public_git
/
unpoller_unpoller
mirror of https://github.com/unpoller/unpoller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
unpoller_unpoller/pkg/lokiunifi
History
Sven Grossmann a3dc4cd0b2 feat: add save_syslog option for v2 system-log API 
Add new save_syslog config option to collect events from the v2 UniFi
system-log API (/v2/api/site/{site}/system-log/all).

Changes:
- Add SaveSyslog field to Controller struct
- Add collectSyslog() function using v2 API
- Keep collectEvents() using v1 API for backwards compatibility
- Add RedactIPPII() helper for PII redaction
- Update lokiunifi to log raw JSON (parseable with Loki | json)
- Reduce indexed labels to low-cardinality fields only
- Add SystemLogEntry handler in lokiunifi report

Config: save_syslog (v2 API) vs save_events (v1 API)
Env: UP_UNIFI_DEFAULT_SAVE_SYSLOG=true
 		2025-12-22 17:23:53 +01:00
..
LICENSE
README.md feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00
client.go go 1.19 interface{} -> any 2022-12-03 16:32:12 -06:00
logger.go add integration test guard; 2023-07-31 14:40:33 -05:00
loki.go fix linting 2025-12-03 11:40:21 -06:00
report.go feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00
report_alarm.go feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00
report_anomaly.go feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00
report_event.go feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00
report_ids.go feat: add save_syslog option for v2 system-log API 2025-12-22 17:23:53 +01:00

README.md

lokiunifi

Loki Output Plugin for UnPoller

This plugin writes UniFi Events, System Logs, IDS, Alarms, and Anomalies to Loki as JSON.

Log Types

Application Label Config Option API Description
unifi_system_log save_syslog v2 System log events (UDM recommended)
unifi_event save_events v1 Legacy events (older controllers)
unifi_ids save_ids v1 Intrusion Detection System events
unifi_alarm save_alarms v1 Alarm events
unifi_anomaly save_anomalies v1 Anomaly events

Querying in Loki

All logs are stored as JSON. Use Loki's | json parser to extract fields:

{application="unifi_system_log"} | json

Filter by severity:

{application="unifi_system_log", severity="HIGH"} | json

Extract specific fields:

{application="unifi_system_log"} | json | line_format "{{.message}}"

Example Config

[loki]
  # URL is the only required setting for Loki.
  url = "http://192.168.3.2:3100"

  # How often to poll UniFi and report to Loki.
  interval = "2m"

  # How long to wait for Loki responses.
  timeout = "5s"

  # Set these to use basic auth.
  #user = ""
  #pass = ""

  # Used for auth-less multi-tenant.
  #tenant_id = ""

[unifi.defaults]
  # For UDM/UDM-Pro/UCG devices, use save_syslog (v2 API)
  save_syslog = true

  # For older controllers, use save_events (v1 API)
  save_events = false

  # Other log types
  save_ids = false
  save_alarms = false
  save_anomalies = false

Environment Variables

UP_LOKI_URL=http://localhost:3100
UP_LOKI_INTERVAL=2m
UP_UNIFI_DEFAULT_SAVE_SYSLOG=true
UP_UNIFI_DEFAULT_SAVE_EVENTS=false