Collect Logs from OpenPLC with Labshock

?? Labshock v1.4 and Log Collection Service: Tidal Collector

Labshock v1.4 introduces Tidal Collector, a log collection service designed to capture critical OpenPLC events. With OpenPLC being a widely used open-source PLC platform, monitoring logs is essential for security, troubleshooting, and compliance. Tidal Collector streamlines this process by collecting and forwarding logs to a centralized location for analysis.

Additionally, OpenPLC now includes security features such as creating security logs and sending them to a Syslog server or SIEM, further enhancing monitoring and threat detection capabilities.This article covers the key OpenPLC events Tidal Collector can capture:

- Login events

- Settings change events

- Start/Stop PLC events

- Change Project events

?? Login Events

Tracking login activity is crucial for detecting unauthorized access and auditing user actions. OpenPLC generates logs when users authenticate, providing insights into:

- Successful logins

- Failed login attempts

With Tidal Collector, these logs can be forwarded to a SIEM for correlation, enabling you to monitor for anomalies such as repeated failed login attempts or logins from unexpected locations.

?? Settings Change Events

Changes to OpenPLC settings can impact system performance and security. Tidal Collector captures logs related to:

- Network configuration updates

- Security settings modifications

- User permission changes

By monitoring these events, administrators can detect unauthorized configuration changes and maintain system integrity.

?? Start/Stop PLC Events

Unplanned PLC restarts or shutdowns can indicate operational issues or potential security threats. Tidal Collector collects logs related to:

- PLC start and stop commands

- Unexpected shutdowns

- Restart attempts after failures

These logs help in root cause analysis and can trigger alerts if the PLC stops unexpectedly during critical operations.

?? Change Project Events

Project files in OpenPLC define the control logic running on the PLC. Unauthorized changes to project files can lead to system instability or security risks. Tidal Collector logs:

- Project uploads

- Modifications to existing projects

- Project deletions

By tracking project changes, you can enforce change control policies and detect unauthorized modifications.

?? Conclusion

Labshock v1.4, with Tidal Collector, enhances OpenPLC monitoring by collecting and forwarding key log events. This improves security, compliance, and system reliability. By integrating these logs into a centralized SIEM, teams gain real-time visibility into OpenPLC activity, enabling proactive security and operational response. Now, with the new security features in OpenPLC, such as creating security logs and sending them to a Syslog server, it becomes easier to learn and test SIEM rules effectively.

Start using Tidal Collector today and take control of your PLC logs!