Audit Log and Profiles
Ignition's built-in auditing system automatically records certain actions that occur in the system, such as a Tag writes or User Source authentication, into a SQL database table. Utilizing the system involves creating an Audit Profile, followed by enabling auditing in a project. Once both prerequisites have been met, the Gateway will automatically create a database table named AUDIT_EVENTS, and use the table to start tracking user actions.
The Remote Audit Log configuration option allows audit events to be automatically sent to a remote Gateway's audit log. The remote Gateway you plan to connect to must have a Audit Profile created. To learn more about sending audit events to a remote Gateway, refer to section Creating a Remote Gateway Audit Profile on this page.
You can use Audit Profiles for Gateway events and project events. See the Enabling Auditing for Gateway-Scoped Actions or the Enabling Auditing in a Project sections for more details.
Auditing Actions​
For a list of actions that are recorded by an audit profile, see the Auditing Actions Reference page.
Create a Database Audit Profile​
- Go to the Config section of the Gateway Webpage.
- Scroll down to the Security > Auditing from the menu on the left. The Audit Profiles page is displayed.
- Click the Create a new Audit Profile link.
- You have the option of storing audit logs into an external database or sending them to a remote Gateway. For this example, select Database. (Configuring audit events to be sent to a remote Gateway's audit log is addressed in Creating a Remote Gateway Audit Profile section on this page).
- Enter the Name of the audit log and Description (optional).
- In the Retention field, set a value in days for how long you want audit records kept. (The default is 90 days.)
- Under the Database Settings, select the Database where the table will be stored, select the Auto Create check box, and enter the desired Table Name.
- Click Create New Audit Profile.
Once some changes have been made to a Tag or a Database table, Ignition will begin recording.
Database Audit Profile Properties Table​
Main
| Name | Description |
|---|---|
| Name | The default name, is the name of the Audit Profile. |
| Description | Description of the audit profile. Optional. |
| Retention | ​ New in 8.1.1 How long (in days) should audit records be kept? Values less than or equal to 0 will disable pruning. Default is 90 days. |
Database Settings
| Name | Description |
|---|---|
| Database | The database connection to use to store audit events. |
| Auto Create | If true (selected), the table schema specified here will be automatically verified and created if necessary. Default is true. |
| Pruning Enabled | ​ New in 8.1.3 If false, this audit profile will never prune records, regardless of the retention field. Otherwise, the retention field will be followed. Default is false. |
| Table Name | The name of the table to store audit events. Default is AUDIT_EVENTS. |
Create an Internal Audit Profile​
The Internal Audit Profile option allows an Ignition Gateway to store audit records without an external SQL database. The only way to interact with the Internal Audit Profile is via the Status page of the Gateway webpage.
- Go to the Config section of the Gateway Webpage.
- Scroll down to the Security > Auditing from the menu on the left. The Audit Profiles page is displayed.
- Click the Create a new Audit Profile link.
- Select Internal.
- Enter a name for the audit log and a description (optional).
- In the Retention field, set a value in days for how long you want audit records kept. (The default is 90 days.)
- Click Create New Audit Profile.
Internal Audit Profile Properties Table​
| Name | Description |
|---|---|
| Name | The default name, is the name of the Audit Profile. |
| Description | Description of the audit profile. Optional. |
| Retention | ​ New in 8.1.1 Value in days for how long you want audit records kept. Default is 90 days. |
Creating a Remote Gateway Audit Profile​
Just like configuring audit events to be logged into an external database, it is done from the Gateway Webpage, Config > Security > Auditing.
- To have your audit events automatically sent to a remote Gateway's audit profile, select Remote, and click Next.
- A list of known Gateways will be displayed. If you don't see a Gateway that you expected to see, check your Gateway Network settings to verify that the connections are valid. You also have the option to specify a Gateway manually. This example selects a valid Gateway. Click Next.
- If an Audit profile exists, the fields will auto-populate. The name of the Gateway will appear in the Name field prefaced with the audit profile name (i.e., Ignition_Test_Auditing), as shown in the following example. Click Create New Audit Profile.
- You will receive a successful message stating your new Audit Profile was created.
Remote Gateway Audit Profile Properties Table​
Main
| Name | Description |
|---|---|
| Name | The default name, is the name of the Remote Gateway and Audit Profile. |
| Description | Description of the audit profile. Optional. |
| Enabled | By default, the journal profile is enabled. |
Remote Settings
| Name | Description |
|---|---|
| Target System | The remote system to send audit events to over the Gateway network. |
| Target Profile | The audit profile on the remote system to log events into. |
Advanced
| Name | Description |
|---|---|
| Use Store and Forward | New in 8.1.23 If enabled, audit events will be stored through the Store and Forward system. If not enabled, they will be stored directly against the remote Gateway. Default is true. |
Enabling Auditing for Gateway-Scoped Actions​
After setting up an Audit Profile, you can have the audit log record Gateway events.
- Navigate to the Gateway General Security Settings page. This is located at your Gateway's Config page > Security > General.
- Set the Gateway Audit Profile setting to the audit profile you want to record with, then save your settings.
- Once you press save, a confirmation banner will appear at the top of the page and your Gateway will begin recording events to the specified audit profile.
Enabling Auditing in a Project​
- Go to the Designer, open the project that you want to enable auditing on, then go to Project > Properties.
- Go to the General section, select the Enable Auditing check box, and select your Audit Profile from the drop-down menu. The audit profile is used to record audit actions for your project. If the new audit profile does not show up, click Refresh.
- Click OK.
- Save your Project.
Viewing Information in an Audit Log​
There are a few ways to view audit information: using a Table component, interface on the Gateway, or the Database Query Browser. Here is one example of viewing an Audit Log using the Database Query Browser.
- In the Designer, go to Tools > Database Query Browser.
- Under the Schema area, double click on a table, and it will expand the query in the Database Query Browser area.
- Click Execute. All the audit log data will be displayed in the Resultset1 area.
Audit Log Table Descriptions​
A description of the columns used by the audit log's database table can be found on the Ignition Database Table Reference page.