| Previous | 14.1 Specifics of measurement server types | Next |
|---|
14.1.31 Snap7 measurement servers
The Snap7 measurement server is an active and non-discoverable PVSR module which is able to monitor Siemens Simatic PLC devices using the Snap7 protocol over TCP.
The module requires additional steps on the collector servers.
Installation
The snap7-iot-quark-1.4.2 module must be installed on the server.
1. Download the module: snap7-iot-quark-1.4.2.tar.gz
2. tar xzf snap7-iot-quark-1.4.2.tar.gz
3. cd snap7-iot-quark-1.4.2/build/unix
4. make -f i586_linux.mk
5. cd ../bin/i586-linux
6. cp libsnap7.so /usr/lib
7. ldconfig
8. pip3 install python-snap7
Patching
The downloaded module does not support the OrderCode call, so two files must be modified in order for the parameter discovery to work:
1. site-packages/snap7/snap7types.py: the class S7PlcInfo must be modified, the _fields_ array need a new entry:
,('OrderCode', ctypes.c_uint8*116)
2. site-packages/snap7/client.py: a new call is needed:
defget_plc_info(self):
"""
Retrieves plc info from client """info=snap7.snap7types.S7PlcInfo()
result=self.library.Cli_GetOrderCode(self.pointer,byref(info))
check_error(result,context="client")
returninfo
Beside the basic attributes, the equipment has the following additional parameters (the code of the parameter is given in parenthesis; see Subsection 7.5.6 on Parameters of non-SNMP data collectors):
· IP address (SNAP7 EQ 1 IP): mandatory parameter, the IP address of the Snap7 device
· Port (SNAP7 EQ 2 PORT): TCP port of the Snap7 device
· Rack (SNAP7 EQ 3 RACK): Snap7 PLC rack position
· Slot (SNAP7 EQ 4 SLOT): Snap7 PLC slot position
It is important to note that the Snap7 protocol does not contain information about the different registers which can be read out, nor does it contain information about the data type present in the register. Because of this the application contains different measurement types for the different register data types. The Simatic PLC has different memory blocks, which can be addressed remotely using the Snap7 protocol. The available memory blocks are the following:
· Data Block (DB)
· Digital Input (PE)
· Digital Output (PA)
· Merkers (MK)
· Timers (TM)
· Counter (CT)
For each memory block the protocol allows reading of bytes by specifying the first byte address and the number of bytes we want to read out. Obviously the program running on the PLC determines which bytes contain information which can be read by the application.
The different PLC applications have the following data types in the memory blocks:
The data types BOOL, BYTE, INT, DINT, CHAR, WORD and DWORD can be handled in the same way, while the REAL data type uses the IEEE floating point representation and the S5TIME uses the BCD time representation, and so these must be converted before they can be stored in PVSR. The other data types (DATE, TOD and DT) are not relevant for measurement purposes.
The collector server uses a Python module which logs into the PLC using the Snap7 protocol and the equipment parameters, like IP address and port, … After the successful login the collector reads the required number of bytes at the required position based on the variable in the measurement type and the index of the PVSR measurement and forwards the received value as an integer to the PVSR measurement expression evaluation engine. For example in the “DB 1 Area read” measurement type has the variable “READ_DB_1.PORT” and if we create a measurement of this type with an index of “4-2” then the collector tries to read the variable “READ_DB_1.4-2”. This is interpreted by the collector the following way: DB is the name of the memory block, 1 is the number of the DB data block (in the case of the other memory blocks any number can be used, since this information is meaningless for the other memory block types) and 4-2 means that the bytes starting at index 4 must be read out and we want to read 2 bytes.
The integer value given back by the Python collector script can be converted into a floating number by using the following example:
