From 148b5776cd8734c5c3fea8c8c0f590bbb250ed8b Mon Sep 17 00:00:00 2001
From: David Newhall II <david@sleepers.pro>
Date: Thu, 11 Jul 2019 01:18:40 -0700
Subject: [PATCH] Add IDS/IPS support.

---
 Gopkg.lock               |  6 +++---
 examples/MANUAL.md       |  6 ++++++
 examples/up.conf.example |  4 ++++
 examples/up.json.example |  1 +
 examples/up.xml.example  |  5 +++++
 examples/up.yaml.example |  4 ++++
 unifipoller/config.go    |  2 ++
 unifipoller/unifi.go     | 17 +++++++++++++++--
 8 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/Gopkg.lock b/Gopkg.lock
index da83aae3..dcba33f6 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -10,12 +10,12 @@
   version = "v0.3.1"
 
 [[projects]]
-  digest = "1:fc6a3f6bb5e5dbb5d36d04f8233896a985ffb5751bfc8c79c571ef2c72c324c7"
+  digest = "1:5dcb91bc89c052e58690416fafaf919def6e8e9ba018e143ffcfb10be961ba21"
   name = "github.com/golift/unifi"
   packages = ["."]
   pruneopts = "UT"
-  revision = "a18b63b9c306f0cf744c7878bae7f9c42a8995a9"
-  version = "v3.1.1"
+  revision = "ecadb45c55ef371f3931333238ac9d1c827c684f"
+  version = "v3.2.0"
 
 [[projects]]
   branch = "master"
diff --git a/examples/MANUAL.md b/examples/MANUAL.md
index a89fb096..5e7c6a57 100644
--- a/examples/MANUAL.md
+++ b/examples/MANUAL.md
@@ -138,6 +138,12 @@ is provided so the application can be easily adapted to any environment.
         Password used to authenticate with UniFi controller. This can also be
         set in an environment variable instead of a configuration file.
 
+    collect_ids    default: false
+        Setting this parameter to true will enable collection of Intrusion
+        Detection System data. IDS and IPS are the same data set. This is off
+        by default because most controllers do not have this enabled. It also
+        creates a lot of new metrics from controllers with a lot of IDS entries.
+
     verify_ssl     default: false
         If your UniFi controller has a valid SSL certificate, you can enable
         this option to validate it. Otherwise, any SSL certificate is valid.
diff --git a/examples/up.conf.example b/examples/up.conf.example
index 7f3f33d4..db884ce5 100644
--- a/examples/up.conf.example
+++ b/examples/up.conf.example
@@ -50,6 +50,10 @@
 unifi_pass = "4BB9345C-2341-48D7-99F5-E01B583FF77F"
 #unifi_url = "https://127.0.0.1:8443"
 
+# Enable collection of Intrusion Detection System Data.
+# Only useful if IDS or IPS are enabled on one of the sites.
+#collect_ids = false
+
 # If your UniFi controller has a valid SSL certificate, you can enable
 # this option to validate it. Otherwise, any SSL certificate is valid.
 # If you don't know if you have a valid SSL cert, then you don't have one.
diff --git a/examples/up.json.example b/examples/up.json.example
index 4ebbf7e8..39708b2f 100644
--- a/examples/up.json.example
+++ b/examples/up.json.example
@@ -12,5 +12,6 @@
  "unifi_user": "influxdb",
  "unifi_pass": "",
  "unifi_url": "https://127.0.0.1:8443",
+ "collect_ids": false,
  "verify_ssl": false
 }
diff --git a/examples/up.xml.example b/examples/up.xml.example
index ba09ee5a..e45965c6 100644
--- a/examples/up.xml.example
+++ b/examples/up.xml.example
@@ -72,6 +72,11 @@
   <unifi_pass></unifi_pass>
   <unifi_url>https://127.0.0.1:8443</unifi_url>
   <!--
+  # Enable collection of Intrusion Detection System Data.
+  # Only useful if IDS or IPS are enabled on one of the sites.
+  -->
+  <collect_ids>false</collect_ids>
+  <!--
   # If your UniFi controller has a valid SSL certificate, you can enable
   # this option to validate it. Otherwise, any SSL certificate is valid.
   -->
diff --git a/examples/up.yaml.example b/examples/up.yaml.example
index 407bce22..3ddca849 100644
--- a/examples/up.yaml.example
+++ b/examples/up.yaml.example
@@ -50,6 +50,10 @@ unifi_user: "influxdb"
 unifi_pass: ""
 unifi_url: "https://127.0.0.1:8443"
 
+# Enable collection of Intrusion Detection System Data.
+# Only useful if IDS or IPS are enabled on one of the sites.
+collect_ids: false
+
 # If your UniFi controller has a valid SSL certificate, you can enable
 # this option to validate it. Otherwise, any SSL certificate is valid.
 verify_ssl: false
diff --git a/unifipoller/config.go b/unifipoller/config.go
index e869847c..580259b1 100644
--- a/unifipoller/config.go
+++ b/unifipoller/config.go
@@ -43,6 +43,7 @@ type UnifiPoller struct {
 // Metrics contains all the data from the controller and an influx endpoint to send it to.
 type Metrics struct {
 	unifi.Sites
+	unifi.IDSList
 	unifi.Clients
 	*unifi.Devices
 	influx.BatchPoints
@@ -56,6 +57,7 @@ type Config struct {
 	Debug      bool     `json:"debug" toml:"debug" xml:"debug" yaml:"debug"`
 	Quiet      bool     `json:"quiet,_omitempty" toml:"quiet,_omitempty" xml:"quiet" yaml:"quiet"`
 	VerifySSL  bool     `json:"verify_ssl" toml:"verify_ssl" xml:"verify_ssl" yaml:"verify_ssl"`
+	CollectIDS bool     `json:"collect_ids" toml:"collect_ids" xml:"collect_ids" yaml:"collect_ids"`
 	Mode       string   `json:"mode" toml:"mode" xml:"mode" yaml:"mode"`
 	InfluxURL  string   `json:"influx_url,_omitempty" toml:"influx_url,_omitempty" xml:"influx_url" yaml:"influx_url"`
 	InfluxUser string   `json:"influx_user,_omitempty" toml:"influx_user,_omitempty" xml:"influx_user" yaml:"influx_user"`
diff --git a/unifipoller/unifi.go b/unifipoller/unifi.go
index 62a2b49a..131d84c2 100644
--- a/unifipoller/unifi.go
+++ b/unifipoller/unifi.go
@@ -1,6 +1,7 @@
 package unifipoller
 
 import (
+	"fmt"
 	"log"
 	"strings"
 	"time"
@@ -82,6 +83,11 @@ func (u *UnifiPoller) CollectMetrics() (*Metrics, error) {
 	// Get the sites we care about.
 	m.Sites, err = u.GetFilteredSites()
 	u.LogError(err, "unifi.GetSites()")
+	if u.CollectIDS {
+		// Check back in time since twice the interval. Dups are discarded by InfluxDB.
+		m.IDSList, err = u.GetIDS(m.Sites, time.Now().Add(2*u.Interval.Duration), time.Now())
+		u.LogError(err, "unifi.GetIDS()")
+	}
 	// Get all the points.
 	m.Clients, err = u.GetClients(m.Sites)
 	u.LogError(err, "unifi.GetClients()")
@@ -133,10 +139,14 @@ func (u *UnifiPoller) ReportMetrics(metrics *Metrics) error {
 		i, _ := p.Fields()
 		fields += len(i)
 	}
+	idsMsg := ""
+	if u.CollectIDS {
+		idsMsg = fmt.Sprintf("IDS Events: %d, ", len(metrics.IDSList))
+	}
 	u.Logf("UniFi Measurements Recorded. Sites: %d, Clients: %d, "+
-		"Wireless APs: %d, Gateways: %d, Switches: %d, Points: %d, Fields: %d",
+		"Wireless APs: %d, Gateways: %d, Switches: %d, %sPoints: %d, Fields: %d",
 		len(metrics.Sites), len(metrics.Clients), len(metrics.UAPs),
-		len(metrics.USGs), len(metrics.USWs), points, fields)
+		len(metrics.USGs), len(metrics.USWs), idsMsg, points, fields)
 	return nil
 }
 
@@ -155,6 +165,9 @@ func (m *Metrics) ProcessPoints() (errs []error) {
 	for _, asset := range m.Clients {
 		errs = append(errs, m.processPoints(asset))
 	}
+	for _, asset := range m.IDSList {
+		errs = append(errs, m.processPoints(asset))
+	}
 	if m.Devices == nil {
 		return
 	}