Industrial cybersecurity
4.9 Secure operation of CPUs
The following table describes the parameters in the prescribed order.
Parameter
PRI
VERSION
TIMESTAMP
HOSTNAME
APP-NAME
50
Description
PRI encodes the priority of the syslog message, divided into Severity (severity of
the message) and Facility (origin of the message).
The PRI value is formed as follows:
•
PRI = Facility x 8 + Severity
Possible values:
•
Severity
–
0 = Emergency: system is unusable
–
1 = Alert: action must be taken immediately
–
2 = Critical: critical conditions
–
3 = Error: error conditions
–
4 = Warning: warning conditions
–
5 = Notice: normal but significant condition
–
6 = Informational: informational messages
–
7 = Debug: debug-level messages
•
Facility
–
1 = User-level messages
–
2 = Mail system
–
3 = System daemons
–
4 = Security/authorization messages
–
5 = Messages generated internally by syslog
–
6 = Line printer subsystem
–
7 = Network news subsystem
–
8 = UUCP subsystem
–
9 = Clock daemon
–
10 = Security/authorization messages
–
11 = FTP daemon
–
12 = NTP subsystem
–
13 = Log audit
–
14 = Log alert
A CPU does not use all of the listed severity/facility values.
Version number of the syslog specification.
The device sends the time stamp in the format "2023-06-25T12:56:13.005Z" as
UTC time without time zone and correction for daylight-saving/standard time.
Contains the name or IP address of the device or system from which the syslog
message has been sent.
IPv4 address according to RFC1035: Bytes in decimal representation:
XXX.XXX.XXX.XXX
IPv6 address according to RFC4291 Section 2.2
"-" is output if information is missing.
Contains the component (device part or application) from which the message has
been generated.
"-" is output if information is missing.
SIMATIC Drive Controller
System Manual, 11/2023, A5E46600094-AD