Intel AMT Features > Access Monitor > Detailed Description > Auditor Notification Alert

Auditor Notification Alert

The auditor alert is sent when the Audit log has reached certain thresholds to warn the Auditor to extract the log and clear it. These alerts are effective when the audit log storage policy is No Rollover or Restricted Rollover Allowed (see Set the Audit Storage Policy).

In normal work mode this should not occur. An Auditor or auditing application should, once enabling the Access Monitor feature, periodically export the log from each machine and clear the log. If this does not happen, the limited storage space of the log will fill up, sending these alerts once the storage reaches 50%, 75%, 85%, 95% and 100%. Once the storage area is full, in the case where storage policy is No Rollover, no events that were defined as critical can be performed on the machine. This can also happen where storage policy is Restricted Rollover Allowed and the next event in the storage area is not old enough to be overwritten. In both cases, an alert message will be sent on each new critical event.

When the Audit Log is in an AUDIT_ALMOST_FULL state, it indicates that the storage area dedicated for the audit log reached 85% full. If the storage policy is No Rollover, non-critical events will not be logged and critical events will still be permitted to proceed and will be logged until the storage area is full. Once the log is full, critical events will be blocked.If the storage policy is Rollover Allowed then new events will replace the oldest events in the log when the log is full. If the policy is Restricted Rollover Allowed, this can also occur, subject to the defined restrictions. With these policies, the alerts will not necessarily indicate a condition where an event will be blocked due to lack of storage. Instead, it should be used as a warning that stored events may be overwritten and lost and that the log should be exported and cleared.

See Also:

   Set the Audit Storage Policy

   Read the Audit Log

   Clear the Audit Log

Copyright © 2006-2022, Intel Corporation. All rights reserved.