starred/unpoller-unpoller-3
1
0
Fork 0
mirror of https://github.com/unpoller/unpoller.git synced 2026-03-31 06:24:19 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
unpoller-unpoller-3/pkg/lokiunifi/README.md
Sven Grossmann a3dc4cd0b2 feat: add save_syslog option for v2 system-log API 
Add new save_syslog config option to collect events from the v2 UniFi
system-log API (/v2/api/site/{site}/system-log/all).

Changes:
- Add SaveSyslog field to Controller struct
- Add collectSyslog() function using v2 API
- Keep collectEvents() using v1 API for backwards compatibility
- Add RedactIPPII() helper for PII redaction
- Update lokiunifi to log raw JSON (parseable with Loki | json)
- Reduce indexed labels to low-cardinality fields only
- Add SystemLogEntry handler in lokiunifi report

Config: save_syslog (v2 API) vs save_events (v1 API)
Env: UP_UNIFI_DEFAULT_SAVE_SYSLOG=true
2025-12-22 17:23:53 +01:00

1.7 KiB
Raw Permalink Blame History

lokiunifi

Loki Output Plugin for UnPoller

This plugin writes UniFi Events, System Logs, IDS, Alarms, and Anomalies to Loki as JSON.

Log Types

Application Label Config Option API Description
unifi_system_log save_syslog v2 System log events (UDM recommended)
unifi_event save_events v1 Legacy events (older controllers)
unifi_ids save_ids v1 Intrusion Detection System events
unifi_alarm save_alarms v1 Alarm events
unifi_anomaly save_anomalies v1 Anomaly events

Querying in Loki

All logs are stored as JSON. Use Loki's | json parser to extract fields:

{application="unifi_system_log"} | json

Filter by severity:

{application="unifi_system_log", severity="HIGH"} | json

Extract specific fields:

{application="unifi_system_log"} | json | line_format "{{.message}}"

Example Config

[loki]
  # URL is the only required setting for Loki.
  url = "http://192.168.3.2:3100"

  # How often to poll UniFi and report to Loki.
  interval = "2m"

  # How long to wait for Loki responses.
  timeout = "5s"

  # Set these to use basic auth.
  #user = ""
  #pass = ""

  # Used for auth-less multi-tenant.
  #tenant_id = ""

[unifi.defaults]
  # For UDM/UDM-Pro/UCG devices, use save_syslog (v2 API)
  save_syslog = true

  # For older controllers, use save_events (v1 API)
  save_events = false

  # Other log types
  save_ids = false
  save_alarms = false
  save_anomalies = false

Environment Variables

UP_LOKI_URL=http://localhost:3100
UP_LOKI_INTERVAL=2m
UP_UNIFI_DEFAULT_SAVE_SYSLOG=true
UP_UNIFI_DEFAULT_SAVE_EVENTS=false
Reference in New Issue View Git Blame Copy Permalink