Skip to main content
Version: 8.1

Auditing Actions Reference

The auditing system in Ignition records actions originating from the Gateway, Perspective and Vision projects. This page lists which actions are logged by the auditing system.

A description of the audit table can be found on the Ignition Database Table Reference page.

Gateway Audit Actions​

The following actions are recorded in an audit log when the Gateway has a Gateway Audit Profile is configured.

Project System​

The following project-based actions are tracked by the auditing system.

  • Project Property changes made from the Designer.
  • Project setting changes made from the Gateway's web interface.
  • Creating or deleting a project.
  • Saving a project (action recorded as "project update").

Gateway Systems​

In addition, project files on the Gateway's file system are closely monitored. If a user or third-party system modifies any of the project files, an entry will be recorded in the auditing system. The following Gateway-level actions are recorded in an audit log when the Gateway has a Gateway Audit Profile is configured.

Modules​

  • Installing modules on the Gateway.
  • Restarting a module.
  • Deleting a module.

Gateway - General​

*Gateway startup

  • Gateway shutdown (assuming the gateway was requested to shutdown: unintended shutdowns from power failures and such will not be recorded).
  • ​
    New in 8.1.17
    Gateway Login
  • ​
    New in 8.1.17
    Gateway Logout

Gateway - Restore​

  • Restoring the Gateway from a Gateway backup. Specifically, the Gateway will log that it was asked to before a restore, then perform the restoration.

Licensing Changes​

  • Activating a license.
  • Unactivating a license.
  • Updating a license.

Redundancy​

  • Saving after making any changes to the Redundancy Settings page.

Web Server Page​

  • Installing or removing a security certificate.
  • Making changes to the Web Server Settings page.

Gateway Network​

  • Saving changes to Gateway Network General Settings .
  • Creating, editing, or deleting outgoing connections.
  • Approving incoming connections.

Email Settings​

  • Creating, editing, or deleting an SMTP Profile.

Audit Profile​

  • Creating, editing, or deleting an Audit Profile.

User Sources​

  • Creating, editing, or deleting a User Source.
  • Creating, editing, or deleting a user.
  • Creating, editing, or deleting a role.
  • ​
    New in 8.1.14
    User Lockout Events will also be recorded. Note that the audit log will record only the initial lockout event, rather than each failed authentication attempt.

Service Security​

  • Editing and saving a policy.

Identity Providers​

  • Creating, editing, or deleting an Identity Provider configuration.
  • Making changes to a User Attribute Mapping.
  • Creating, editing, or deleting a User Grant.
  • Saving changes on a Security Level Rule.

Security Levels​

  • Creating, editing, and deleting security zones

Security Zones​

  • Creating, editing, and deleting security zones

Database - Connections​

  • Creating, editing or deleting a database connection.

Database - Drivers​

  • Creating, editing or deleting a JDBC driver
  • Creating, editing or deleting a Translator

Store and Forward​

  • Creating, editing or deleting a Store and Forward engine.

Alarming - General​

  • Saving changes on the Alarming General settings page.

Alarming - Alarm Journal​

  • Creating, editing or deleting an Alarm Journal Profile

Alarming - Notification​

  • Creating, editing, or deleting an Alarm Notification Profile.

Schedules​

  • Creating, editing or deleting a schedule.
  • Creating, editing or deleting a holiday.

Tags - Realtime​

  • Creating, editing or deleting a Realtime Tag Provider

Tags - Historical​

  • Creating, editing or deleting a Historical Tag Provider.

OPC Client Connections​

  • Creating, editing or deleting an OPC connection.

OPC UA - Device Connections​

  • Creating, editing, or deleting a device connection (editing/saving a device connection configuration without making any changes will be recorded as an edit).
  • Editing a Modbus address mapping via gateway interface on Modbus device connections.
  • Editing DNP3 Aliased Points via gateway interface on DNP3 device connections.
  • Editing tags via gateway interface on Omron NJ device connections.
  • Adding FINS tags via gateway interface on Omron FIN device connections.

OPC UA - Server Settings​

  • Editing the OPC UA Settings page.

Enterprise Administration​

  • Configuring a gateway to be either an Agent or Controller.

Enterprise Administration - Event Thresholds​

  • Changes made to Event thresholds.

Enterprise Administration - Controller Settings​

  • Making changes to the Controller Settings page, including uninstalling the controller.

Enterprise Administration - Agent Settings​

  • Making changes to the Agent Settings page, including uninstalling the agent.

Enterprise Administration - Agent Management​

  • Creating, editing, deleting an Agent Group.

Enterprise Administration - License Management​

  • Adding or removing a license from the License Management page.

Enterprise Administration - Agent Tasks​

  • Creating, editing, or deleting an agent task
  • Separate records are taken each time a task executes.

Sequential Function Charts​

  • Changes made to the SFC Settings page.

Add a Record Manually​

  • You can also add a record into the audit profile using the function system.util.audit.

Remote Gateway Tag Writes​

  • ​
    Changed in 8.1.34
    Actions on tags from remote servers are recorded in the audit log for versions 8.1.16+. The 'System' column shows the originating Gateway name. Note that 'Host', and 'Context' will appear unknown for these records, but auditing events will now include the actor.

Perspective Auditing Actions​

Perspective Sessions generate entries in an assigned audit profile. The following actions are recorded in the Audit Profile:

  • Tag changes from a component binding.
  • Authentication level changes (a user's security level changes).
  • Login Request - Indicates a user is requesting to log into an Identity Provider (IdP). The user should have been redirected to the IdP with a login request and Ignition is awaiting the IdP’s login response. Note that the user is not logged in until the IdP redirects the user back to Ignition with a login response and Ignition validates the login response.
  • Login Response - Records when a login response is received from the IdP. It’s possible that a login response will never be received for a login request. For example: if the user bails out of the login flow by closing their web browser before completing the login, Ignition will never receive the login response and will time out the request.
  • Logout Request - Indicates a user is requesting to log out of an IdP. The user may be redirected to the IdP to log out of their IdP session. Regardless the user will be redirected back to the Perspective Session in a logged out state.
  • Logout Response - Records when a logout response is received from the IdP after a user logged out of their IdP session. This event will not occur if the IdP does not support logout or if Ignition is not configured to redirect the user to the IdP for logging out.
  • ​
    New in 8.1.18
    Tag changes from a Perspective script. Specifically:

Vision Auditing Actions​

The Vision project needs an audit profile configured and auditing enabled. Vision Clients will then log records to an assigned audit profile. Here is a list of audit actions that will be tracked in the Ignition auditing system:

Tags​

The following Tag related actions generate entries in the audit log. Note that the functions below must originate from the Tag Browser, the Designer's Scripting Console, or Vision component-based scripts.

  • Tag Creation - Including tags created with the Tag Editor and the system.tag.configure function.
  • Tag Deletion - Including those deleted from the Tag Browser's UI and the system.tag.deleteTags function.
  • Tag Edits - Including edits made to tags from the Tag Editor and the system.tag.configure function.
  • Moving Tags - Including moves made by drag-and-drop in the Tag Browser or by calling the system.tag.move function.
  • Tag Renames - Renaming a tag generates an entry.

Vision Tag Writes​

Write requests sent from a tag either through a standard Tag Binding, Indirect Tag Binding, or manual entry from the Tag Browser.

Vision Component Database Writes​

The system explicitly captures modifications made to database tables through the following methods:

Vision User Login/Logout​

  • Logging into a Vision Client will generate an entry in the auditing system, as will logging out of the client.
  • Closing the client while logged in is treated as a logout. Note that the entry is only recorded if the client is aware that it is closing, which excludes cases where the client closed unexpectedly.

Database Query Browser​

  • If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.
  • Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.

Vision Scripting​

The following functions generate entries in the audit log if called from Vision component-based scripts, or from the Designer's Scripting Console.

Designer​

Designer Login and Closing​

  • Opening a project in the Designer that has auditing enabled will also generate a login entry in the auditing system. Note that this occurs when the user opens the project, not when they log in using the Designer's login screen: auditing is project-based, so the user has to select a project that is being edited first.
  • Closing the Designer effectively counts as logging off, and will generate a "logout" entry. Similar to vision, should the designer close unexpectedly, then an entry will not be recorded.

Database Query Browser​

If the project opened in the Designer has an assigned Audit Profile, then changes made to database tables using the database query browser are automatically recorded to the audit log. "Changes" in this case refer to UPDATE, DELETE, or INSERT statements manually typed and executed from the database query browser.

Enabling edit mode and applying changes, including typing in new values, adding rows, removing rows, and clearing out fields, are recorded as queries called from the project.

Alarm Notification​

Alarm Notification Attempts​

Attempts to send out alarm notifications are recorded in the auditing system. Specifically, the Gateway will record when it attempted to send out a notification, as well as if the attempt failed (such as the SMTP server refusing the request). It is important to note that the auditing system can not report failures that occur outside of the Gateway. Thus, if a voice notification fails to send due to some error in the VOIP system, it's possible that the Gateway won't report the VOIP error, but the audit log will have an entry stating that the Gateway attempted to send the notification.

Reporting Module​

Report Execution​

Reporting Module Reports generate an entry in the auditing system when a report is executed. Thus:

  • Reports running on a schedule will generate an entry.
  • Report schedules executed on demand will generate an entry.
  • Navigating to a Vision window (in either the Designer or a Vision Client) will trigger a report execution, generating an entry in the auditing system.
Last updated on by ia-sshamgar