9/30/2024 1:43 PM | |
Joined: 9/30/2024 Last visit: 9/30/2024 Posts: 1 Rating: (0) |
Dear Denilson Pegaia, Thank you for your post regarding Syslog tips for Siemens SIMATIC S7 controllers. Instead of a duplicate post, Im writing in this post in order to comply with community guidelines. Im working in a discrete control plant with huge S7 deployement. Basically im working for Cybersecurity . Currently we have a proposal from a contractor with S7 1200 controllers. We are checking for feasibility of enabling Syslog using the libraries and onboarding them to SIEM platform. In our IDS, We already have a Type_ID based detection for 1. Program Change-Like Program Download 2. Program Upload 3. Controller Start-Stop 4. Variable change etc., We would like to know 1. What additional capability can Syslog from S7 controller can bring? For eg., 2. Can it detect a PLC input force ? 3. Can it detect a runtime download? It would be of great help if you can answer this as it might help us justifying our additional investment. ------------------------------------------------------------------------------------------ |
Last edited by: Moderator_Lan at: 09/30/2024 14:21:07New subject after splitting |
|
9/30/2024 3:21 PM | |
Joined: 7/7/2010 Last visit: 10/1/2024 Posts: 15257 Rating: (2420)
|
To me, it seems like you want someone to describe what is in the F1-Help regarding syslog option in latest TIA Portal and S7 Firmware. Every document or reference to the syslog functionality always specifies it is _only_ for s7-1500 PLCs. That means, if you want syslog functionality, you need an external programmable device that can interactively interrogate the s7-1200 PLC and then forward the results via syslog. Or, develop additional logic in a companion device that can capture the PLC diag buffer entries and forward to another device that then transforms that to a syslog format. Or, something different from the above that ends up sending out syslog data. If you rephrase the question for S7-1500 specifically, then there are answers built into TIA Portal v19's Help system that you can readily read in detail, and if that detail is lacking (probably is from a cybersecurity perspective), you submit a "Support Request" to Siemens asking for clarification(s).
|
science guy |
|
Follow us on