PRTG und Ubiquiti Switches (UBNT)

Frank Zöchling

vor 5 Jahren

Kürzlich habe ich mein privates Netzwerk um 3 Switches der Firma Ubiquiti (UBNT) erweitert. Nachdem ich die alten Switches gegen die neuen UBNT Switches ausgetauscht hatte, mussten diese nun auch in das Monitoring integriert werden. Für das Monitoring meines Netzwerks setze ich die kostenlose Version von PRTG ein. Für die Unifi Accesspoints gibt es bereits ein fertiges PowerShell Script von Paessler. Dieses Script liefert allerdings keine Daten zu den Switches.

Ich habe daher das Script von Paessler angepasst, damit es Daten zu den Switches liefert. Hier findet sich das Script von Paessler für die UBNT Accesspoints:

Monitoring Ubiqiti UniFi Devices with PRTG

Hier einmal der erste Entwurf für einen Sensor, der die folgenden Daten in PRTG darstellt:

Anzahl der verbundenen Clients via LAN
Anzahl der verbundenen Switches mit dem Controller
Anzahl der Switches welche ein Update benötigen
RX/TX Dropped/Error Packets je Switch

Hier einmal das abgewandelte Script für den Unifi Switch Sensor:

# Original script customized by Frank Zoechling to support Unifi Switches connected to Unifi Controller (instead of APs)
#
# Monitor the Status of AP's on Unfi Controller in PRTG v0.8 27/06/2017
# Published Here: https://kb.paessler.com/en/topic/71263
#
# Parameters in PRTG are: Controller's URI, Port, Site, Username and Password. Example without placeholders:
# -server 'unifi.domain.tld' -port '8443' -site 'default' -username 'admin' -password 'somepassword'
#
# -server '%host' -port '8443' -site 'default' -username '%windowsuser' -password '%windowspassword'
# This second option requires the device's address in PRTG to be the controller's address, the credentials for windows devices
# must also match the log-in/password from the controller. This way you don't leave the password exposed in the sensor's settings.
#
# It's recommended to use larger scanning intervals for exe/xml scripts. Please also mind the 50 exe/script sensor's recommendation per probe.
# The sensor will not generate alerts by default, after creating your sensor, define limits accordingly.
# This sensor is to be considered experimental. The Ubnt's API documentation isn't completely disclosed.
#
#   Source(s):
#   http://community.ubnt.com/t5/UniFi-Wireless/little-php-class-for-unifi-api/m-p/603051
#   https://github.com/fbagnol/class.unifi.php
#   https://www.ubnt.com/downloads/unifi/5.3.8/unifi_sh_api
#   https://github.com/malle-pietje/UniFi-API-browser/blob/master/phpapi/class.unifi.php

param(
	[string]$server = 'unifi.domain.com',
	[string]$port = '8443',
	[string]$site = 'default',
	[string]$username = 'admin',
	[string]$password = '123456',
	[switch]$debug = $false
)

#Ignore SSL Errors
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}  

#Define supported Protocols
[System.Net.ServicePointManager]::SecurityProtocol = @("Tls12","Tls11","Tls","Ssl3")


# Confirm Powershell Version.
if ($PSVersionTable.PSVersion.Major -lt 3) {
	Write-Output ""
	Write-Output "1"
	Write-Output ""
	Write-Output ""
	Exit
}

# Create $controller and $credential using multiple variables/parameters.
[string]$controller = "https://$($server):$($port)"
[string]$credential = "`{`"username`":`"$username`",`"password`":`"$password`"`}"

# Start debug timer
$queryMeasurement = [System.Diagnostics.Stopwatch]::StartNew()

# Perform the authentication and store the token to myWebSession
try {
$null = Invoke-Restmethod -Uri "$controller/api/login" -method post -body $credential -ContentType "application/json; charset=utf-8"  -SessionVariable myWebSession
}catch{
	Write-Output ""
	Write-Output "1"
	Write-Output ""
	Write-Output ""
	Exit
}

#Query API providing token from first query.
try {
$jsonresultat = Invoke-Restmethod -Uri "$controller/api/s/$site/stat/device/" -WebSession $myWebSession
}catch{
	Write-Output ""
	Write-Output "1"
	Write-Output ""
	Write-Output ""
	Exit
}

# Load File from Debug Log
# $jsonresultatFile = Get-Content '.\unifi_sensor2017-15-02-05-42-24_log.json'
# $jsonresultat = $jsonresultatFile | ConvertFrom-Json

# Stop debug timer
$queryMeasurement.Stop()

$swCount = 0
Foreach ($entry in ($jsonresultat.data | where-object { $_.state -eq "1" -and $_.type -like "usw"})){
	$swCount ++
}

$swUpgradeable = 0
Foreach ($entry in ($jsonresultat.data | where-object { $_.state -eq "1" -and $_.type -like "usw" -and $_.upgradable -eq "true"})){
	$swUpgradeable ++
}

$userCount = 0
Foreach ($entry in ($jsonresultat.data | where-object { $_.type -like "usw"})){
	$userCount += $entry.'num_sta'
}

#Write Results and collect some additional stats

write-host ""

Write-Host ""
Write-Host "Switches Connected"
Write-Host "$($swCount)"
Write-Host "Switch(es)"
Write-Host ""

Write-Host ""
Write-Host "Switches Upgradeable"
Write-Host "$($swUpgradeable)"
Write-Host "Switch(es)"
Write-Host ""

Write-Host ""
Write-Host "Clients (Total)"
Write-Host "$($userCount)"
Write-Host "Clients"
Write-Host ""

Write-Host ""
Write-Host "Response Time"
Write-Host "$($queryMeasurement.ElapsedMilliseconds)"
Write-Host "msecs"
Write-Host ""

Foreach ($entry in ($jsonresultat.data | where-object { $_.state -eq "1" -and $_.type -like "usw"})){
	$swName = $entry.name
	$swRXerr = $entry.stat.rx_errors
	$swRXdro = $entry.stat.rx_dropped
	$swTXerr = $entry.stat.tx_errors
	$swTXdro = $entry.stat.tx_dropped
	
	Write-Host ""
	Write-Host "$swName RX Error"
	Write-Host "$swRXerr"
	Write-Host "Packets"
	Write-Host ""
	
	Write-Host ""
	Write-Host "$swName RX Dropped"
	Write-Host "$swRXdro"
	Write-Host "Packets"
	Write-Host ""
	
	Write-Host ""
	Write-Host "$swName TX Error"
	Write-Host "$swTXerr"
	Write-Host "Packets"
	Write-Host ""
	
	Write-Host ""
	Write-Host "$swName TX Dropped"
	Write-Host "$swTXdro"
	Write-Host "Packets"
	Write-Host ""
}

write-host ""

# Write JSON file to disk when -debug is set. For troubleshooting only.
if ($debug){
	[string]$logPath = ((Get-ItemProperty -Path "hklm:SOFTWARE\Wow6432Node\Paessler\PRTG Network Monitor\Server\Core" -Name "Datapath").DataPath) + "Logs (Sensors)\"
	$timeStamp = (Get-Date -format yyyy-dd-MM-hh-mm-ss)

	$json = $jsonresultat | ConvertTo-Json
	$json | Out-File $logPath"unifi_sensor$($timeStamp)_log.json"
}

Die Installation erfolgt nach dem gleichen Prinzip wie in dem oben verlinkten Artikel, daher gibt es hier nur eine kurze Übersicht:

Das Script wird im Ordner “C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML” gespeichert:

In der PRTG GUI kann nun ein Sensor zum Controller hinzugefügt werden:

Dem Sensor bekommt einen Namen und das Script wird zugewiesen. Als Parameter müssen die Anmeldeinformationen für den Unifi Controller hinzugefügt werden:

-server '%host' -port '8443' -site 'default' -username 'ctrllerUsername' -password 'ctrllerPassword'

Nachdem der Sensor gestartet wurde, werden die Daten zu den Switches angezeigt:

Hinweis: Das Script greift auf die API des Controllers zu, die hier dargestellten Werte sind nur ein kleiner Teil der Werte welche über die API des Controllers abgerufen werden kann. Dieses Beispielscript und das Script von Paessler eignen sich aber gut dafür, um eigene Sensoren für die API des Unifi Controllers zu erstellen. Hier mal ein kleiner Ausschnitt der Werte, welche die API liefern kann:

Die meisten Werte lasen sich auch via SNMP abrufen, dies lässt allerdings schnell die Anzahl der Sensoren in PRTG explodieren. Wer wie ich nur die kostenlose Version von PRTG einsetzt (Limitierung auf 100 Sensoren) kommt mit SNMP schnell an die Grenzen der Lizenz.