PIALERT_CONF.md

March 30, 2026 · View on GitHub

pialert.conf

In this configuration file many functions of Pi.Alert can be set according to the personal wishes. Since the possibilities are various, I would like to give a short explanation to the individual points.

:eight_spoked_asterisk: General Settings

OptionDescription
PIALERT_PATHThis variable is set during installation and should not be changed.
DB_PATHThis variable is set during installation and should not be changed.
LOG_PATHThis variable is set during installation and should not be changed.
PRINT_LOGIf this entry is set to True, additional timestamps for the individual sub-functions are added to the scan log. By default this entry is set to False
VENDORS_DBThis variable is set during installation and should not be changed.
PIALERT_APIKEYWith the API key it is possible to make queries to the database without using the web page. The API key is a random string that can be set via the settings or via pialert-cli
PIALERT_WEB_PROTECTIONEnables or disables the password protection of the Pi.Alert web interface.
PIALERT_WEB_PASSWORDThis field contains the hashed password for the web interface. The password cannot be entered here in plain text, but must be set with pialert-cli
NETWORK_DNS_SERVERIP address of the DNS server in the network. This entry is required to attempt to resolve a hostname in the network.
AUTO_UPDATE_CHECKEnables or disables automatic search for Pi.Alert updates.
AUTO_DB_BACKUPEnables or disables automatic creation of database and configuration backups.
AUTO_DB_BACKUP_KEEPThis specifies how many automatic backups should be retained, including the current backup. This includes both configuration backups and database backup. This value is not relevant during manual cleanup, where the last 3 backups are retained.
REPORT_NEW_CONTINUOUSEnables or disables the recurring notification for devices marked as "New".
NEW_DEVICE_PRESET_EVENTSEnables or disables the notification for all events on new devices.
NEW_DEVICE_PRESET_DOWNEnables or disables the notification for "Down" events on new devices.
SYSTEM_TIMEZONEIf a time zone has already been set in php.ini, this will of course be used. If no time zone is set, i.e. PHP uses "UTC", then the time zone stored in pialert.conf is applied. PHP Timezones
OFFLINE_MODEAfter the installation and the initial test of all script components, the offline mode can be configured to prevent any communication with the Internet

:eight_spoked_asterisk: Other Modules

OptionDescription
SCAN_WEBSERVICESHere the function for monitoring web services can be switched on (True) or off (False)
ICMPSCAN_ACTIVEICMP Monitoring on/off
SATELLITES_ACTIVEEnable the Satellite management and import function. One or more companion scripts can perform remote scans and send them to the central Pi.Alert instance.

:eight_spoked_asterisk: Special Protocol Scanning

OptionDescription
SCAN_ROGUE_DHCPActivates the search for foreign, also called "rogue", DHCP servers. This function is used to detect whether there is a foreign DHCP server in the network that could take control of IP management.
DHCP_SERVER_ADDRESSThe IP of the known DHCP server is stored here. A list of DHCP servers is also supported

:eight_spoked_asterisk: Custom Cronjobs

OptionDescription
AUTO_UPDATE_CHECK_CRONInterval, in crontab syntax, at which to search for new updates from Pi.Alert. The shortest interval is 3 minutes. All larger intervals must be an integer multiples of 3 minutes (15, 30, 36, etc).
AUTO_DB_BACKUP_CRONInterval, in crontab syntax, at which the automatic backups should be created. The shortest interval is 3 minutes. All larger intervals must be aninteger multiples of 3 minutes (15, 30, 36, etc).
REPORT_NEW_CONTINUOUS_CRONInterval, in Crontab syntax, at which notifications should be sent repeatedly. The shortest interval is 3 minutes. All larger intervals must be an integer multiple of 3 minutes (15, 30, 36, etc.).
SPEEDTEST_TASK_CRONFull hour, or comma-separated hours, at which the speed test is to be started. The shortest interval is 3 minutes. All larger intervals must be integer multiples of 3 minutes (15, 30, 36, etc).

:eight_spoked_asterisk: Mail-Account Settings

OptionDescription
SMTP_SERVERAddress of the e-mail server (e.g. smtp.gmail.com)
SMTP_PORTThe port of the SMTP server. The port may vary depending on the server configuration.
SMTP_USERUser name used to authenticate with the SMTP server.
SMTP_PASSPassword used to authenticate with the SMTP server.
SMTP_SKIP_TLSIf this entry is set to True, transport encryption of the e-mail is enabled. If the server does not support this, the entry must be set to False.
SMTP_SKIP_LOGINThere are SMTP servers which do not require a login. In such a case, this value can be set to True.

:eight_spoked_asterisk: WebGUI Reporting

OptionDescription
REPORT_WEBGUIEnables/disables the notifications about changes in the network in the web interface.
REPORT_WEBGUI_WEBMONEnables/disables the notifications about changes in the monitored web services in the web interface.
REPORT_TO_ARCHIVENumber of hours after which a report is moved to the archive. The value 0 disables the feature

:eight_spoked_asterisk: MQTT Reporting

OptionDescription
REPORT_TO_MQTTGeneral activation/deactivation of the MQTT function.
REPORT_MQTT_BROKERThe IP or host name of the MQTT server/broker. The URL scheme "mqtt://" is not supported as input and must be removed.
REPORT_MQTT_PORTThe port under which the MQTT server can be accessed. The standard MQTT port is 1883. If SSL/TLS is used, 8883 is usually used.
REPORT_MQTT_USERNAMEUsername for logging in to the MQTT server. If no authentication is used, leave this field blank.
REPORT_MQTT_PASSWORDPassword for logging in to the MQTT server. If no authentication is used, leave this field blank.
REPORT_MQTT_TLSEnable or disable SSL/TLS.
PUBLISH_MQTT_STATUSActivation or deactivation of general information about the Pi.Alert installation. The following sensors are created: “Pi.Alert Status”, “Pi.Alert local”, “Pi.Alert <Satellite Name>”

:eight_spoked_asterisk: Mail Reporting

OptionDescription
REPORT_MAILEnables/disables the notifications about changes in the network via e-mail.
REPORT_MAIL_WEBMONEnables/disables the notification of changes in the monitored web services by e-mail.
REPORT_FROMName or identifier of the sender.
REPORT_TOE-mail address to which the notification should be sent.
REPORT_DEVICE_URLURL of the Pi.Alert installation to create a clickable link in the e-mail to the detected device.
REPORT_DASHBOARD_URLURL of the Pi.Alert installation, to be able to create a clickable link in the e-mail.

:eight_spoked_asterisk: Pushsafer

OptionDescription
REPORT_PUSHSAFEREnables/disables notifications about changes in the network via Pushsafer.
REPORT_PUSHSAFER_WEBMONEnables/disables notifications about changes in the monitored web services via Pushsafer.
PUSHSAFER_TOKENThis is the private key that can be viewed on the pushsafer page.
PUSHSAFER_DEVICEThe device ID to which the message will be sent. ‘a’ means the message will be sent to all configuring devices and will consume a corresponding number of API calls.
PUSHSAFER_PRIOPriority level of the message.
PUSHSAFER_SOUNDNotification sound (integer).

:eight_spoked_asterisk: Pushover

OptionDescription
REPORT_PUSHOVEREnables/disables notifications about changes in the network via Pushover.
REPORT_PUSHOVER_WEBMONEnables/disables the notifications about changes in the monitored web services via Pushover.
PUSHOVER_TOKENAlso called "APP TOKEN" or "API TOKEN". This token can be queried on the pushover page.
PUSHOVER_USERAlso called "USER KEY". This key is displayed right after login on the start page.
PUSHOVER_PRIOPriority level of the message.
PUSHOVER_SOUNDNotification sound.

:eight_spoked_asterisk: NTFY

OptionDescription
REPORT_NTFYEnables/Disables notifications about changes in the network via NTFY
REPORT_NTFY_WEBMONEnables/Disables notifications about changes in monitored web services via NTFY
NTFY_HOSTThe hostname or IP address of the NTFY server.
NTFY_TOPICThe subject of notifications sent via NTFY.
NTFY_USERThe username used for authentication with the NTFY server.
NTFY_PASSWORDThe password used for authentication with the NTFY server.
NTFY_PRIORITYPriority of notifications sent via NTFY
NTFY_CLICKABLEEnables or disables the click action for the notification.

:exclamation: If you want to use a token instead of username and password, leave the username blank and use the token as the password.

:eight_spoked_asterisk: Shoutrrr

OptionDescription
SHOUTRRR_BINARYHere you have to configure which binary of shoutrrr has to be used. This depends on the hardware Pi.Alert was installed on.

:eight_spoked_asterisk: Telegram via Shoutrrr

OptionDescription
REPORT_TELEGRAMEnables/disables the notifications about changes in the network via Telegram
REPORT_TELEGRAM_WEBMONEnables/disables the notifications about changes in the monitored web services via Telegram
TELEGRAM_BOT_TOKEN_URLHere the URL created by the shoutrrr setup wizard is entered.

:eight_spoked_asterisk: Discord

OptionDescription
REPORT_DISCORDEnables/disables notifications about network changes via Discord.
REPORT_DISCORD_WEBMONEnables/disables notifications about monitored web service changes via Discord.
DISCORD_BOT_TOKEN_URLThe Discord webhook URL used to send the notification.

:eight_spoked_asterisk: DynDNS and IP

OptionDescription
QUERY_MYIP_SERVERServer URL that determines and returns the current public IP.
QUERY_MYIP_SERVER_FALLBACKFallback server URL used when the primary public IP lookup fails.
DDNS_ACTIVEEnables/Disables the configured DDNS service in Pi.Alert. DDNS, also known as DynDNS, allows a domain name to be updated with a regularly changing IP address. This service is provided by various providers.
DDNS_DOMAINDomain name or host name that should be updated by the configured DDNS provider.
DDNS_USERUser name used to authenticate with the DDNS provider.
DDNS_PASSWORDPassword used to authenticate with the DDNS provider.
DDNS_UPDATE_URLProvider-specific update URL used to send the current public IP to the DDNS service.

:eight_spoked_asterisk: Automatic Speedtest

OptionDescription
SPEEDTEST_TASK_ACTIVEActivate/deactivate the automatic speed test. This requires the installation of the Ookla speed test in the "Tools" tab of the "Internet" device. Follow the instructions during installation.

:eight_spoked_asterisk: Arp-scan Options & Samples

OptionDescription
MAC_IGNORE_LIST['MAC-Address 1', 'MAC-Address 2']
This MAC address(es) (save with small letters) will be filtered out from the scan results. It is also possible to specify only the beginning of a MAC address. All addresses with the same prefix will also be filtered out
IP_IGNORE_LIST['IP-Address 1', 'IP-Address 2']
This IP address(es) will be filtered out from the scan results. It is also possible to specify only the beginning of a IP address. All addresses with the same prefix will also be filtered out. A syntax such as “172.17.0.0/24” does not lead to success. In this case, use an entry such as “172.17.”
HOSTNAME_IGNORE_LIST['Hostname', 'Host*', '*stna*', '*stname']
If no “*” is specified, the exact host name is searched for. “*”, however, serves as a wildcard. No distinction is made between upper and lower case letters.
SCAN_SUBNETS‘--localnet’
Normally this option is already the correct settings. This setting is selected when Pi.Alert is installed on a device with a network card and no other networks are configured.
‘--localnet --interface=eth0’
This configuration is selected if Pi.Alert is installed on a system with at least 2 network cards and a configured network. However, the interface designation may differ and must be adapted to the conditions of the system.
['192.168.1.0/24 --interface=eth0','192.168.2.0/24 --interface=eth1']
The last configuration is necessary if several networks are to be monitored. For each network to be monitored, a corresponding network card must be configured. This is necessary because the "arp-scan" used is not routed, i.e. it only works within its own subnet. Each interface is entered here with the corresponding network. The interface designation must be adapted to the conditions of the system.

:eight_spoked_asterisk: ICMP Monitoring Options

OptionDescription
ICMP_ONLINE_TESTNumber of attempts to determine if a device is online (Default 1).
ICMP_GET_AVG_RTTNumber of "ping's" to calculate the average response time (Default 2).

:eight_spoked_asterisk: Pi-hole Configuration

OptionDescription
PIHOLE_ACTIVEThis variable is set during installation.
PIHOLE_VERSIONThe version information is necessary because access to the Pi-hole data has fundamentally changed from version 5 to 6. Default is 6 after the official realease of Pihole 6
PIHOLE_DBThis variable is set during installation and should not be changed.
PIHOLE6_URLIf you want to access the Pi-hole data of version 6, enter the URL to the web interface (without the "/admin" suffix) here.
PIHOLE6_PASSWORDEnter the password for the Pi-hole web interface here.
PIHOLE6_API_MAXCLIENTSSpecifies the maximum number of clients that are returned as a response from the API
DHCP_ACTIVEThis variable is valid for the DHCP server of Pihole 5.x as well as for 6.x
DHCP_LEASESThis path is only relevant for version 5.x of Pihole and should not be changed.
DHCP_INCL_SELF_TO_LEASESAdds the Mac addresses of Pi-hole itself to the DHCP leases to import Pi-hole itself into the database if it is not in the local network of Pi.Alert

:eight_spoked_asterisk: Fritzbox Configuration

OptionDescription
FRITZBOX_ACTIVEIf a Fritzbox is used in the network, it can be used as a data source. This can be activated or deactivated at this point.
FRITZBOX_IPIP address or host name of the Fritzbox.
FRITZBOX_USERUser name for Fritzbox authentication. Password-only logins are not supported.
FRITZBOX_PASSPassword for the configured Fritzbox user.

:eight_spoked_asterisk: Mikrotik Configuration

OptionDescription
MIKROTIK_ACTIVEIf a Mikrotik router is used in the network, it can be used as a data source. This can be enabled or disabled at this point.
MIKROTIK_IPIP address or host name of the Mikrotik router.
MIKROTIK_USERUser name used to authenticate with the Mikrotik router.
MIKROTIK_PASSPassword used to authenticate with the Mikrotik router.

:eight_spoked_asterisk: UniFi Configuration

OptionDescription
UNIFI_ACTIVEIf a UniFi system is used in the network, it can be used as a data source. This can be enabled or disabled at this point.
UNIFI_IPIP address or host name of the UniFi controller or UniFi OS device.
UNIFI_APIPossible UNIFI APIs are v4, v5, unifiOS, UDMP-unifiOS, default
UNIFI_USERUser name used to authenticate with the UniFi controller.
UNIFI_PASSPassword used to authenticate with the UniFi controller.

:eight_spoked_asterisk: OpenWRT Configuration

OptionDescription
OPENWRT_ACTIVEThe package luci-mod-rpcneed to be installed, on your OpenWrt router. If a OpenWRT router is used in the network, it can be used as a data source. This can be activated or deactivated at this point.
OPENWRT_IPIP address or host name of the OpenWRT router.
OPENWRT_USERUser name used to authenticate with the OpenWRT router.
OPENWRT_PASSPassword used to authenticate with the OpenWRT router.

:eight_spoked_asterisk: Asus Configuration

OptionDescription
ASUSWRT_ACTIVEIf a Asus router is used in the network, it can be used as a data source. This can be activated or deactivated at this point. The Python package “asusrouter” is used for communication with the router, which supports a large number of devices. You can check whether your router is supported at “https://pypi.org/project/asusrouter/”.
ASUSWRT_IPIP address or host name of the AsusWRT router.
ASUSWRT_USERUser name used to authenticate with the AsusWRT router.
ASUSWRT_PASSPassword used to authenticate with the AsusWRT router.
ASUSWRT_SSLSet to True for https or False for http when connecting to the router.

:eight_spoked_asterisk: pfsense Configuration

OptionDescription
PFSENSE_ACTIVEEnables the import of pfSense. To do this, the REST API must be installed in pfSense. You can find more details here: pfSense REST API. The API is used to import the DHCP leases and the ARP table from pfSense.
PFSENSE_IPIP address or domain name of the pfSense firewall.
PFSENSE_PORTThe port through which the web interface can be accessed. This is usually 443 for https (PFSENSE_SSL = True) and 80 for http (PFSENSE_SSL = False).
PFSENSE_APIKEYThe API key that was created after installing the API in pfSense under ‘System’ -> ‘REST API’ -> 'Keys'
PFSENSE_SSLSet to True for https or False for http.
PFSENSE_EXCLUDE_INTInterfaces that should be ignored during import

:eight_spoked_asterisk: OPNsense Configuration

OptionDescription
OPNSENSE_ACTIVEEnables the import of OPNsense data. Pi.Alert uses the OPNsense API to read DHCP lease and ARP information.
OPNSENSE_IPIP address or domain name of the OPNsense firewall.
OPNSENSE_PORTThe port used by the OPNsense web interface and API. This is usually 443 for https and 80 for http.
OPNSENSE_APIKEYAPI key created for the OPNsense API user.
OPNSENSE_APISECRETAPI secret that belongs to the configured API key.
OPNSENSE_SSLSet to True for https or False for http.
OPNSENSE_EXCLUDE_INTInterfaces that should be ignored during import.

:eight_spoked_asterisk: AdGuard Configuration

OptionDescription
ADGUARD_ACTIVEEnables or disables the AdGuard import.
ADGUARD_IPIP address or host name of the AdGuard Home instance.
ADGUARD_PORTPort used by the AdGuard web interface and API.
ADGUARD_USERUser name used to authenticate with the AdGuard web interface.
ADGUARD_PASSWORDPassword for the AdGuard web interface. If you enter a password with \ in the GUI, pialert.conf may show \\. This is expected and preserves the correct value.
ADGUARD_SSLSet to True for https or False for http.
ADGUARD_QUERY_MINUTESQuery time window, in minutes, that is used to mark AdGuard lease entries as active.
ADGUARD_ACTIVITY_MINUTESRetention time, in minutes, for entries in the AdGuard activity table before they are removed as inactive.
ADGUARD_QUERY_LIMITMaximum number of query log entries requested from AdGuard per run.

:eight_spoked_asterisk: Satellite Configuration

OptionDescription
SATELLITE_PROXY_MODEActivates/deactivates the support of an external API to which the satellites send their data. If this function is deactivated, Pi.Alert only uses scan events that were sent directly to this instance.
SATELLITE_PROXY_URLURL of the Pi.Alert Satellite Proxy API that receives scan data from satellite instances.

:eight_spoked_asterisk: Maintenance Tasks

OptionDescription
DAYS_TO_KEEP_ONLINEHISTORYNumber of days for which the online history (activity graph) is to be stored in the database. One day generates 288 such records.
DAYS_TO_KEEP_EVENTSNumber of days for which the events of the individual devices are to be stored.

Back