Cloud Gateways Switching WiFi Physical Security Integrations
What's New Support
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Physical Security Integrations

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. Network
  4. Features & Configuration

Traffic Flows and Traffic Logging in UniFi Network

Traffic Flows in UniFi Network provide detailed traffic logs of all network activity passing through your UniFi Gateway. These logs offer critical visibility for network traffic analysis, security monitoring, and troubleshooting connectivity issues.

For a full overview of UniFi's Network and Cyber Security capabilities, see here.

For a full overview of UniFi’s Traffic and Policy Management capabilities, see here.

Requirements for Traffic Flows
  • UniFi Network Version: 9.1 or later
  • UniFi OS Version: 4.2.8 or later
  • Supported Gateway: Most UniFi Gateways are supported, excluding UDR, UDR7, Express, Express 7, UDM, UCG-Ultra, and UXG-Lite

Overview of Traffic Flow information

To access Traffic Flows, go to Insights > Flows in the UniFi Network application. This opens a table view showing completed network sessions that have passed through your UniFi Gateway. Key information displayed includes:

  • Source & Destination Ports
  • Blocked and Allowed Traffic
  • Risk Level
  • Policies Applied (Intrusion Prevention, Content Filtering, NAT, Traffic Routes, etc.)
  • Detailed Traffic Analytics (bytes transferred, session duration, etc.)

Clicking on a flow will open a property panel which displays all data relevant to the traffic flow.

Custom Views and Filters

You can tailor the traffic table to fit your workflow by adding columns for any available data points. To narrow your focus, apply filters to individual columns by clicking the magnifying glass icon in the column header and selecting from the available values.

Once you’ve configured a useful combination of columns and filters, you can save it as a custom view. This allows you to return to the same filtered view at any time, without needing to reapply settings.

UniFi also includes several preset views to help you get started, including:

  • All Flows
  • Blocked
  • Threats
  • NeXT AI

These views are designed to help you quickly focus on key traffic categories.

Log Retention

The quantity of logs retained is determined on your UniFi Gateway and/or UniFi Host. The table below shows an estimate:

Devices Amount of logs stored

UDM Pro, UCG Max, UCG Fiber

Up to 10 000
UniFi OS Server (with supported gateway)

Up to 10 000

UDM Pro, UCG Max, UCG Fiber with added storage

 Up to 500 000

UDM SE, UDW

 Up to 500 000

UDM Pro Max

 Up to 1 000 000
EFG Up to 10 000 000

Cloud Hosting (with a supported Gateway)

 Up to 10 000 000

UCK Enterprise (with a supported Gateway)

 Up to 20 000 000

Exporting Logs

UniFi offers several methods of log export in order to maintain long-term retention. This includes:

  • CSV Export: Navigate to Insights > Flows and click the Export button in the top-right corner.
  • NetFlow (IPFIX): Navigate to Settings > System > Traffic Logging > enable NetFlow (IPFIX) to send sampled traffic data to a third-party SIEM or collection server.

SIEM Export: Navigate to Settings > Control Plane > Integrations > select SIEM Server as the destination for Activity Logging. Traffic Logs will be made available for SIEM integration in a future release.

Was this article helpful?