Event Logging on Secure System Components
You must use several event logging tools with the secure components in a high
availability system. You must configure logging to read all events on all secure
components in both chassis of the redundant chassis pair:
- Log events on theControlLogix®5590 controllers withFactoryTalk® AssetCentresoftware.
- Log events on the 1756-EN4TR communication modules with the syslog collector.
- Log events on the 1756-RM3 redundancy modules with theFactoryTalk® LinxRedundancy Module Configuration Tool (RMCT).
IMPORTANT:
The RMCT event logs and 1756-EN4TR syslogs do not show which user performed an action
that caused an event to be logged. However, in
FactoryTalk® Administration Console
, you can enable the syslog collector to store FactoryTalk®
Diagnostics messages from FactoryTalk®
-enabled applications. These logs enable you to view the user name associated with
configuration changes. For more information, see the FactoryTalk Security System
Configuration Guide, publication FTSEC-QS001V.Logging Guidelines
To comply with IEC-62443-4-2 requirements for logging, refer to the following table
for guidelines.
Requirement | Guideline |
|---|---|
Time stamps from logs must not impact essential functions | Because time stamps can be inaccurate for various reasons, such
as an inaccurate time source, do not use time stamps from logs
in your controller program for essential functions, especially
not in safety applications. |
Logging must not impact your system reaction time | If you notice an impact to the system reaction time caused by
logging-related network traffic, configure a lower frequency of
logging via FactoryTalk® AssetCentre software. See the FactoryTalk AssetCentre Getting Results
Guide, publication FTAC-GR002. |
Provide Feedback