This section describes how to configure connections to OPC UA Servers and selection of OPC UA variables to be accessible from Grafana and/or to log into the database.
To access cocnfiguration web GUI, open web browser, and navigate to the address http://localhost:4880
Here and further below
localhost is host name or IP address of the machine where ogamma Visual Logger is running.
Web GUI of the ogamma Visual Logger is optimized and tested for screen resolution 1920x1080 in full size mode, in Google Chrome and Microsoft Edge. GUI layout might be disrupted in other combinations of browse and screen resolution. If this becomes blocking issue for you, please report it at https://github.com/onewayautomation/ogamma-logger/issues.
Connections to OPC UA Servers.¶
To add new connection, in the left side panel, click on
In the opened dialog window edit connection details as required and click
Timeout is connection timeout in milliseconds. Checkbox
Active allows to turn on and off logging of variable values for this server to the database.
tag can be used for automatic generation of Topic Name for Confluent / Apache Kafka or MQTT or measurement for InfluxDB.
OPC UA Servers should be accessible from the host (or Docker container) where ogamma Visual Logger is running. In case when it runs in Docker container, you might need to add option
extra_hosts in file
docker-compose.yml to resolve host name of the OPC UA Server to IP address.
Default value in the
Endpoint URL field (
opc.tcp://opcuaserver.com:48010) points to the Demo OPC UA Server, which runs in the host avaiable from the Internet. It might be protected by firewall and allow connections only from IP addresses included into whilelist. If you cannot connect to it, please contact Support with IP address of your client (not local address like 192.168.x.x.m but the address how it is seen from the Internet, which you can determine by using sites like https://ipstack.com/)
To connect to the OPC-PLC UA Server installed and running in the docker container (Endpoint URL
opc.tcp://opcplc:50000/), please turn on check-box
Secure mode, because it is configured to allow only secured connections.
Currently web page is refreshed in order to refresh the
Address Space tree after adding/editing/deleting of an entry for OPC UA Server connection.
Connecting in secured mode and certificates.¶
In order to connect to the OPC UA Server in secured mode, change value of the field
Security mode in server settings accordingly.
For successful connection in secured mode both client and server sides should be configured to trust to each other’s application instance certificate.
Configure OPC UA servers to trust ogamma Visual Logger for OPC instance certificate.¶
By default ogamma Visual Logger for OPC generates a root CA certificate and then generates OPC UA application instance certificate signed by that CA certificate. Location of these 2 certificates by default is in the folder
./data/[InstanceId]/PKI/own/certs (relative to the working directory).
ca-cert.der- root CA Certificate.
public_Basic256Sha256.der- client application instance certificate.
In order for the server to accept the certificate of the ogamma Visual Logger for OPC, depending on the server, different actions might be required:
- Configure the server to trust the root CA certificate. The application instance certificate will be trusted as a result too in this case. To establish such trust, usually root CA Certificate needs to be stored in the trusted certificates list in the server side. Additionally the CA CRL (Certificate Revocation list) should be copied into the location expected by the server. CA CRL is located in file
- Alternatively, configure the server to trust the application instance certificate. Usually, application instance certificate should be stored in the trust list in server side. And additionally, CA certificate needs to be stored in the issuers certificates list too. If there is no separate location to store issuers certificates, then storing CA certificate in the trusted certificates list might be OK.
Certificate files can be downloaded via GUI, menu
Configuring OVL to trust to server instance certificates.¶
To configurure trust to the server certificate by ogamma Visual Logger for OPC, the easiest way is try to browse its address space by expanding server node in the Address Space panel. If the server certificate is not trusted, dialog window with certificate validation error will pop up, which also displays sevrer certificate fields. You can verify certificate fields establicj trust by clicking on the
Note that if the server sent chain of certificates, then the first displayed certificate will be application instance certificate, and then it will have a child node with its CA certificate. You can select a certificate using the select box located in the bottom left corner of the dialog window, and click on the
Trust button. Note that if CA certificate is selected as trusted, then all certificates issued by that certificate will be trusted. If the chain has multiple CA certificates, then ones which are not selected will be added into the issuers list.
The list of trusted and issuer certificates as well as rejected server certificates can be viewed in
Certificates Management dialog window (opened via the
Settings menu). Here you can also upload certificates, downlod them, view their content, and delete them. It is also possible to upload certificate revocation lists, as well download or delete them.
If server certificate is not validated, it will be saved in the Rejected Certificates list. From this list, you can open the certificate to review it (by clicking on the
View Certificate icon located in the right side of the line), and setup the trust from that window.
If server certificate validation anyway fails, you can fine-tune validation rules by modifying advanced options as shown in the picture below. For example, if the server certificate is signed by a CA certificate, for which you don’t have CRL, you can suppres error about missing CRL by turning on checkbox
Connections from Docker container.¶
In case when ogamma Visual Logger for OPC is running within docker container, it is important to make sure that the machine, where the OPC UA Server is running, can be reached from the container.
For that, use either one of the following below approaches:
- In the
OPC UA Server node settingsdialog window, field
Endpoint URL, use IP address of the machine where the OPC UA Server is running, instead of host name.
- Or, in order to keep using host name in the Endpoint URL field, configure the ogamma-logger container to resolve it to the IP address, by adding following below lines (replace host name and IP address according to your setup):
extra_hosts: - 'opcuaserver.com:18.104.22.168'
Connecting to OPC UA Servers running in Docker container, accessed over VPN or NAT or using port forwarding.¶
Often OPC UA Servers might be running behind firewall with port forwarding, or in a Docker container, or accessed over VPN or NAT. In all these cases it is possible that the server can be accessed over IP address or host name, which do not match with host name or IP address returned in the endpoint URLs in FindServers or GetEndpoints responses.
ogamma Visual Logger for OPC can handle most such cases, substituting host name or IP address returned by the server to the one defined in the original endpoint. But this can cause additional delays because it will first attempt to resolve the host name returned by the server. And in case if the server returns endpoint URL with different port number than it can be accessed using (for example in case of port number mapping in Docker containers), it becomes more complicated. To resolve such cases, in version 2.0.0 new connection settings are added accessible by clicking on the button
Edit Advanced Options in the server node settings dialog. In the
urlMap field you can enter arrays of pairs which are used to map endpoint URL returned by the server to desired substitute. For example, to connect to the demo OPC PLC server running in Docker container with service name (as well host name)
opcplc, with endpoint URL
opc.tcp://opcplc:50000/ (note the trailing backslash - it is required too), which is mapped to the Docker host’s port 50001, you can map it to
It is possible also to map only host name part using the field
Connecting to classic OPC DA Servers.¶
If you need collect real time data from classic OPC DA Servers, it is possible too! There are various OPC DA to OPC UA protocol converter applications available in the market. Using them, data becomes accessible over OPC UA protocol. ogamma Visual Logger for OPC was tested with the following below applications:
Browsing OPC UA Server address space and selecting variables to log.¶
To browse OPC UA Server’s address space, expand server node. Then select one or more OPC UA Variable nodes which has numeric data type (those, for which value can be converted into
float data type, for example, Byte, Int16, Int32, float, double. String type is supported toofor InfluxDb and Apache Kafka. Complex type values can be logged too, but they are not decoded, instead their string representation is used as a value.
Once one or more OPC UA Variables are selected, the button
Log will be enabled. If you click on it, selected nodes will be used to create new records in the right side
Logged Variables grid table.
When variables selected in the Address Space panel added by clicking on the
Log button to the
Logged Variables table, options for them such as publishing interval, sampling interval, queue size will be set according to corresponding valus in the currently selected (default)
To select range of nodes, first press on the
Shift key, then click by mouse on selection checkbox for the first node, and then scroll up or down to the last node of desired range and click on its selection checkbox. Whole range of nodes will be selected.
Logged Variables table.¶
Logged Variables table defines list of OPC UA Variables for which values are collected and logged into time-series database. Some features of the table are highlighted below.
Order of columns can be changed by drag ad drop.
Visibility of columns is configurable: click on Column Chooser icon to select what columns to display.
Sorting by most columns is possible: click on column header in order to sort by that column.
Grouping of logged variables¶
Grouping by one or more columns is possible. In order to group by a column, drag column header and drop it into the grouping area:
Groups and sub-groups can be collapsed or expanded:
Filtering by OPC UA Server.¶
Only Logged Variables belonging to selected OPC UA server can be displayed, or all of them:
How to set default values for logging options.¶
Default values for new records added to the Logged Variables table from address space panel can be set by selecting of a group with desired logging options:
Display real time data.¶
Collector Engine keeps last value received from OCP UA Servers in in-memory buffer. Those values with status code and timestamp can be displayed in the Logged Variables table:
- If a record has field
Log to TSDBchecked, then its value will be monitored by ogamma Visual Logger, and written (logged) into the time-series database (PostgreSQL).
Get History fromdefines where data values should be read from when SimpleJson requests from Grafana are processed:
UA(OPC UA server).
If data values should be read from OPC UA Server, then how it is read depends on value of the column
R means call Read service, and
H means call HistoryRead service.
Display Nameis displayed on Grafana when variable is selected as a metric for SimpleJson data source:
- Records in the
Logged Variablestable can be edited and deleted, as well added manually.
The following below screenshot illustrates typical GUI with brief comments on available controls:
If you want to log data for hundreds or thousands of nodes, it might be time consuming to configure variables using the GUI. For those cases, you can prepare your data in Excel spreadsheet or other tools in CSV format, and then import into ogamma Visual Logger configuration database, table