Scribd
Upload
201 views1 page

M580 CPU Syslog Messages - v2

The document describes the structure and examples of syslog messages from an M580 CPU. [1] Syslog messages contain information about connections, logins, disconnections and communication parameter changes including timestamp, facility, severity, hostname, application name, process ID, message ID and text. [2] Examples show successful and failed connections, logins and disconnections via applications like Modbus, FTP and security changes triggered by local or remote systems. [3] Communication parameters can change at runtime outside of configuration, such as enabling HTTP.

Uploaded by

Damian Kominiak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
201 views1 page

M580 CPU Syslog Messages - v2

The document describes the structure and examples of syslog messages from an M580 CPU. [1] Syslog messages contain information about connections, logins, disconnections and communication parameter changes including timestamp, facility, severity, hostname, application name, process ID, message ID and text. [2] Examples show successful and failed connections, logins and disconnections via applications like Modbus, FTP and security changes triggered by local or remote systems. [3] Communication parameters can change at runtime outside of configuration, such as enabling HTTP.

Uploaded by

Damian Kominiak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Syslog messages from M580 CPU

Syslog message structure:


Timestamp, Facility, Severity, Hostname, AppName, Procid, MsgID, MessageText (Type, AppMessage…)
General Event Description Additional description Syslog messages examples from Syslog server
App-
Facility Severity (1) Hostname MSGID Type AppMessage
name
Successful connection to or from a tool or device:
- Successful login. 27/02/2020 17:02,Emergency,192.168.11.1,BMEH586040,NILVALUE Modbus @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.11.8"",""type"":""1"",""appMsg"":""Successful
Successful TCP connection (no user) 10 Emergency 192.168.11.1 Hardware ID Modbus @cee 1 Successful Connection
For example: data storage via FTP, Unity Pro Connection"",""repNb"":""0"",""repLastTime"":""(null)""}
application password via Modbus, firmware upload
via FTP, FDR ...
Successful login (Unity Application password 27/02/2020 16:17,Emergency,192.168.11.1,BMEH586040,NILVALUE DEVICE MANAGER @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""1"",""appMsg"":""Successful
- Successful user login to a tool. 10 Emergency 192.168.11.1 Hardware ID DEVICE MANAGER @cee 1 Successful login
via Modbus-Umas) login"",""repNb"":""0"",""repLastTime"":""(null)""}
For example: Unity Pro security editor.
- Successful TCP connection (no user).
For example: Port502 Modbus TCP/IP explicit Successful login ( Data Storage via FTP,
messaging for M580 CPU. FDR Server via FTP, Firmware upload via 10 Emergency 192.168.11.1 Hardware ID FTP @cee 1 Successful login 27/02/2020 16:17,Emergency,192.168.11.1,BMEH586040,NILVALUE FTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.4.80"",""type"":""1"",""appMsg"":""Successful login"",""repNb"":""0"",""repLastTime"":""(null)""}
FTP)

Failed TCP connection (no user) 10 Emergency 192.168.11.1 Hardware ID Modbus @cee 2 Failed Connection 27/02/2020 17:02,Emergency,192.168.11.1,BMEH586040,NILVALUE Modbus @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.11.8"",""type"":""2"",""appMsg"":""Failed Connection"",""repNb"":""0"",""repLastTime"":""(null)""}
Failed connection from a tool or device:
- Failed connection due to access control list (ACL)
check (source IP address / TCP port filtering).
Failed login ( Data Storage via FTP, FDR
- Failed login (with ACL check correct). 10 Emergency 192.168.11.1 Hardware ID FTP @cee 2 Failed login 27/02/2020 17:02,Emergency,192.168.11.1,BMEH586040,NILVALUE FTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.4.80"",""type"":""2"",""appMsg"":""Failed login"",""repNb"":""0"",""repLastTime"":""(null)""}
Server via FTP, Firmware upload via FTP)
For example: data storage via FTP, Unity Pro
application via Modbus, FDR server via FTP...
- Failed user login to a software tool.
For example: Unity Pro. Connection denied : Modbus uncheck in ACL 27/02/2020 17:02,Emergency,192.168.11.1,BMEH586040,NILVALUE Security @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.4.150"",""type"":""2"",""appMsg"":""Modbus connection
10 Emergency 192.168.11.1 Hardware ID Security @cee 2 Modbus connection denied
- Failed TCP connection (no user). denied"",""repNb"":""0"",""repLastTime"":""(null)""}
For example: Port502 Modbus TCP/IP explicit
messaging for M580 CPU.
Connection denied : EIP uncheck in ACL Ethernet/IP Adapter connection 27/02/2020 17:02,Emergency,192.168.11.1,BMEH586040,NILVALUE Security @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.4.80"",""type"":""2"",""appMsg"":""Ethernet/IP Adapter connection denied from
10 Emergency 192.168.11.1 Hardware ID Security @cee 2
denied 192.168.4.80"",""repNb"":""0"",""repLastTime"":""(null)""}

Disconnection triggered by local or peer:


- On demand logout - HTTP, FTP Disconnection triggered by either the
10 Emergency 192.168.11.1 Hardware ID Modbus @cee 5 Disconnection 27/02/2020 16:57,Emergency,192.168.11.1,BMEH586040,NILVALUE Modbus @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""192.168.11.8"",""type"":""5"",""appMsg"":""Disconnection"",""repNb"":""0"",""repLastTime"":""(null)""}
- If no logout, disconnection triggered by local or peer peer/user/local
(TCP Close/Reset)

Communication parameters run time change outside HTTP Enabled Info 192.168.11.1 Hardware ID HTTP @cee 7 HTTP Enabled 27/02/2020 16:54,Info,192.168.11.1,BMEH586040,NILVALUE HTTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""HTTP Enabled"",""repNb"":""0"",""repLastTime"":""(null)""}
configuration:
- Communication services enabled or disabled TFTP Enabled Info 192.168.11.1 Hardware ID TFTP @cee 7 TFTP Enabled 27/02/2020 17:02,Info,192.168.11.1,BMEH586040,NILVALUE TFTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""TFTP Enabled"",""repNb"":""0"",""repLastTime"":""(null)""}
(FTP, TFTP, HTTP, function block in M580 PAC DHCP Enabled Info 192.168.11.1 Hardware ID DHCP @cee 7 DHCP Enabled 27/02/2020 17:02,Info,192.168.11.1,BMEH586040,NILVALUE DHCP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""DHCP Enabled"",""repNb"":""0"",""repLastTime"":""(null)""}
device)
FTP Enabled Info 192.168.11.1 Hardware ID FTP @cee 7 FTP Enabled 27/02/2020 16:56,Info,192.168.11.1,BMEH586040,NILVALUE FTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""FTP Enabled"",""repNb"":""0"",""repLastTime"":""(null)""}
HTTP Disabled Info 192.168.11.1 Hardware ID HTTP @cee 7 HTTP Disabled 27/02/2020 16:53,Info,192.168.11.1,BMEH586040,NILVALUE HTTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""HTTP Disabled"",""repNb"":""0"",""repLastTime"":""(null)""}
DHCP Disabled Info 192.168.11.1 Hardware ID DHCP @cee 7 DHCP Disabled 27/02/2020 16:57,Info,192.168.11.1,BMEH586040,NILVALUE DHCP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""DHCP Disabled"",""repNb"":""0"",""repLastTime"":""(null)""}
TFTP Disabled Info 192.168.11.1 Hardware ID TFTP @cee 7 TFTP Disabled 27/02/2020 16:57,Info,192.168.11.1,BMEH586040,NILVALUE TFTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""TFTP Disabled"",""repNb"":""0"",""repLastTime"":""(null)""}
FTP Disabled Info 192.168.11.1 Hardware ID FTP @cee 7 FTP Disabled 27/02/2020 16:53,Info,192.168.11.1,BMEH586040,NILVALUE FTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""FTP Disabled"",""repNb"":""0"",""repLastTime"":""(null)""}

Configuration Communication Parameters Configuration Communication 27/02/2020 16:49,Info,192.168.11.1,BMEH586040,NILVALUE Configuration @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""7"",""appMsg"":""Configuration Communication
Configuration Communication Parameters Info 192.168.11.1 Hardware ID Configuration @cee 7
Parameters Parameters"",""repNb"":""0"",""repLastTime"":""(null)""}

Major Changes in the system: Application or


Application download 13 Emergency 192.168.11.1 Hardware ID Modbus @cee 8 Application download 27/02/2020 16:48,Emergency,192.168.11.1,BMEH586040,NILVALUE Modbus @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""8"",""appMsg"":""Application download"",""repNb"":""0"",""repLastTime"":""(null)""}
Configuration download from the device

Major Changes in the system:


- Upload of Application/Configuration or Configuration
Application upload 13 Emergency 192.168.11.1 Hardware ID Modbus @cee 9 Application upload 27/02/2020 16:49,Emergency,192.168.11.1,BMEH586040,NILVALUE Modbus @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""9"",""appMsg"":""Application upload"",""repNb"":""0"",""repLastTime"":""(null)""}
only into the device (including CCOTF)

Major changes in the system:


Upload of a new firmware in the device 13 Emergency 192.168.11.1 Hardware ID FTP @cee 10 Firmware upload 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE FTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""10"",""appMsg"":""Firmware upload"",""repNb"":""0"",""repLastTime"":""(null)""}
- Firmware upload.

Major changes in the system:


PLC restart 13 Emergency 192.168.11.1 Hardware ID DEVICE MANAGER @cee 17 Restart 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE DEVICE MANAGER @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""17"",""appMsg"":""Restart"",""repNb"":""0"",""repLastTime"":""(null)""}
- Restart after RESET

Embedded switch port status change:


Port link up, port link down.
"ETHx Link Up" text
"ETHx Link Down" text Plug/Unplug cable 10 Info 192.168.11.1 Hardware ID ETH @cee 16 ETH3 Link Down 27/02/2020 17:50,Info,192.168.11.1,BMEH586040,NILVALUE ETH @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""19"",""appMsg"":""ETH3 Link Down"",""repNb"":""0"",""repLastTime"":""(null)""}
x = port number

Topology changes detected:


Topology changed detected 10 Emergency 192.168.11.1 Hardware ID RSTP @cee 17 ETH2 Forward 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE RSTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""20"",""appMsg"":""ETH2 Forward"",""repNb"":""0"",""repLastTime"":""(null)""}
- From RSTP: port role change or root change
"ETHx Disable" text
"ETHx Forward" text Topology changed detected 10 Emergency 192.168.11.1 Hardware ID RSTP @cee 17 ETH2 Learning 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE RSTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""20"",""appMsg"":""ETH2 Learning"",""repNb"":""0"",""repLastTime"":""(null)""}
"ETHx Learning" text
"ETHx "Blocking" text Topology changed detected 10 Emergency 192.168.11.1 Hardware ID RSTP @cee 17 ETH2 Blocking 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE RSTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""20"",""appMsg"":""ETH2 Blocking"",""repNb"":""0"",""repLastTime"":""(null)""}
x = port number (1-4)
Topology changed detected 10 Emergency 192.168.11.1 Hardware ID RSTP @cee 17 ETH2 Disable 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE RSTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""20"",""appMsg"":""ETH2 Disabled"",""repNb"":""0"",""repLastTime"":""(null)""}

Topology changed detected 10 Emergency 192.168.11.1 Hardware ID RSTP @cee 17 Toplogy Change Detected 27/02/2020 17:50,Emergency,192.168.11.1,BMEH586040,NILVALUE RSTP @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""20"",""appMsg"":""Toplogy Change Detected"",""repNb"":""0"",""repLastTime"":""(null)""}

Major changes in the system: 27/02/2020 16:50,Notice,192.168.11.1,BMEH586040,NILVALUE DEVICE MANAGER @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""85"",""appMsg"":""PLC state: STOP to
STOP to RUN PLC 13 Notice 192.168.11.1 Hardware ID DEVICE MANAGER @cee 85 PLC state: STOP to RUN
- Program operating mode change (run, stop, ...) RUN"",""repNb"":""0"",""repLastTime"":""(null)""}
Init PLC 13 Notice 192.168.11.1 Hardware ID DEVICE MANAGER @cee 85 PLC INIT 27/02/2020 16:49,Notice,192.168.11.1,BMEH586040,NILVALUE DEVICE MANAGER @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""85"",""appMsg"":""PLC INIT"",""repNb"":""0"",""repLastTime"":""(null)""}

27/02/2020 16:49,Notice,192.168.11.1,BMEH586040,NILVALUE DEVICE MANAGER @cee: { ""issuerAddr"":""192.168.11.1"",""peerId"":""(null)"",""peerAddr"":""(null)"",""type"":""85"",""appMsg"":""PLC state: RUN to


RUN to STOP PLC 13 Notice 192.168.11.1 Hardware ID DEVICE MANAGER @cee 85 PLC state: RUN to STOP
STOP"",""repNb"":""0"",""repLastTime"":""(null)""}

(1) NOTE: The terms severity, Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debug are used in this table as attributes of syslog event messages and as defined in RFC 5424 specification of the Internet Engineering Task Force (IETF).

You might also like