Monitoring with PowerShell: Monitoring Unifi site configuration

So I’ve done a couple of blogs about Unifi before. You can find those here, here, and here. I really like the entire Ubiquiti Unifi stack thanks to the ease of configuration. This ease of configuration does make it so that everyone can install it, even though mistakes can be made.

These mistakes or small configuration errors are the reason I’ve made a monitoring set to check if each site is configured the way we prefer it at my company.

So lets get started; first we connect to the API using the following script:

param(
    [string]$URL = 'yourcontroller.controller.tld',
    [string]$port = '8443',
    [string]$User = 'APIUSER',
    [string]$Pass = 'SomeReallyLongPassword',
    [string]$SiteCode = 'default' #you can enter each site here. This way when you assign the monitoring to a client you edit this to match the correct siteID.
)
[string]$controller = "https://$($URL):$($port)"
[string]$credential = "`{`"username`":`"$User`",`"password`":`"$Pass`"`}"
try {
    $null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8"  -SessionVariable myWebSession
}
catch {
    $APIerror = "Api Connection Error: $($_.Exception.Message)"
}

Now that we’re connected, we can start making queries. Check out the older unifi blogs if you just want to focus on device monitoring. in this case we’re going to be checking our configuration and if it matches the following, this is not our exact configuration but with these settings you’d be able to edit it to anything you want. 🙂

  • We want at least 3 networks to be available: LAN, Guest, VOIP.
  • We want to make sure the ALG settings are disabled.
  • Speedtest must be enabled and running every 20 minutes.
  • Also, we want “Advanced Feature Mode” to be enabled.

We’re going to be downloading 2 arrays from the Unifi API. One for the Network Configuration, the other for the Site Configuration. I’ve placed it all in an object, which most RMM systems can’t really alert on, which is why I’ve also included the if/else statements all the way at the bottom. You can change these to your own wishes easily.

param(
    [string]$URL = 'yourcontroller.controller.tld',
    [string]$port = '8443',
    [string]$User = 'APIUSER',
    [string]$Pass = 'SomeReallyLongPassword',
    [string]$SiteCode = 'default' #you can enter each site here. This way when you assign the monitoring to a client you edit this to match the correct siteID.
)
[string]$controller = "https://$($URL):$($port)"
[string]$credential = "`{`"username`":`"$User`",`"password`":`"$Pass`"`}"


$errorlist = New-Object -TypeName PSCustomObject
try {
    $null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8"  -SessionVariable myWebSession
}
catch {
    Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APISessionError -Value $_.Exception.Message
}

try {
    $NetWorkConf = (Invoke-Restmethod -Uri "$controller/api/s/$SiteCode/list/networkconf" -WebSession $myWebSession).data | Where-Object { $_.Purpose -ne "WAN" }
}
catch {
    Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APINetworkError -Value $_.Exception.Message
}

try {
    $SysInfo = (Invoke-Restmethod -Uri "$controller/api/s/$SiteCode/get/setting" -WebSession $myWebSession).data
}
catch {
    Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APISysInfoError -Value $_.Exception.Message
}

$UnifiOutput = [PSCustomObject]@{
    NetworkNames      = $Networkconf.name
    NetworkCount      = $NetWorkConf.Count
    AdvancedFeatures  = ($Sysinfo.advanced_feature_enabled)
    SpeedTestEnabled  = ($sysinfo | Where-Object { $_.key -eq "Auto_Speedtest" }).enabled
    SpeedTestInterval = ($sysinfo | Where-Object { $_.key -eq "Auto_Speedtest" }).interval
    VoipNetwork       = ($NetWorkConf.name | Where-Object { $_ -like "*VOIP*" }).Count
    GuestNetwork      = ($NetWorkConf.purpose | Where-Object { $_ -like "*guest*" }).Count
    LANNetworks       = ($NetWorkConf.name | Where-Object { $_ -like "*-LAN*" }).Count
    Modules           = [PSCustomObject]@{
        ftp_module           =	$sysinfo.ftp_module
        gre_module           =	$sysinfo.gre_module
        h323_module          =	$sysinfo.h323_module
        pptp_module          =	$sysinfo.pptp_module
        sip_module           =	$sysinfo.sip_module
        tftp_module          =	$sysinfo.tftp_module
        broadcast_ping       =	$sysinfo.broadcast_ping
        receive_redirects    =	$sysinfo.receive_redirects
        send_redirects       =	$sysinfo.send_redirects
        syn_cookies          =	$sysinfo.syn_cookies
        offload_accounting   =	$sysinfo.offload_accounting
        offload_sch          =	$sysinfo.offload_sch
        offload_l2_blocking  =	$sysinfo.offload_l2_blocking
        mdns_enabled         =	$sysinfo.mdns_enabled
        upnp_enabled         =	$sysinfo.upnp_enabled
        upnp_nat_pmp_enabled =	$sysinfo.upnp_nat_pmp_enabled
        upnp_secure_mode     =	$sysinfo.upnp_secure_mode
        mss_clamp            =	$sysinfo.mss_clamp
    }
}

if ($UnifiOutput.NetworkCount -lt "3") { write-host "Not enough networks found. Only 3 are present." }
if ($UnifiOutput.SpeedTestEnabled -eq $false) { write-host "Speedtest disabled" }
if ($UnifiOutput.SpeedTestInterval -gt "20") { write-host "Speedtest is not set to run every 20 minutes." }
if ($UnifiOutput.SpeedTestInterval -gt "20") { write-host "Speedtest is not set to run every 20 minutes." }
if ($UnifiOutput.Modules.sip_module -eq $true) { Write-Host "SIP ALG Module is enabled." }

And that’s it. As always, Happy PowerShelling. 🙂

2 thoughts on “Monitoring with PowerShell: Monitoring Unifi site configuration

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.