Auditor Notification Alert

This alert is sent when the Audit log has reached certain thresholds to warn the Auditor to extract the log and clear it.

In normal work mode this should not occur. An Auditor should, once enabling the Audit feature, periodically export the log from each machine and clear the log. If this does not happen, the limited storage space of the log will fill up, sending these alerts once the storage reaches 50%, 75%, 85%, 95% and 100%. Once the storage area is full, no events that were defined as critical can be performed on the machine. In this case, an alert message will be sent on each new critical event.

Compatibility

 Intel AMT Release 4.0 and later releases support this event.

Trap Definition

Specific Trap Info

Event Sensor Type

C1h (OEM Reserved))

Event Type

71h (OEM Discrete)

Event Offset

00h

Variable Binding Info

Event Source Type

58h (System MNG card)

Event Severity

10h (Critical)

Sensor Device

FFh (NS)

Sensor Number

FFh (NS)

Entity

26h (Mgmt Device)

Entity Instance

61h (port #1 (LAN port)) or
62h (port #1 (WLAN port)) or
00h (NS)

EventData

AAh (EventData 2-5 valid),
NN (Report state, byte #0),
NN (Report state, byte #1),
NN (Report state, byte #2),
NN (Report state, byte #3)

Event Data Report State Details

#Byte

Name

Bits

Description

0

(EventData 2)

Version

0-3

Must be zero

0

(EventData 2)

Reason

4-7

1h – Audit log alert

1

(EventData 3)

ReasonCode

0-7

0h – Storage is 50% full.
1h – Storage is 75% full.
2h – Storage is 85% full.
3h – Storage is 95% full.
4h – Storage is full.
5h… Fh – Reserved.

2-3

(EventData 4-5)

Reserved

 

Zeros

Copyright © 2006-2022, Intel Corporation. All rights reserved.