UI Guide

Log Stream

A live-updating table of every syslog event. Filter by type, time range, action, direction, VPN, interface, service, country, ASN, threat score, or use the free-text search bar.

Click any row to expand its detail panel. The expanded view shows full enrichment data including GeoIP location, AbuseIPDB threat intelligence, resolved device names, copy-to-clipboard buttons for IPs, and the raw syslog line. The live stream auto-pauses while a row is expanded so you don't lose your place.

Dashboard

Aggregated analytics with a configurable time range selector. The top row shows summary cards for total, blocked, threat, and allowed event counts, plus a direction breakdown.

Below the cards you'll find area and stacked charts for traffic over time, and ranked tables for top countries, top IPs, top threats, top services, and top DNS queries.

Threat Map

A geographic visualization with two modes: Threats (inbound IPs with AbuseIPDB scores) and Blocked Outbound (outbound traffic your firewall denied). Toggle between heatmap and cluster rendering, and filter by time range.

Click any point to open an inspection sidebar with IP details. The map auto-refreshes every 60 seconds. From the Log Stream detail panel you can click "View on map" to jump directly to the geographic location of an IP.

Settings

The Settings page is divided into five sections:

• WAN & Networks - UniFi controller connection, WAN IP, and network configuration.
• Firewall - Zone matrix with bulk toggle for enabling or disabling syslog on firewall policies by zone pair.
• Data & Backups - Retention slider, full database export and import for backup/restore.
• User Interface - Theme selection, country display format, and IP subline configuration.
• MCP (Beta) - Enable the built-in MCP server and manage API tokens for AI assistant integrations.