Track system access attempts

Whenever a user attempts to access a secured resource,
FactoryTalk Security
 can generate audit messages if the user was denied or granted access. The most common type of auditing activity is keeping records of failures. This helps trace failures and isolate and correct their causes.
In some industries, it may be common or required by law to audit certain types of successful user activity. For example, when making pharmaceutical drugs, any changes or adjustments in recipes must be recorded so that any problems that might occur later can be traced to a specific batch of the product. Auditing security access successes can consume large amounts of system resources. This policy should only be enabled when necessary, for example, while testing the system, or if required in industries that must comply with governmental regulations.
Audit information is sent to
FactoryTalk Diagnostics
. Use the
FactoryTalk Diagnostics
 Viewer to monitor security-related events.
To track system access attempts
  1. In
    FactoryTalk Administration Console
    Explorer
    , expand
    System
     >
    Policies
     >
    System Policies
    .
  2. Right-click
    Audit Policy
    and select
    Properties
    .
  3. In
    Audit Policy Properties
    , choose the items to audit:
    • To generate an audit message when a user attempts an action and is denied access, select
      Audit security access failures
      , and select
      Enabled
      .
    • To generate an audit message when a user attempts an action and is granted access, select
      Audit security access successes
      , and select
      Enabled
      .
  4. Select
    OK
    .
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal