AuditTrail

AuditTrail
Audit Trail User Guide
IGSS Version 9.0
Contents
Chapter 1: The IGSS Audit Trail
1.1 What is the Audit Trail module?
Chapter 2: Setting up the Audit Trail
2.1 Setting up the SQL Server for Audit Trail
2.2 Auto-starting the Audit Trail
1
1
3
3
16
Chapter 3: Using the Audit Trail
17
3.1 Understanding the Audit Trail window
17
3.2 The Action list
18
3.3 The Home ribbon
20
3.4 Choosing the view period
23
3.5 Filtering the Audit Trail
25
3.6 Saving and applying views
26
3.7 Adding a user note
26
3.8 Presenting Audit Trail information in the IGSS Dashboard
27
Chapter 4: Reference and Lookup
30
4.1 Conventions in this Manual
30
4.2 Getting Help in IGSS
31
4.3 Version Information (IGSS Help System)
32
Chapter 5: Glossary
34
Chapter 1: The IGSS Audit Trail
1.1 What is the Audit Trail module?
In SCADA1 systems it is crucial to be able to monitor all actions performed in the process of
the industrial plant. The IGSS V8 SCADA solution includes the new Audit Trail module, that
offers a thorough recording of all actions done by its system operators.
What is recorded
The Audit Trail module can easily be customized to record any of the following operator actions:
l
Acknowledgement of process alarms
l
Commands send to the process PLCs
l
Operators login or logout
l
Changes in data collection settings
l
Operator notes written - for example alarm notes or maintenance notes
l
Changes in analog alarm limits
l
System start/stop
Viewing and filtering the Audit Trail
The recorded audit trails are shown in a list in the Audit Trail window. Filtering in this list is flexible and can be performed on many different system parameters. This is useful to track certain
operator actions and detect any irregularities in the process control. Below is listed some of the
information available for each record of an audit trail:
l
Operator - which operator has performed the action
l
IGSS Object - which object is influenced
l
IGSS Operator station - from where has the action been performed
l
Action Type - what has been done
l
Approved by - which second person has approved the action
The Audit Trail window
Here's an example where numerous user and system actions have been recorded:
1 Supervisory Control & Data Acquisition
Chapter 2: Setting up the Audit Trail
2.1 Setting up the SQL Server for Audit Trail
If you have a full SQL Server, it will provide all the functionality you need without any limitations. The free version, SQL Server Express, has a max. limit of 4 GB per database.
Install and set up the SQL Server
1. Start by installing the SQL Server on the IGSS Server or on another PC in the IGSS
network.
l
SQL Server Express 2008 and Management Tools can be downloaded from this
link: http://www.microsoft.com/express/Database/
l
SQL Server Express 2005 and its Management Studio is included on the IGSS
installation disc.
2. If you're using SQL Server Express, it is recommended to create a new server name,
instead of accepting the default name, SQLEXPRESS. For example, you could call it
"IGSS".
When you create a new SQL Server name, you obtain two advantages:
- If you have other applications dependent on SQL Server Express, they will
not conflict in the default server, SQLEXPRESS.
- You have the full 4 GB of data available, as only IGSS data will be saved in
this server.
3. During installation, remember to enable both authentication types, if required. a. Windows Authentication (can only be used, if you're in a domain/workgroup)
b. SQL Server Authentication (necessary if you're not in a domain/workgroup)
4. Start the SQL Server Configuration Manager from the Windows Start menu
under SQL Server 2008 > Configuration Tools.
5. Make sure that that SQL Server and SQL Server Browser are started.
6. Make sure that following protocols are enabled, both for the Native client and SQL
Server .
7. Close the SQL server Configuration Manager.
Run the Audit Trail script
1. Start the Microsoft SQL Server Management Studio.
2. Do the following:
l
Under Server type, select Database Engine.
l
Under Server name, select the correct server name (see Note above).
l
Under Authentication, select Windows Authentication or SQL Server
Authentication, as required.
3. In the File menu, choose Open -> File. Browse to the [IGSS installation
path]\SQL folder.
Default path is C:\Program Files\7T\IGSS32\V9.0\SQL.
4. Open the script named audittraildb.sql .
5. Press the Execute! button in the toolbar.
6. Under Messages, there should be 1 line saying (1 Row(s) affected). If there are
more lines, an error has occurred. Troubleshoot the error and repeat this step, once
fixed. 7. If you have an operator station which is not in the same domain / workgroup as the
SQL Server, you must configure an SQL Server Authentication account.
8. In the Object Explorer tree view, unfold the Security branch, right-click on
Logins and select New Login.
9. In this particular case I have created an account called sql , with the password sql . 10. On the General page, I have selected default database AUDITTRAIL and for this
purpose I have also selected that my sql user is a sysadmin under the Server
Roles page.
11. Close the Microsoft SQL Server Management Studio.
Set up Audit Trail in System Configuration
1. Start the System Configuration module and select the IGSS server or single user
station.
No setup is necessary on the operator station in System Configuration. The
only requirement for the operator station is that it must have read/write access
to the SQL Server.
2. On the Files tab, under Audit Trail , click the SQL Settings button.
3. Select the check box Write audit trail value to SQL Server and click the Database Setup button.
4. In the Data Link Properties dialog box, select the SQL Server Native Client
10.0 data source.
Click Next >> .
5. On the Connection tab, do the following:
Step 1: Select the SQL Server in the drop-down list.
In a real multiuser system, we recommend that you use
the actual IP address, for example, 192.168.0.1.
Step 2: Set user access to Use Windows NT integrated security or Use a specific user name and password, if you're using SQL Server Authentication. Enter
the user name and password and remember to select Allow saving password.
Step 3: Under Select the database on the server , select the AUDITTRAIL
database.
Step 4: Click Test Connection to test that the connection is working. If successful,
then click OK.
6. Verify that the SQL Server Settings dialog box has these settings and click OK.
7. Finally, click the Access Control tab.
8. Enable the audit trail by selecting the Keep a record of all user activity in an
audit trail database check box.
Then select the activities you want to store in the audit trail database. Select the
Comment required check box, if you want to force the user to enter a comment
for this type of operation.
In the Keep audit trail for field, write 0 (zero) to keep records forever or write a
specific number of days.
User administration and Audit Trail
Audit Trail really only makes sense, if you have users logged in. This will allow you to record
exactly what happened and who did it.
Therefore, we recommend that you do the following before starting the audit trail:
1. Define the relevant users and user groups in the User Administration module.
2. Clear the check box Disable access control on the tab above in the
System Configuration module.
3. Make sure that users are logged in permanently, while they are using IGSS. If a
user is only temporarily logged in, he will be prompted for his user name and password, everytime the Audit Trail needs to record an activity.
2.2 Auto-starting the Audit Trail
Once you've set up the SQL Server for the Audit Trail, you will probably want to automatically
start the module everytime the user starts the IGSS project.
To auto-start the Audit Trail:
1. Open the System Configuration module.
2. Select the relevant IGSS station.
3. Click the Startup tab.
4. Under Auto start, select the Audit Trail check box.
5. Repeat steps 2-4 for all the stations where you want Audit Trail to start automatically.
6. In the File menu, select Save and Exit.
With the auto start option enabled, the Audit Trail module will now be started with the configuration and closed when the configuration is stopped.
Chapter 3: Using the Audit Trail
3.1 Understanding the Audit Trail window
Before you start using the Audit Trail module, we recommend that you take a few minutes to
get familiar with the user interface.
The picture below shows the user interface elements of the Audit Trail window.
Here is a short description of each element in the user interface.
Element
Application
button
Description
When you click the application button, a menu will appear.
The functions allow you to print and set up print options.
The Options item allows you to set up various global settings for the module.
Element
The ribbon
Action list
Description
"The Home ribbon" on page 20 includes all the functions you need to operate
the Audit Trail.
"The Action list" on page 18 shows all the recorded system and user actions
for the current view period.
3.2 The Action list
The Action list shows all recorded system and user actions in the current view period (specified
in the Home ribbon).
The table below describes the individual fields in the list.
Field
Date
Description
Timestamp of the system or user action. By default, time is given in local time.
The following action types exist:
Type
Subtype
Output
Commands sent by the user to the PLC.
Limits
Alarm limits changed by the user.
Access
When the user logs in and out of the system.
Note
Used for object notes and user notes.
Alarm
Used for alarm actions, such as acknowledgement and end
alarms.
System
Used for system start and stop (automatic or user-activate
Data
Used for operations concerning data logging and data colle
Shows a further specification of the type above.
Example: For the Access type, you will see Login and Logout.
Station
Shows the name of the station where the action was taken, either by the system or b
User
Shows the name of the user currently logged in.
Area
For object operations only. Shows the name of the area in which the object resides.
Object
For object operations only. Shows the name of the manipulated object.
Field
Description
For object operations only. Shows the atom which was manipulated.
Atom
Value
Shows the value which was sent to the PLC, for example, alarm limits, set points, etc
Shows the entire value string.
For analog objects, the unit will be displayed as shown in the picture above.
For digital objects, the command name will be shown (whereas the Value field shows
number).
String
Note
Shows an explanation of the system or user action.
Examples are: Command sent, high alarm changed, set point changed, object note a
logged in, user note.
Field
Description
Shows further details about the user action.
Examples are: Automatic user logout, We need to maintain this motor (object note),
ice technician. We need to fix the pump now (user note).
Comments
Approved by
This field is used with the Confirm 2 Users safe command only.
It shows the name of the user approving that the safe command will be sent.
3.3 The Home ribbon
The Home ribbon includes all the functions needed for using the Audit Trail in the daily plant
operation.
The table below explains the individual functions and is divided into the function groups shown
at the bottom of the ribbon.
Group name
Note
Field
Add Note
Description
Allows you to add an operator note. The
note will not be tied to any specific object in
the configuration, but is a general operator
note.
You must be logged in to have access
to this function. The button is not
active, if you are not logged in.
Contents
Refresh
Performs a manual update of the Action list
based on the current filter settings.
Freeze
While this check box is selected, the automatic update of the Action list is disabled.
Group name
Period
Field
View period
Description
Select the type of period you want to show.
Choosing one of the first three options will
open the relevant time options in the View
tab.
Choosing any of the other options will grey
out all time options, as these are predefined periods.
Show UTC
Shows all time stamps in the universal time
format, UTC. This is the raw time format
used in the IGSS databases.
Start date
Click the drop-down arrow to browse
through the calendar to find the date. Or
type the date in the format DD-MM-YYYY.
Start time
Type the time in the format HH:MM:SS. Or
use the up/down arrows to change the
time.
Span
Enter the time span for the data period.
Time span can be combined with either
start time or end time.
End date
Click the drop-down arrow to browse
through the calendar to find the date. Or
type the date in the format DD-MM-YYYY.
End time
Type the time in the format HH:MM:SS. Or
use the up/down arrows to change the
time.
Group name
Filter
Field
Description
Type
Select the action types you want to view in
the Action list.
Area
Filter the list by area. The drop-down list
shows the areas of the current configuration.
Object
Filter the Action list by object. Type the
name of the object directly in the list or
click the three dots (...) beside the field to
choose a specific object in the configuration.
To filter by multiple
objects, you can filter
the list using wildcards.
For example, writing q*
will list all objects starting with the character q.
Station name
Filter the Action list by IGSS station.
Choose the relevant station in the list.
User name
Filter the Action list by user. Choose the relevant user in the list. Users are defined in
the User Administration module.
Approved by
Filter the list by approving user. An approving user is a user that has approved sending of a safe command.
Views
Save As View
If you want to save a specific filter setup,
click this button. You will then be asked to
name the filter.
Click the drop-down arrow to reveal this
menu.
Update Selected View will update the current view with the current filter settings.
Delete Selected View will remove the
filter.
Make Default will make this view the
default view.
Saved Views
This list shows the saved views. Choose the
relevant view.
3.4 Choosing the view period
To get you up-and-running with the Audit Trail as fast as possible, we have developed a series
of examples based on the IGSS Demo Configuration.
If you start with this topic, you can move through the examples step-by-step as if you were
operating a real plant.
Precondition: The Audit Trail module must have been set up for saving data in the
IGSS SQL Server, before you can perform this procedure.
1. If the IGSS Demo Configuration is not activated, open the System Configuration
module.
2. In the File menu, select Open Demo Configuration and then select File and
Save and Exit.
3. In the IGSS Start menu, activate the IGSS Starter module. The IGSS Demo Configuration will now be automatically started.
4. In the File menu of Supervise, choose Login.
5. Log in as the administrator user: User name = admin and Password = admin.
6. Let's do some user actions to get some information into the Audit Trail.
Click the Customer Cases button, then click the District Heating graphic.
7. Click the motor symbol in the upper left corner of the mimic diagram.
8. In the command menu, select the first command named Auto.
9. Repeat step 6, only this time sending the command Manual .
10. Repeat for the commands, Manual close and Manual open. The Audit Trail should
now look like this.
11. Now stop the system from the IGSS Starter.
12. Start it again by hitting the Start button.
13. Let's change the view period. In the Period drop-down list, choose 2 hours back.
14. Now we have the right view period and some actions in the Action list. Let's continue
with "Filtering the Audit Trail" on page 25.
3.5 Filtering the Audit Trail
We are now ready to filter the Action list.
1. In the Home ribbon under Filter, do the following:
l
Under Type, select System.
We are now seeing the system stop and start actions.
2. Change the Type filter back to (All).
3. Under User name, select the admin user.
The Action list should now look like this.
4. As the next step we want to learn how we're "Saving and applying views" on page 26
3.6 Saving and applying views
A View in the Audit Trail is a saved filter. You can save as many views as you need.
1. Our current filter shows all actions taken by the admin user. Let's save it as a view.
2. Click the Save as View button.
3. Type the view name Admin user (All) and click OK.
4. The next step is learning how we're "Adding a user note" on page 26
3.7 Adding a user note
A user note is a general note to the other users of the system. A user note is not tied to any specific object.
The user must be logged into the system in order to create a user note.
1. Click the Add Note icon.
2. Enter this text in the note field:
Call the service technicians. We need to maintain those pumps now.
3. Click OK. The user note now appears in the Action list. Notice that the note text
itself is shown in the Comments field.
4. The next step is optional, but useful if you are using the IGSS Dashboard module.
You will learn how to "Presenting Audit Trail information in the IGSS Dashboard" on
page 27
3.8 Presenting Audit Trail information in the IGSS Dashboard
If you want to show Audit Trail information in your dashboard(s), you can insert an Audit Trail
widget.
1. In the IGSS Start menu, click the Dashboard icon. The default dashboard named
Pump Station appears. We will add the Audit Trail widget to this dashboard.
2. Click the Application button in the upper left corner of the window.
3. Select Configuration Mode.
4. On the Configuration tab under Insert Widget, click the Audit Trail icon.
5. Resize the widget and put it at the center of the screen. Notice that you can add user
notes and activate views just the same, as if you were in the Audit Trail module.
6. On the Audit Trail tab under Columns Visible When Minimized, select the
Area, Object and Atom check boxes.
Remember to explain to the end user that by clicking the Maximize button of the widget, he will be able view all information
fields. As you can see, all fields are enabled under Columns Visible When Maximized.
You have successfully completed the series
of Audit Trail examples.
Chapter 4: Reference and Lookup
4.1 Conventions in this Manual
The following typographical conventions are used:
Convention
Description
User interface element
When referring to labels and names
in the user interface.
User input
When the user has to type specific
data in IGSS.
Example
The Data Management tab.
Type the following description:
Incoming flow in Tank 2
Module
name
When referring to a module in IGSS
Note
A note emphasizes or supplements
important points of the main text. A
note provides information that may
apply only in special cases.
Tip
A tip suggests alternative methods
that may not be obvious in the user
interface. A tip also helps the user in
working more effectively with IGSS.
A tip is not essential to the basic
understanding of the text.
Alternative to this simple find
function, you can also filter on
text in the messages in Driver
Log Filters dialog box.
Warning
A warning is an important note that is
essential for the completion of a
task. In some cases, disregarding a
warning may result in undesirable
functionality or loss of data.
If you disregard the System
alarm, you may risk loss of
data in the LOG and BCL files.
Open the Definition module.
By default, the timestamp is in universal time
format, UTC1. This can be changed in the
Driver Log Filters dialog box.
1 Universal Time Coordinated (formerly Greenwich Mean Time), used as the basis for calculating
time in most parts of the world. IGSS uses this time format internally in the database. You can
switch between UTC and local time by enabling or disabling the "UTC" field in various dialog
boxes in the system.
4.2 Getting Help in IGSS
IGSS comes with a comprehensive help system designed to help both system designers and
operators to get started with IGSS as quickly as possible.
Documentation overview
The IGSS documentation includes the following items:
Documentation item
Description
Getting Started
An introduction to IGSS and its most fundamental terms and
features. Getting Started is intended to get you up and running
as fast as possible. The manual provides a system and architecture overview followed by a number of real-life use cases
you can go through before building your first real IGSS project.
The manual is available in Adobe Acrobat format (.pdf).
Module help
For each module there is a help file with the same name as the
module itself, for example, Igss.chm for the Master module,
Igss.exe.
The help file is invoked by clicking the in the upper right corner
of the module. The Table of Contents will then allow you to
browse through the topics.
For each dialog box there is a help topic with the following
standard information:
Dialog box help
l
Overview
l
Preconditions
l
Where do I find it?
l
Field help
Dialog box help is invoked by clicking the help button in the
upper right hand corner of the dialog box.
Thematic help
IGSS also provides thematic help. When there is a special
theme that requires special attention from the user, a dedicated help file is provided. Examples include "Driver-Specific
Help" and "Database Administration Help".
Where are the help files located?
The IGSS help files are located in the appropriate language folder under the [IGSS InstallPath].
The help files are available in English at release time.
The paths to the help files are:
Language
Path
English
[IGSS InstallPath]\ENG
Danish
[IGSS InstallPath]\DAN
German
[IGSS InstallPath]\DEU
Translated help files
Selected help files have been translated into Danish and German. If you require help files in
your language, please contact 7T.
Help updates
The IGSS help files are continuously updated and improved. Check regularly with the IGSS
Update module in the IGSS Start menu.
4.3 Version Information (IGSS Help System)
© 7-Technologies A/S, IGSS Version 9.0
The IGSS help files are based on software build number 10305 (initial release)
English help files
To update the help files, you must activate the IGSS Update module in the IGSS Start menu.
There must be a connection from the PC to the Internet. Every time IGSS Update is run, IGSS
help files as well as IGSS system files will automatically be updated on the PC from the 7-Technologies web server.
You select the languages you want to update in the Tools menu of the IGSS Update module.
If you are not able to update the IGSS system directly via the Internet, the alternative is to
download the updates from the 7-Technologies website as zip files. These can then be transferred onto a CD or USB memory stick, which is then the medium used to update on site.
After running IGSS Update, the build numbers in various IGSS modules may change to a
higher number. This signifies that the module in question has been updated with newer
files. Build numbers consist of four digits, where the first digit represents the year and the
last three represent the day number in the year in question. The build number can be
seen in the About dialog box which can be activated from the Help menu.
An example:
Build number = 10305
10 = the year 2010
210 = The 210th day of the year
Chapter 5: Glossary
A
Application menu
The Application menu is the first ribbon in the IGSS Master module. Click the icon to
drop down the menu. The menu contains items that were typically found in the File
menu in previous versions of IGSS. In most modules, an "Options" item allows the
user to define global module settings. The Application menu was introduced in the
Microsoft Office 2010 package. It replaces the Application button (nicknamed Doughnut) which was introduced in IGSS V7 and V8.
D
descriptor
A descriptor is the graphical display of an object. IGSS includes many types of descriptors including: - Built-in standard symbols - Animated symbols (Symbol Factory
library) - Graphics and animation - Drawing symbols - Windows controls - ActiveX controls An IGSS object can be represented with different descriptors on different diagrams.
Q
Quick Access Bar
You can customize the Quick Access Bar to include the functions you use most
frequently. Simply drag the relevant function from the ribbon to the Quick Access Bar.
R
Ribbon
The Ribbon is a new term/element in the Microsoft universe. The Ribbon replaces the
well-known toolbars in applications. The Ribbon provides quick access to the most
commonly used functions in the application. The Ribbon is divided into logical groups
(the tabs) and each tab is divided into sections (the blocks in the tab). The Ribbon is
context-sensitive which means that only relevant functions are accessible dependent
on the current user action.
S
SCADA
Supervisory Control & Data Acquisition
U
UTC
Universal Time Coordinated (formerly Greenwich Mean Time), used as the basis for
calculating time in most parts of the world. IGSS uses this time format internally in
the database. You can switch between UTC and local time by enabling or disabling the
"UTC" field in various dialog boxes in the system.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising