Logging Failures to Write Audit Messages
To comply with certain regulatory or security frameworks, you may need to track whenever an audit event that should have happened fails. This improvement can assist ThingWorx Customers in complying with the U.S. Department of Defense Cyber Maturity Model Certification (CMMC) requirement AU.3.046: Alert in the event of an audit logging process failure. The following section explains how to use some of the tools provided in ThingWorx to implement this capability, which is disabled by default.
This feature is available only for users logged in as Administrator of the related ThingWorx Platform.
Implementing the Logging of Audit Message Failures
When configured to do so, the Audit Subsystem can trigger an alert for any issue that should be, but fails to be recorded as an Audit entry. Here are the ThingWorx tools needed to implement this feature, listed in the order in which you should use them:
Audit Failure Tools
For More Information
Audit Subsystem Configuration page
Use the Configuration page of the Audit Subsystem to enable the subsystem, specify the implementation to use, and enable the logging of failures to write audit messages.
The descriptions of the rest of these tools assume that you have enabled the Audit Subsystem and logging of failed audit messages.
For information about the implementations of the Audit Subsystem, refer to Enabling the Audit Subsystem
To configure the Audit Subsystem, refer to Configuration of Audit Subsystem
AuditFailure Thing and property
This system entity is created when the ThingWorx Platform starts. This Thing has a property, AuditFailureData of base type infotable, that will contain information about the failure to write an audit entry.
For an explanation of infotables, refer to Infotables
Services of the AuditFailure Thing
You need to run the EnableThing() service and then the RestartThing() service on the AuditFailure Thing for this feature to work.
For information about services for Things, refer to Thing Services
Thing Subscriptions
For each Thing on which the Audit Subsystem writes audit entries, you need to create a subscription that has a DataChange event on the AuditFailureData property of the AuditFailure Thing. You can write the subscription code such that event information such as eventData is used to meet your organizations' requirements.
For an explanation of Data Change, refer to
For information about events, refer to Thing Events
For information about subscriptions, refer to Thing Subscriptions
To avoid performance issues due to many failures to write audit entries, configure a scheduler in ThingWorx Composer to archive and prune the AuditFailureData property.
For information about schedulers, refer to Schedulers
Use this feature of ThingWorx Composer to configure notifications about audit entry failure events, via email or SMS
For information about notifications, refer to Notifications
For information about configuring notifications, refer to Adding Notifications
The AuditFailure Thing is disabled after every update or upgrade of the ThingWorx Platform. You must run the EnableThing() service and then the RestartThing() service on the AuditFailure Thing for this feature to work.
Was this helpful?