PID-3430-OUTPUTSIGNALS v1
Table 8: SECALARM Output signals
Name Type Description
EVENTID INTEGER EventId of the generated security event
SEQNUMBER INTEGER Sequence number of the generated security
event
5.4 About Security events
GUID-6D781865-211F-4009-AAB1-C00C3A919E49 v1
Relevant user operations are logged as security events. A security event contains an
event ID, a time stamp, a sequence number, the user name, the severity of the
action and the name of the source. These events can be sent to external security log
servers using Syslog. The log servers are configured from PCM600. Syslog is a
standard protocol for event logging.
To be able to access the security logs the user need the role
SECAUD (security auditor) or the access right “Audit log read”.
5.5 Event types
GUID-B069B310-C66D-4BFA-B066-74C4B92A3317 v1.1.1
All user activities are logged and stored according to IEC 61850.
Table 9: Event type codes
Event number
Acronyms GSAL mapping English
1110 LOGIN_OK GSAL.Ina Login successful
1115 LOGIN_OK_PW_EXPIRED GSAL.Ina Password expired, login successful
1130 LOGIN_FAIL_WRONG_CR GSAL.AuthFail Login failed - Wrong credentials
1170 LOGIN_FAIL_3_TIMES GSAL.AuthFail Login failed 3 times
1210 LOGOUT_USER GSAL.Ina Logout (user logged out)
1220 LOGOUT_TIMEOUT GSAL.Ina Logout by user inactivity (timeout)
1460 PARAM_CHANGE_FAIL_RIGHTS GSAL.AcsCtlFail Parameter changes failed — no
rights
1710 CONFIG_RESET_FACTORY_DEF GSAL.Ina Device reset to factory default
2110 USER_ACCNT_CREATE_OK GSAL.Ina User account created successfully
2120 USER_ACCNT_DEL_OK GSAL.Ina User account deleted successfully
2130 USER_ACCNT_CREATE_FAIL GSAL.SvcViol User account creation failed
2140 USER_ACCNT_DEL_FAIL GSAL.SvcViol User account deletion failed
2160 USER_NEW_ROLE_OK GSAL.Ina New role assigned to user
successfully
Table continues on next page
1MRK 511 454-UEN A Section 5
User activity logging
GMS600 1.3 33
Cyber security deployment guideline
To Next Page
Loading...
