Auditing Actions Reference
The auditing system in Ignition records actions originating from the Gateway, Perspective, and Vision projects. This page describes the actions logged by the auditing system.
You can view and search logged actions in the Designer or on the Gateway. Note that if you're using the Action search feature on the Gateway, you must enter action terms exactly as they are shown in the Action column. Although exact terms are required, the search is not case sensitive. If you don't have a current reference for the action you want to search on your Audit Log page, the following list includes possible action terms:
List of Actions
- answer confirmed
- Authentication Lockout
- call acknowledged
- call ignored
- Changed in 8.1.38call completed
- New in 8.1.38call started
- email sent
- gateway config added
- gateway config updated
- gateway restore initiated
- gateway shutdown
- gateway startup
- IdP login attempt
- license unactivate
- license updated
- license activated
- login
- login attempt
- Login Request
- Login Response
- logout
- Logout Request
- Logout Response
- project created
- project deleted
- project save
- project updated
- query
- report executed
- resources modified
- SMS acknowledgement received
- SMS sent
- stored procedure called
- tag edit
- tag delete
- tag move
- tag rename
- tag write
- token login attempt
- trusted certificates deleted
- trusted certificates uploaded
- Web Auth Status Change
Gateway Audit Actionsβ
The following actions are recorded in an audit log when the Gateway has a Gateway Audit Profile is configured.
Project Systemβ
The following project-based actions are tracked by the auditing system.
- Project Property changes made from the Designer.
- Project setting changes made from the Gateway's web interface.
- Creating or deleting a project.
- Saving a project.
Gateway Systemsβ
In addition, project files on the Gateway's file system are closely monitored. If a user or third-party system modifies any of the project files, an entry will be recorded in the auditing system. The following Gateway-level actions are recorded in an audit log when the Gateway has a Gateway Audit Profile configured and selected on the Gateway's Security General Settings page.
Modulesβ
- Installing modules on the Gateway.
- Restarting a module.
- Deleting a module.
Gateway - Generalβ
- Gateway startup
- Gateway shutdown (assuming the gateway was requested to shutdown: unintended shutdowns from power failures and such will not be recorded).
- New in 8.1.17Gateway Login
- New in 8.1.17Gateway Logout
Gateway - Restoreβ
- Restoring the Gateway from a Gateway backup. Specifically, the Gateway will log that it was asked to before a restore, then perform the restoration.
Licensing Changesβ
- Activating a license.
- Unactivating a license.
- Updating a license.
Redundancyβ
- Saving after making any changes to the Redundancy Settings page.
Web Server Pageβ
- Installing or removing a security certificate.
- Making changes to the Web Server Settings page.
Gateway Networkβ
- Saving changes to Gateway Network General Settings .
- Creating, editing, or deleting outgoing connections.
- Approving incoming connections.
Email Settingsβ
- Creating, editing, or deleting an SMTP Profile.
Audit Profileβ
- Creating, editing, or deleting an Audit Profile.
User Sourcesβ
- Creating, editing, or deleting a User Source.
- Creating, editing, or deleting a user.
- Creating, editing, or deleting a role.
- βNew in 8.1.14User Lockout Events will also be recorded. Note that the audit log will record only the initial lockout event, rather than each failed authentication attempt.
Service Securityβ
- Editing and saving a policy.
Identity Providersβ
- Creating, editing, or deleting an Identity Provider configuration.
- Making changes to a User Attribute Mapping.
- Creating, editing, or deleting a User Grant.
- Saving changes on a Security Level Rule.
Security Levelsβ
- Creating, editing, and deleting security zones
Security Zonesβ
- Creating, editing, and deleting security zones
Database - Connectionsβ
- Creating, editing or deleting a database connection.
Database - Driversβ
- Creating, editing or deleting a JDBC driver
- Creating, editing or deleting a Translator
Store and Forwardβ
- Creating, editing or deleting a Store and Forward engine.
Alarming - Generalβ
- Saving changes on the Alarming General settings page.
Alarming - Alarm Journalβ
- Creating, editing or deleting an Alarm Journal Profile
Alarming - Notificationβ
- Creating, editing, or deleting an Alarm Notification Profile.
Schedulesβ
- Creating, editing or deleting a schedule.
- Creating, editing or deleting a holiday.
Tags - Realtimeβ
- Creating, editing or deleting a Realtime Tag Provider
Tags - Historicalβ
- Creating, editing or deleting a Historical Tag Provider.
OPC Client Connectionsβ
- Creating, editing or deleting an OPC connection.
OPC UA - Device Connectionsβ
- Creating, editing, or deleting a device connection (editing/saving a device connection configuration without making any changes will be recorded as an edit).
- Editing a Modbus address mapping via gateway interface on Modbus device connections.
- Editing DNP3 Aliased Points via gateway interface on DNP3 device connections.
- Editing tags via gateway interface on Omron NJ device connections.
- Adding FINS tags via gateway interface on Omron FIN device connections.
OPC UA - Server Settingsβ
- Editing the OPC UA Settings page.
Enterprise Administrationβ
- Configuring a gateway to be either an Agent or Controller.
Enterprise Administration - Event Thresholdsβ
- Changes made to Event thresholds.
Enterprise Administration - Controller Settingsβ
- Making changes to the Controller Settings page, including uninstalling the controller.
Enterprise Administration - Agent Settingsβ
- Making changes to the Agent Settings page, including uninstalling the agent.
Enterprise Administration - Agent Managementβ
- Creating, editing, deleting an Agent Group.
Enterprise Administration - License Managementβ
- Adding or removing a license from the License Management page.
Enterprise Administration - Agent Tasksβ
- Creating, editing, or deleting an agent task
- Separate records are taken each time a task executes.
Sequential Function Chartsβ
- Changes made to the SFC Settings page.
Add a Record Manuallyβ
- You can also add a record into the audit profile using the function system.util.audit.
Remote Gateway Tag Writesβ
- βChanged in 8.1.34Actions on tags from remote servers are recorded in the audit log for versions 8.1.16+. The 'System' column shows the originating Gateway name. Note that 'Host', and 'Context' will appear unknown for these records, but auditing events will now include the actor.
Perspective Auditing Actionsβ
Perspective Sessions generate entries in an assigned audit profile. The following actions are recorded in the Audit Profile:
- Tag changes from a component binding.
- Authentication level changes (a user's security level changes).
- Login Request - Indicates a user is requesting to log into an Identity Provider (IdP). The user should have been redirected to the IdP with a login request and Ignition is awaiting the IdPβs login response. Note that the user is not logged in until the IdP redirects the user back to Ignition with a login response and Ignition validates the login response.
- Login Response - Records when a login response is received from the IdP. Itβs possible that a login response will never be received for a login request. For example: if the user bails out of the login flow by closing their web browser before completing the login, Ignition will never receive the login response and will time out the request.
- Logout Request - Indicates a user is requesting to log out of an IdP. The user may be redirected to the IdP to log out of their IdP session. Regardless the user will be redirected back to the Perspective Session in a logged out state.
- Logout Response - Records when a logout response is received from the IdP after a user logged out of their IdP session. This event will not occur if the IdP does not support logout or if Ignition is not configured to redirect the user to the IdP for logging out.
- βNew in 8.1.18Tag changes from a Perspective script. Specifically:
- Writes, such as, but not limited to, those from system.tag.writeBlocking
- Edits and renaming, such as those caused by system.tag.configure
- Deletions, such as those caused by system.tag.deleteTags
- Moves, such as those caused by system.tag.move
Vision Auditing Actionsβ
The Vision project needs an audit profile configured and auditing enabled. Vision Clients will then log records to an assigned audit profile. Here is a list of audit actions that will be tracked in the Ignition auditing system:
Tagsβ
The following Tag related actions generate entries in the audit log. Note that the functions below must originate from the Tag Browser, the Designer's Scripting Console, or Vision component-based scripts.
- Tag Creation - Including tags created with the Tag Editor and the system.tag.configure function.
- Tag Deletion - Including those deleted from the Tag Browser's UI and the system.tag.deleteTags function.
- Tag Edits - Including edits made to tags from the Tag Editor and the system.tag.configure function.
- Moving Tags - Including moves made by drag-and-drop in the Tag Browser or by calling the system.tag.move function.
- Tag Renames - Renaming a tag generates an entry.
Vision Tag Writesβ
Write requests sent from a tag either through a standard Tag Binding, Indirect Tag Binding, or manual entry from the Tag Browser.
Vision Component Database Writesβ
The system explicitly captures modifications made to database tables through the following methods:
- SQL Query Bindings - modifications from the UPDATE Query will be recorded.
- DB Browse Binding - modifications made with the Enable Database Writeback area will be recorded.
Vision User Login/Logoutβ
- Logging into a Vision Client will generate an entry in the auditing system, as will logging out of the client.
- Closing the client while logged in is treated as a logout. Note that the entry is only recorded if the client is aware that it is closing, which excludes cases where the client closed unexpectedly.
Database Query Browserβ
- If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.
- Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.
Vision Scriptingβ
The following functions generate entries in the audit log if called from Vision component-based scripts, or from the Designer's Scripting Console.
- system.db.execSProcCall
- system.db.runPrepUpdate
- system.db.runUpdateQuery
- system.tag.writeBlocking
- system.tag.writeAsync
- system.report.executeAndDistribute
- system.report.executeReport
Designerβ
Designer Login and Closingβ
- Opening a project in the Designer that has auditing enabled will also generate a login entry in the auditing system. Note that this occurs when the user opens the project, not when they log in using the Designer's login screen: auditing is project-based, so the user has to select a project that is being edited first.
- Closing the Designer effectively counts as logging off, and will generate a "logout" entry. Similar to vision, should the designer close unexpectedly, then an entry will not be recorded.
Database Query Browserβ
If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.
Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.
Alarm Notificationβ
Alarm Notification Attemptsβ
Attempts to send out alarm notifications are recorded in the auditing system. Specifically, the Gateway will record when it attempted to send out a notification, as well as if the attempt failed (such as the SMTP server refusing the request). It is important to note that the auditing system can not report failures that occur outside of the Gateway. Thus, if a voice notification fails to send due to some error in the VOIP system, it's possible that the Gateway won't report the VOIP error, but the audit log will have an entry stating that the Gateway attempted to send the notification.
Reporting Moduleβ
Report Executionβ
Reporting Module Reports generate an entry in the auditing system when a report is executed. Thus:
- Reports running on a schedule will generate an entry.
- Report schedules executed on demand will generate an entry.
- Navigating to a Vision window (in either the Designer or a Vision Client) will trigger a report execution, generating an entry in the auditing system.