SysLog

Discussion about security topics in WinCC OA!
Search

Post Reply
5 posts • Page 1 of 1
ilariabonori
Posts: 10
Joined: Thu Dec 13, 2018 12:54 pm

SysLog

Post by ilariabonori » Thu Mar 21, 2019 2:01 pm

Hello everybody,

Does SysLog supported by WinCC OA 3.16?
It is useful to exchange with plant log information.

Thanks a lot

Best regards

User avatar
leoknipp
Posts: 1819
Joined: Tue Aug 24, 2010 5:28 pm

Re: SysLog

Post by leoknipp » Fri Mar 22, 2019 9:50 am

Can you please describe more detailed what the question/requirement is.
Which operating system are you using?

Best Regards
Leopold Knipp
Senior Support Specialist

ilariabonori
Posts: 10
Joined: Thu Dec 13, 2018 12:54 pm

Re: SysLog

Post by ilariabonori » Fri Mar 22, 2019 1:27 pm

Thanks for reply.

Below some details about the topic:

Our customer have an SIEM (security information and event management) server (based on IBM cybersecurity Qradar platform) where are collected all events related to security.

Customer requires that login and logout events in SCADA application shall be send to SIEM system through SYSLOG protocol (this protocol is not supported by Windows but there are some libraries that support this).

Does WinCCOA support the libraries described above?

The event result will be similar to the following (JSON format):

{

"Severity":"Info",
"Timestamp":"2019-03-31T12:02:05.836",
"System":"SCADA",
"Component":"SCADAGUI",
"Function":"Authentication",
"Message":"Login on SCADA by user domain\username",
"Operation":"Login",
"User":"username",
"Host":"localhost"

}

Best regards.

User avatar
kilianvp
Posts: 186
Joined: Fri Jan 16, 2015 9:29 am

Re: SysLog

Post by kilianvp » Fri Mar 22, 2019 1:44 pm

No but you can do that by your own. We have some customer who print out every event.

Im sure you can use some kind of REST API.

Best regards.

ilariabonori
Posts: 10
Joined: Thu Dec 13, 2018 12:54 pm

Re: SysLog

Post by ilariabonori » Fri Mar 22, 2019 2:57 pm

Who manages this library? WinCC OA or our SIEM server?
Thanks a lot

Best regards

Post Reply
5 posts • Page 1 of 1