AuditEventsare generated as a result of an action taken on the Serverby a Clientof the Server. For example, in response to a Clientissuing a write to a Variable, the Serverwould generate an AuditEventdescribing the Variableas the source and the user and Client Sessionas the initiators of the Event. Not all Serverssupport auditing, but if a Serversupports auditing then it shall support audit Eventsas described in 5.6. Profiles(see OPC 10000-7) can be used to determine if a Serversupports auditing. Serversshall generate Eventsof the AuditHistoryUpdateEventTypeor a sub-type of this type for all invocations of the HistoryUpdate Serviceon any HistoricalNode. See OPC 10000-3and OPC 10000-5for details on the AuditHistoryUpdateEventType model. In the case where the HistoryUpdate Serviceis invoked to insert Historical Events, the AuditHistoryEventUpdateEventType Eventshall include the EventId of the inserted Eventand a description that indicates that the Eventwas inserted. In the case where the HistoryUpdate Serviceis invoked to delete records, the AuditHistoryDeleteEventTypeor one of its sub-types shall be generated. See 6.7for details on updating historical data or Events.

In particular using the Delete raw or Delete modified functionality shall generate an AuditHistoryRawModifyDeleteEventType Eventor a sub-type of it. Using the Delete at time functionality shall generate an AuditHistoryAtTimeDeleteEventType Eventor a sub-type of it. Using the Delete Eventfunctionality shall generate an AuditHistoryEventDeleteEventType Eventor a sub-type of it. All other updates shall follow the guidelines provided in the AuditHistoryUpdateEventTypemodel.