/
SQL Audit Logging

SQL Audit Logging

Owned by Richard Mendoza (Unlicensed)
Last updated: Dec 21, 2023
8 min read

Basic Usage/Config - General

  1. Create a new project

  2. Open the Project Properties

  3. In the “Runtime Options” -> “Audit Log” section, set the “Enable” property to “true”

  4. Create an audit log table on one of the pages

  5. Run the project

  6. In the audit log table, press the “Search” button to see entries. You will not see any entries until you press “Search”.

  7. All user actions will be logged, including project start/stop, button presses, and login/logout.

Basic Usage/Config - External SQL Server

The default “Database Type” of “SQLite” uses a local file on the Xpanel. When this option is chosen, the data cannot be accessed using SQL. Instead, you can view the data in the audit log table, or you can export it to a CSV file using the “Export” button in the audit log table.

 

If you choose any other database type, the data will instead be stored using an external SQL database. This external SQL database must be set up and configured outside of Canvas, and you will need a valid connection between the Xpanel and the SQL server.

 

Make sure that your firewall settings do not prevent access from external devices on the specified SQL port. Each SQL implementation has a different default port.

 

You will need to manually create a database with a specified name on the SQL server. In this document, we use the name “audit_event_database”. For any SQL server, you can create this database by running the SQL command CREATE DATABASE audit_event_database; from a SQL client.

 

A table named “audit_event” will automatically be generated in the specified database once you run the project. Note that in 3.0.1, there is a bug that ignores the user-provided value for this table; it is always called “audit_event”.

 

External SQL audit logging does not work in the online simulator. All audit events in the simulator will be stored in RAM, even if the SQL configuration is invalid, so do not use the simulator to test the SQL connection.

MySQL

  1. Download MySQL Installer from https://dev.mysql.com/downloads/installer/

  2. Run the installer

  3. Choose the “Full” setup type. You only need the server, but MySQL Workbench is a nice client to view your databases from.

  4. Run through the remaining steps, applying the highlighted non-default options.

    Be sure to select the legacy authentication method. If you don’t, you’ll need to later modify either the server or individual users so that they use it.

    Assign and remember the root password.

    Create a new user (we’ll use the username “remote” for this example) and assign and record a password. It is recommended to choose “DB Manager” so that the user has restricted privileges. This can be edited later.
    Note: By default, the root account can only connect from localhost, so it is strongly recommended that you use a separate account.

    We will install the server as a service, so that you do not need to start/stop it manually:

    When you are asked to connect to the server, enter the root password, then press “Check”, then press “Next”:

    There is no need to run the workbench or shell after completion:

  5. We chose to install MySQL Server as a service, so it should be running in the background now. You can check or change its running status from the Windows Services tab (Ctrl + Alt + Delete -> Task Manager):

  6. Open MySQL Workbench from the Start Menu

  7. Connect to the local server instance by clicking on it

  8. In the “Navigator” pane, go to the “Schemas” tab. This will show all databases and tables on the server.

  9. Choose a name for your database. For this example, we will use “audit_event_database” Run the command CREATE DATABASE audit_event_database;. To do this, enter the command in the “Query 1” text area, then press the lightning button to execute it.

  10. If the query was successful, you should see a success message in the “Output” area below.

    If you refresh the “Schemas” tab, you will see the new database.

  11. In your Canvas project, open the Project Properties and edit the Audit Log options as shown:

  12. Save your changes and run the project (HMI). A table named “audit_event_table” should be automatically generated within the “audit_event_database” database once you perform an action

 

If you are using a server with the new password encryption method, it is still possible to connect. You can modify a user to use the legacy password encryption by running the following command in MySQL Workbench:

ALTER USER 'username'@'%' IDENTIFIED WITH mysql_native_password BY 'password';

Replace “username” and “password” with your remote account credentials.

 

You may need to run the command FLUSH PRIVILEGES; to apply the change.

You can also change the default password encryption method for an existing server by editing its config file. By default, this is located at “C:\ProgramData\MySQL\MySQL Server 8.0\my.ini”.

Add or edit the following line (You may already have this at line 109):

authentication_policy=mysql_native_password,,

Then restart the server. Any existing users may still need to be altered.

MariaDB

  1. Download the MariaDB server installer from https://mariadb.com/downloads/ , making sure to choose the correct OS

  2. Run the installer. Follow each step and apply the non-defaults shown below.

    Choose a new password and enable access from remote machines for ‘root’ user.
    Note: in a production environment, it is probably better to create a separate account with limited privileges for remote access. However, the root account can be used for testing and development.

  3. After installation is finished, you can connect to the server using the HeidiSQL client

  4. Press “New” to create a new connection. Enter your root password from above, then press “Open”

  5. In the tree view on the left, right-click the open space, then choose “Create new” -> “Database”

  6. Enter a name for the database, then press OK

  7. In Canvas, open the Project Properties window, then go to the “Runtime Options” -> “Audit Log” settings. Use these credentials and the database name you created while installing MariaDB. The settings should look like this:

  8. Save and run the project. Once an event has been generated, you can see the “audit_event” table inside of your database.

 

If you do not wish to use the root user, HeidiSQL provides a GUI for editing users. Go to “Tools” -> “User Manager”:

PostgreSQL

  1. Installation

    1. Go to EDB: Open-Source, Enterprise Postgres Database Management and select the download link for your operating system.

    2. Run the downloaded “.exe” file. (postgresql-version-OS version.exe)

    3. Continue the download process. Install pgAdmin, which is bundled with the installer.

    4. Set an administrator password and port number during the installation.

    5. Proceed until the end of the installation.

  2. Registering a server / database

    1. Launch PgAdmin.

    2. Right-click on the [Servers] and select [Register] - [Server].

    3. Enter the name of the server.

    4. Go to the [Connection] tab and enter the [Host name/address] and other connection properties. Set other parameters if necessary.

    5. Press [Save].

    6. Right-click on the server that was registered. Select [Create] - [Database…].

    7. Enter the database name. Set the other configurations if necessary.

    8. Select and expand [database] - [Schemas] - [Public] and right-click on [Tables]. Click [Create] - [Table…].

    9. Enter the table name in the [General] tab. Set other configurations if necessary. Press [Save] to finish configuring the table.

  3. Add your HMI to pg_hba.conf file as a host

    1. Check your HMI’s IP address and Subnet Mask. Go to [Control Center] - [Settings] - [Network Settings].

    2. Open the “pg_hba.conf” file. It’s located in the [PostgreSQL installation path] - [Data] folder.

    3. Add your host’s IP address to the configuration file. Refer to the official manual (Link: 20.1. The pg_hba.conf File ) for details.
      After adding new host IP to the configuration file, it will look similar to this.

 

 

Related content

SQL Audit Logging
SQL Audit Logging
CIMON-Canvas v3.1.0
More like this
Audit Logs
Audit Logs
CIMON-Canvas v3.1.0
More like this
Audit Logs
Audit Logs
CIMON-Canvas v3.0.1
More like this
Audit Log Information
Audit Log Information
CIMON-Canvas v3.0.1
More like this
Audit Log Information
Audit Log Information
CIMON-Canvas v3.1.0
More like this
6.5 User Event Logging
6.5 User Event Logging
UltimateAccess Web 1.0
More like this