Clients and Serversgenerate audit records of successful and unsuccessful connection attempts, results of security option negotiations, configuration changes, system changes, user interactions and Session rejections.
OPC UA provides support for security audit trails through two mechanisms.
First, it provides for traceability between Clientand Serveraudit logs. The Clientgenerates an audit log entry for an operation that includes a request. When the Clientissues a service request, it generates an audit log entry and includes the local identifier of the log entry in the request sent to the Server. The Serverlogs requests that it receives and includes the Client’s entry id in its audit log entry. In this fashion, if a security-related problem is detected at the Server, the associated Clientaudit log entry can be located and examined. OPC UA does not require the audit entries to be written to disk, but it does require that they be available. OPC UA provides the capability for Serversto generate Event Notificationsthat report auditable Eventsto Clients capable of processing and logging them. See OPC 10000-4for more details on how services in OPC UA are audited.
Second, OPC UA defines audit parameters to be included in audit records. This promotes consistency across audit logs and in Audit Events. OPC 10000-5defines the data types for these parameters. Other information models may extend the audit definitions. OPC 10000-7defines Profiles which include the ability to generate Audit Eventsand use these parameters, including the Clientaudit record id.
Because the audit logs are used to prove that the system is operating securely, the audit logs themselves should also be secured from unauthorized tampering. If someone without authorization were able to alter or delete log records, this could hide an actual or attempted security breach. Because there are many different ways to generate and store audit logs (e.g. files or database), the mechanisms to secure audit logs are outside the scope of this specification.
In addition, the information in an audit record may contain sensitive or private information, thus the ability to subscribe for Audit Eventsis restricted to appropriate users and/or applications. As an alternative, the fields with sensitive or private information can instead contain an error code indicating access denied for users that do not have appropriate rights.