Security logging and monitoring¶
Data logging and monitoring is the process of collecting and storing data over a period of time to analyze specific trends or record the data-based events of a system, network or IT environment. It enables tracking of all interactions. Interactions through which data, files, or applications are stored, accessed, or modified, whether on a storage device or application. Logging can produce technical information usable for the maintenance of applications. It supports:
- Identifying performance of the system/application
- Reporting errors, incidents, and other incorrect behavior
- Defining whether a reported bug is a bug
- Analyzing, reproducing and solving bugs
- Testing new features in a developmental stage
Currently, Industrial Edge only supports local storage of log files within IEDs and the IEM.
Requirements for Operation¶
| Requirement | Remark |
|---|---|
| Log files need to be access-protected | Log files are access protected on all Industrial Edge components and can only be written by a privileged user. |
| Retention period of logs | Logs created by the IEM and the IEH are kept for x days in case of using the SaaS solutions provided by Siemens. |
| Central logging and monitoring | There is currently no possibility to forward generated logs for all components to a central logging (SIEM) solution which covers log aggregation for IEM, IEDs and the apps running on them. The IEMs running in the cloud forward their logs to AWS cloudwatch, logs being generated on customer infrastructure are persisted according to the specification of the customer. |
| Log information for support cases | In case one has a problem and needs support, log information for the corresponding devices can be collected centrally on the IEM. The generated information is an archive which can be forwarded to the Siemens support. |