Sending Siemens SICAM PAS/PQS logs to Solarwinds Loggly

Share

Collecting logs from Siemens SICAM PAS/PQS and sending them to Solarwinds Loggly could be a complex task due to this unique combination of the log source and the destination SIEM. In this post, we will look at how you can forward log data from Siemens SICAM PAS/PQS to Loggly using the NXLog log collection agent.

Siemens SICAM PAS/PQS

Siemens SICAM PAS is an adaptive power automation system that supports the implementation of project-specific tasks in the industrialization field SICAM PAS uses an intuitive, user-friendly interface that simplifies and optimizes process monitoring. With its distributed architecture SICAM PAS is a scalable solution well-suited to weightier networks where it can leverage your existing network infrastructure to communicate efficiently and securely.

SICAM PAS is a modular system. The UI - Configuration component is responsible for the configuration and parameterization of your plant, as well as exchanging configuration data. UI - Operation can activate or deactivate individual components. UI - Operation Client provides access to UI - Operation on any connected remote computer via a web browser. Value Viewer displays information about any connected device or substation and can verify if the system transfers the correct values.

Siemens SICAM PQS lets you analyze all fault records and power quality data within a single system. With it, you get a quick, uncomplicated overview of the quality of your system. SICAM PAS can identify potential fault sources early on so that they can be systematically eliminated. It also provides automatic reporting and notifications when power quality standards are unmet.

Some of the main components of SICAM PQS include the PQ Analyzer, the Incident Explorer, the Fault Event Viewer, which displays fault events and their records, the Event Viewer, and the Report Browser.

SICAM PAS/PQS is used mainly in electric utility companies and industrial plants worldwide.

Collecting SICAM PAS/PQS logs

SICAM PAS/PQS produces a wide variety of logs concerning its operations. Some of those logs are available through Windows Event Log and network monitoring, but most of them exist as flat files.

Because of the complex nature and scope of the systems SICAM PAS/PQS controls, there is no room for error. Its stable and consistent operation is crucial for plant safety. SICAM PAS/PQS logs often contain valuable information about the systems it controls. However, due to excessive log noise, this valuable information can sometimes remain hidden in the logs it collects. Another challenge is the lack of consistent log formats. The ability to parse data from a wide variety of log formats is an absolute necessity.

NXLog Enterprise Edition is a lightweight, modular log collection tool, capable of tackling the most complex cases log collection may pose. Due to its rich set of features, it can read almost any log format and parse fields to produce structured data for further processing. For these reasons, it is the perfect tool for monitoring and collecting SICAM PAS/PQS logs.

Collecting SICAM PAS/PQS logs from Windows Event Log

Windows Event Log is the main logging subsystem for Microsoft Windows. The logs that SICAM PAS/PQS generates contain diagnostic and security-related events, such as user authentication, the state of system components, and record modifications. These events are stored in the PASSecurity and PQ Analyzer Security folders under Applications and Services Logs. NXLog can easily read and collect these events using the appropriate SICAM PAS/PQS source names.

Collecting SICAM PAS/PQS logs from file

File-based SICAM PAS/PQS logs include installation logs, watchdog logs, system logs, and fault event agent logs. With NXLog’s rich set of features, it can efficiently read and parse such file-based logs, and then reliably forward them to your preferred SIEM solution.

SICAM PAS/PQS passive network monitoring

NXLog can passively monitor network traffic and generate logs for most network protocols. With this feature it can provide yet another valuable log source by monitoring communications between control centers, bay devices, and substations.

NXLog’s data normalization and log aggregation capabilities can extend the functionality of SICAM PAS/PQS. Because NXLog can collect logs from literally any file, in any format, it is ideally suited for integrating with the wide variety of log types and formats that SICAM PAS/PQS systems generate.

For more information on integrating NXLog with SICAM PAS/PQS, see the Siemens SICAM PAS/PQS integration guide.

The log sources mentioned above and NXLog’s features play a crucial role in normalizing logs accepted by Solarwinds Loggly.

Sending logs to Solarwinds Loggly

Solarwinds Loggly is a cloud-based log analysis and monitoring service that provides complete visibility of log data from different sources. NXLog can be configured to send log data to Loggly in syslog format over TCP or via the Loggly API using HTTP(S).

Loggly customer token

Loggly requires a customer token to be included with each event sent to its service. This token is an alpha-numeric string generated when creating a Loggly account. You can find your token on the Logs > Source Setup > Customer Tokens page of the web interface.

Sending logs using TCP

Syslog is the most common way to send data to Loggly. The customer token and any custom tags need to be included in the structured data section of the syslog message. Logs can be sent securely to Loggly using TLS encryption. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

Sending logs using HTTPS

As part of their API, Loggly provides two HTTP(S) endpoints that accept log data, one for sending single log records and another for sending logs in batches. Data can be sent as plaintext, JSON, or any log format supported by Loggly’s automated parsing. When logs are sent over HTTPS, the Loggly customer token and any custom tags must be included in the URL. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

For more information on configuring NXLog and sending logs to Solarwinds Loggly, see the Solarwinds Loggly integration guide in the NXLog User Guide.

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.