Syslog Messages - Siemens SIMATIC S7-1500 System Manual
Drive controller
Hide thumbs
Also See for SIMATIC S7-1500:
- System manual (523 pages) ,
- Function manual (402 pages) ,
- Manual (188 pages)
Table of Contents
Advertisement
You can find more information in the section Syslog messages (Page 43).
Connection to a SIEM system
A SIEM system (Security Information and Event Management) analyzes security events in real
time and can be installed, for example, on the syslog server.
4.9.12
Syslog messages
Using syslog messages
International standards and national regulations for the IT security of automation
components require, for example, the ability to log safety-related events.
Syslog (System Logging) is an IETF standard protocol (RFC 5424) for the transfer of recorded
events and meets this requirement. A CPU records the following events, for example:
• Security events
• Firmware updates
• Changes to the user program
• Changes to the configuration
• Changes to the operating state
The collecting of security-relevant events cannot be deactivated. Each CPU as of FW version
V3.1 saves syslog messages in a local cache. By querying this cache, you can view the syslog
messages and identify potential security risks.
The local cache of a CPU is organized as a ring buffer. If the storage limit of the cache is
reached and additional security events occur, the oldest messages in the cache are
overwritten.
If you want to access the local cache with the syslog messages, use the Web API of the web
server (API method Syslog.Browse). You can find information on the procedure in the "Web
server (https://support.industry.siemens.com/cs/us/en/view/59193560)" Function Manual.
You have the option of transferring the events collected by the CPU to a syslog server in the
network.
SIMATIC Drive Controller
System Manual, 11/2023, A5E46600094-AD
Industrial cybersecurity
4.9 Secure operation of CPUs
43
Advertisement
Table of Contents
