Security Events Description
A general description of the structure of security events and the severity of the contained information.
Event Log Message Elements
The description of the dedicated security event log messages contain following elements:
- ID
- The unique ID of an event.
- Example
- An example log message to demonstrate the structure and content of the specific log message event.
- Symbolic Structure
-
Each log message contains following elements:
Element Description Source The manager that sent the log message. Contains the type of manager as well as the manager ID. Time Stamp Time information to indicate when the log message was written to the log. Category Message category Type The severity of the raised log messages, see Severity. EventID ID of the event, as used within the _errors.cat
file. If the event message is defined within a different catalogue file, it is also stated with the EventID, e.g.17/OaLogin
for theSE_ACCOUNT_DISABLED
event.Log Message The actual message of the log entry, containing information or details about events or errors that occurred. - Additional Details
- Information that elaborates on the content of the log message. Contains, for example, information about specific elements of the error message, which are dynamically added.
- Test Information (optional)
- To validate if specific events are correctly recognized within your system, this section of the Security Events in WinCC OA provides steps or details on how to trigger the log message and therefore test your system against these steps.
Severity
- Fatal
-
Represents critical failures that will stop the whole manager or even project.
For example: “S7 driver cannot be started” or “Corrupt table structure in project configuration database”
- Severe
-
A software problem that the system cannot handle, but can continue to operate around with limited functionality. This can be caused e.g., by environment problems (e.g. missing resources) or internal programming errors. Severe issues should not occur in released product versions, but if they occur, they are valuable hints for analysis.
For example:
“License not found, using demo license instead”
, “Unable to create/persist alert”
“Unable to load last values from DB”
Note: Errors, which the system can handle (e.g.“Wrong time-format used, using default values instead”
, “NULL time occurred in DB record, using default value instead”) are usually classified as warnings (see below). - Warning
-
A smaller disturbance that the system can handle per design and has no major effect on usability.
For example:
“Connection to PLC is lost, attempting to reconnect”
,“Wrong time-format used, using default values instead”
,“NULL time occurred in DB record”
- Info
-
Stands for information.
For example:
“Connection with PLC was established”
,“Listening on port 1234”, “Manager stop”