PLUSInsights Plus

Installation

Get up and running in under 5 minutes with Docker Compose.

Step 1: Configure Your UniFi Router

Enable Syslog

  1. Go to Settings → CyberSecure → Traffic Logging
  2. Enable Activity Logging (Syslog)
  3. Under Contents, select Clients, Critical, Devices, Security Detections, Triggers, VPN, Firewall Default Policy
  4. Set the syslog server to <docker-host-ip> on port 514
  5. Click Apply Changes

Enable Per-Rule Syslog

Each firewall rule needs syslog individually enabled. If you plan to connect via the UniFi API (recommended), the app's built-in Firewall Syslog Manager handles this for you. Otherwise, go to Settings → Policy Engines → Zones and toggle syslog on each rule.

Step 2: Pull the Image

Pull the latest pre-built image from GitHub Container Registry:

$
docker pull ghcr.io/jmasarweh/unifi-log-insight:latest

Step 3: Create docker-compose.yml

Create a docker-compose.yml file with your configuration:

docker-compose.yml
services:
  unifi-log-insight:
    image: ghcr.io/jmasarweh/unifi-log-insight:latest
    pull_policy: always
    container_name: unifi-log-insight
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "5"
    ports:
      - "514:514/udp"
      - "8090:8000"
    volumes:
      - pgdata:/var/lib/postgresql/data
      - ./maxmind:/app/maxmind
    environment:
      SECRET_KEY: "your_strong_key_for_encryption"          
      POSTGRES_PASSWORD: "your_strong_password_here"
      ABUSEIPDB_API_KEY: "your_key_here"
      MAXMIND_ACCOUNT_ID: "your_account_id"
      MAXMIND_LICENSE_KEY: "your_license_key"
      TZ: "Europe/London"
    healthcheck:
      test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/api/health')"]
      interval: 15s
      timeout: 10s
      retries: 5
      start_period: 45s

volumes:
  pgdata:
    name: unifi-log-insight-pgdata

Step 4: Start the Container

$
docker compose up -d

Alternative: Build from Source

git clone https://github.com/jmasarweh/unifi-log-insight.git
cd unifi-log-insight
# Create .env with your credentials
docker compose up -d --build

Step 5: Open the UI

Navigate to http://<docker-host-ip>:8090

On first launch, a Setup Wizard guides you through configuration. You can choose between:

  • UniFi API — UniFi OS (recommended) - connect with an API key from a Local Admin account. Auto-detects WAN interfaces, VLANs, and device names. Enables the Firewall Syslog Manager.
  • UniFi API — Self-Hosted Controller - connect with a local username and password. Provides the same auto-detection and device enrichment but firewall rule management is not available on self-hosted controllers.
  • Log Detection - discovers interfaces from live traffic without API connection.
PrerequisitesEnvironment Variables