Dustin C. Hatch
0578736596
The UniFi controller can act as a syslog server, receiving log messages from managed devices and writing them to files in the `logs/remote` directory under the application data directory. We can scrape these logs, in addition to the logs created by the UniFi server itself, with Promtail to get more information about what's happening on the network.
77 lines
2.5 KiB
YAML
77 lines
2.5 KiB
YAML
nginx_redirect_http_https: true
|
|
unifi_exporter_site: Pyrocufflink
|
|
unifi_exporter_username: prometheus
|
|
unifi_exporter_password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
65626437623130653232373130663834303134343439326166643561663666616134356331666461
|
|
3430633639346331356562306165333939643030353735640a633636353436376431353939653064
|
|
64346335623433306663386364353461636663613434363663383564343039653861336162616235
|
|
3464633736656437360a376666656632326562656233393064326430633936666162303562373461
|
|
31643637623835323064623932323331386136663732626665666639663136666437
|
|
|
|
promtail_dac_read_search: true
|
|
promtail_scrape_configs:
|
|
- '{{ promtail_default_scrape.journal }}'
|
|
- job_name: unifi-server
|
|
static_configs:
|
|
- labels:
|
|
__path__: /var/lib/unifi/logs/server.log
|
|
job: unifi
|
|
- labels:
|
|
__path__: /var/lib/unifi/logs/migration.log
|
|
job: unifi
|
|
pipeline_stages:
|
|
- regex:
|
|
expression: ^\[(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\] (?P<message>.*)
|
|
- timestamp:
|
|
source: timestamp
|
|
format: 2006-01-02 15:04:05,000
|
|
- output:
|
|
source: message
|
|
- job_name: unifi-mongod
|
|
static_configs:
|
|
- labels:
|
|
__path__: /var/lib/unifi/logs/mongod.log
|
|
job: unifi
|
|
pipeline_stages:
|
|
- regex:
|
|
expression: ^(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}[\+-]\d{4}) (?P<message>.*)
|
|
- timestamp:
|
|
source: timestamp
|
|
format: 2006-01-02T15:04:05.000-0700
|
|
- job_name: unifi-remote
|
|
static_configs:
|
|
- labels:
|
|
__path__: /var/lib/unifi/logs/remote/*.log
|
|
job: unifi-remote
|
|
pipeline_stages:
|
|
# Extract the device IP address from the log file name
|
|
- regex:
|
|
expression: ^(.*/)?(?P<device_ip>[0-9a-f:.]+)_[^/]+$
|
|
source: filename
|
|
# Extract the timestamp ans syslog priority value from the log message
|
|
- regex:
|
|
expression: >-
|
|
^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) <(?P<priority>\d+)>\S+ \S+ \S+ (?P<message>.*)
|
|
# Parse the timestamp
|
|
- timestamp:
|
|
source: timestamp
|
|
format: 2006-01-02 15:04:05,000
|
|
# Compute the syslog facility from the priority: F = floor(P / 8)
|
|
- template:
|
|
source: facility
|
|
template: >-
|
|
{% raw %}{{ div .priority 8 }}{% endraw %}
|
|
# Compute the syslog severity from the priority: S = P - F * 8
|
|
- template:
|
|
source: severity
|
|
template: >-
|
|
{% raw %}{{ sub .priority (.facility | mul 8) }}{% endraw %}
|
|
# Save the extracted values as labels
|
|
- labels:
|
|
facility:
|
|
severity:
|
|
device_ip:
|
|
- output:
|
|
source: message
|