The protection relay stores 2048 audit trail events to the nonvolatile audit trail.
Additionally, 1024 process events are stored in a nonvolatile event list. Both the audit
trail and event list work according to the FIFO principle. Nonvolatile memory is based
on a memory type which does not need battery backup nor regular component change
to maintain the memory storage.
Audit trail events related to user authorization (login, logout, violation remote and
violation local) are defined according to the selected set of requirements from IEEE
1686. The logging is based on predefined user names or user categories. The user audit
trail events are accessible with IEC 61850-8-1, PCM600, LHMI and WHMI.
Table 7: Audit trail events
Audit trail event Description
Configuration change Configuration files changed
Firmware change Firmware changed
Firmware change fail Firmware change failed
Attached to retrofit test case Unit has been attached to retrofit case
Removed from retrofit test case Removed from retrofit test case
Setting group remote User changed setting group remotely
Setting group local User changed setting group locally
Control remote DPC object control remote
Control local DPC object control local
Test on Test mode on
Test off Test mode off
Reset trips Reset latched trips (TRPPTRC*)
Setting commit Settings have been changed
Time change Time changed directly by the user. Note that this is not used
when the protection relay is synchronised properly by the
appropriate protocol (SNTP, IRIG-B, IEEE 1588 v2).
View audit log
Administrator accessed audit trail
Login Successful login from IEC 61850-8-1 (MMS), WHMI, FTP or
LHMI.
Logout Successful logout from IEC 61850-8-1 (MMS), WHMI, FTP or
LHMI.
Password change Password changed
Firmware reset Reset issued by user or tool
Audit overflow Too many audit events in the time period
Violation remote Unsuccessful login attempt from IEC 61850-8-1 (MMS),
WHMI, FTP or LHMI.
Violation local Unsuccessful login attempt from IEC 61850-8-1 (MMS),
WHMI, FTP or LHMI.
PCM600 Event Viewer can be used to view the audit trail events and process related
events. Audit trail events are visible through dedicated Security events view. Since
only the administrator has the right to read audit trail, authorization must be used in
1MRS756378 S Section 2
REF615 overview
REF615 29
Application Manual
To Next Page
Loading...
