Skip to end of metadata
Go to start of metadata


Ignition's built-in auditing system automatically records certain actions that occur in the system, such as a Tag writes or User Source authentication, into a SQL database table. Utilizing the system involves creating an Audit Profile, followed by enabling auditing in a project. Once both prerequisites have been met, the Gateway will automatically create a database table named AUDIT_EVENTS, and use the table to start tracking user actions.

The Remote Audit Log configuration option allows audit events to be automatically sent to a remote Gateway's audit log. The remote Gateway you plan to connect to must have a Audit Profile created. To learn more about sending audit events to a remote Gateway, refer to section Creating a Remote Gateway Audit Profile on this page.

Auditing Actions

For a list of actions that are recorded by an audit profile, see the Auditing Actions Reference page. 

On this page ...



Create a Database Audit Profile 

  1. Go to the Config section of the Gateway Webpage.

  2. Scroll down to the Security > Auditing from the menu on the left.  The Audit Profiles page is displayed. 

  3. Click the Create a new Audit Profile link.

  4. You have the option of storing audit logs into an external database or sending them to a remote Gateway. For this example, select Database. (Configuring audit events to be sent to a remote Gateway's audit log is addressed in Creating a Remote Gateway Audit Profile section on this page).



  5. Enter the Name of the audit log and Description (optional).

  6. In the Retention field, set a value in days for how long you want audit records kept. (The default is 90 days.)
  7. Under the Database Settings, select the Database where the table will be stored, select the Auto Create check box, and enter the desired Table Name.
  8. Click Create New Audit Profile.


Once some changes have been made to a Tag or a Database table, Ignition will begin recording.
 

Database Audit Profile Properties Table

Main

NameThe default name, is the name of the Audit Profile.
DescriptionDescription of the audit profile. Optional.
Retention

This feature is new in Ignition version 8.1.1
Click here to check out the other new features

How long (in days) should audit records be kept? Values less than or equal to 0 will disable pruning. Default is 90 days.

Database Settings
DatabaseThe database connection to use to store audit events.

Auto Create

If true (selected), the table schema specified here will be automatically verified and created if necessary. Default is true.

Pruning Enabled


This feature is new in Ignition version 8.1.3
Click here to check out the other new features
If false, this audit profile will never prune records, regardless of the retention field. Otherwise, the retention field will be followed. Default is false.

Table NameThe name of the table to store audit events. Default is AUDIT_EVENTS.


Create an Internal Audit Profile

The Internal Audit Profile option allows an Ignition Gateway to store audit records without an external SQL database. The only way to interact with the Internal Audit Profile is via the Status page of the Gateway webpage. 

  1. Go to the Config section of the Gateway Webpage.

  2. Scroll down to the Security > Auditing from the menu on the left.  The Audit Profiles page is displayed. 

  3. Click the Create a new Audit Profile link.

  4. Select Internal



  5. Enter a name for the audit log and a description (optional).

  6. In the Retention field, set a value in days for how long you want audit records kept. (The default is 90 days.)
  7. Click Create New Audit Profile.

Internal Audit Profile Properties Table

Main

NameThe default name, is the name of the Audit Profile.
DescriptionDescription of the audit profile. Optional.
Retention

This feature is new in Ignition version 8.1.1
Click here to check out the other new features
Value in days for how long you want audit records kept. (The default is 90 days.)


Creating a Remote Gateway Audit Profile

Just like configuring audit events to be logged into an external database, it is done from the Gateway Webpage, Config > Security > Auditing.

  1. To have your audit events automatically sent to a remote Gateway's audit profile, select Remote, and click Next.

  2. A list of known Gateways will be displayed. If you don't see a Gateway that you expected to see, check your Gateway Network settings to verify that the connections are valid. You also have the option to specify a Gateway manually. This example selects a valid Gateway. Click Next.



  3. If an Audit profile exists, the fields will auto-populate. The name of the Gateway will appear in the Name field prefaced with the audit profile name (i.e., Ignition_Test_Auditing), as shown in the following example. Click Create New Audit Profile.



  4. You will receive a successful message stating your new Audit Profile was created.

Remote Gateway Audit Profile Properties Table

Main

NameThe default name, is the name of the Remote Gateway and Audit Profile.
DescriptionDescription of the audit profile. Optional.
EnabledBy default. the journal profile is enabled.

Remote Settings

Target SystemThe remote system to send audit events to over the Gateway network.
Target ProfileThe audit profile on the remote system to log events into.


Enabling Auditing in a Project

  1. Go to the Designer, open the project that you want to enable auditing on, then go to Project > Properties.
  2. Go to the General section, select the Enable Auditing check box, and select your Audit Profile from the drop-down menu. The audit profile is used to record audit actions for your project. If the new audit profile does not show up, click Refresh
  3. Click OK.
  4. Save your Project. 


Viewing Information in an Audit Log

There are a few ways to view audit information: using a Table component, interface on the Gateway, or the Database Query Browser. Here is one example of viewing an Audit Log using the Database Query Browser.    

  1. In the Designer, go to Tools > Database Query Browser.
  2. Under the Schema area, double click on a table, and it will expand the query in the Database Query Browser area. 
  3. Click Execute. All the audit log data will be displayed in the Resultset1 area.  


Related Topics ...
In This Section ...


  • No labels