Audit Logging

The Audit Logging utility allows you to track jobs and system level changes and enable traceability and accountability for modifications made to the vision system.

Note: Audit Logging follows the Syslog RFC 5424 standard.

The following actions in In-Sight Vision Suite trigger audit logging events:

Changes in the Spreadsheet Editor System changes Changing complex tools Changing utilities

  • Cell expression

  • Enabling or disabling cell state

  • Symbolic Tag

  • Value change

  • Commenting

  • From the Sensor Menu:

    • Results Queue

    • Job Status

    • Custom View

    • Discrete IO

  • Online or Offline status change

  • Saving or loading a job

  • 3D Acquisition settings change

  • EditCompositeRegion

  • EditFloat

  • EditInt

  • EditMaskedRegion

  • EditMultiGraphics

  • EditPolygon

  • EditPolylinePath

  • EditRegion

  • EditString

  • OCRMax

  • ReadIDMax

  • Script

  • TrainExtractColor

  • TrainPatMaxRedLine

  • ViDiELClassify

  • ViDiELClassify3D

  • ViDiELRead

  • ViDiELSegment

  • ViDiELSegment3D

  • Connecting to Spreadsheet and EasyBuilder

  • Opening the HMI

  • Audit Logging

  • Backup or Restore

  • Communications settings:

    • Network Settings

    • Host name

    • Serial Configuration

  • Restart or Factory Reset

  • Startup Settings
Note: Audit logging is enabled by default. To download the audit log or enable forwarding, you must have Full user access level privileges. For more information, see User Settings.

Configure Audit Logging in In-Sight Vision Suite

To use audit logging, perform the following procedure:

  1. Launch In-Sight Vision Suite if it is not already running.

  2. Left-click the device you want to configure on the In-Sight® Device Pane on the left. The list of Utilities applicable to the selected vision system then appears at the bottom of the window.

  3. Click Audit Logging.

    The Audit Logging window appears.

  4. Retrieve the audit log by doing one of the following:

    1. Download the audit log by clicking Download Log.

    2. Click Enable Syslog Forwarding to enable sending the audit log to a remote server.

      After setting up the IP address and the port number, open the TCP Framing dropdown and select the TCP framing option to use:

      • Octet-Counted (default): each message is prefixed with its length in bytes, followed by the message. Preferred for Linux-based syslog servers.

      • Traditional: messages are delimited by a newline character (\n). Preferred for Windows-based syslog servers.

      Note: In-Sight Vision Suite uses syslog forwarding protocol to store audit log records. You need to set up a syslog server for collecting audit records.

  5. Click OK.

To receive audit messages from your In-Sight vision system in a Windows application, perform the following procedure:

  1. Download and install a Windows-based syslog server, such as Syslog Watcher.

  2. Start the Syslog Watcher application with Windows administrator privileges.

  3. Open the Syslog Watcher Manager, and go to Configure > Network Interfaces > Add TLS Interface.

  4. A new TLS interface appears in the list of network interfaces. Set the Syslog port for the TLS interface to the same port that you configured for audit log forwarding on your In-Sight vision system.

  5. Open the TLS Options dropdown, and set Minimum Protocol Version to TLS 1.2.

  6. Click Apply.

  7. A pop-up dialog appears stating that a TLS certificate is required, and provides the option to generate a self-signed certificate. Click Yes to open the dialog for generating the certificate.

  8. Enter the name of your computer in the Common Name (CN) field, and click Generate.

  9. Click Start Server on the main screen.

  10. Verify that you can now see incoming messages in the View: Latest tab when you perform logged actions on your In-Sight vision system.

Note: The following example uses Fluentd, but you can use any syslog collector that supports TCP with TLS certificate and uses octet-counting for TCP framing.

  1. Download and install Fluentd for Windows.

  2. Open the Audit Logging utility in the In-Sight Vision Suite. Perform the following:

    1. Check the Enable Forwarding checkbox.

    2. Set the IP address to the IP address of the host computer.

    3. Select a Port Number.

  3. Create the following files on the host computer according to the Fluentd instructions:

    • fluentd.conf

    • fluentd.key

    • fluentd.crt

  4. Include the following settings in the fluentd.conf file and modify the port number and pathways to the location where you placed these files on your computer:

    Copy 
    <source>
     @type syslog
     port XXXX
     tag system
     frame_type octet_count
     <transport tls>
      ca_cert_path PATH\TO\YOUR\fluentd.crt
      ca_private_key_path PATH\TO\YOUR\fluentd.key
     </transport>
     <parse>
      @type syslog
      with_priority true
      time_format 1 %Y-%m-%dT%H:%M:%S.%N%:z
      message_format rfc5424
     </parse>
    </source>

    <match system.**>
     @type stdout
    </match>

  5. Select the same port as the Audit Logging utility in In-Sight Vision Suite.

  6. Save the changes.

  7. Open the Fluent Package Command Prompt. Run the following command, replacing the file pathway:

    Copy 
    fluentd -c PATH\TO\YOUR\fluentd.conf

The audit log messages now appear in the Fluent Package Command Prompt. To terminate the connection, press Ctrl+C.

Note: To receive the correct time, you need to set up the time of the In-Sightvision system manually or connect it to an NTP server.