Featured image of post Monitoring with PowerShell: Monitoring Unifi site configuration

Monitoring with PowerShell: Monitoring Unifi site configuration

So I’ve done a couple of blogs about Unifi before. You can find those here, here, and here. I really like the entire Ubiquiti Unifi stack thanks to the ease of configuration. This ease of configuration does make it so that everyone can install it, even though mistakes can be made.

These mistakes or small configuration errors are the reason I’ve made a monitoring set to check if each site is configured the way we prefer it at my company.

So lets get started; first we connect to the API using the following script:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
param(
    [string]$URL = 'yourcontroller.controller.tld',
    [string]$port = '8443',
    [string]$User = 'APIUSER',
    [string]$Pass = 'SomeReallyLongPassword',
    [string]$SiteCode = 'default' #you can enter each site here. This way when you assign the monitoring to a client you edit this to match the correct siteID.
)
[string]$controller = "https://$($URL):$($port)"
[string]$credential = "`{`"username`":`"$User`",`"password`":`"$Pass`"`}"
try {
    $null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8"  -SessionVariable myWebSession
}
catch {
    $APIerror = "Api Connection Error: $($_.Exception.Message)"
}

Now that we’re connected, we can start making queries. Check out the older unifi blogs if you just want to focus on device monitoring. in this case we’re going to be checking our configuration and if it matches the following, this is not our exact configuration but with these settings you’d be able to edit it to anything you want. 🙂

  • We want at least 3 networks to be available: LAN, Guest, VOIP.
  • We want to make sure the ALG settings are disabled.
  • Speedtest must be enabled and running every 20 minutes.
  • Also, we want “Advanced Feature Mode” to be enabled.

We’re going to be downloading 2 arrays from the Unifi API. One for the Network Configuration, the other for the Site Configuration. I’ve placed it all in an object, which most RMM systems can’t really alert on, which is why I’ve also included the if/else statements all the way at the bottom. You can change these to your own wishes easily.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
param(
    [string]$URL = 'yourcontroller.controller.tld',
    [string]$port = '8443',
    [string]$User = 'APIUSER',
    [string]$Pass = 'SomeReallyLongPassword',
    [string]$SiteCode = 'default' #you can enter each site here. This way when you assign the monitoring to a client you edit this to match the correct siteID.
)
[string]$controller = "https://$($URL):$($port)"
[string]$credential = "`{`"username`":`"$User`",`"password`":`"$Pass`"`}"

$errorlist = New-Object -TypeName PSCustomObject
try {
    $null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8" -SessionVariable myWebSession
}
catch {
Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APISessionError -Value $\_.Exception.Message
}

try {
$NetWorkConf = (Invoke-Restmethod -Uri "$controller/api/s/$SiteCode/list/networkconf" -WebSession $myWebSession).data | Where-Object { $_.Purpose -ne "WAN" }
}
catch {
Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APINetworkError -Value $_.Exception.Message
}

try {
$SysInfo = (Invoke-Restmethod -Uri "$controller/api/s/$SiteCode/get/setting" -WebSession $myWebSession).data
}
catch {
Add-Member -InputObject $ErrorList -MemberType NoteProperty -Name APISysInfoError -Value $\_.Exception.Message
}

$UnifiOutput = [PSCustomObject]@{
    NetworkNames      = $Networkconf.name
    NetworkCount      = $NetWorkConf.Count
    AdvancedFeatures  = ($Sysinfo.advanced*feature_enabled)
SpeedTestEnabled = ($sysinfo | Where-Object { $*.key -eq "Auto*Speedtest" }).enabled
SpeedTestInterval = ($sysinfo | Where-Object { $*.key -eq "Auto*Speedtest" }).interval
VoipNetwork = ($NetWorkConf.name | Where-Object { $* -like "_VOIP_" }).Count
GuestNetwork = ($NetWorkConf.purpose | Where-Object { $_ -like "*guest*" }).Count
    LANNetworks       = ($NetWorkConf.name | Where-Object { $\_ -like "_-LAN_" }).Count
Modules = [PSCustomObject]@{
ftp_module = $sysinfo.ftp_module
gre_module = $sysinfo.gre_module
h323_module = $sysinfo.h323_module
pptp_module = $sysinfo.pptp_module
sip_module = $sysinfo.sip_module
tftp_module = $sysinfo.tftp_module
broadcast_ping = $sysinfo.broadcast_ping
receive_redirects = $sysinfo.receive_redirects
send_redirects = $sysinfo.send_redirects
syn_cookies = $sysinfo.syn_cookies
offload_accounting = $sysinfo.offload_accounting
offload_sch = $sysinfo.offload_sch
offload_l2_blocking = $sysinfo.offload_l2_blocking
mdns_enabled = $sysinfo.mdns_enabled
upnp_enabled = $sysinfo.upnp_enabled
upnp_nat_pmp_enabled = $sysinfo.upnp_nat_pmp_enabled
upnp_secure_mode = $sysinfo.upnp_secure_mode
mss_clamp = $sysinfo.mss_clamp
}
}

if ($UnifiOutput.NetworkCount -lt "3") { write-host "Not enough networks found. Only 3 are present." }
if ($UnifiOutput.SpeedTestEnabled -eq $false) { write-host "Speedtest disabled" }
if ($UnifiOutput.SpeedTestInterval -gt "20") { write-host "Speedtest is not set to run every 20 minutes." }
if ($UnifiOutput.SpeedTestInterval -gt "20") { write-host "Speedtest is not set to run every 20 minutes." }
if ($UnifiOutput.Modules.sip_module -eq $true) { Write-Host "SIP ALG Module is enabled." }

And that’s it. As always, Happy PowerShelling. 🙂

All blogs are posted under AGPL3.0 unless stated otherwise
comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy