Setting up cybersecurity event logs and alarms

The event log can be used to monitor user logins and user account lockouts. The record limit for the event log is 5,000 by default. When the limit is reached, new records overwrite older ones.

To be notified when the Event Log record limit is approaching, see Data logging.

To extend record retention, offload information to syslog or a protected storage or retention location, see Configuring Syslog network settings using ION Setup.

You can also change event priorities for cybersecurity events using ION Setup Advanced Mode. Refer to the ION Reference document at www.se.com for information about working with modules.

Required for this procedure:

  • Meter connection using ION Setup.
  • Login credentials.

To set up cybersecurity event logs and alarms:

  1. Open ION Setup > select the meter > Setup Assistant.
  2. Security > Security Mode > Edit. The Open Security Configuration file dialog box opens.
  3. Select the Security Configuration File (.scf) that contains the current meter settings and click Open. The Security Options dialog box opens.

    4. Open the security log file to determine the .scf file you want. See Cybersecurity configuration for more information.

  4. Click Next to navigate to the Select protocol lockout options screen:

  5. Click Events. The Event Priorities dialog box opens:

  6. Leave default values or enter values for each event priority according to your reporting requirements:
Priority Description Value range
None Not recorded in the event log. 0
Info Only Recorded in the event log. Event log cut-off range. Will not appear in Event Log reports or syslog records. 1-5
  Recorded in the event log. 6-63
Low Recorded in the event log. Produces alarm low alarm. 64-127
Medium Recorded in the event log. Produces medium alarm. 128-191
High Recorded in the event log. Produces low alarm. Recorded in syslog records. 192-255
  1. Click OK.
  2. Click Next.
  3. Click Finish. A Confirmation message box opens.
  4. Click Yes. The Save As dialog box opens.
  5. Save the Security Configuration File (.scf) with a unique file name to avoid overwriting default Security Configuration files.
  6. Click Exit. The Device Configuration Checklist message box opens.
  7. Click Exit.