Advanced Logging Information

It's easy to obtain detailed UniFi logs from your devices. Most of these logs are already available in the standard support file detailed here.

The methods that follow are only relevant for advanced network administrators performing their own advanced troubleshooting, or if requested by a UI Support Engineer.

Device Logs

To obtain the logs below, you must establish a Secure Shell (SSH) connection with the device of interest. See Connect With SSH to learn more.

General Logs

Each UniFi device stores additional logs in the following directory:

/var/log/messages

To view all logs, use the cat command:

cat /var/log/messages

To view the live output, use the tail command instead:

tail -f /var/log/messages

Gateway Logs

RADIUS Logging

RADIUS authentication logs are present in the System Log tab of UniFi Network. More advanced logs can found in the following directory of the UniFi gateway:
/var/log/freeradius/radius.log

DNSmasq Logging

Beginning in UniFi Network version 7.4, DHCP lease information is shown in the user interface by navigating to Settings > Networks > IP Leases. More advanced logs can found in the following directory of the UniFi gateway:
/var/log/dnsmasq.log

Threat Management Engine Logging (IPS/IDS)

Security detections are present in the System Log tab of UniFi Network. More advanced logs can found in the following directory of the UniFi gateway:
/var/log/suricata/suricata.log

Switch Logs

UI Support may require additional switch logs be sent for review. After connecting to the switch using SSH, they can be generated by issuing the following commands:

telnet localhost
enable
show tech-support

Once generated, copy and paste the logs into a *.txt file.

Legacy Security Gateways (USG)

After connecting over SSH, general logs can be viewed using:

show log

Additional VPN logs can be viewed using:

show vpn log

To see which route is assigned to a virtual tunnel interface (VTI), use the show command:

show ip route | grep vti

UI support may occasionally request the following output to be copied into a *.txt file and shared:

show tech-support | no-more

Other UniFi Network Logs

Some logs are stored locally in your UniFi Network application and do not require using SSH. These are obtained differently depending on where UniFi is running:

  • Dedicated UniFi Cloud Gateways (Dream Machines, Cloud Keys, etc.): Logs are contained in the *.tgz file. Click here to learn more.
  • Self-Hosted UniFi Network Servers: Logs are saved locally on the PC/server running UniFi Network. Right-click on UniFi and select Show Package Contents, or navigate to the appropriate directory. Common directories are listed below:
    • Windows: C:\Users\<username>\Ubiquiti UniFi\logs\
    • macOS: /Users/<username>/Library/Application\ Support/UniFi/logs/
    • UniFi Cloud Key and Debian/Ubuntu Linux*: /usr/lib/unifi/logs/

Traffic Capture

A UI Support Engineer may request you to capture traffic passing through a specific interface on a device. This is often done using TCPDUMP. After connecting to a device using SSH, issue the following command depending on the device in use:

Access Points

tcpdump -i <interface>

Gateways

tcpdump -npi <interface>

Note: Replace '<interface>' with the specific interface of interest.

Once sufficient traffic is generated, these logs can be shared with support by copying them into a *.txt file.

Was this article helpful?
224 out of 605 found this helpful