This alert is sent when the Audit log has reached certain thresholds to warn the Auditor to extract the log and clear it.
In normal work mode this should not occur. An Auditor should, once enabling the Audit feature, periodically export the log from each machine and clear the log. If this does not happen, the limited storage space of the log will fill up, sending these alerts once the storage reaches 50%, 75%, 85%, 95% and 100%. Once the storage area is full, no events that were defined as critical can be performed on the machine. In this case, an alert message will be sent on each new critical event.
Compatibility
Intel AMT Release 4.0 and later releases support this event.
Trap Definition
|
Specific Trap Info | |
|
Event Sensor Type |
C1h (OEM Reserved)) |
|
Event Type |
71h (OEM Discrete) |
|
Event Offset |
00h |
|
Variable Binding Info | |
|
Event Source Type |
58h (System MNG card) |
|
Event Severity |
10h (Critical) |
|
Sensor Device |
FFh (NS) |
|
Sensor Number |
FFh (NS) |
|
Entity |
26h (Mgmt Device) |
|
Entity Instance |
61h (port #1 (LAN port)) or |
|
EventData |
AAh (EventData 2-5 valid), |
Event Data Report State Details
|
#Byte |
Name |
Bits |
Description |
|
0 (EventData 2) |
Version |
0-3 |
Must be zero |
|
0 (EventData 2) |
Reason |
4-7 |
1h – Audit log alert |
|
1 (EventData 3) |
ReasonCode |
0-7 |
0h – Storage is 50% full. |
|
2-3 (EventData 4-5) |
Reserved |
|
Zeros |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |