Posts Tagged ‘OSIsoft PI Audit Trail’

How to access a PI Audit log file?

The PI application allows you to turn on audit trails of specific PI server subsystems.

These audit trails could be a requirement of certain industries, but I’d recommend that all PI systems enable these audit trails so you have something to reference back to if you have questions. Disk space is cheap these days and this information can be valuable when someone is asking questions about the integrity of the PI system.

I thought that it would be worthwhile to demonstrate how to get an audit trail log file dump out of the OSIsoft PI application, since it isn’t intuitive and I couldn’t find a complete working example.

You enable one or more bits in the database to turn on/off audit trails.

Database Subsystem Bit Value to Enable
Hex Decimal
Point Database PIBasess 0 1h 1
Digital State PIBasess 1 2h 2
User Database PIBasess 5 20h 32
Group Database PIBasess 6 40h 64
Trust Database PIBasess 7 80h 128
Snapshot PISnapss 28 10000000h 268435456
Archive PIArchss 29 20000000h 536870912
All Databases 0-31 FFFFFFFFh -1

You can enable them using the PICONFIG utility.

(Ls – ) PIconfig> @table pi_gen,pitimeout
* (Ls – PI_GEN) PIconfig> @mode create,t
* (Cr – PI_GEN) PIconfig> @istr name,value
* (Cr – PI_GEN) PIconfig> EnableAudit,-1
*> EnableAudit,-1
* (Cr – PI_GEN) PIconfig>

Because these files are locked when the PI server is running, you need to declare a start and end of backup to copy the file before you can access it. The following sequence will safely grap a copy of the archive subsystem audit trail and dump a specific time range:

cd pi\adm
piartool -systembackup start -subsystem piarchss
copy d:\pi\log\piarchssaudit.dat d:\pi\adm\archaudit_Copy.dat
piartool -systembackup end -subsystem piarchss
pidiag -xa d:\pi\adm\archaudit_Copy.dat -st “1-apr-2010” -et “2-apr-2010” >> ArchAudit.log

Below is a sample of the output:





Get every new post delivered to your Inbox.

Join 223 other followers