 |
Read the Audit Log
The following steps describe how to read the Audit log records.
1. Retrieve the instance of AMT_AuditLog, where the “Name” key equals “Intel(r) AMT:Audit Log”.
2. Invoke AMT_AuditLog.ReadRecords.
|
To ensure you retrieve the correct information, Intel recommends that you wrap the ReadRecords method with the lock and unlock methods (see Lock and Unlock the Audit Log). These fields return data in Big-Endian format: • AuditAppID • EventID • Timestamp |
Note:
Click here for a snippet demonstrating this step
You can execute this snippet by inserting it into the execution template found here.
$auditLogRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuditLog WHERE Name='Intel(r) AMT:Audit Log'")
$inputObject =$auditLogRef.CreateMethodInput("ReadRecords")
$inputObject.SetProperty("StartIndex","1")
$outputObject =$auditLogRef.InvokeMethod($inputObject)
$returnValue =$outputObject.GetProperty("ReturnValue")
if($returnValue -like "0")
{
$totalRecordCount =$outputObject.GetProperty("TotalRecordCount")
$recordsReturned =$outputObject.GetProperty("RecordsReturned")
$eventRecords =$outputObject.GetProperty("EventRecords")
$eventRecordsBytes =[System.Convert]::FromBase64String($eventRecords.Item(0))
$toBits1 =[system.Convert]::ToString($eventRecordsBytes[0], 2)
$toBits2 =[system.Convert]::ToString($eventRecordsBytes[1], 2)
$toBits1 =[string]::Join("",$toBits2)
$auditAppID =[system.Convert]::ToInt32($toBits1, 2)
}
Instance Diagram
Classes Used in This Flow
SDK Sample
If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.
See Also: |
Copyright © 2006-2022, Intel Corporation. All rights reserved. |