Section 6 User activity logging
6.1 Activity logging protocol
GUID-9D7788E2-F94D-40E5-BE3E-3C47C39D34FC v1
Activity Logging can be reported from the IED through two dif
ferent protocols;
either IEC 61850 or Syslog. Syslog is a standard for computer message logging
(RFC 5424). For IEC61850, configuration is as for buffered reporting. Syslog is
configured through a number of parameters where the Syslog server is defined. The
IED is the Syslog client and it sends the events to the Syslog server.
Both IEC61850 and Syslog are to be seen as online protocols when it comes to
activity logging. If an event has occurred while 61850 or Syslog communication
has been down, the events will not be retransmitted. In this case, use PCM600 to
read out the activity logging from the IED.
6.2 Activity logging ACTIVLOG
GUID-BED7C3D6-6BE3-4DAC-84B3-92239E819CC0 v1
ACTIVLOG contains all settings for activity logging.
There can be 6 external log servers to send syslog events to. Each server can be
configured with IP address; IP port number and protocol format. The format can be
either syslog (RFC 5424) or Common Event Format (CEF) from ArcSight.
6.3 Settings
PID-6908-SETTINGS v2
Table 18: ACTIVLOG Non group settings (basic)
Name Values (Range) Unit Step Default Description
ExtLogSrv1Type Off
SYSLOG UDP/IP
SYSLOG TCP/IP
CEF TCP/IP
- - Off External log server 1 type
ExtLogSrv1Port 1 - 65535 - 1 514 External log server 1 port number
ExtLogSrv1IP 0 - 18 IP
Address
1 127.0.0.1 External log server 1 IP-address
ExtLogSrv2Type Off
SYSLOG UDP/IP
SYSLOG TCP/IP
CEF TCP/IP
- - Off External log server 2 type
ExtLogSrv2Port 1 - 65535 - 1 514 External log server 2 port number
Table continues on next page
1MRK 511 399-UEN B Section 6
User activity logging
670 series 2.2 IEC 79
Cyber security deployment guideline
To Next Page
Loading...
Need help?
General
