Logging

Fatal Errors

Microsoft Windows

On Windows operating systems, use Microsoft Event Viewer to view the messages written to the Operating System Event Log. PowerChute Logs are displayed under Windows Logs > Application. In the Source field, the “PowerChute” value is provided for PowerChute events.

The following image shows an example of a service start error:

Linux

On Linux operating systems, service logs are written to the system journal. To review all the service events related to PowerChute, use the following command:

journalctl -u PowerChute.service

To review the most recent service action, use the following command as an alternative:

systemctl status PowerChute

The service indicates an “inactive (dead)” status, when the service has stopped, and the context provides additional information about why the service has ended. Additional logs in error.log file will display information on unexpected service halts.

Non-Fatal Errors

Error conditions that are significant to operators but do not cause the service to stop are logged in the error.log file. Examples include network conditions preventing connection to VCenter, controller VMs, cluster hosts, and other collaborating systems. Operators are advised to review logs periodically to ensure PowerChute configuration and network conditions enable PowerChute to react to UPS events.

Logging to Third Party Systems

PowerChute manages logging through Log4J. This is configured by the configuration file log4j2.xml in the installation directory.

Windows Event Log

On Windows installations, the Event Log records the below events. You can view these events with Windows Event Viewer in the Application Log.

1. UPS Events
   • All events enabled for logging are reported to the Windows Event Log
2. Service Fatalities
   • Any event causing PowerChute to stop running.
3. Unsuccessful Command File execution
4. Unsuccessful SSH Action execution
   • PowerChute issues the Command File and SSH Action events at pre-defined stages of the startup and shutdown procedure and it considers them successful once they begin running. Warning or error events are not logged for command files or SSH Actions which run for extended periods, or for scripts which have errors during execution.

Syslog (Insecure)

PowerChute uses Log4J SyslogAppender to direct logs to an appropriately configured syslog server.

The following configuration is provided in the log4j2.xml file, in the installation directory.

<Syslog name=”syslog” format=”RFC5424” host=”localhost” port=”514” protocol=”UDP” appName=”PowerChute” facility=”ALERT” enterpriseNumber=”1.3.6.1.4.1.318” messageId=”PowerChute”/>

This configuration will forward log events to a syslog server over UDP to port 514. This transport mechanism is considered insecure because data on the network is not encrypted, and the network endpoints do not mutually authenticate each other. This configuration is not recommended for production deployments.

Configure Insecure Syslog

1. Modify the host setting and specify the syslog server host details, with the IP address for Fully Qualified Domain Name.
2. Modify the port setting to specify the syslog server input port
3. Modify the protocol setting to specify TCP or UDP transport.

Syslog (Secure)

PowerChute uses Log4J SyslogAppender to direct logs to an appropriately configured syslog server.

The following configuration is provided in the log4j2.xml file, in the installation directory.

This transport mechanism is considered secure because the data transported over the network is protected by TLS, and network endpoints can mutually authenticate each other.

Configure Secure Syslog

1. Modify the host setting and specify the syslog server host details, with the IP address or Fully Qualified Domain Name.
2. Modify the port setting to specify the syslog server input port.
3. Modify the KeyStore and TrustStore file settings.

KeyStore and TrustStore file for Secure Syslog

The PowerChute KeyStore contains a certificate which is presented to the server to establish trust in the connecting client. The client certificate should be countersigned by your trusted Certificate Authority. The TrustStore file contains the syslog server certificate from the Certificate Authority and enables PowerChute to authenticate the server’s certificate. For information on the passwords required for the KeyStore and the TrustStore, see Log4J SSL configuration manual.

Create a KeyStore

1. To create a KeyStore, issue the following commands:

   keytool -keystore syslog_keystore.jks -genkey -keysize 4096 -keyalg RSA -alias client

2. Enter the KeyStore password when prompted and follow the prompts to set the certificate details for your location and organization. Ensure that the certificate Common Name contains the Fully Qualified Domain Name for the PowerChute host.
3. Generate a Certificate Signing Request from your new KeyStore:

   keytool -certreq -alias client -file client.csr -keystore syslog_keystore.jks

4. Enter the KeyStore password when prompted. This will generate a certificate signing request file to client.csr. Use the certificate signing request to sign the client certificate with your trusted Root Certificate Authority certificate.
5. Import the public root Certificate Authority certificate into the KeyStore:

   keytool -keystore syslog_keystore.jks -import -file rootCA.crt - alias root-ca

6. Import the signed client certificate into the KeyStore:

   keytool -keystore syslog_keystore.jks -import -file client.crt - alias client

7. Copy the syslog_keystore.jks file into the PowerChute installation directory.
8. Modify the log4j2.xml configuration file to specify the full path to the file in the KeyStore location setting.
9. Modify the password setting to contain the KeyStore password.

Create a TrustStore file

1. To create a TrustStore file, issue the following commands:

   keytool -keystore syslog_truststore.jks -genkey -alias deleteme

2. When prompted, provide the values for a new certificate in the file and create a password for the TrustStore.
3. Delete the certificate to create an empty KeyStore: 

   keytool -keystore syslog_truststore.jks -delete -alias deleteme

4. Import the Certificate Authority public certificate into the KeyStore:

   Keytool -keystore syslog_truststore.jks -import -file
   /path/to/rootCA.crt -alias syslog-ca

5. Copy the syslog_truststore.jks file to the PowerChute installation directory. 
6. Modify the log4j2.xml configuration file to specify the full path to the file in the TrustStore file location setting. 
7. Modify the password setting to contain the TrustStore file password.