This lesson is part of the Security in Ignition course. You can browse the rest of the lessons below.


Autoplay Off


Learn how to create and set up an audit profile in Ignition and enable auditing in a project. Also, get information on audit settings and what is stored in the audit log.

Video recorded using: Ignition 7.9


(open in window)

[00:00] Ignition can keep an audit log for your projects. This way, we can keep track of who logged in, who wrote to a tag, and even who wrote something to the database. First, we need to tell Ignition where to store this information, or rather, which database connection to use. So, in the Configure section, I'm under Security and Auditing, and we list all of our Audit Profiles here. You can see I don't have any right now. So I'm going to click the Create New Audit Profile link down below. There's only a database type for right now, so I'm going to click the Next button, and we'll go ahead and give this profile a name here. So, how about just Audits_Prof, and you can see there is a retention property down below. So, any events that are older than whatever the number of days listed here is, will be pruned from the table. So, of course if you wanted to have a Audit Log that stretched back further, you'd definitely want to change the value on this property. I'm going to scroll down a little bit here, and we can see under Database Settings we specify which database connection to store these events in, as well as the name of the database table we want to call this, so by default, it uses a table called Audit_Events. Ignition will automatically attempt to create the table, assuming it doesn't exist, but if you wanted to prevent that, or use another table that was already created, you can uncheck the Auto Create property here. And then just tell us the name of the database table. Now if you take a look at the advanced properties down below, these properties here give you a chance to change the names of the columns on this database table. Now, I'm not going to make any changes here, I just wanted to point this out. So, I'm going to toggle that checkbox and click the Create New Audit Profile button, and there we can see our new profile. I did want to note that you can have an unlimited number of audit profiles on a single gateway. So if you wanted to take the audit information and store it to multiple database connections, say a local database as well as a central database at some data center somewhere, you can absolutely do that, just by creating a separate Audit Profile and using a different database connection. Now we're not done. Before we start storing any tag rights, or anything like that, we have to enable the Audit Profile for a project. So, I'm going to bring my Designer up, and once you have your Designer open, if you go to Project at the top, and Properties, under Project and General there's an Audit Settings section. If you set Enable Auditing to true, we have a little drop-down for your Audit Profiles. Now, because I had my Designer open this whole time, it doesn't see my Audit Profile. However, if I click the little refresh button on the right, and click the drop-down again, it should see my Audit Profile. I'm going to select my new profile. I'll click OK, and I'll save my project. Now, before the system will create the Audit Events database table, we need to generate some auditable events, so tag rights for example. I have Writable Integer 1 tag here, that's bound to this spinner component, and I have this open in a client. So if I go ahead and change the value on that tag, that should create the table. So we can go take a look in our database. So I'm going to go to Tools at the top, and I'm going to go to the Database Query Browser, and on the right we can see the audit events table was created. I'm just going to double click on it, and then click the Execute button at the top. Here you can see the new row that I added. So, we have the time, the actor, or the user that caused this event, the name of the computer, under Actor_Host, we also have the action, the target, so the tag path of the action, and the new value. And then you look over here, and you would see the originating system, or which project. I'll enable Auto Refresh on the Database Query Browser. I'm going to grab my client real quick. Any new tag rights that occur are going to automatically appear into the My Database table as well. So, from this point on now I can log whenever my user does something that would cause some sort of right somewhere.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.