pull those logs in and grab a time slice of what happened when this link went down specifically and then we have that extra information so it's a us sw pro 24e and we know that link went down the zero of six on here it's just pretty simple port to link up so that's when this link came back up on this particular one each one of these just gives us a little bit more of traffic insight for that click on the search and we're going to put in the word firmware and that's because I just clicked on a firmware update and right here you can see the as we call it wev6 protest unit firmware upgrade flash firmware upgrade firmware check handle firmware and uh Thomas was the user which is me upgrade firmware downloading so it knows that I initiated that was logged from the controller and then the device itself is going to log each one of these and then we can even filter for how that device is doing with its firmware update so we go here and we'll filter for just this device and we can see it pushing the firmware here and going through each of its things each report info upgrade flashing the firmware and once again we have a lot more logs and insights and we would have if we were to just rely on what the unify controller collects which is actually not that much and that's really it for unify and syslog it's easy to do set those settings and it will help you dramatically with your troubleshooting now I'll also give a shout out and I've not done a video on this but for those of you and I've talked a lot about on my channel the Synologies they have a built-in log facility as well that you can use and dump all of your logs there I've done this a couple times as testing it's not as nice and fancy as gray log is but definitely will get the job done also if you're not familiar you can look up how to set up like your own syslog server I do not have any particular dedicated video on that but just having all the logs consolidated to one place and this can be done on something as simple as a raspberry pi and if you're dealing with a client site they can't have their own on-premise log server permanently there a raspberry pi is kind of a neat option to load something like our syslog on and just start receiving all the logs kind of as a temporary when you're you know dealing with a troubleshooting issue and trying to figure it out but you can google and find a handful of other probably free tools out there to ingest syslog but either way all starts with just throwing that setting in unify each of the devices will talk to it and will send you on your journey of trying to figure out what's going on or just because you want to learn more about how all these devices are working and some of the inner workings of stuff it's also just fun for that level of discovery all right links to the gray log video as I mentioned down below and thanks and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the subscribe button and the bell icon if you'd like to hire a short project head over to laurancesystems.com and click the hires button right at the top to help this channel out in other ways there's a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and designs come out well randomly so check back frequently and finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thanks again for watching and look forward to hearing from you