PLUSInsights Plus

Introduction

Welcome to the Insights Plus documentation.

Insights Plus (formerly UniFi Log Insight) is a self-hosted network monitoring tool for UniFi gateways. It captures syslog messages - firewall, DNS, DHCP, Wi-Fi - enriches them with GeoIP, ASN, threat intelligence, and reverse DNS, then serves everything through a live React dashboard with filtering, analytics, and firewall policy management.

Everything runs inside a single Docker container: PostgreSQL 16, a Python syslog receiver, a FastAPI API, and a React UI. No external dependencies. Zero data collection.

Features at a Glance

Live Log Stream
Threat Map
AbuseIPDB Scoring
Dashboard
Flow View
AI Agent (MCP)
Single Container
Zero Data Collection

How It Works

  1. Receive - Raw syslog UDP packets from your UniFi gateway
  2. Parse - Extract fields from iptables, hostapd, dhclient, and dnsmasq messages
  3. Classify - Determine direction (inbound/outbound/inter-VLAN/local/VPN) based on interfaces and WAN IP
  4. Enrich - GeoIP country/city/coords, ASN, AbuseIPDB threat score + categories, reverse DNS, UniFi device names
  5. Store - Batched inserts into PostgreSQL with row-by-row fallback
  6. Serve - REST API with pagination, filtering, sorting, CSV export, and the React dashboard

Architecture

Four supervised processes run inside the container:

  • PostgreSQL 16 - for logs, threat cache, and config state (can be replaced with an external instance)
  • Receiver - UDP syslog listener + enrichment pipeline + background workers (stats, blacklist, backfill, UniFi polling)
  • API - FastAPI serving REST endpoints and the React SPA on port 8000 (mapped to 8090)
  • Cron - GeoIP database auto-update (Wed/Sat 07:00 UTC)
Prerequisites