Perspective Auditing Actions
Perspective Sessions generate entries in an assigned audit profile. The following actions are recorded in the Audit Profile:
- Tag changes from a component binding.
- Session login.
- Session logout.
- Authentication level changes (a user's security level changes).
Vision Auditing Actions
The Vision project needs an audit profile configured and auditing enabled. Vision Clients will then log records to an assigned audit profile. Here is a list of audit actions that will be tracked in the Ignition auditing system:
The following Tag related actions generate entries in the audit log. Note that the functions below must originate from the Tag Browser, the Designer's Scripting Console, or Vision component-based scripts.
- Tag Creation - Including tags created with the Tag Editor and the system.tag.configure function.
- Tag Deletion - Including those deleted from the Tag Browser's UI and the system.tag.deleteTags function.
- Tag Edits - Including edits made to tags from the Tag Editor and the system.tag.configure function.
- Moving Tags - Including moves made by drag-and-drop in the Tag Browser or by calling the system.tag.move function.
- Tag Renames - Renaming a tag generates an entry.
Vision Tag Writes
Write requests sent from a tag either through a standard Tag Binding, Indirect Tag Binding, or manual entry from the Tag Browser.
Vision Component Database Writes
The system explicitly captures modifications made to database tables through the following methods:
- SQL Query Bindings - modifications from the UPDATE Query will be recorded.
- DB Browse Binding - modifications made with the Enable Database Writeback area will be recorded.
Vision User Login/logout
- Logging into a Vision Client will generate an entry in the auditing system, as will logging out of a client.
- Closing the client while logged in is treated as a logout, and will generate a "logout" entry. Note that a logout entry is only recorded if the client is aware that it is closing: entries aren't generated if the designer closed unexpectedly ("crashes").
Database Query Browser
- If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.
- Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.
The following functions generate entries in the audit log if called from Vision component-based scripts, or from the Designer's Scripting Console.
Designer Login and Closing
- Opening a project in the Designer that has auditing enabled will also generate a login entry in the auditing system. Note that this occurs when the user opens the project, not when they log in using the Designer's login screen: auditing is project-based, so the user has to select a project that is being edited first.
- Closing the Designer effectively counts as logging off, and will generate a "logout" entry. Similar to vision, should the designer close unexpectedly, then an entry will not be recorded.
Database Query Browser
If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.
Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.
Alarm Notification Attempts
Attempts to send out alarm notifications are recorded in the auditing system. Specifically, the Gateway will record when it attempted to send out a notification, as well as if the attempt failed (such as the SMTP server refusing the request). It is important to note that the auditing system can not report failures that occur outside of the Gateway. Thus, if a voice notification fails to send due to some error in the VOIP system, it's possible that the Gateway won't report the VOIP error, but the audit log will have an entry stating that the Gateway attempted to send the notification.
Reporting Module Reports generate an entry in the auditing system when a report is executed. Thus:
- Reports running on a schedule will generate an entry.
- Report schedules executed on demand will generate an entry.
- Navigating to a Vision window (in either the Designer or a Vision Client) will trigger a report execution, generating an entry in the auditing system.
Audit Table Definition
The following table describes the audit table as it exist in the database:
|AUDIT_EVENTS_ID||The id of the row.|
|ACTION||Brief description of the action.|
|ACTION_TARGET||The target of the action.|
|ACTION_VALUE||The value acted upon the action target.|
|ACTOR||The logged in user when the action occurred or a description of the system that generated the action.|
|ACTOR_HOST||The host computer where the action occurred.|
|EVENT_TIMESTAMP||The time when the action occurred.|
|ORIGINATING_CONTEXT||A numerical description of the origin of the originating system. gateway = 1, designer = 2, client = 4|
|ORIGINATING_SYSTEM||The name of the project or system where this action occurred.|
|STATUS_CODE||The quality code where (where applicable). 192 signifies success. 0 signifies bad or failure.|