Auditing in OPC UA allows 2 different scenarios in Part 4 - 6.5.1 Auditing Overview:

Auditing can be accomplished using one or both of the following methods:

1. The OPC UA Application that generates the audit event can log the audit entry in a log file or other storage location;
2. The OPC UA Server that generates the audit event can publish the audit event using the OPC UA event mechanism. This allows an external OPC UA Client to subscribe to and log the audit entries to a log file or other storage location.

The Auditing Flag is currently defined in Part 5 - 6.3.1 ServerType with

Auditing is a Boolean specifying if the Server is currently generating audit events. It is set to TRUE if the Server generates audit events, otherwise to false.

It is unclear whether in the 1. scenario described in Part 4 the Auditing flag is to be set or not.

Opinions voiced during the initial discussion in UA WG Meeting:

• OPC UA is an interface specification, therefore this flag must describe whether a client will receive audit events or not
• It could be interesting to a client if the application is generating audit logs since they could also be pulled via FileTransfer methods, therefore the auditing flag needs to be set also for the internal log case.
• The flag may be used to activate/deactivate the auditing and therefore is about the feature itself not whether events will be received by the client or not.

If the specification is considered ambiguous, we need to consider the open interpretation and may rather need to create a new flag with stricter rules rather than tightening the wording for the current flag.