add rogue AP support and TOFU cert path
This commit is contained in:
David Newhall II
parent
879818214f
commit
efe2e01d52
|
|
@ -80,6 +80,7 @@ func (u *InputUnifi) collectController(c *Controller) (*poller.Metrics, error) {
|
||||||
return metrics, err
|
return metrics, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//nolint:cyclop
|
||||||
func (u *InputUnifi) pollController(c *Controller) (*poller.Metrics, error) {
|
func (u *InputUnifi) pollController(c *Controller) (*poller.Metrics, error) {
|
||||||
u.RLock()
|
u.RLock()
|
||||||
defer u.RUnlock()
|
defer u.RUnlock()
|
||||||
|
|
@ -93,6 +94,12 @@ func (u *InputUnifi) pollController(c *Controller) (*poller.Metrics, error) {
|
||||||
m := &Metrics{TS: time.Now(), Sites: sites}
|
m := &Metrics{TS: time.Now(), Sites: sites}
|
||||||
defer updateWeb(c, m)
|
defer updateWeb(c, m)
|
||||||
|
|
||||||
|
if c.SaveRogue != nil && *c.SaveRogue {
|
||||||
|
if m.RogueAPs, err = c.Unifi.GetRogueAPs(sites); err != nil {
|
||||||
|
return nil, fmt.Errorf("unifi.GetRogueAPs(%s): %w", c.URL, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if c.SaveDPI != nil && *c.SaveDPI {
|
if c.SaveDPI != nil && *c.SaveDPI {
|
||||||
if m.SitesDPI, err = c.Unifi.GetSiteDPI(sites); err != nil {
|
if m.SitesDPI, err = c.Unifi.GetSiteDPI(sites); err != nil {
|
||||||
return nil, fmt.Errorf("unifi.GetSiteDPI(%s): %w", c.URL, err)
|
return nil, fmt.Errorf("unifi.GetSiteDPI(%s): %w", c.URL, err)
|
||||||
|
|
@ -154,6 +161,11 @@ func (u *InputUnifi) augmentMetrics(c *Controller, metrics *Metrics) *poller.Met
|
||||||
m.ClientsDPI = append(m.ClientsDPI, client)
|
m.ClientsDPI = append(m.ClientsDPI, client)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, ap := range metrics.RogueAPs {
|
||||||
|
// XXX: do we need augment this data?
|
||||||
|
m.RogueAPs = append(m.RogueAPs, ap)
|
||||||
|
}
|
||||||
|
|
||||||
if *c.SaveSites {
|
if *c.SaveSites {
|
||||||
for _, site := range metrics.Sites {
|
for _, site := range metrics.Sites {
|
||||||
m.Sites = append(m.Sites, site)
|
m.Sites = append(m.Sites, site)
|
||||||
|
|
@ -197,6 +209,11 @@ func extractDevices(metrics *Metrics) (*poller.Metrics, map[string]string, map[s
|
||||||
m.Devices = append(m.Devices, r)
|
m.Devices = append(m.Devices, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, r := range metrics.Devices.UXGs {
|
||||||
|
devices[r.Mac] = r.Name
|
||||||
|
m.Devices = append(m.Devices, r)
|
||||||
|
}
|
||||||
|
|
||||||
return m, devices, bssdIDs
|
return m, devices, bssdIDs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ module github.com/unifi-poller/inputunifi
|
||||||
go 1.15
|
go 1.15
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/unifi-poller/poller v0.0.8
|
github.com/unifi-poller/poller v0.0.9-0.20210315011940-c43dc3c221b4
|
||||||
github.com/unifi-poller/unifi v0.0.7-0.20210308061543-395de2119e12
|
github.com/unifi-poller/unifi v0.0.7-0.20210315015441-e5e77b264db7
|
||||||
github.com/unifi-poller/webserver v0.0.0-20200704065911-79e4fe954ce1
|
github.com/unifi-poller/webserver v0.0.0-20200704065911-79e4fe954ce1
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -40,8 +40,10 @@ type Controller struct {
|
||||||
SaveEvents *bool `json:"save_events" toml:"save_events" xml:"save_events" yaml:"save_events"`
|
SaveEvents *bool `json:"save_events" toml:"save_events" xml:"save_events" yaml:"save_events"`
|
||||||
SaveIDS *bool `json:"save_ids" toml:"save_ids" xml:"save_ids" yaml:"save_ids"`
|
SaveIDS *bool `json:"save_ids" toml:"save_ids" xml:"save_ids" yaml:"save_ids"`
|
||||||
SaveDPI *bool `json:"save_dpi" toml:"save_dpi" xml:"save_dpi" yaml:"save_dpi"`
|
SaveDPI *bool `json:"save_dpi" toml:"save_dpi" xml:"save_dpi" yaml:"save_dpi"`
|
||||||
|
SaveRogue *bool `json:"save_rogue" toml:"save_rogue" xml:"save_rogue" yaml:"save_rogue"`
|
||||||
HashPII *bool `json:"hash_pii" toml:"hash_pii" xml:"hash_pii" yaml:"hash_pii"`
|
HashPII *bool `json:"hash_pii" toml:"hash_pii" xml:"hash_pii" yaml:"hash_pii"`
|
||||||
SaveSites *bool `json:"save_sites" toml:"save_sites" xml:"save_sites" yaml:"save_sites"`
|
SaveSites *bool `json:"save_sites" toml:"save_sites" xml:"save_sites" yaml:"save_sites"`
|
||||||
|
CertPaths []string `json:"ssl_cert_paths" toml:"ssl_cert_paths" xml:"ssl_cert_paths" yaml:"ssl_cert_paths"`
|
||||||
User string `json:"user" toml:"user" xml:"user" yaml:"user"`
|
User string `json:"user" toml:"user" xml:"user" yaml:"user"`
|
||||||
Pass string `json:"pass" toml:"pass" xml:"pass" yaml:"pass"`
|
Pass string `json:"pass" toml:"pass" xml:"pass" yaml:"pass"`
|
||||||
URL string `json:"url" toml:"url" xml:"url" yaml:"url"`
|
URL string `json:"url" toml:"url" xml:"url" yaml:"url"`
|
||||||
|
|
@ -66,6 +68,7 @@ type Metrics struct {
|
||||||
Clients []*unifi.Client
|
Clients []*unifi.Client
|
||||||
SitesDPI []*unifi.DPITable
|
SitesDPI []*unifi.DPITable
|
||||||
ClientsDPI []*unifi.DPITable
|
ClientsDPI []*unifi.DPITable
|
||||||
|
RogueAPs []*unifi.RogueAP
|
||||||
Devices *unifi.Devices
|
Devices *unifi.Devices
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -81,10 +84,29 @@ func init() { // nolint: gochecknoinits
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// getUnifi (re-)authenticates to a unifi controller.
|
// getCerts reads in cert files from disk and stores them as a slice of of byte slices.
|
||||||
func (u *InputUnifi) getUnifi(c *Controller) error {
|
func (c *Controller) getCerts() ([][]byte, error) {
|
||||||
var err error
|
if len(c.CertPaths) == 0 {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
b := make([][]byte, len(c.CertPaths))
|
||||||
|
|
||||||
|
for i, f := range c.CertPaths {
|
||||||
|
c, err := ioutil.ReadFile(f)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("reading SSL cert file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
b[i] = c
|
||||||
|
}
|
||||||
|
|
||||||
|
return b, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// getUnifi (re-)authenticates to a unifi controller.
|
||||||
|
// If certificate files are provided, they are re-read.
|
||||||
|
func (u *InputUnifi) getUnifi(c *Controller) error {
|
||||||
u.Lock()
|
u.Lock()
|
||||||
defer u.Unlock()
|
defer u.Unlock()
|
||||||
|
|
||||||
|
|
@ -92,11 +114,17 @@ func (u *InputUnifi) getUnifi(c *Controller) error {
|
||||||
c.Unifi.CloseIdleConnections()
|
c.Unifi.CloseIdleConnections()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
certs, err := c.getCerts()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Create an authenticated session to the Unifi Controller.
|
// Create an authenticated session to the Unifi Controller.
|
||||||
c.Unifi, err = unifi.NewUnifi(&unifi.Config{
|
c.Unifi, err = unifi.NewUnifi(&unifi.Config{
|
||||||
User: c.User,
|
User: c.User,
|
||||||
Pass: c.Pass,
|
Pass: c.Pass,
|
||||||
URL: c.URL,
|
URL: c.URL,
|
||||||
|
SSLCert: certs,
|
||||||
VerifySSL: *c.VerifySSL,
|
VerifySSL: *c.VerifySSL,
|
||||||
ErrorLog: u.LogErrorf, // Log all errors.
|
ErrorLog: u.LogErrorf, // Log all errors.
|
||||||
DebugLog: u.LogDebugf, // Log debug messages.
|
DebugLog: u.LogDebugf, // Log debug messages.
|
||||||
|
|
@ -191,6 +219,10 @@ func (u *InputUnifi) setDefaults(c *Controller) { //nolint:cyclop
|
||||||
c.SaveDPI = &f
|
c.SaveDPI = &f
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.SaveRogue == nil {
|
||||||
|
c.SaveRogue = &f
|
||||||
|
}
|
||||||
|
|
||||||
if c.SaveIDS == nil {
|
if c.SaveIDS == nil {
|
||||||
c.SaveIDS = &f
|
c.SaveIDS = &f
|
||||||
}
|
}
|
||||||
|
|
@ -252,6 +284,10 @@ func (u *InputUnifi) setControllerDefaults(c *Controller) *Controller { //nolint
|
||||||
c.SaveIDS = u.Default.SaveIDS
|
c.SaveIDS = u.Default.SaveIDS
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if c.SaveRogue == nil {
|
||||||
|
c.SaveRogue = u.Default.SaveRogue
|
||||||
|
}
|
||||||
|
|
||||||
if c.SaveEvents == nil {
|
if c.SaveEvents == nil {
|
||||||
c.SaveEvents = u.Default.SaveEvents
|
c.SaveEvents = u.Default.SaveEvents
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,10 @@ func (u *InputUnifi) Initialize(l poller.Logger) error {
|
||||||
func (u *InputUnifi) logController(c *Controller) {
|
func (u *InputUnifi) logController(c *Controller) {
|
||||||
u.Logf(" => URL: %s (verify SSL: %v)", c.URL, *c.VerifySSL)
|
u.Logf(" => URL: %s (verify SSL: %v)", c.URL, *c.VerifySSL)
|
||||||
|
|
||||||
|
if len(c.CertPaths) > 0 {
|
||||||
|
u.Logf(" => Cert Files: %s", c.CertPaths)
|
||||||
|
}
|
||||||
|
|
||||||
if c.Unifi != nil {
|
if c.Unifi != nil {
|
||||||
u.Logf(" => Version: %s (%s)", c.Unifi.ServerVersion, c.Unifi.UUID)
|
u.Logf(" => Version: %s (%s)", c.Unifi.ServerVersion, c.Unifi.UUID)
|
||||||
}
|
}
|
||||||
|
|
@ -69,6 +73,7 @@ func (u *InputUnifi) logController(c *Controller) {
|
||||||
u.Logf(" => Save Sites / Save DPI: %v / %v (metrics)", *c.SaveSites, *c.SaveDPI)
|
u.Logf(" => Save Sites / Save DPI: %v / %v (metrics)", *c.SaveSites, *c.SaveDPI)
|
||||||
u.Logf(" => Save Events / Save IDS: %v / %v (logs)", *c.SaveEvents, *c.SaveIDS)
|
u.Logf(" => Save Events / Save IDS: %v / %v (logs)", *c.SaveEvents, *c.SaveIDS)
|
||||||
u.Logf(" => Save Alarms / Anomalies: %v / %v (logs)", *c.SaveAlarms, *c.SaveAnomal)
|
u.Logf(" => Save Alarms / Anomalies: %v / %v (logs)", *c.SaveAlarms, *c.SaveAnomal)
|
||||||
|
u.Logf(" => Save Rogue APs: %v", *c.SaveRogue)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Events allows you to pull only events (and IDS) from the UniFi Controller.
|
// Events allows you to pull only events (and IDS) from the UniFi Controller.
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ func formatControllers(controllers []*Controller) []*Controller {
|
||||||
VerifySSL: c.VerifySSL,
|
VerifySSL: c.VerifySSL,
|
||||||
SaveAnomal: c.SaveAnomal,
|
SaveAnomal: c.SaveAnomal,
|
||||||
SaveAlarms: c.SaveAlarms,
|
SaveAlarms: c.SaveAlarms,
|
||||||
|
SaveRogue: c.SaveRogue,
|
||||||
SaveEvents: c.SaveEvents,
|
SaveEvents: c.SaveEvents,
|
||||||
SaveIDS: c.SaveIDS,
|
SaveIDS: c.SaveIDS,
|
||||||
SaveDPI: c.SaveDPI,
|
SaveDPI: c.SaveDPI,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue