Transcription
Sending SYSLOGmessages with an S7PLCSIMATIC, TIA Portal, en/view/51929235SiemensIndustryOnlineSupport
Legal informationLegal informationUse of application examplesApplication examples illustrate the solution of automation tasks through an interaction of severalcomponents in the form of text, graphics and/or software modules. The application examples area free service by Siemens AG and/or a subsidiary of Siemens AG (“Siemens”). They are nonbinding and make no claim to completeness or functionality regarding configuration andequipment. The application examples merely offer help with typical tasks; they do not constitutecustomer-specific solutions. You yourself are responsible for the proper and safe operation of theproducts in accordance with applicable regulations and must also check the function of therespective application example and customize it for your system.Siemens grants you the non-exclusive, non-sublicensable and non-transferable right to have theapplication examples used by technically trained personnel. Any change to the applicationexamples is your responsibility. Sharing the application examples with third parties or copying theapplication examples or excerpts thereof is permitted only in combination with your own products.The application examples are not required to undergo the customary tests and quality inspectionsof a chargeable product; they may have functional and performance defects as well as errors. It isyour responsibility to use them in such a manner that any malfunctions that may occur do notresult in property damage or injury to persons. Siemens AG 2018 All rights reservedDisclaimer of liabilitySiemens shall not assume any liability, for any legal reason whatsoever, including, withoutlimitation, liability for the usability, availability, completeness and freedom from defects of theapplication examples as well as for related information, configuration and performance data andany damage caused thereby. This shall not apply in cases of mandatory liability, for exampleunder the German Product Liability Act, or in cases of intent, gross negligence, or culpable loss oflife, bodily injury or damage to health, non-compliance with a guarantee, fraudulentnon-disclosure of a defect, or culpable breach of material contractual obligations. Claims fordamages arising from a breach of material contractual obligations shall however be limited to theforeseeable damage typical of the type of agreement, unless liability arises from intent or grossnegligence or is based on loss of life, bodily injury or damage to health. The foregoing provisionsdo not imply any change in the burden of proof to your detriment. You shall indemnify Siemensagainst existing or future claims of third parties in this connection except where Siemens ismandatorily liable.By using the application examples you acknowledge that Siemens cannot be held liable for anydamage beyond the liability provisions described.Other informationSiemens reserves the right to make changes to the application examples at any time withoutnotice. In case of discrepancies between the suggestions in the application examples and otherSiemens publications such as catalogs, the content of the other documentation shall haveprecedence.The Siemens terms of use (https://support.industry.siemens.com) shall also apply.Security informationSiemens provides products and solutions with industrial security functions that support the secureoperation of plants, systems, machines and networks.In order to protect plants, systems, machines and networks against cyber threats, it is necessaryto implement – and continuously maintain – a holistic, state-of-the-art industrial security concept.Siemens’ products and solutions constitute one element of such a concept.Customers are responsible for preventing unauthorized access to their plants, systems, machinesand networks. Such systems, machines and components should only be connected to anenterprise network or the internet if and to the extent such a connection is necessary and onlywhen appropriate security measures (e.g. firewalls and/or network segmentation) are in place.For additional information on industrial security measures that may be implemented, please emens’ products and solutions undergo continuous development to make them more secure.Siemens strongly recommends that product updates are applied as soon as they are availableand that the latest product versions are used. Use of product versions that are no longersupported, and failure to apply the latest updates may increase customer’s exposure to cyberthreats.To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feedat: ogging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20182
Table of contentsTable of contentsLegal information . 21Introduction . 41.11.22Engineering . 72.12.1.12.1.22.1.32.1.42.22.2.12.2.22.32.4 Siemens AG 2018 All rights reserved3Interface description . 7LSyslog Send . 7Optional: LSyslog Data. 11LSyslog typeMessage . 11LSyslog typeUtcTime . 11Integration into the User project . 12Integration of the block library . 12Integration of the blocks into the program . 13Operation of the block "LSyslog Send" . 13Error handling . 14Useful information . 153.13.1.13.23.34Overview. 4Mode of operation . 6The syslog protocol . 15Description . 15The message header . 16The transmission mechanism. 19Appendix . 204.14.24.3Service and Support . 20Links and Literature . 21Change documentation . 21Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20183
1 Introduction1Introduction1.1OverviewThe simple syslog protocol allows applications to send messages, alerts, or errorconditions to a syslog server. Syslog is used typically in computer systemmanagement and security monitoring and has now become established as astandard (RFC 5424) in the field of logging. For more information on the syslogprotocol, refer to section 3.This library recreates the syslog protocol and makes it possible to send messagesto the server via open communication.Possible application of the "LSyslog" libraryYou can transmit individually generated messages via this block from your S7 PLCto the syslog serverFigure 1-1Syslog server Siemens AG 2018 All rights 0OpenControllerS7-300SIMATICStationsLSyslog Sen dLSyslog Sen dLSyslog Sen dAlarms,warnings,messagesSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/2018LSyslog Sen dLSyslog Sen dProcess4
1 IntroductionValidity:The "LSyslog" library can be used with all PROFINET-capable S7 PLCs and viaEthernet CPs/CMs with which Open User Communication (OUC) can beprogrammed.These can be PLCs of the following series: S7-1200 PLCs from FW 4.0 S7-1500 PLCs S7-300 PLCs from FW 3.2 S7-400 PLCs from FW 6.0 ET 200SP PLC ET 200SP Open ControllersThe TIA Portal V14 SP1 serves as the configuration software. Siemens AG 2018 All rights reservedAll standard products can be used as a syslog server. The Kiwi Syslog Serverversion 9.2.1 from SolarWinds was used for the configuration.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20185
1 Introduction1.2Mode of operationFunctionThe library provides a function block (FB) that fulfills the following functions: Establishment of a UDP connection to the syslog server by means of opencommunication blocks. Embedding of the user alarm with timestamp in the syslog protocol. Sending the syslog alarm.SequenceThe "LSyslog Send" FB internally operates as a state machine, which is controlledvia the inputs "enable" and "sendRequest". The following figure shows thesequence for the FB "LSyslog Send".Figure 1-2: Sequence Siemens AG 2018 All rights reservedpositive edge on#enableStart conncetion tosyslog serverError at connectionestablishmentError at handling offunction “TCON”ERRORNew connectionestablishment mustbe done in case ofWait for negative edge erroron #enableWait for positive edgeon #sendRequestIDLEPositive edge on#sendRequestSend syslogmessageCreate syslogmessagenegative edge on#enableTrennen derVerbindung zumSyslog-ServerSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20186
2 Engineering2Engineering2.1Interface descriptionThe "LSyslog" library contains the following blocks:S7-1200/1500 and S7-300/400Table 2-1: Overview of specific library blocksNameTypeVersionDescriptionLSyslog SendFBV1.0.0Organizes thetransmission and creationof the message frames.LSyslog DataDBV1.0.0Optional data block forwiring the inputs andoutputs of"LSyslog Send".S7-300/400Table 2-2: Overview via S7-300/400 blocks Siemens AG 2018 All rights reservedNameLSyslog typeUtcTimeTypeData typeVersionV1.0.0DescriptionThis data typecontains a structureto convert thetimestamp to astring.CommonTable 2-3: Overview of common library blocksNameLSyslog typeMessage2.1.1TypeData typeVersionV1.0.0DescriptionThis data typecontains all variabledata of a syslogmessage.LSyslog SendFunction descriptionThe FB "LSyslog Send" manages the connection to the syslog server andtransmits the messages. Connection establishment and termination via the input "enable". Creates a alarm and sends it to the syslog server with a positive edge at the"sendRequest" input. Adds the current timestamp and sender information to the message. Outputs error statuses of the block over the output parameters "status","statusID" and "error" for at least one cycle.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20187
2 EngineeringBlock interface for S7-1200/ 1500The following figure shows the calling up of the "LSyslog Send" block for S7-1200and S7-1500:Figure 2-1: LSyslog SendLSyslog edconnectionDescriptionTCON IP v4BoolTCON IP e"LSyslog typeMessage" Siemens AG 2018 All rights reservedInt"LSyslog typeMessage"The following table shows the input and output parameters of the "LSyslog Send"block for S7-1200 and S7-1500:Table 2-4: Parameters of LSyslog Send for S7-1200/1500NameP typeData typeCommentenableINBoolThe block is started with a positiveedge at the "enable" input.The block initializes a UDPconnection.sendRequestINBoolWith a positive edge at the input"sendRequest" a transmission canbe started if the connection hasbeen initialized.errorOUTBoolDisplays parameter assignmenterrors or errors of the OUC blocks.statusOUTWordSpecifies the error (see chapter2.4).statusIDOUTIntSpecifies the source of the error(see chapter 2.4).validOUTBoolIs true if the block is activated,there are no errors and thus theoutputs of the FB are valid.busyOUTBoolIs true if the block is in progress.Only if the output is "false" arechanges made to the inputs.doneOUTBoolIs set for one cycle when atransmission has been Is set as soon as a connection hasbeen established successfully.Only if the output is true can aSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20188
2 EngineeringNameP typeData typeCommentmessage be sent.IN OUTTCON IP v4All information about theconnection must be transferredhere.hostAddressIN OUTStringIP address of the source of themessage.plcNameIN OUTStringName of the controller in whichthe message was generated.messageIN OUT"LSyslog typeMessage"The following parameters aretransferred to the block with thePLC data type: "facility"(Message source. For furtherinformation see Figure 3-4) "severity"(Severity of the message. Forfurther information see Figure3-5) "message" (any messagetext) Siemens AG 2018 All rights reservedconnectionDescriptionSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/20189
2 EngineeringBlock interface for S7-300/400The following figure shows the calling up of the "LSyslog Send" block for S7-300and S7-400:Figure 2-2: LSyslog Send for S7-300/400LSyslog ringhostAddressStringplcNamevalidBool"LSyslog neBoolconnectionEstablishedBoolTCON PARstatusIDIntThe following table shows the inputs and outputs of the "LSyslog Send" block forS7-300 and S7-400: Siemens AG 2018 All rights reservedTable 2-5: Parameters of LSyslog Send for S7-300/400NamePtypeData typeCommentenableINBoolThe block is started with a positiveedge at the "enable" input.The block initializes a UDPconnection.sendRequestINBoolWith a positive edge at the input"sendRequest" a transmission canbe started if the connection hasbeen initialized.hostAddressINStringIP address of the source of themessage.plcNameINStringName of the controller in which themessage was generated.messageIN"LSyslog typeMessage"The following parameters aretransferred to the block with thePLC data type: "facility"(Message source. For furtherinformation see Figure 3-4) "severity"(Severity of the message. Forfurther information see Figure3-5) "message" (any message text)connectionDescriptionINTCON PARAll information about the connectionmust be transferred here.errorOUTBoolDisplays parameter assignmenterrors or errors of the OUC blocks.statusOUTWordSpecifies the error (see chapter2.4).statusIDOUTIntSpecifies the source of the errorSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201810
2 EngineeringNamePtypeData typeComment(see chapter 2.4).2.1.2validOUTBoolIs true if the block is activated, thereare no errors and thus the outputsof the FB are valid.busyOUTBoolIs true if the block is in progress.Only if the output is "false" arechanges made to the inputs.doneOUTBoolIs set for one cycle when atransmission has been Is set as soon as a connection hasbeen established successfully. Onlyif the output is true can a messagebe sent.Optional: LSyslog Data Siemens AG 2018 All rights reservedThe data block "LSyslog Data" is used for the compact administration of all datarequired for the block calling of "Syslog". Its use is not absolutely necessary, butcan also be done individually in distributed data blocks.2.1.3LSyslog typeMessageThe data type "LSyslog typeMessage" contains the parameters: Facility Severity MessageThese parameters must be assigned suitable values for each message. You canfind an overview of the valid values in the section 3.2.2.1.4LSyslog typeUtcTimeThe data type "LSyslog typeUtcTime" contains the parameters: Year Month Day Hour Minute Second Millisecond msThese parameters serve as a template for using the AT view. This means that thetimestamp read from the controller can be quickly and easily converted into astring.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201811
2 Engineering2.2Integration into the User projectIn this chapter you will learn how to integrate the library into your user project andhow to parameterize the "LSyslog Send" block.2.2.1Integration of the block library1. Extract the file "51929235 SYSLOG LIB TIA V30.zip" into a directory of yourchoice.2. Open your TIA V14 project.3. Change to the task card "Libraries".4. Open the "Global libraries" pane. Siemens AG 2018 All rights reserved5. Click on the "Open global library" icon and select the "LSyslog.al14" library.6. Drag and drop the "LSyslog Send" block from the "Types" folder to the"Program blocks" folder. If you want to use the "LSyslog Data" data block, thendrag it from the "Master copies" folder to the "Program blocks" folder as well.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201812
2 Engineering2.2.2Integration of the blocks into the programFunction callThe following instructions show how to integrate and parameterize the"LSyslog Send" block in your project based on a call.1. Open the OB1 "Main" and call the block "LSyslog Send".2. A dialog is opened. Give the instance data block a name and, if necessary,assign a block number.3. Click on "OK". Siemens AG 2018 All rights reserved4. Supply the input and output parameters with values. If you use the data block"LSyslog Data", interconnect the block as shown in the figure. The variables"#enable" and "#send" are wildcards for your control variables.5. Load your user program into the PLC.2.3Operation of the block "LSyslog Send"You can use the following procedure to send a message using the "LSyslog Send"function module.1. Connect to the syslog server by setting the "enable" input to "true". The blocktakes over the connection data from the "connectionDescription" input.2. As soon as the block returns the value "true", you can start sending messages.3. Transfer the desired message text to the "sendData" input.4. Set the "sendRequest" input to "true". The block starts sending.5. If the "sendDone" output returns the value "true", then a new positive messagecan be sent via a new positive edge at the "sendRequest" input.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201813
2 Engineering2.4Error handlingThe function block "LSyslog Send" has an internal error handling. Informationabout errors is output via the output parameters "error", "status" and "statusID".The "valid" parameter shows you whether the output values are valid. Output"valid" to "true" means that the block is activated, there are no errors and thus theoutputs of the FB are valid.Table 2-6: Status codes Siemens AG 2018 All rights reservedstatusIDstatusMeaning116#80xxError while processing the "TCON" block. The meaningof the status can be found in the online help of STEP 7.216#80xxError while processing the "TDISCON" block. Themeaning of the status can be found in the online help ofSTEP 7.316#80xxError while processing the "TUSEND" block. Themeaning of the status can be found in the online help ofSTEP 7.416#8101The watchdog timer has expired. The controller wasunable to connect to the syslog server within 2 minutes.416#8102A send command was triggered before a connectionwas established. Make sure that you do not set the"sendRequest" input until the "connectionEstablished"output returns the value "true".Depending on the "busy" parameter, you can see whether the block can correct the error itselfor if you need to intervene.Table 2-7: TroubleshootingbusyProcedure1The block can solve the problem independently. Intervention is notrequired.0The error that has occurred cannot be corrected by the block.1. Correct the error.2. Set "enable" to "false".3. Set "enable" to "true".The block starts working again.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201814
3 Useful information3Useful information3.1The syslog protocol3.1.1DescriptionSyslog is a logging system for the transmission of messages in an IP network andhas since become a standard (RFC 5424) in the field of logging. Siemens AG 2018 All rights reservedThere are now many applications that are able to generate syslog entries. A bigadvantage of Syslog is its clear structure and its use in distributed systems. Inprinciple, syslog entries from different computers can be sent via the network to acentral computer and collected there.Generating a syslog entry is quite simple:A UDP packet is sent to port 514 on a machine running a syslog server. Thecontent of the UDP packet may not exceed 1024 characters, must be defined in theUS7 - ASCII character set and should be formatted accordingly. If necessary, thefollowing information can be transferred to the server via formatting: Priority and type of package, Time of generation Name of the source computer. Different identification numbersIf packages are formatted incorrectly, they will also be accepted. However, thecomplete content is interpreted as message text. For unrecognized parameters(such as the time of generation), corresponding default values are used. Thestructure of the syslog protocolThe syslog protocol is very simple and can be divided into two main blocks: theheader and the actual message.Figure 3-1HeaderMessageThe following graphic shows syslog messages received by the syslog server:Figure 3-2Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201815
3 Useful information3.2The message headerDescriptionThe header manages the following information:Note the type of message, the time, a VersionID, the host name.Except for the "type of message", the syslog client can not make any furthermodifications to the header.The remaining parameters are all filled with values by the syslog server.FormattingThe characters used must be in ASCII (7-bit) format in an 8-bit field.The following section shows the ASCII character table. Siemens AG 2018 All rights reservedFigure 3-3: ASCII character tableSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201816
3 Useful informationStructuringThe syslog protocol prescribes a specified order and structure of the parametersfor the header. If these rules are disregarded, the information from the syslogserver cannot be interpreted as such.In detail, the structure is as follows:PRI VERSION SP TIMESTAMP SP HOSTNAME SP APP-NAME SP PROCID SPMSGIDA syslog message does not necessarily have to contain all elements.Unrecognized parameters are allocated default values.NoteAll elements and parameters must be entered in ASCII format (7 bits) in theheader.The parameters have the following meanings:Table 3-1: Parameters of a syslog message Siemens AG 2018 All rights reservedParametersNoteMeaningPRIThe PRI area must be delimited by the characters " (% d60)" and " (% d62)" and has a size between three and five characters.Within PRI, the priority of the syslog message is coded into a severityand facility field.VERSIONThe VersionID has a size of up to two bytes and may only containcharacters between 1.9 (%d49-57). In this field, the version numberof the syslog specification can be specified.TIMESTAMPThis area includes the timestamp and has its own structure.HOSTNAMEHOSTNAME references the source computer with its name and IPaddress. Its length can be between 1.255 and may contain allcharacters between %d33-126.If no information about the source computer is known, the character "" is output.APP-NAMEAPP-NAME contains the application name. Its length can be between1.48. All characters between %d33-126 are permitted. If noapplication name is known, "-" is output.PROCIDPROCID carries the ProcessID as information. Its length can bebetween 1.128. All characters between%d33-126 are permitted. If no ID is known, "-" is output.MSGIDThis parameter identifies the message and provides a length of 1.32.All characters between %d33-126 are permitted. If no ID is known, "-"is displayed.SPCorresponds to the ASCII Code %d32.Additional information on the meaning of the parameters can be found in ogging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201817
3 Useful informationThe coding for the PRI areaPRI stands for priority and defines the origin (facility field) and the severity (severityfield) of the message. This parameter is the only one that can be modified via thesyslog client.For the facility field there are 5 bits available which, depending on the numericalvalue, indicate the service or component which generated the syslog message.An excerpt from RFC 5424 shows the possible range of values: Siemens AG 2018 All rights reservedFigure 3-4: Excerpt from the RFC 5424 facilityFor the severity field, there are 3 bits that define the severity of the syslogmessage, depending on the numerical value.Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201818
3 Useful informationAn excerpt from RFC 5424 shows the possible range of values:Figure 3-5: Excerpt from the RFC 5424 severityThe value to be entered between the characters " [Value of Priority] " (coded asASCII characters) is calculated as follows:Priority value facility value * 8 severityExample: Siemens AG 2018 All rights reservedA "local use 4" message (Facility 20) with a severity level of "notice" (severity 5) has a priority value of 20*8 5 165.This result must be placed between the brackets as ASCII characters. In this case,the parameter PRI in the header is a total of five bytes long and contains as value" 165 " or in decimal terms "%d60 %d49 %d54 %d53 %d62".3.3The transmission mechanismSyslog uses UDP/IP and Ethernet as transmission protocol.UDP is a connectionless and therefore unreliable transport protocol. A successfultransmission cannot be 100% guaranteed.For the transmission of the syslog messages, these are packed into the payloadarea of the UDP frame. Theoretically, the syslog message could take up the fullcapacity of the UDP payload (64kbyte). However, since the UDP frame is itselfpacked into the payload area of the IP frame, which in turn is in the data area ofEthernet, the size of a syslog message is limited to the maximum size of theEthernet payload area.The data field in Ethernet measures only 1500 bytes. With the overhead of theheaders (IP (20 bytes), UDP (8 bytes) and the syslog message), the syslogmessage text must not exceed 1024 bytes in size.Figure 3-6: Message frame structureUDP Header8 ByteIP Header20 ByteSFD1 BytePräambel7 ByteZiel-MAC Quell-MAC VLAN-Tag Ethertype2 Byte6 Byte4 Byte6 ByteSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/2018UDP-Nutzdaten64KByteIP-Nutzdatenmax.65.535 ByteDatenfeld1500 ByteCRC4 Byte19
4 Appendix4Appendix4.1Service and SupportIndustry Online SupportDo you have any questions or need assistance?Siemens Industry Online Support offers round the clock access to our entireservice and support know-how and portfolio.The Industry Online Support is the central address for information about ourproducts, solutions and services.Product information, manuals, downloads, FAQs, and application examples – allthe information you need is accessible with just a few mouse clicks at:https://support.industry.siemens.com/Technical SupportThe Technical Support of Siemens Industry provides you fast and competentsupport regarding all technical queries with numerous tailor-made offers– ranging from basic support to individual support contracts. Siemens AG 2018 All rights reservedYou can send queries to Technical Support via the web /requestsSITRAIN – Training for IndustryWith our globally available training courses for our products and solutions, we helpyou with innovative learning methods.You can find out more about the training and courses offered as well as theirlocations and dates index.doService offerOur range of services includes the following: Plant data services Spare parts services Repair services On-site and maintenance services Retrofitting and modernization services Service programs and contractsYou can find detailed information about our range of services in the m/cs/scIndustry Online Support AppYou can also receive optimum support wherever you are on the go using the"Siemens Industry Online Support" app. The app is available for Apple iOS,Android and Windows n/sc/2067Syslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201820
4 Appendix4.2Links and LiteratureTable 4-1No.4.3Topic\1\Siemens Industry Online k to the entry page for the application en/view/51929235\3\Link to RFC 5424http://tools.ietf.org/html/rfc5424Change documentationTable 4-2 Siemens AG 2018 All rights reservedVersionDateModificationV1.008/2011First versionV1.106/2012 Supplementary Input parameters at the FB100 (localport, ConnectionID)IP address is now specified as DWORD.Integration of the blocks into the TIA Portal V12Additional block for S7-1500V2.008/2013 V3.001/2018Complete revisionSyslog-Logging mit S7-CPUsEntry-ID: 51929235, V3.0, 01/201821
For more information on the syslog protocol, refer to section 3. This library recreates the syslog protocol and makes it possible to send messages to the server via open communication. Possible application of the "LSyslog" library You can transmit individually generated messages via this block from your S7 PLC to the syslog server Figure 1-1 syslog
