Web-based Management 2:
Security - Syslog

Valid from firmware release 2025.0 - for earlier firmware see WBM Syslog configuration

Security iconPlease note the guidelines in our PLCnext Technology ‑ Security Info Center.
For developing secure-by-design, IEC 62443‑2 compliant applications with PLCnext Technology, get a good grasp of the concepts used in the Security context.

Syslog

In the Syslog WBM 2 page you can configure connections for logging via syslog-ng, which is a system-wide, real-time capable log management tool.

The Syslog server destinations table shows the configured server destinations to be used for defined facilities and severity levels. The table provides this information: 

  • Hostname: The hostname or IP address of the syslog-ng server destination to send the logging messages to.
  • Port: The port on which the syslog-ng server waits for syslog messages. Make sure the port is enabled in the firewall settings for outgoing requests.
  • Protocol: Transmission protocol to the server. For secure transmission, TLS is recommended which depends on a Trust Store.
  • Facilities: Specifies the system type of the messages to be logged. 
  • Severity Level: The severity level and its short term of the messages to be logged. 
    These levels are available:
    • >= Internal (debug)
    • >= Information (info)
    • >= Warning (warning)
    • >= Error (err)
    • >= Critical Error (crit)
    • >= Fatal Error (alert)
    • Emergency (emerg)
Note:  The >= before level terms means that lower severity levels also include higher levels. Examples:
  • Selecting err will not send messages on the debug, info, or warning level.
  • Selecting debug will also send messages that are on all other levels.

Adding and using a syslog server destination

When opening this WBM page for the first time, the Syslog Server Destinations table will be empty:

  • To add a new server configuration entry, click on at the bottom of the table.
    ↪ The Add a new Syslog server destination entry dialog opens.
  • Set the hostname, transmission protocol, and transmission port for the destination. 
    Note: The specified address and the selected port must be enabled in the Firewall settings for outgoing requests.
  • If the TLS protocol is selected then a Trust Store for verification must be defined; just click the input field.
    ↪ All trust stores that match or start with the entry are then available from the drop-down list.
  • At the Filter options, select at minimum one facility and choose a severity level.
  • Click OK to add the new configuration entry to the table.
    ↪ The new entry is then available in the Syslog server destinations table.
  • Proceed with entries for other connections and facilities if needed.
  • To safe all changes made to the configuration, click the Save and apply page button below the Syslog server destinations table.
    ↪ The configuration is written to the XML configuration file.

Activating a syslog configuration

  • Activate the toggle switch and click Save and apply page below the table.
    ↪ The configuration is saved as an XML file in /opt/plcnext/config/Services/Syslog/Syslog.config.
    ↪ This XML file is then converted into a syslog-ng capable configuration file and loaded to run the logging. 

Deactivating a syslog configuration

  • Deactivate the toggle switch and click Save and apply page below the table.
    ↪ An empty syslog-ng configuration file is generated, so no messages will be sent to a server destination. An existing XML configuration file will be left unaltered, though. So when you need the same configuration again you can just activate it. Also, if no destination is defined when activating no messages will be sent.

 

 

• Published/reviewed: 2025-05-28  ✿  Revision 079 •