summarylogtreecommitdiffstats
path: root/unpoller.conf
blob: 7352e5fcac1d1d85712ba6e99f5f7ffc227cc4c0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# Unpoller v2 primary configuration file. TOML FORMAT #
###########################################################

[poller]
  # Turns on line numbers, microsecond logging, and a per-device log.
  # The default is false, but I personally leave this on at home (four devices).
  # This may be noisy if you have a lot of devices. It adds one line per device.
  debug = false

  # Turns off per-interval logs. Only startup and error logs will be emitted.
  # Recommend enabling debug with this setting for better error logging.
  quiet = false

  # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default.
  plugins = []

#### OUTPUTS

    # If you don't use an output, you can disable it.

[prometheus]
  disable = false
  # This controls on which ip and port /metrics is exported when mode is "prometheus".
  # This has no effect in other modes. Must contain a colon and port.
  http_listen = "0.0.0.0:9130"
  # Adding an SSL Cert and Cert Key will make Poller listen with SSL/https.
  ssl_cert_path = ""
  ssl_key_path  = ""
  # Errors are rare. Setting this to true will report them to Prometheus.
  report_errors = false
  ## Record data for disabled or down (unlinked) switch ports.
  dead_ports = false

[influxdb]
  disable = false
  # InfluxDB does not require auth by default, so the user/password are probably unimportant.
  url  = "http://127.0.0.1:8086"
  user = "unifipoller"
  # Password for InfluxDB user (above).
  # If the password provided here begins with file:// then the password is read in from
  # the file path that follows the file:// prefix. ex: file:///etc/influxdb/passwd.file
  pass = "unifipoller"
  # Be sure to create this database. See the InfluxDB Wiki page for more info.
  db = "unifi"
  # If your InfluxDB uses a valid SSL cert, set this to true.
  verify_ssl = false
  # The UniFi Controller only updates traffic stats about every 30 seconds.
  # Setting this to something lower may lead to "zeros" in your data.
  # If you're getting zeros now, set this to "1m"
  interval = "30s"
  ## Record data for disabled or down (unlinked) switch ports.
  dead_ports = false

# To enable output of UniFi Events to Loki, add a URL; it's disabled otherwise.
# User, pass and tenant_id are optional and most folks wont set them.
# Pick which logs you want per-controller in the [unifi.controller] section.
# This is a new feature. Feedback welcome!
[loki]
  disable = true
  url = ""
  # The rest of this is advanced & optional. See wiki.
  user       = ""
  pass       = ""
  verify_ssl = false
  tenant_id  = ""
  interval   = "2m"
  timeout    = "10s"

[datadog]
  # How often to poll UniFi and report to Datadog.
  interval = "2m"

  # To enable this output plugin
  enable = false

  # Datadog Custom Options

  # address to talk to the datadog agent, by default this uses the local statsd UDP interface
  # address = "localhost:8125"

  # namespace to prepend to all data, default is no additional prefix.
  # namespace = ""

  # tags to append to all data
  # tags = [ "customer:abc_corp" ]

  # For more advanced options for very large amount of data collected see the upstream
  # github.com/unpoller/unpoller/pkg/datadogunifi repository README.


# Unpoller has an optional web server. To turn it on, set enable to true. If you
# wish to use SSL, provide SSL cert and key paths. This interface is currently
# read-only; it just displays information, like logs, devices and clients.
# Notice: Enabling the web server with many sites will increase memory usage.
# This is a new feature and lacks a UI, enabling only recommended for testing.
[webserver]
  enable = false
  port   = 37288
  # The HTML path is different on Windows and BSD/macOS.
  html_path     = "/usr/lib/unifi-poller/web"
  ssl_cert_path = ""
  ssl_key_path  = ""
  # How many events per event group to hold. 200-2000. Use fewer with many sites.
  # With 1 site, you'll have a max total of 9 event groups; 1 per plugin, 4 per site.
  # Each site adds 1 event group for each of these inputs that is enabled:
  #   save_ids, save_events, save_anomalies, save_alarms.
  max_events = 200

# By default the web interface does not require authentication. You can change
# that by adding a username and password hash (or multiple) below.
# To create a hash, run unifi-poller with the -e CLI argument. See Wiki for more!
[webserver.accounts]
# username = "password-hash"
# captain = "$2a$04$mxw6i0LKH6u46oaLK2cq5eCTAAFkfNiRpzNbz.EyvJZZWNa2FzIlS"

#### INPUTS

[unifi]
  # Setting this to true and providing default credentials allows you to skip
  # configuring controllers in this config file. Instead you configure them in
  # your prometheus.yml config. Prometheus then sends the controller URL to
  # Unpoller when it performs the scrape. This is useful if you have many,
  # or changing controllers. See wiki for more.
  dynamic = false

# The following section contains the default credentials/configuration for any
# dynamic controller (see above section), or the primary controller if you do not
# provide one and dynamic is disabled. In other words, you can just add your
# controller here and delete the following section. The internal defaults are
# shown below. Any missing values will assume these displayed defaults.

[unifi.defaults]
  # URL for the UniFi Controller. Do not add any paths after the host:port.
  # Do not use port 8443 if you have a UDM; just use "https://ip".
  url = "https://127.0.0.1:8443"

  # Make a read-only user in the UniFi Admin Settings, allow it access to all sites.
  user = "unifipoller"

  # Password for UniFi controller user (above).
  # If the password provided here begins with file:// then the password is read in from
  # the file path that follows the file:// prefix. ex: file:///etc/unifi/password.file
  # ex: file:///etc/unifi/passwd.file, windows: file://C:\\UserData\\Unifi\\Passwd.txt
  pass = "unifipoller"

  # If the controller has more than one site, specify which sites to poll here.
  # Set this to ["default"] to poll only the first site on the controller.
  # A setting of ["all"] will poll all sites; this works if you only have 1 site too.
  sites = ["all"]

  # Specify a timeout, leave missing to declare infinite wait. This determines the maximum
  # time to wait for a response from the unifi controller on any API request.
  # timeout = 60s

  # Enable collection of site data. This data powers the Network Sites dashboard.
  # It's not valuable to everyone and setting this to false will save resources.
  save_sites = true

  # Hash, with md5, client names and MAC addresses. This attempts to protect
  # personally identifiable information. Most users won't want to enable this.
  hash_pii = false

  # Enable collection of Intrusion Detection System Data (InfluxDB/Loki only).
  # Only useful if IDS or IPS are enabled on one of the sites. This may store
  # a lot of information. Only recommended for testing and debugging. There
  # may not be any dashboards to display this data. It can be used for annotations.
  # Enable this only if using InfluxDB or Loki. This will leak PII data!
  save_ids = false

  # Enable collection of UniFi Events (InfluxDB/Loki only).
  # This may store a lot of information. Only recommended for testing and debugging.
  # There are no dashboards to display this data. It can be used for annotations.
  # This is a new (June, 2020) feature. Please provide feedback if you try it out!
  # Enable this only if using InfluxDB or Loki. This will leak PII data!
  save_events = false

  # Enable collection of UniFi Alarms (InfluxDB/Loki only).
  # There are no dashboards to display this data. It can be used for annotations.
  # This is a new (June, 2020) feature. Please provide feedback if you try it out!
  # Enable this only if using InfluxDB or Loki. This will leak PII data!
  save_alarms = false

  # Enable collection of UniFi Anomalies (InfluxDB/Loki only).
  # There are no dashboards to display this data. It can be used for annotations.
  # This is a new (June, 2020) feature. Please provide feedback if you try it out!
  # Enable this only if using InfluxDB or Loki.
  save_anomalies = false

  # Enable collection of Deep Packet Inspection data. This data breaks down traffic
  # types for each client and site, it powers a dedicated DPI dashboard.
  # Enabling this adds roughly 150 data points per client.  That's 6000 metrics for
  # 40 clients.  This adds a little bit of poller run time per interval and causes
  # more API requests to your controller(s). Don't let these "cons" sway you:
  # it's cool data. Please provide feedback on your experience with this feature.
  save_dpi = false

  ## Enabling save_rogue stores even more data in your time series databases.
  ## This saves neighboring access point metrics in a dedicated table or namespace.
  save_rogue = false

  # If your UniFi controller has a valid SSL certificate (like lets encrypt),
  # you can enable this option to validate it. Otherwise, any SSL certificate is
  # valid. If you don't know if you have a valid SSL cert, then you don't have one.
  verify_ssl = false

  ## You may provide a list of SSL cert files (PEM format) that you expect your
  ## controller to use. As long as one of the certs you provide here shows up in
  ## the cert trust chain the controller presents it will be accepted and allowed.
  ## These files may be re-read while poller is running.
  ## Example: ssl_cert_paths = ["/path/to/cert.pem", "/another/cert.pem"]
  ssl_cert_paths = []

# The following is optional and used for configurations with multiple UniFi controllers.

# You may repeat the following [[unifi.controller]] section as many times as needed to
# poll multiple controllers. Uncomment the entire section including [[unifi.controller]].
# Omitted variables will have their values taken from the defaults, above.
#
#[[unifi.controller]]
#  url         = "https://127.0.0.1:8443"
#  user        = "unifipoller"
#  pass        = "unifipoller"
#  sites       = ["all"]
#  save_sites  = true
#  hash_pii    = false
#  save_ids    = false
#  save_events = false
#  save_alarms = false
#  save_anomalies = false
#  save_dpi    = false
#  save_rogue  = false
#  verify_ssl  = false
#  ssl_cert_paths = []