This EventType is defined in OPC 10000-3. Its representation in the AddressSpace is formally defined in Table 25.

Table 25 – AuditEventType definition

Attribute

Value

BrowseName

AuditEventType

IsAbstract

True

References

NodeClass

BrowseName

DataType

TypeDefinition

ModellingRule

Subtype of the BaseEventType defined in 6.4.2, which means it inherits the InstanceDeclarations of that Node.

HasProperty

Variable

ActionTimeStamp

UtcTime

PropertyType

Mandatory

HasProperty

Variable

Status

Boolean

PropertyType

Mandatory

HasProperty

Variable

ServerId

String

PropertyType

Mandatory

HasProperty

Variable

ClientAuditEntryId

String

PropertyType

Mandatory

HasProperty

Variable

ClientUserId

String

PropertyType

Mandatory

Conformance Units

Auditing Connections

Auditing NodeManagement

Auditing History Services

Auditing Write

Auditing Method

This EventType inherits all Properties of the BaseEventType. Their semantic is defined in 6.4.2.

ActionTimeStamp identifies the time the user initiated the action that resulted in the AuditEvent being generated. It differs from the Time Property because this is the time the server generated the AuditEvent documenting the action.

Status identifies whether the requested action could be performed (set Status to TRUE) or not (set Status to FALSE).

ServerId uniquely identifies the Server generating the Event. It identifies the Server uniquely even in a server-controlled transparent redundancy scenario where several Servers may use the same URI.

ClientAuditEntryId contains the human-readable AuditEntryId defined in OPC 10000-4. If the Server is unable to decrypt AuditEntryId due to a certificate check failure, then some Client identification should be used such as the Client’s IP Address, port, MAC address and/or DNS name as the ClientAuditEntryId.

The ClientUserId identifies the user of the client requesting an action. The ClientUserId can be obtained from the UserIdentityToken passed in the ActivateSession call. If the UserIdentityToken is a UserNameIdentityToken then the ClientUserId is the UserName. If the UserIdentityToken is an X509IdentityToken then the ClientUserId is the X509 Subject Name of the Certificate. If the UserIdentityToken is an IssuedIdentityToken then the ClientUserId shall be a string that represents the owner of the token. The best choice for the string depends on the type of IssuedIdentityToken. If an AnonymousIdentityToken was used, the value is null. For a SessionlessInvoke Service invocation the ClientUserId shall be a string that represents the owner of the authenticationToken in the requestHeader of the Service invocation such as the name field of a JWT IssuedIdentityToken.