Special functions of the CPU 410
9.3 Security event logging
CPU 410 Process Automation/CPU 410 SMART
136 System Manual, 05/2017, A5E31622160-AC
Security event logging
Security events
The CPU 410 supports security events according to IEC 62443-3-3. The security events can
be sent from the CPU in syslog frames to up to four external SIEM servers (Security
Information and Event Management). If an external SIEM server can be accessed, the CPU
410 stores up to 3200 events in the work memory. If more than 3200 security events occur,
the oldest events are overwritten.
You can store security events as a text file using Simatic Manager -> PLC -> Save Security
Events.
The entries in the saved text file are structured as follows:
Manufacturer
Siemens AG
Version
e.g.: V8.2.0
Corresponds to Security Event ID (see below)
Event Security Event
(textual name of the signature ID)
Priority 1: Alarm (A)
This situation requires immediate action.
3: Error (E)
Correctable error in general.
5: Note (N)
A situation has occurred that could require targeted action.
6: Information (I)
Set protection level 0 or 1 to 3, CPU-specific
Start time start Time stamp for occurrence of the event
Format: MMM dd yyyy HH:mm:ss.SSS
Operating mode (optional)
Operating mode of the CPU (e.g. STOP)
Reason
reason Byte-encoded origin of the event
To Next Page
Loading...
Need help?
General
