Recordings
The following items are logged in the security log and forwarded to a connected syslog server:
•
Actions
–
Successful log off of a user, even after a certain period of time
–
Successful log on of a user
–
Change or delete the connection password
–
Update or restore the firmware version in the device
–
Update the configuration in the device
–
Change the operating mode of the device
–
Change the date and time
–
Change or overwrite state value entries by the logged-on user
–
Switching operations by the registered user
•
Potential errors
–
Number of entries with correct or incorrect passwords
–
Unsuccessful login attempt by typing 3 wrong passwords
–
Reboot or restart the device
•
Other entries
–
Capacity warning of the security log
The following table shows when which type of message (including format) and which action is expected.
Event/Alarm Summary
Successful remote and local
logon
Manual logoff
Logoff determined by time
Forcing control operations
Downloading the configura-
tion
Uploading the configuration WARNING
SIPROTEC 5, Operation, Manual
C53000-G5040-C003-9, Edition 06.2018
Syslog Message
Event Information
Severity
WARNING
The content of the events for the successful logon
depends on whether RBAC is active or not and on the
location from which the logon is made: Remotely (for
example, DIGSI) or locally (on-site operation).
WARNING
The events for the manual logoff are logged in the Audit-
Trail and transmitted using syslog UDP. The content of
the indication depends on whether RBAC is active or not.
WARNING
The content of the indication depends on whether RBAC
is active or not.
WARNING
Events for control operations initiated locally or
remotely. For example:
•
•
•
•
•
•
•
•
•
WARNING
Events relating to downloading the protection configura-
tion to a PC
Events relating to uploading the protection configura-
tion from a PC to a device
Security Settings in the Device
11.8 Recording of Cyber-Security Events
Changing the position of the poles
Tripping/closing operations in relation to the
primary equipment
Command operations in relation to the primary
equipment
Mode-change operations in relation to the primary
equipment
Start/cancellation of the switching sequence
Change in coil position
Control of sequential voltages/target voltages
Control of the switching authority
Controlling the winding selection
251