I have a rpi4 supervised installation of hass with a nodeRed flow that begins with an injection node triggering at a specific time only one day of the week. It triggers an alexa device (alexa media via hacs) to say a specific phrase.
It has worked flawlesly for several months, but today it triggered at 3Am, nowhere within the day or time set for the automation. HASS Logs are quite short and I can only see a couple of logs confirming some activity at that specific time (a warning about alexa media player using a deprecated option). I’m wondering if there’s a way to know more information about the triggered event, if it was some system error or if maybe someone got into it and started playing around.
My HASS installation is under a secure password, only accessible via ZeroTier VPN which I can see is only listing my known devices. I only have two users on known devices and we were all asleep at the time of the event.
System date and time are correct.
Check the automations trace, it should show what triggered it. If you are worried about security at least enable MFA.
thanks for your reply. Because this automation is created inside nodeRed, it does not show in the automations page. And with my little knowledge in node-red I cannot get much more information other than the timestamp at which the automation was run, I just put a debug node in case it happens again but I’m wondering if there is some more forensic data I can gather from the event that already happened.
Sorry, missed the node red tag. I don’t use it myself so I can’t help you with that. MFA suggestion still (and always) stands though 
Outside of a debug node or logging to a text file, that info is lost (one of my many gripes with node red).
What does your trigger node look like? Perhaps node red restarted and fired off that trigger? You can look at the log file in node red to see if that happened or not.