PRTG and Ubiquiti Switches (UBNT)

I recently added 3 Ubiquiti (UBNT) switches to my private network. After replacing the old switches with the new UBNT switches, these now also had to be integrated into the monitoring. I use the free version of PRTG to monitor my network. There is already a ready-made PowerShell script from Paessler for the Unifi access points. However, this script does not provide any data on the switches.

I have therefore adapted the script from Paessler so that it provides data on the switches. Here is the script from Paessler for the UBNT access points:

• Monitoring Ubiqiti UniFi Devices with PRTG

Here is the first draft for a sensor that displays the following data in PRTG:

• Number of connected clients via LAN
• Number of switches connected to the controller
• Number of switches that require an update
• RX/TX Dropped/Error Packets per switch

Here is the modified script for the Unifi Switch Sensor:

# Original script customized by Frank Zoechling to support Unifi Switches connected to Unifi Controller (instead of APs)
#
# Monitor the Status of AP's on Unfi Controller in PRTG v0.8 27/06/2017
# Published Here: https://kb.paessler.com/en/topic/71263
#
# Parameters in PRTG are: Controller's URI, Port, Site, Username and Password. Example without placeholders:
# -server 'unifi.domain.tld' -port '8443' -site 'default' -username 'admin' -password 'somepassword'
#
# -server '%host' -port '8443' -site 'default' -username '%windowsuser' -password '%windowspassword'
# This second option requires the device's address in PRTG to be the controller's address, the credentials for windows devices
# must also match the log-in/password from the controller. This way you don't leave the password exposed in the sensor's settings.
#
# It's recommended to use larger scanning intervals for exe/xml scripts. Please also mind the 50 exe/script sensor's recommendation per probe.
# The sensor will not generate alerts by default, after creating your sensor, define limits accordingly.
# This sensor is to be considered experimental. The Ubnt's API documentation isn't completely disclosed.
#
# Source(s):
# http://community.ubnt.com/t5/UniFi-Wireless/little-php-class-for-unifi-api/m-p/603051
# https://github.com/fbagnol/class.unifi.php
# https://www.ubnt.com/downloads/unifi/5.3.8/unifi_sh_api
# https://github.com/malle-pietje/UniFi-API-browser/blob/master/phpapi/class.unifi.php
param(
[string]$server = 'unifi.domain.com',
[string]$port = '8443',
[string]$site = 'default',
[string]$username = 'admin',
[string]$password = '123456',
[switch]$debug = $false
)
#Ignore SSL Errors
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
#Define supported Protocols
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12", "Tls11", "Tls", "Ssl3")
# Confirm Powershell Version.
if ($PSVersionTable.PSVersion.Major -lt 3) {
Write-Output ""
Write-Output "1"
Write-Output "Powershell Version is $($PSVersionTable.PSVersion.Major) Requires at least 3. "
Write-Output ""
Exit
}
# Create $controller and $credential using multiple variables/parameters.
[string]$controller = "https://$($server):$($port)"
[string]$credential = "`{`"username`":`"$username`",`"password`":`"$password`"`}""
# Start debug timer
$queryMeasurement = [System.Diagnostics.Stopwatch]::StartNew()
# Perform the authentication and store the token to myWebSession
try {
$null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8" -SessionVariable myWebSession
}catch{
Write-Output ""
Write-Output "1"
Write-Output "Authentication Failed: $($_.Exception.Message)"
Write-Output ""
Exit
}
#Query API providing token from first query.
try {
$jsonresultat = Invoke-Restmethod -Uri "$controller/api/s/$site/stat/device/" -WebSession $myWebSession
}catch{
Write-Output ""
Write-Output "1"
Write-Output "API Query Failed: $($_.Exception.Message)"
Write-Output ""
Exit
}
# Load File from Debug Log
# $jsonresultatFile = Get-Content '.\unifi_sensor2017-15-02-05-42-24_log.json'
# $jsonresultat = $jsonresultatFile | ConvertFrom-Json
# Stop debug timer
$queryMeasurement.Stop()
$swCount = 0
Foreach ($entry in ($jsonresult.data | where-object { $_.state -eq "1" -and $_.type -like "etc"})){
$swCount ++
}
$swUpgradeable = 0
Foreach ($entry in ($jsonresultat.data | where-object { $_.state -eq "1" -and $_.type -like "etc" -and $_.upgradable -eq "true"})){
$swUpgradeable ++
}
$userCount = 0
Foreach ($entry in ($jsonresultat.data | where-object { $_.type -like "etc"})){
$userCount += $entry.'num_sta'
}
#Write Results and collect some additional stats
write-host ""
Write-Host ""
Write-Host "Switches Connected"
Write-Host "$($swCount)"
Write-Host "Switch(es)"
Write-Host ""
Write-Host ""
Write-Host "Switches Upgradeable"
Write-Host "$($swUpgradeable)"
Write-Host "Switch(es)"
Write-Host ""
Write-Host ""
Write-Host "Clients (Total)"
Write-Host "$($userCount)"
Write-Host "Clients"
Write-Host ""
Write-Host ""
Write-Host "Response time"
Write-Host "$($queryMeasurement.ElapsedMilliseconds)"
Write-Host "msecs"
Write-Host ""
Foreach ($entry in ($jsonresultat.data | where-object { $_.state -eq "1" -and $_.type -like "etc"})){
$swName = $entry.name
$swRXerr = $entry.stat.rx_errors
$swRXdro = $entry.stat.rx_dropped
$swTXerr = $entry.stat.tx_errors
$swTXdro = $entry.stat.tx_dropped
Write-Host ""
Write-Host "$swName RX Error"
Write-Host "$swRXerr"
Write-Host "Packets"
Write-Host ""
Write-Host ""
Write-Host "$swName RX Dropped"
Write-Host "$swRXdro"
Write-Host "Packets"
Write-Host ""
Write-Host ""
Write-Host "$swName TX Error"
Write-Host "$swTXerr"
Write-Host "Packets"
Write-Host ""
Write-Host ""
Write-Host "$swName TX Dropped"
Write-Host "$swTXdro"
Write-Host "Packets"
Write-Host ""
}
write-host ""
# Write JSON file to disk when -debug is set. For troubleshooting only.
if ($debug){
[string]$logPath = ((Get-ItemProperty -Path "hklm:SOFTWARE\Wow6432Node\Paessler\PRTG Network Monitor\Server\Core" -Name "Datapath").DataPath) + "Logs (Sensors)\"
$timeStamp = (Get-Date -format yyyy-dd-MM-hh-mm-ss)
$json = $jsonresult | ConvertTo-Json
$json | Out-File $logPath "unifi_sensor$($timeStamp)_log.json"
}

The installation follows the same principle as in the article linked above, so there is only a brief overview here:

The script is saved in the folder "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML":

A sensor can now be added to the controller in the PRTG GUI:

The sensor is given a name and the script is assigned. The login information for the Unifi controller must be added as a parameter:

-server '%host' -port '8443' -site 'default' -username 'ctrllerUsername' -password 'ctrllerPassword'

Once the sensor has been started, the data for the switches is displayed:

Note: The script accesses the controller's API, the values shown here are only a small part of the values that can be retrieved via the controller's API. However, this example script and the script from Paessler are well suited for creating your own sensors for the API of the Unifi controller. Here is a small excerpt of the values that the API can provide:

Most values can also be retrieved via SNMP, but this quickly causes the number of sensors in PRTG to explode. If, like me, you only use the free version of PRTG (limited to 100 sensors), you will quickly reach the limits of your license with SNMP.