Event Logging on Secure System Components

You must use several event logging tools with the secure components in a high availability system. You must configure logging to read all events on all secure components in both chassis of the redundant chassis pair:
  • Log events on the
    ControlLogix®
    5590 controllers with
    FactoryTalk® AssetCentre
    software.
  • Log events on the 1756-EN4TR communication modules with the syslog collector.
  • Log events on the 1756-RM3 redundancy modules with the
    FactoryTalk® Linx
    Redundancy Module Configuration Tool (RMCT).
IMPORTANT:
The RMCT event logs and 1756-EN4TR syslogs do not show which user performed an action that caused an event to be logged. However, in
FactoryTalk® Administration Console
, you can enable the syslog collector to store
FactoryTalk®
Diagnostics messages from
FactoryTalk®
-enabled applications. These logs enable you to view the user name associated with configuration changes. For more information, see the FactoryTalk Security System Configuration Guide, publication FTSEC-QS001V.

Logging Guidelines

To comply with IEC-62443-4-2 requirements for logging, refer to the following table for guidelines.
Requirement
Guideline
Time stamps from logs must not impact essential functions
Because time stamps can be inaccurate for various reasons, such as an inaccurate time source, do not use time stamps from logs in your controller program for essential functions, especially not in safety applications.
Logging must not impact your system reaction time
If you notice an impact to the system reaction time caused by logging-related network traffic, configure a lower frequency of logging via
FactoryTalk® AssetCentre
software. See the FactoryTalk AssetCentre Getting Results Guide, publication FTAC-GR002.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal