dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

unifi: Scrape logs from UniFi and device syslog 

The UniFi controller can act as a syslog server, receiving log messages
from managed devices and writing them to files in the `logs/remote`
directory under the application data directory.  We can scrape these
logs, in addition to the logs created by the UniFi server itself, with
Promtail to get more information about what's happening on the network.
frigate-exporter
Dustin 2024-02-28 19:04:30 -06:00
parent d9f46d6d62
commit 0578736596
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
group_vars/unifi/main.yml
View File

@ -8,3 +8,69 @@ unifi_exporter_password: !vault |
64346335623433306663386364353461636663613434363663383564343039653861336162616235 64346335623433306663386364353461636663613434363663383564343039653861336162616235
3464633736656437360a376666656632326562656233393064326430633936666162303562373461 3464633736656437360a376666656632326562656233393064326430633936666162303562373461
31643637623835323064623932323331386136663732626665666639663136666437 31643637623835323064623932323331386136663732626665666639663136666437
promtail_dac_read_search: true
promtail_scrape_configs:
- '{{ promtail_default_scrape.journal }}'
- job_name: unifi-server
static_configs:
- labels:
__path__: /var/lib/unifi/logs/server.log
job: unifi
- labels:
__path__: /var/lib/unifi/logs/migration.log
job: unifi
pipeline_stages:
- regex:
expression: ^\[(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\] (?P<message>.*)
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05,000
- output:
source: message
- job_name: unifi-mongod
static_configs:
- labels:
__path__: /var/lib/unifi/logs/mongod.log
job: unifi
pipeline_stages:
- regex:
expression: ^(?P<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}[\+-]\d{4}) (?P<message>.*)
- timestamp:
source: timestamp
format: 2006-01-02T15:04:05.000-0700
- job_name: unifi-remote
static_configs:
- labels:
__path__: /var/lib/unifi/logs/remote/*.log
job: unifi-remote
pipeline_stages:
# Extract the device IP address from the log file name
- regex:
expression: ^(.*/)?(?P<device_ip>[0-9a-f:.]+)_[^/]+$
source: filename
# Extract the timestamp ans syslog priority value from the log message
- regex:
expression: >-
^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) <(?P<priority>\d+)>\S+ \S+ \S+ (?P<message>.*)
# Parse the timestamp
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05,000
# Compute the syslog facility from the priority: F = floor(P / 8)
- template:
source: facility
template: >-
{% raw %}{{ div .priority 8 }}{% endraw %}
# Compute the syslog severity from the priority: S = P - F * 8
- template:
source: severity
template: >-
{% raw %}{{ sub .priority (.facility | mul 8) }}{% endraw %}
# Save the extracted values as labels
- labels:
facility:
severity:
device_ip:
- output:
source: message