The following table describes the Security Audit Log events events (App ID = 20). Beginning in Release 8.0, all Security Audit Log events are enabled by default.
|
Event Name |
ID |
Description |
Parameters |
Trigger |
|
Security Audit Log Cleared |
0 |
Audit log was cleared. Note: This event is always written to the Log and it cannot be flagged as critical. |
None |
The event is logged after completing a successful clear of the log. WS-MAN: ANT_AuditLog.ClearLog |
|
Security Audit policy modified |
1 |
Audit policy event was Enabled or Disabled |
None |
WS-MAN: AMT_AuditPolicyRule.SetAuditPolicy AMT_AuditPolicyRule.SetAuditPolicyBulk Events are logged even if the methods return with an error. |
|
Security Audit Log Disabled |
2 |
Access monitor feature disabled. Note: This event cannot be flagged as critical. |
None |
WS-MAN: AMT_AuditLog.RequestStateChange is called with RequestedState = Disabled |
|
Security Audit Log Enabled |
3 |
Access monitor feature enabled. Note: This event cannot be flagged as critical. |
None |
Event is logged after successfully enabling Access Monitor feature. WS-MAN: ANT_AuditLog.RequestStateChange is called with RequestedState = Enabled |
|
Security Audit Log Exported |
4 |
Audit log signature and log-related information exported. Note: This event cannot be flagged as critical. |
None |
The event is logged after successfully exporting audit log signature. |
|
Security Audit Log Recovered (In Intel AMT Release 5.1 and later releases.) |
5 |
Internal check of audit log resulted in a recovery action. Note: This event is always written to the Log and it cannot be flagged as critical. |
UINT8 Reason 0 – Unknown 1 – Migration failure 2 – Initialization failure |
Internal problem detected by firmware. |
|
Copyright © 2006-2022, Intel Corporation. All rights reserved. |