Issue:

Customer needs a method to generate a periodic syslog message to meet NERC CIP compliance by proving syslog functionality for monitoring systems like SPLUNK.

Product:

SAGE RTU (all models supporting syslog and command logging)

Environment:

• Centralized syslog monitoring system (e.g., SPLUNK)
• Requirement for periodic heartbeat messages to validate syslog operation
• RTU configured with syslog enabled

Cause:

There is no built-in “heartbeat” feature in the SAGE RTU to automatically send syslog messages. However, syslog messages can be triggered by logging events such as command executions.

Resolution:

• Recommended Approach:
• Configure an hourly toggling of a Digital Output (DO) point using a Data Transfer point created specifically for this purpose.
• Each toggle will generate an entry in the Command Log, which in turn sends a syslog message to the monitoring system.
• This achieves the heartbeat function without requiring custom code.

• Steps:
  • Please refer to the PDF document attached to this article, titled:
    “Create an hourly heartbeat DO command that will trigger Command Log to deliver the event notification to Syslog server.”

This method provides an “elegant” solution using existing RTU functionality and satisfies compliance requirements.

Released for: Schneider Electric Macedonia