The protection relay offers a large set of event-logging functions. Critical system and protection relay security-related events are logged to a separate nonvolatile audit trail for the administrator.
Audit trail is a chronological record of system activities that allows the reconstruction and examination of the sequence of system and security-related events and changes in the protection relay. Both audit trail events and process related events can be examined and analyzed in a consistent method with the help of Event List in LHMI and Event Viewer in PCM600.
The protection relay stores 2048 audit trail events to the nonvolatile audit trail. Additionally, 1024 process events are stored in a nonvolatile event list. Both the audit trail and event list work according to the FIFO principle. Nonvolatile memory is based on a memory type which does not need battery backup nor regular component change to maintain the memory storage.
Audit trail events related to user authorization (login, logout) are defined according to the selected set of requirements from IEEE 1686. The logging is based on predefined user names or user categories. The user audit trail events are accessible from Event Viewer in PCM600.
Event ID | Audit trail event | Description |
---|---|---|
1110 | Login | Successful login from LHMI and PCM600 |
1210 | Logout | Successful logout from LHMI, PCM600 or IEC 61850 |
1130 | Login failure | Login failed for using the wrong user credentials |
13200 | Configuration transfer | Configuration transferred successfully to the device |
1380 | Parameter change | Parameter changed successfully |
1440 | Update Canceled | Update canceled |
1442 | IED configuration update failed | IED configuration update failed |
1460 | Parameter change fail | Parameter change failed |
1510 | Software update initiated successfully | Software update initiation is successful |
1520 | Software updated successfully | Software update is successful |
1540 | Language Updated Successfully | Language update is successful |
1610 | IED software update failed | IED software update failed |
1620 | Language Update Failed | Language update failed |
2210 | Password change | User password changed successfully |
2220 | Password change fail | User password change failed |
5120 | Reset trips | Latched trips reset |
5270 | System startup | Software reset |
6110 | Test on | Test mode started |
6120 | Test off | Test mode ended |
6130 | Control operation | Control operation performed successfully |
PCM600 Event Viewer can be used to view the audit trail events and process related events. Audit trail events are visible through dedicated Security events view. Since only the administrator has the right to read audit trail, authorization must be used in PCM600. The audit trail cannot be reset, but PCM600 Event Viewer can filter data.