Collecting logs from General Electric CIMPLICITY and sending them to Solarwinds Loggly could be complex due to this unique combination of log sources and destination SIEM. In this post, we will look at how you can forward log data from GE CIMPLICITY to Loggly using NXLog.
General Electric CIMPLICITY
General Electric CIMPLICITY is a human-machine interface (HMI) and SCADA system solution based on a client-server architecture of servers and viewers. This architecture allows viewers to visualize data and control actions within plants located across the globe. The server’s primary function is to collect and distribute data. A viewer has full access to the data a server has collected once it has connected to that server. The ability to seamlessly network servers and viewers for the purpose of sharing data, configurations, and screens eliminates duplicate work and data. This efficient management of resources facilitates faster access to critical data needed for decision-making. Cimplicity is used in some of the largest manufacturing factories around the world.
Collecting GE CIMPLICITY logs
CIMPLICITY produces a wide variety of logs about its operations. Some of the logs are available through Windows Event Log and network monitoring, but most of the logs are in the format of flat files.
Due to the critical nature and scope of the systems CIMPLICITY controls, there is no room for errors. Its stable, uninterrupted operation is crucial to plant safety. Although CIMPLICITY logs contain valuable information about the systems it controls, the relatively high level of log noise and the lack of a consistent log format present some challenges.
NXLog Enterprise Edition is a lightweight, modular log collection tool, capable of tackling the most demanding cases log collection may pose. Owing to its rich set of features, it can read almost any log format and parse fields to produce structured data for further processing. For these reasons, it is the perfect tool for monitoring and collecting CIMPLICITY logs.
- Logging and Archiving
-
CIMPLICITY provides a database logger which is capable of collecting, analyzing, and creating reports from a variety of ODBC (open database connectivity) complaint databases. You can create, configure, edit tables, and also specify when and what ODBC data source you would like to gather log events from, for any selected process.
- Collecting GE CIMPLICITY logs from Windows Event Log
-
Windows Event Log is the primary logging facility on the Windows platform. The logs CIMPLICITY services generate contain project log files, system log files, and web configuration services logs. Logs can be read and collected using an event id related to CIMPLICITY or by a given source name.
- Collecting GE CIMPLICITY logs from file
-
CIMPLICITY’s file-based logs include project status and system status logs, counters log files, protocol stack trace logs, as well as optional OPC client debug tracing. With CIMPLICITY Log Viewer’s powerful capabilities, you can view project status and system status log files in other formats including CSV, ASCII, or TXT.
- GE CIMPLICITY passive network monitoring
-
NXLog can passively monitor network traffic and generate logs for most network protocols. This ability to log network communication between servers and viewers can provide another valuable log source.
Data normalization and log aggregation are other features that NXLog can provide CIMPLICITY. With NXLog’s ability to collect logs from literally any file, in any format, it is ideally suited for integrating with CIMPLICITY’s wide variety of log types and file formats.
For more information on integrating NXLog with Cimplicity, see the General Electric CIMPLICITY integration guide.
The log sources mentioned above and NXLog’s features play an important role in normalizing logs accepted by Solarwinds Loggly.
Sending logs to Solarwinds Loggly
Solarwinds Loggly is a cloud-based log analysis and monitoring service that provides complete visibility of log data from different sources. NXLog can be configured to send log data to Loggly in syslog format over TCP or via the Loggly API using HTTP(S).
- Loggly customer token
-
Loggly requires a customer token to be included with each event sent to its service. This token is an alpha-numeric string generated when creating a Loggly account. You can find your token on the Logs > Source Setup > Customer Tokens page of the web interface.
- Sending logs using TCP
-
Syslog is the most common way to send data to Loggly. The customer token and any custom tags need to be included in the structured data section of the syslog message. Logs can be sent securely to Loggly using TLS encryption. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.
- Sending logs using HTTPS
-
As part of their API, Loggly provides two HTTP(S) endpoints that accept log data, one for sending single log records and another for sending logs in batches. Data can be sent as plaintext, JSON, or any log format supported by Loggly’s automated parsing. When logs are sent over HTTPS, the Loggly customer token and any custom tags must be included in the URL. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.
For more information on configuring NXLog and sending logs to Solarwinds Loggly, see the Solarwinds Loggly integration guide in the NXLog User Guide.