Enabling Auditing

In pre-8.0 releases, the user with Auditor privileges enables auditing by:

   Defining signing key material (certificate chain and keys used by Intel AMT to create an audit log signature). The material is sent using the WS-Management AMT_AuditLog.SetSigningKeyMaterial method. This must be done before enabling auditing.

   Changing the status of the Audit log to enabled.

 Note:

In pre-8.0 releases:  When performing setup and configuration using either TLS-PSK or remote configuration, do not enable the audit log until after executing CommitChanges.

Starting in Release 8.0:  Audit Log is enabled by default in all provisioning states (PRE, IN, POST).

 

Starting in Release 8.0, auditing is automatically enabled before provisioning starts. The initial Auditor is the administrator. There is no need to define the signing key material to begin logging.

Once the audit log is activated, an audit log application should periodically check the logs on the Intel AMT platforms under its surveillance. The application can be programmed to watch for certain events, such as failed attempts to connect with Intel AMT. Each record in the log contains fields identifying the user that initiated an auditable event and the time the event occurred.

See Also:

   Set the Signing Key Material

   Enable and Disable Auditing

   Read the Audit Log

   Clear the Audit Log

Copyright © 2006-2022, Intel Corporation. All rights reserved.