{"id":1181,"date":"2015-05-19T17:43:09","date_gmt":"2015-05-19T22:43:09","guid":{"rendered":"http:\/\/www.nathanhunstad.com\/blog\/?p=1181"},"modified":"2015-05-19T17:45:50","modified_gmt":"2015-05-19T22:45:50","slug":"monitoring-my-ups-with-splunk","status":"publish","type":"post","link":"https:\/\/www.nathanhunstad.com\/blog\/2015\/05\/monitoring-my-ups-with-splunk\/","title":{"rendered":"Monitoring my UPS with Splunk"},"content":{"rendered":"

Last time<\/a>, I had set up my UPS monitoring software on my CentOS logging server. But I wanted more: what good is having a UPS if I can\u2019t monitor things like voltage, battery charge, and load on an ongoing basis? Of course, the answer to this is to log to Splunk, which is what I ended up doing.<\/p>\n

<\/p>\n

To do the logging, I used UPSLOG<\/a>, which as you may be able to tell from the name, is a logger of UPS data. It took a few steps to get it set up properly, though, for long-term logging.<\/p>\n

First, I created a new user to run upslog as, since I didn\u2019t want it running as root for security reasons. That allows me to run upslog with the \u2013u option to setuid to the new user. The log file itself is located at \/var\/log\/ups.log<\/span>. In order for Splunk to read it, I ran chmod of the log file to set the group to the splunk group, granting Splunk read access. So far, so good.<\/p>\n

Eventually, the log is going to get huge, and so I want to rotate it properly. To do this, I created a new file in \/etc\/logrotate.d<\/span> in order to manage the log rotation. Never having created a logrotate configuration file before, I went with this:<\/p>\n

\/var\/log\/ups.log {
\nweekly
\nrotate 14
\ncompress
\ndelaycompress
\nmissingok
\nnotifempty
\ncreate 644 upslog splunk
\n}<\/span><\/p>\n

Will it work? We\u2019ll see! The important things are to create the new log with owner and group of upslog and splunk respectively. If that works, we should be in good shape.<\/p>\n

Finally, I wanted to create a init.d script for starting and stopping the service on boot and shutdown automatically. UPSLOG didn\u2019t have an init script for some reason, so I copied the ups script and changed it accordingly:<\/p>\n

#! \/bin\/bash
\n#
\n# upslog: Starts the UPS logging service
\n#
\n# chkconfig: – 26 74
\n# description: Starts the UPS logging service to log UPS statistics to \/var\/log\/ups.log
\n# processname: upslog
\n#
\n### BEGIN INIT INFO
\n# Provides: upslog
\n# Required-Start: $syslog $network $named
\n# Required-Stop: $local_fs
\n# Default-Stop: 0 1 6
\n# Short-Description: Starts the UPS logging service
\n# Description: Stars the UPS logging service to log UPS statistics to \/var\/log\/ups.log
\n### END INIT INFO<\/span><\/p>\n

# Source function library.
\nif [ -f \/etc\/init.d\/functions ]; then
\n. \/etc\/init.d\/functions
\nelif [ -f \/etc\/rc.d\/init.d\/functions ]; then
\n. \/etc\/rc.d\/init.d\/functions
\nelse
\nexit 0
\nfi<\/span><\/p>\n

pidfile=\/var\/run\/nut\/upslog.pid
\nbin=\/usr\/bin\/upslog<\/span><\/p>\n

start() {
\nprintf “Starting upslog…\\n”
\nupslog -s apc@localhost -l \/var\/log\/ups.log -u upslog
\nsleep 1
\nif [ -f $pidfile ]; then
\nprintf “OK\\n”
\nelse
\nprintf “Fail\\n”
\nfi
\n}<\/span><\/p>\n

stop() {
\nprintf “Stopping upslog…”
\nif [ -f $pidfile ]; then
\npid=`cat $pidfile`
\nkill $pid
\nprintf “upslog stopped\\n”
\nrm -f $pidfile
\nelse
\nprintf “pidfile not found\\n”
\nfi
\n}<\/span><\/p>\n

restart() {
\nstop
\nstart
\n}<\/span><\/p>\n

# See how we are called.
\ncase “$1” in
\nstart)
\nstart ;;<\/span><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 stop)
\nstop ;;<\/span><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 restart)
\nrestart ;;<\/span><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 status)
\nif [ “$SERVER” = “yes” ]; then
\nstatus upsd
\nfi
\nstatus upsmon
\n;;<\/span><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 *)
\necho $”Usage: $0 {start|stop|restart|status}”
\nRETVAL=3
\nesac<\/span><\/p>\n

exit $RETVAL<\/span><\/p>\n

Will this work? Well, I can stop and start it well enough, and with a UPS hopefully I won\u2019t need to power this down anytime soon. After saving this, and a chkconfig upslog on later, it said it would run on boot, so that looks good enough.<\/p>\n

With all of that set up, getting the data into Splunk was a simple as setting up a new file data source. I created a new index called \u201cups\u201d to hold the data, and soon I was getting events every 30 seconds:<\/p>\n

\"image\"<\/a><\/p>\n

In order to get the volts, battery charge, and load, I used Splunk\u2019s field extraction tool. With those fields extracted, my dashboards pretty much made themselves:<\/p>\n

\"image\"<\/a><\/p>\n

That, in a nutshell, is how easy it is to get UPS data into Splunk!<\/p>\n","protected":false},"excerpt":{"rendered":"

Last time, I had set up my UPS monitoring software on my CentOS logging server. But I wanted more: what good is having a UPS if I can\u2019t monitor things like voltage, battery charge, and load on an ongoing basis? Of course, the answer to this is to log to Splunk, which is what I… Continue reading Monitoring my UPS with Splunk<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[247,269,252],"class_list":["post-1181","post","type-post","status-publish","format-standard","hentry","category-tech-2","tag-centos","tag-nut","tag-splunk","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=1181"}],"version-history":[{"count":3,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1181\/revisions"}],"predecessor-version":[{"id":1185,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1181\/revisions\/1185"}],"wp:attachment":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=1181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=1181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=1181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}