Share

Sending Yokogawa FAST/TOOLS logs to Solarwinds Loggly

Collecting logs from Yokogawa FAST/TOOLS and sending them to Solarwinds Loggly could be complex due to this unique combination of log sources and the SIEM solution. In this post, we will look at how you can forward log data from Yokogawa FAST/TOOLS to Loggly using NXLog.

Yokogawa FAST/TOOLS

FAST/TOOLS is Yokogawa’s SCADA software platform. Its client-server architecture comprises three main functional components: a SCADA server, a Web HMI client, and a Web HMI server. The SCADA server is responsible for collecting, processing, and managing the logs it receives from the Web HMI clients. The Web HMI server displays events and other operational data from Web HMI clients while also serving as the human-machine interface for displaying the logs that the SCADA server has processed.

FAST/TOOLS comprises several function-specific modules that include OPC server and client functionality and a history scheduler. The FAST/TOOLS software platform integrates with cloud computing and virtualization infrastructures. It is widely deployed in the oil and gas industry and large manufacturing plants worldwide.

Collecting Yokogawa FAST/TOOLS logs

FAST/TOOLS produces a wide variety of logs about its operations. These logs are available in flat files and stored in the C:\Users\Public\Yokogawa\tls\log\ system directory.

There is no room for error or trade-offs because Yokogawa FAST/TOOLS monitors and controls the type of operations Its steady, uninterrupted operation is essential to maintaining plant safety. However, due to excessive log noise, valuable information can sometimes remain hidden in the logs it collects. Another challenge is the lack of consistent log formats. The ability to parse data from various log formats is an absolute necessity.

NXLog Enterprise Edition is a lightweight, modular log collection tool capable of tackling the most challenging cases log collection may pose. Its rich features allow it to read almost any log format and parse fields to produce structured data for further processing. It is the perfect tool for monitoring and collecting FAST/TOOLS logs.

RDBMS data collection

FAST/TOOLS provides an ODBC (open database connectivity) interface that collects data from the FAST/TOOLS data set services layer and sends it directly to an external ODBC compliant database. With FAST/TOOLS, you can view table components and perform faster queries, obtaining much quicker insight into your plant operations. FAST/TOOLS includes an embedded relational database management system (RDBMS) that allows you to execute more complex queries and cross-reference FAST/TOOLS data with your own RDBMS environment.

Collecting FAST/TOOLS logs from file

FAST/TOOLS' file-based logs include start logs, diagnostics logs, system monitor logs, and systems error logs. The processes that detect system errors send messages to the FAST/TOOLS unsolicited message handler (UMH), which manages all the necessary information present in these logs. This information includes the name of the process that detected the error, a timestamp, and an error code. You can view these application error logs in the messages.umh file of the FAST/TOOLS data directory. NXLog is capable of parsing these complex logs by using regular expressions.

FAST/TOOLS passive network monitoring

FAST/TOOLS supports open platform communications (OPC) functionality and includes an embedded OPC Unified Architecture (UA) environment. It also supports classic OPC for distributed communication (DCOM) links across your network. NXLog can passively monitor your network traffic and generate logs for most network protocols.

NXLog’s data normalization and log aggregation capabilities can extend the functionality of Yokogawa FAST/TOOLS. Because NXLog can collect logs from literally any file in any format, it is ideally suited for integrating with FAST/TOOLS' wide variety of log types and file formats.

For more information on integrating NXLog with this SCADA software environment, visit our detailed Yokogawa FAST/TOOLS integration guide.

The log sources mentioned above and NXLog’s features play an important role in normalizing logs to meet Solarwinds Loggly’s requirements.

Sending logs to Solarwinds Loggly

Solarwinds Loggly is a cloud-based log analysis and monitoring service that provides complete visibility of log data from different sources. NXLog can be configured to send log data to Loggly in syslog format over TCP or via the Loggly API using HTTP(S).

Loggly customer token

Loggly requires a customer token to be included with each event sent to its service. This token is an alpha-numeric string generated when creating a Loggly account. You can find your token on the Logs > Source Setup > Customer Tokens page of the web interface.

Sending logs using TCP

Syslog is the most common way to send data to Loggly. The customer token and any custom tags need to be included in the structured data section of the syslog message. Logs can be sent securely to Loggly using TLS encryption. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

Sending logs using HTTPS

As part of their API, Loggly provides two HTTP(S) endpoints that accept log data, one for sending single log records and another for sending logs in batches. Data can be sent as plaintext, JSON, or any log format supported by Loggly’s automated parsing. When logs are sent over HTTPS, the Loggly customer token and any custom tags must be included in the URL. The Loggly certificate file must be downloaded and placed in a location that NXLog can access.

For more information on configuring NXLog and sending logs to Solarwinds Loggly, see the Solarwinds Loggly integration guide in the NXLog User Guide.

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.