Cyber Security Platform Modicon Controllers 12/2018 (Original Document) EIO0000001999 12/2018 Platform Controllers Modicon
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
NXLOG Community Edition Reference Manual for V2.9.1716 I
Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 i NXLOG Community Edition Reference Manual for v2.9.1716 Ed. v2.9.1716 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 ii Copyright © 2009-2014 NXLog Ltd. Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iii Contents 1 Introduction 1 1.1 Overview . .1 1.2 Features . .1 1.2.1 Multiplatform . .1 1.2.2 Modular architecture . .1 1.2.3 Client-server mode . .2 1.2.4 Log message sources and destinations . .2 1.2.5 Importance of security . .2 1.2.6 Scalable multi-threaded architecture . .2 1.2.7 High performance I/O . .2 1.2.8 Message buffering . .2 1.2.9 Prioritized processing . .3 1.2.10 Avoiding lost messages . .3 1.2.11 Apache-style configuration syntax . .3 1.2.12 Built-in config language . .3 1.2.13 Scheduled tasks . .3 1.2.14 Log rotation . .3 1.2.15 Different log message formats . .4 1.2.16 Advanced message processing capabilites . .4 1.2.17 Offline processing mode . .4 1.2.18 Character set and i18n support . .4 2 Installation and quickstart 5 2.1 Microsoft Windows . .5 2.2 GNU/Linux . .6 2.2.1 Installing from DEB packages (Debian, Ubuntu) . .6 2.2.2 Installing from RPM packages (CentOS, RedHat) . .6 2.2.3 Configuring nxlog on GNU/Linux . .6 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iv 3 Architecture and concepts 7 3.1 History . -
Log Monitoring and Analysis with Rsyslog and Splunk
Non è possibile visualizzare questa immagine. Consiglio Nazionale delle Ricerche Istituto di Calcolo e Reti ad Alte Prestazioni Log monitoring and analysis with rsyslog and Splunk A. Messina, I. Fontana, G. Giacalone Rapporto Tecnico N.: RT-ICAR-PA-15-07 Dicembre 2015 Consiglio Nazionale delle Ricerche, Istituto di Calcolo e Reti ad Alte Prestazioni (ICAR) – Sede di Cosenza, Via P. Bucci 41C, 87036 Rende, Italy, URL: www.icar.cnr.it – Sede di Napoli, Via P. Castellino 111, 80131 Napoli, URL: www.na.icar.cnr.it – Sede di Palermo, Viale delle Scienze, 90128 Palermo, URL: www.pa.icar.cnr.it Non è possibile visualizzare questa immagine. Consiglio Nazionale delle Ricerche Istituto di Calcolo e Reti ad Alte Prestazioni Log monitoring and analysis with rsyslog and Splunk A. Messina1, I. Fontana2, G. Giacalone2 Rapporto Tecnico N.: RT-ICAR-PA-15-07 Dicembre 2015 1 Istituto di Calcolo e Reti ad Alte Prestazioni, ICAR-CNR, Sede di Palermo, Viale delle Scienze edificio 11, 90128 Palermo. 2 Istituto per l’Ambiente Marino Costiero, IAMC-CNR, Sede di Capo Granitola, Via del Mare n. 3, 90121 Torretta Granitola – Campobello di Mazara. I rapporti tecnici dell’ICAR-CNR sono pubblicati dall’Istituto di Calcolo e Reti ad Alte Prestazioni del Consiglio Nazionale delle Ricerche. Tali rapporti, approntati sotto l’esclusiva responsabilità scientifica degli autori, descrivono attività di ricerca del personale e dei collaboratori dell’ICAR, in alcuni casi in un formato preliminare prima della pubblicazione definitiva in altra sede. Index 1 INTRODUCTION ......................................................................................................... 4 2 THE SYSTEM LOG PROTOCOL ............................................................................... 6 2.1 Introduction ........................................................................................................................ 6 2.2 The protocol ...................................................................................................................... -
Centralized and Structured Log File Analysis with Open Source and Free Software Tools
Bachelor Thesis Summer Semester 2013 at Fachhochschule Frankfurt am Main University of Applied Sciences Department of Computer Science and Engineering towards Bachelor of Science Computer Science submitted by Jens Kühnel Centralized and structured log file analysis with Open Source and Free Software tools 1. Supervisor: Prof. Dr. Jörg Schäfer 2. Supervisor: Prof. Dr. Matthias Schubert topic received: 11. 07. 2013 thesis delivered: 30. 08. 2013 Abstract This thesis gives an overview on the Open Source and Free Software tools available for a centralized and structured log file analysis. This includes the tools to convert unstructured logs into structured log and different possibilities to transport this log to a central analyzing and storage station. The different storage and analyzing tools will be introduced, as well as the different web front ends to be used by the system administrator. At the end different tool chains will be introduced, that are well tested in this field. Revisions Rev. 269: Official Bachelor these sent to FH Rev. 273: Removal of Affidavit, fix of Pagenumber left/right II Table of Contents 1 Introduction.......................................................................................................................................1 1.1 Selection criteria........................................................................................................................1 1.2 Programs that are included in this thesis...................................................................................2 1.3 What -
Guide to Computer Security Log Management
Special Publication 800-92 Guide to Computer Security Log Management Recommendations of the National Institute of Standards and Technology Karen Kent Murugiah Souppaya GUIDE TO COMPUTER SECURITY LOG MANAGEMENT Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-92 Natl. Inst. Stand. Technol. Spec. Publ. 800-92, 72 pages (September 2006) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended -
The Journald Reference Guide by Jorgen Schäfer
The JournalD Reference Guide by Jorgen Schäfer ©2017, Loggly, Inc. FREE TRIAL > 1 With the advent of systemd, journald has arrived. Most systems Introduction run this program, but not everyone is fully aware of what journald is, which problems it solves, and why it’s valuable. After reading this white paper, both system administrators and programmers should know: What journald is Why there is some controversy around it What it means for systems and programs running on it and what to expect from it ©2017, Loggly, Inc. FREE TRIAL > 2 What is journald? and verified fields on which application a log message originates from, something Journald is a daemon included in the that is easily faked in the traditional systemd distribution to handle log data. syslog protocol. It is tightly integrated with systemd and Journald adopters provides an interface that is compatible Finally, syslog servers rely on plain text with syslog, the standard logging files for storing log messages. While interface on UNIX. this is a simple approach, it also has drawbacks. Plain text files need to The tight integration with systemd be “rotated” when they become too makes it possible for all log messages large: that is, renamed, compressed, to be handled with a single interface. archived, and eventually deleted. Also, Traditional syslog servers are started text files do not offer any structure to much like other services during the boot improve searching, making it slow to process and can miss log messages find log messages, such as from specific emitted during early boot. By integrating services. Journald replaces the plain journald with systemd, even the earliest text files with a custom file format that boot process messages are available to addresses these problems. -
Exporting Events to Syslog
Exporting Events to Syslog Author: Sila Kissuu, IBM On Demand Consulting Created: 5/19/2017 Introduction One of the product enhancements in IBM API Connect v5.0.7.0 is the capability to offload analytics data to external systems for further processing. This capability is useful if you want to consolidate data from multiple sources, if you require enhanced monitoring, or if you want to enrich your analytics data. Supported third-party systems include: • HTTP servers • Elasticsearch clusters • Kafka clusters • Syslog servers In this article, we illustrate the process of configuring IBM API Connect to offload event data to the Splunk server via syslog. Prerequisites Collect the connection details and other configuration information that is required to configure a data offload to the target system. The configuration requirements are as follows: • To configure data offload to an HTTP server, you must, at a minimum, provide the server URL. If you require encrypted communication with the server, you must also have a Transport Layer Security (TLS) profile defined. You can optionally add standardized or custom HTTP headers to define additional operating parameters. • To configure data offload to an Elasticsearch cluster, you must, at a minimum, provide one or more server URLs, define how indexes should be created by specifying a dynamically configured name, specify the number of primary shards for storing the indexed documents, and specify a number of replica shards for redundancy. If you require encrypted communication with the cluster, you must also have a TLS profile defined. You can optionally specify server authentication credentials. • To configure data offload to a Kafka cluster, you must, at a minimum, provide host and port connection details for one or more servers, and the name of the Kafka topic to which you want to publish the offloaded data. -
Investigating Evidence from Linux Logs
5 INVESTIGATINGEVIDENCEFROM LINUXLOGS The computer term log originates from an ancient sailor’s technique for measuring the speed of a moving ship. A wooden log attached to a long rope was thrown overboard behind the ship. The rope had regularly spaced knots that sailors would count as the moving ship distanced itself from the floating log. They could calculate the speed of the ship from the number of knots counted over a period of time. Regular measurements of the ship’s speed were recorded in the ship’s “log book” or log. Over time, the word log came to represent a variety of recorded periodic measurements or events. Log books are still used by organizations to docu ment visitors entering buildings, the delivery of goods, and other activities that need a written historical record. The concept of a computer login and logout was created to control and record user activity. Early timesharing computer systems were expensive and needed to keep track of computing resources consumed by different users. As the cost of storage capacity and processing power dropped, the use of logging expanded to nearly all parts of a modern computer system. This wealth of logged activity is a valuable source of digital evidence and helps forensic investigators reconstruct past events and activity. Traditional Syslog The traditional logging system on Unix and Unixlike operating systems such as Linux is syslog. Syslog was originally written for the sendmail software package in the early 1980s and has since become the de facto logging stan dard for IT infrastructure. Syslog is typically implemented as a daemon (also known as a collector) that listens for log messages from multiple sources, such as packets arriving over network sockets (UDP port 514), local named pipes, or syslog library calls (see Figure 51). -
Reliable and Tamper Resistant Centralized Logging in a High Availability System - an Investigation on Ericsson SGSN-MME Master of Science Thesis
Reliable and Tamper Resistant Centralized Logging in a High Availability System - An Investigation on Ericsson SGSN-MME Master of Science Thesis Improving landfill monitoring programs ELIN KALLQVIST¨ withJANNY the QUACH aid of LAM geoelectrical - imaging techniques and geographical information systems Master’s Thesis in the Master Degree Programme, Civil Engineering KEVINChalmers University HINE of Technology University of Gothenburg Department of Computer Science and Engineering Department of Civil and Environmental Engineering Gothenburg, Sweden, August 2012 Division of GeoEngineering Engineering Geology Research Group CHALMERS UNIVERSITY OF TECHNOLOGY Göteborg, Sweden 2005 Master’s Thesis 2005:22 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author war- rants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Reliable and Tamper Resistant Centralized Logging in a High Availability Sys- tem An Investigation on Ericsson SGSN-MME ELIN KÄLLQVIST JANNY QUACH LAM © Elin Källqvist, August 2012.