diff --git a/group_vars/unifi/main.yml b/group_vars/unifi/main.yml
index ef0aeda..e4535b2 100644
--- a/group_vars/unifi/main.yml
+++ b/group_vars/unifi/main.yml
@@ -8,3 +8,69 @@ unifi_exporter_password: !vault |
   64346335623433306663386364353461636663613434363663383564343039653861336162616235
   3464633736656437360a376666656632326562656233393064326430633936666162303562373461
   31643637623835323064623932323331386136663732626665666639663136666437
+
+promtail_dac_read_search: true
+promtail_scrape_configs:
+- '{{ promtail_default_scrape.journal }}'
+- job_name: unifi-server
+  static_configs:
+  - labels:
+      __path__: /var/lib/unifi/logs/server.log
+      job: unifi
+  - labels:
+      __path__: /var/lib/unifi/logs/migration.log
+      job: unifi
+  pipeline_stages:
+  - regex:
+      expression: ^\[(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\] (?P<message>.*)
+  - timestamp:
+      source: timestamp
+      format: 2006-01-02 15:04:05,000
+  - output:
+      source: message
+- job_name: unifi-mongod
+  static_configs:
+  - labels:
+      __path__: /var/lib/unifi/logs/mongod.log
+      job: unifi
+  pipeline_stages:
+  - regex:
+      expression: ^(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}[\+-]\d{4}) (?P<message>.*)
+  - timestamp:
+      source: timestamp
+      format: 2006-01-02T15:04:05.000-0700
+- job_name: unifi-remote
+  static_configs:
+  - labels:
+      __path__: /var/lib/unifi/logs/remote/*.log
+      job: unifi-remote
+  pipeline_stages:
+  # Extract the device IP address from the log file name
+  - regex:
+      expression: ^(.*/)?(?P<device_ip>[0-9a-f:.]+)_[^/]+$
+      source: filename
+  # Extract the timestamp ans syslog priority value from the log message
+  - regex:
+      expression: >-
+        ^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) <(?P<priority>\d+)>\S+ \S+ \S+ (?P<message>.*)
+  # Parse the timestamp
+  - timestamp:
+      source: timestamp
+      format: 2006-01-02 15:04:05,000
+  # Compute the syslog facility from the priority: F = floor(P / 8)
+  - template:
+      source: facility
+      template: >-
+        {% raw %}{{ div .priority 8 }}{% endraw %}
+  # Compute the syslog severity from the priority: S = P - F * 8
+  - template:
+      source: severity
+      template: >-
+        {% raw %}{{ sub .priority (.facility | mul 8) }}{% endraw %}
+  # Save the extracted values as labels
+  - labels:
+      facility:
+      severity:
+      device_ip:
+  - output:
+      source: message