Sending GE CIMPLICITY logs to Solarwinds Loggly

Share

Collecting logs from General Electric CIMPLICITY and sending them to Solarwinds Loggly could be complex due to this unique combination of log sources and destination SIEM. In this post, we will look at how you can forward log data from GE CIMPLICITY to Loggly using NXLog.

General Electric CIMPLICITY

General Electric CIMPLICITY is a human-machine interface (HMI) and SCADA system solution based on a client-server architecture of servers and viewers. This architecture allows viewers to visualize data and control actions within plants located across the globe. The server’s primary function is to collect and distribute data. A viewer has full access to the data a server has collected once it has connected to that server. The ability to seamlessly network servers and viewers for the purpose of sharing data, configurations, and screens eliminates duplicate work and data. This efficient management of resources facilitates faster access to critical data needed for decision-making. Cimplicity is used in some of the largest manufacturing factories around the world.

Collecting GE CIMPLICITY logs

CIMPLICITY produces a wide variety of logs about its operations. Some of the logs are available through Windows Event Log and network monitoring, but most of the logs are in the format of flat files.

Due to the critical nature and scope of the systems CIMPLICITY controls, there is no room for errors. Its stable, uninterrupted operation is crucial to plant safety. Although CIMPLICITY logs contain valuable information about the systems it controls, the relatively high level of log noise and the lack of a consistent log format present some challenges.

NXLog Enterprise Edition is a lightweight, modular log collection tool, capable of tackling the most demanding cases log collection may pose. Owing to its rich set of features, it can read almost any log format and parse fields to produce structured data for further processing. For these reasons, it is the perfect tool for monitoring and collecting CIMPLICITY logs.

Logging and Archiving

CIMPLICITY provides a database logger which is capable of collecting, analyzing, and creating reports from a variety of ODBC (open database connectivity) complaint databases. You can create, configure, edit tables, and also specify when and what ODBC data source you would like to gather log events from, for any selected process.

Collecting GE CIMPLICITY logs from Windows Event Log

Windows Event Log is the primary logging facility on the Windows platform. The logs CIMPLICITY services generate contain project log files, system log files, and web configuration services logs. Logs can be read and collected using an event id related to CIMPLICITY or by a given source name.

Collecting GE CIMPLICITY logs from file

CIMPLICITY’s file-based logs include project status and system status logs, counters log files, protocol stack trace logs, as well as optional OPC client debug tracing. With CIMPLICITY Log Viewer’s powerful capabilities, you can view project status and system status log files in other formats including CSV, ASCII, or TXT.

GE CIMPLICITY passive network monitoring

NXLog can passively monitor network traffic and generate logs for most network protocols. This ability to log network communication between servers and viewers can provide another valuable log source.

Data normalization and log aggregation are other features that NXLog can provide CIMPLICITY. With NXLog’s ability to collect logs from literally any file, in any format, it is ideally suited for integrating with CIMPLICITY’s wide variety of log types and file formats.

For more information on integrating NXLog with Cimplicity, see the General Electric CIMPLICITY integration guide.

The log sources mentioned above and NXLog’s features play an important role in normalizing logs accepted by Solarwinds Loggly.

Sending logs to Solarwinds Loggly

Solarwinds Loggly is a cloud-based log analysis and monitoring service that provides complete visibility of log data from different sources. NXLog can be configured to send log data to Loggly in syslog format over TCP or via the Loggly API using HTTP(S).

Loggly customer token

Loggly requires a customer token to be included with each event sent to its service. This token is an alpha-numeric string generated when creating a Loggly account. You can find your token on the Logs > Source Setup > Customer Tokens page of the web interface.

Sending logs using TCP

Syslog is the most common way to send data to Loggly. The customer token and any custom tags need to be included in the structured data section of the syslog message. Logs can be sent securely to Loggly using TLS encryption. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

Sending logs using HTTPS

As part of their API, Loggly provides two HTTP(S) endpoints that accept log data, one for sending single log records and another for sending logs in batches. Data can be sent as plaintext, JSON, or any log format supported by Loggly’s automated parsing. When logs are sent over HTTPS, the Loggly customer token and any custom tags must be included in the URL. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

For more information on configuring NXLog and sending logs to Solarwinds Loggly, see the Solarwinds Loggly integration guide in the NXLog User Guide.

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.