This EventType is defined in OPC 10000-3. Its representation in the AddressSpace is formally defined in Table 26.
Table 26 – AuditEventType definition
|
Attribute |
Value |
|||||
|
BrowseName |
AuditEventType |
|||||
|
IsAbstract |
True |
|||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
|
|
Subtype of the BaseEventType defined in 6.4.2, which means it inherits the InstanceDeclarations of that Node. |
||||||
|
HasProperty |
Variable |
ActionTimeStamp |
UtcTime |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
Status |
Boolean |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
ServerId |
String |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
ClientAuditEntryId |
String |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
ClientUserId |
String |
PropertyType |
Mandatory |
|
|
HasProperty |
Variable |
ClientApplicationUri |
String |
PropertyType |
Optional |
|
|
Conformance Units |
||||||
|
Auditing Connections |
||||||
|
Auditing NodeManagement |
||||||
|
Auditing History Services |
||||||
|
Auditing Write |
||||||
|
Auditing Method |
||||||
This EventType inherits all Properties of the BaseEventType. Their semantic is defined in 6.4.2.
The BaseEventType Properties are used to describe the source of the AuditEvent. SubTypes of AuditEventType may define the Node to assign to the SourceNode Property, if not defined the SourceNode Property shall be set to the Server Node. The SourceName Property for AuditEvent typically provides more information related to the source of the AuditEvents. If the AuditEvent is related to a Method invocation, then typically this Property would be “Method/” concatenated with the name of the invoked Method.
Subtypes of AuditEventType are defined so that the EventTypeId can be used to sort and categorize AuditEvents. It is recommended that new subtypes of AuditEventType do not add additional Properties beyond what is defined in the core UA specifications. This allows a generic audit Client to collect all relevant information using an EventFilter consisting of Event fields from the core AuditEventTypes.
ActionTimeStamp identifies the time the user initiated the action that resulted in the AuditEvent being generated. It differs from the Time Property because this is the time the server generated the AuditEvent documenting the action.
Status identifies whether the requested action could be performed (set Status to TRUE) or not (set Status to FALSE).
ServerId uniquely identifies the Server generating the Event. It identifies the Server uniquely even in a server-controlled transparent redundancy scenario where several Servers may use the same URI.
ClientAuditEntryId contains the human-readable AuditEntryId defined in OPC 10000-4. If the Server is unable to decrypt AuditEntryId due to a certificate check failure, then some Client identification should be used such as the Client’s IP Address, port, MAC address and/or DNS name as the ClientAuditEntryId.
The ClientUserId identifies the user of the client requesting an action. The ClientUserId can be obtained from the UserIdentityToken passed in the ActivateSession call. If the UserIdentityToken is a UserNameIdentityToken then the ClientUserId shall be the UserName. If the UserIdentityToken is an X509IdentityToken then the ClientUserId shall be the X509 Subject Name of the Certificate. If the UserIdentityToken is an IssuedIdentityToken then the ClientUserId shall be a string that represents the owner of the token. The best choice for the string depends on the type of IssuedIdentityToken. If the UserIdentityToken is a JWT IssuedIdentityToken, then the ClientUserId shall depend on the existence of the ‘iss’ (issuer) field of the JWT IssuedIdentityToken. If the ‘iss’ field is present the ClientUserId shall be the value of the ‘iss’ field of the JWT IssuedIdentityToken concatenated with the value of the ‘sub’ field of the JWT IssuedIdentityToken. If the ‘iss’ field of the JWT IssuedIdentityToken is not present, the ClientUserId shall be the value of the ‘sub’ field of the JWT IssuedIdentityToken. If an AnonymousIdentityToken is being used, the ClientUserId shall be null.
The ClientApplicationUri identifies the application requesting the action. If the action is initiated by a Client, then the ClientApplicationUri shall be the applicationUri from the ClientDescription (ApplicationDescriptionType).