# Unpoller v2 primary configuration file. TOML FORMAT # ########################################################### [poller] # Turns on line numbers, microsecond logging, and a per-device log. # The default is false, but I personally leave this on at home (four devices). # This may be noisy if you have a lot of devices. It adds one line per device. debug = false # Turns off per-interval logs. Only startup and error logs will be emitted. # Recommend enabling debug with this setting for better error logging. quiet = false # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default. plugins = [] #### OUTPUTS # If you don't use an output, you can disable it. [prometheus] disable = false # This controls on which ip and port /metrics is exported when mode is "prometheus". # This has no effect in other modes. Must contain a colon and port. http_listen = "0.0.0.0:9130" # Adding an SSL Cert and Cert Key will make Poller listen with SSL/https. ssl_cert_path = "" ssl_key_path = "" # Errors are rare. Setting this to true will report them to Prometheus. report_errors = false ## Record data for disabled or down (unlinked) switch ports. dead_ports = false [influxdb] disable = true # InfluxDB does not require auth by default, so the user/password are probably unimportant. url = "http://127.0.0.1:8086" user = "unifipoller" # Password for InfluxDB user (above). # If the password provided here begins with file:// then the password is read in from # the file path that follows the file:// prefix. ex: file:///etc/influxdb/passwd.file pass = "unifipoller" # Be sure to create this database. See the InfluxDB Wiki page for more info. db = "unifi" # If your InfluxDB uses a valid SSL cert, set this to true. verify_ssl = false # The UniFi Controller only updates traffic stats about every 30 seconds. # Setting this to something lower may lead to "zeros" in your data. # If you're getting zeros now, set this to "1m" interval = "30s" ## Record data for disabled or down (unlinked) switch ports. dead_ports = false # To enable output of UniFi Events to Loki, add a URL; it's disabled otherwise. # User, pass and tenant_id are optional and most folks wont set them. # Pick which logs you want per-controller in the [unifi.controller] section. # This is a new feature. Feedback welcome! [loki] disable = false url = "{{ pillar['containers']['unpoller']['loki_url'] }}" # The rest of this is advanced & optional. See wiki. user = "" pass = "" verify_ssl = false tenant_id = "" interval = "2m" timeout = "10s" [datadog] # How often to poll UniFi and report to Datadog. interval = "2m" # To enable this output plugin enable = false # Datadog Custom Options # address to talk to the datadog agent, by default this uses the local statsd UDP interface # address = "localhost:8125" # namespace to prepend to all data, default is no additional prefix. # namespace = "" # tags to append to all data # tags = [ "customer:abc_corp" ] # For more advanced options for very large amount of data collected see the upstream # github.com/unpoller/unpoller/pkg/datadogunifi repository README. # Unpoller has an optional web server. To turn it on, set enable to true. If you # wish to use SSL, provide SSL cert and key paths. This interface is currently # read-only; it just displays information, like logs, devices and clients. # Notice: Enabling the web server with many sites will increase memory usage. # This is a new feature and lacks a UI, enabling only recommended for testing. [webserver] enable = false port = 37288 # The HTML path is different on Windows and BSD/macOS. html_path = "/usr/lib/unifi-poller/web" ssl_cert_path = "" ssl_key_path = "" # How many events per event group to hold. 200-2000. Use fewer with many sites. # With 1 site, you'll have a max total of 9 event groups; 1 per plugin, 4 per site. # Each site adds 1 event group for each of these inputs that is enabled: # save_ids, save_events, save_anomalies, save_alarms. max_events = 200 # By default the web interface does not require authentication. You can change # that by adding a username and password hash (or multiple) below. # To create a hash, run unifi-poller with the -e CLI argument. See Wiki for more! [webserver.accounts] # username = "password-hash" # captain = "$2a$04$mxw6i0LKH6u46oaLK2cq5eCTAAFkfNiRpzNbz.EyvJZZWNa2FzIlS" #### INPUTS [unifi] # Setting this to true and providing default credentials allows you to skip # configuring controllers in this config file. Instead you configure them in # your prometheus.yml config. Prometheus then sends the controller URL to # Unpoller when it performs the scrape. This is useful if you have many, # or changing controllers. See wiki for more. dynamic = false # The following section contains the default credentials/configuration for any # dynamic controller (see above section), or the primary controller if you do not # provide one and dynamic is disabled. In other words, you can just add your # controller here and delete the following section. The internal defaults are # shown below. Any missing values will assume these displayed defaults. [unifi.defaults] # URL for the UniFi Controller. Do not add any paths after the host:port. # Do not use port 8443 if you have a UDM; just use "https://ip". url = "{{ pillar['containers']['unpoller']['unifi_url'] }}" # Make a read-only user in the UniFi Admin Settings, allow it access to all sites. user = "{{ pillar['containers']['unpoller']['unifi_user'] }}" # Password for UniFi controller user (above). # If the password provided here begins with file:// then the password is read in from # the file path that follows the file:// prefix. ex: file:///etc/unifi/password.file # ex: file:///etc/unifi/passwd.file, windows: file://C:\\UserData\\Unifi\\Passwd.txt pass = "{{ pillar['containers']['unpoller']['unifi_pass'] }}" # If the controller has more than one site, specify which sites to poll here. # Set this to ["default"] to poll only the first site on the controller. # A setting of ["all"] will poll all sites; this works if you only have 1 site too. sites = ["all"] # Specify a timeout, leave missing to declare infinite wait. This determines the maximum # time to wait for a response from the unifi controller on any API request. # timeout = 60s # Enable collection of site data. This data powers the Network Sites dashboard. # It's not valuable to everyone and setting this to false will save resources. save_sites = true # Hash, with md5, client names and MAC addresses. This attempts to protect # personally identifiable information. Most users won't want to enable this. hash_pii = false # Enable collection of Intrusion Detection System Data (InfluxDB/Loki only). # Only useful if IDS or IPS are enabled on one of the sites. This may store # a lot of information. Only recommended for testing and debugging. There # may not be any dashboards to display this data. It can be used for annotations. # Enable this only if using InfluxDB or Loki. This will leak PII data! save_ids = false # Enable collection of UniFi Events (InfluxDB/Loki only). # This may store a lot of information. Only recommended for testing and debugging. # There are no dashboards to display this data. It can be used for annotations. # This is a new (June, 2020) feature. Please provide feedback if you try it out! # Enable this only if using InfluxDB or Loki. This will leak PII data! save_events = true # Enable collection of UniFi Alarms (InfluxDB/Loki only). # There are no dashboards to display this data. It can be used for annotations. # This is a new (June, 2020) feature. Please provide feedback if you try it out! # Enable this only if using InfluxDB or Loki. This will leak PII data! save_alarms = true # Enable collection of UniFi Anomalies (InfluxDB/Loki only). # There are no dashboards to display this data. It can be used for annotations. # This is a new (June, 2020) feature. Please provide feedback if you try it out! # Enable this only if using InfluxDB or Loki. save_anomalies = true # Enable collection of Deep Packet Inspection data. This data breaks down traffic # types for each client and site, it powers a dedicated DPI dashboard. # Enabling this adds roughly 150 data points per client. That's 6000 metrics for # 40 clients. This adds a little bit of poller run time per interval and causes # more API requests to your controller(s). Don't let these "cons" sway you: # it's cool data. Please provide feedback on your experience with this feature. save_dpi = false ## Enabling save_rogue stores even more data in your time series databases. ## This saves neighboring access point metrics in a dedicated table or namespace. save_rogue = false # If your UniFi controller has a valid SSL certificate (like lets encrypt), # you can enable this option to validate it. Otherwise, any SSL certificate is # valid. If you don't know if you have a valid SSL cert, then you don't have one. verify_ssl = false ## You may provide a list of SSL cert files (PEM format) that you expect your ## controller to use. As long as one of the certs you provide here shows up in ## the cert trust chain the controller presents it will be accepted and allowed. ## These files may be re-read while poller is running. ## Example: ssl_cert_paths = ["/path/to/cert.pem", "/another/cert.pem"] ssl_cert_paths = [] # The following is optional and used for configurations with multiple UniFi controllers. # You may repeat the following [[unifi.controller]] section as many times as needed to # poll multiple controllers. Uncomment the entire section including [[unifi.controller]]. # Omitted variables will have their values taken from the defaults, above. # #[[unifi.controller]] # url = "https://127.0.0.1:8443" # user = "unifipoller" # pass = "unifipoller" # sites = ["all"] # save_sites = true # hash_pii = false # save_ids = false # save_events = false # save_alarms = false # save_anomalies = false # save_dpi = false # save_rogue = false # verify_ssl = false # ssl_cert_paths = []