Security - Syslog configuration 

Available from firmware 2022.0 LTS

Please note the guidelines in our PLCnext Security Info Center.
For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the security context.

Syslog Configuration page

In the Syslog Configuration WBM page you can configure connections for logging via syslog-ng, which is a system-wide, real-time capable log management tool.

If a configuration is present in this WBM page then the Syslog Server Destinations table shows the configured server destinations to be used for defined facilities and severity levels. The table provides this information: 

• Hostname: The hostname or IP address of the syslog-ng server destination to send the logging messages to.
• Port: The port on which the syslog-ng server waits for syslog messages. Make sure the port is enabled in the firewall settings for outgoing requests.
• Protocol: Transmission protocol to the server. For secure transmission, TLS is recommended which depends on a Trust Store.
• Facilities: Specifies the system type of the messages to be logged. 
• Severity Level: The severity level and its short term of the messages to be logged. 
  These levels are available:
  1. >= Internal (debug)
  2. >= Information (info)
  3. >= Warning (warning)
  4. >= Error (err)
  5. >= Critical Error (crit)
  6. >= Fatal Error (alert)
  7. Emergency (emerg)

Adding a syslog server destination

When opening this WBM page for the first time, the Syslog Server Destinations table will be empty:

• To add a new server configuration entry, click on at the 1 bottom right of the table.
  ↪ The Add a new Syslog Server Destination entry dialog opens.
• Set the 2 hostname, transmission protocol, and transmission port for the destination:
  

If the TLS protocol is selected a Trust Store for verification must be defined. 

• If you know a Trust Store name already, just type in a few characters in the input field. All trust stores that match or start with the entry are then available from the drop-down list.
• If you leave the input field empty, you can select in the drop-down list from all existing Trust Stores.
  
• Select at minimum one 3 facility and choose a 4 severity level:
  
• Click OK to add the new configuration entry to the table.
  ↪ The new entry is then available in the Syslog Server Destinations table.
  
• Proceed with entries for other connections and facilities if needed.
• To safe all changes made to the configuration, click the Apply button below the Syslog Server Destinations table.
  ↪ The configuration is then written to the XML configuration file.

Editing a server destination

• To edit an existing server destination, press its  button at the table's right side 5:
  
  ↪ The Edit Syslog server destination dialog opens.
• The destination can be edited there in the same way it was created initially:
  

Deleting a server destination

• To delete a server destination from the Syslog Server Destinations table, click the  button at the table's right side 5.
  ↪ You are prompted to confirm that choice:

Activating and deactivating the syslog configuration

In the General Options table, you can activate or deactivate a configuration: 

Activating a syslog configuration

• Check the checkbox 6 and click Apply below the table 7.
  ↪ The configuration is saved as an XML file in the file system on the controller. Its path is /opt/plcnext/config/Services/Syslog/Syslog.config.
  ↪ This XML file is then converted into a syslog-ng capable configuration file and loaded to run the logging. 

Deactivating a syslog configuration

• Uncheck the checkbox 6 and click Apply for this change 7.
  ↪ An empty syslog-ng configuration file is generated, so no messages will be sent to a server destination. An existing XML configuration file will be left unaltered, though. So when you need the same configuration again you can just activate it. Also, if no destination is defined when activating no messages will be sent.