Audit trail - Arc protection - Motor protection - Feeder protection - Back-up protection - Technical Manual - REX610 Protection and control - 1.2 - IEC - ANSI - 01.07.2024

REX610 Technical Manual

The protection relay offers a large set of event-logging functions. Critical system and protection relay security-related events are logged to a separate nonvolatile audit trail for the administrator.

Audit trail is a chronological record of system activities that allows the reconstruction and examination of the sequence of system and security-related events and changes in the protection relay. Both audit trail events and process related events can be examined and analyzed in a consistent method with the help of Event List in LHMI and Event Viewer in PCM600.

The protection relay stores 2048 audit trail events to the nonvolatile audit trail. Additionally, 1024 process events are stored in a nonvolatile event list. Both the audit trail and event list work according to the FIFO principle. Nonvolatile memory is based on a memory type which does not need battery backup nor regular component change to maintain the memory storage.

Audit trail events related to user authorization (login, logout) are defined according to the selected set of requirements from IEEE 1686. The logging is based on predefined user names or user categories. The user audit trail events are accessible from Event Viewer in PCM600.

Table 1. Audit trail events
Event ID Audit trail event Description
1110 Login Successful login from LHMI and PCM600
1210 Logout Successful logout from LHMI, PCM600 or IEC 61850
1130 Login failure Login failed for using the wrong user credentials
13200 Configuration transfer Configuration transferred successfully to the device
1380 Parameter change Parameter changed successfully
1440 Update Canceled Update canceled
1442 IED configuration update failed IED configuration update failed
1460 Parameter change fail Parameter change failed
1510 Software update initiated successfully Software update initiation is successful
1520 Software updated successfully Software update is successful
1540 Language Updated Successfully Language update is successful
1610 IED software update failed IED software update failed
1620 Language Update Failed Language update failed
2210 Password change User password changed successfully
2220 Password change fail User password change failed
5120 Reset trips Latched trips reset
5270 System startup Software reset
6110 Test on Test mode started
6120 Test off Test mode ended
6130 Control operation Control operation performed successfully

PCM600 Event Viewer can be used to view the audit trail events and process related events. Audit trail events are visible through dedicated Security events view. Since only the administrator has the right to read audit trail, authorization must be used in PCM600. The audit trail cannot be reset, but PCM600 Event Viewer can filter data.