Documentation
¶
Overview ¶
Package auditlog facilitates communication with Intel® AMT devices to read the audit log records
Index ¶
- Constants
- Variables
- func GetAuditLogExtendedDataString(appId, eventId int, data string) string
- type ACLEntry
- type AgentPresenceManagerEvent
- type AuditLog
- type AuditLogRecord
- type Body
- type Datetime
- type EnabledState
- type EventManagerEvent
- type FWUpdateFailure
- type FWVersion
- type NetworkAdministrationEvent
- type OverwritePolicy
- type ProvisioningParameters
- type PullResponse
- type ReadRecordsInput
- type ReadRecords_OUTPUT
- type RemoteControlEvent
- type RequestedState
- type Response
- type Service
- type StorageAdministrationEvent
- type StoragePolicy
- type SystemDefenseManagerEvent
- type UserOptInEvent
- type WirelessConfigurationEvent
Constants ¶
View Source
const ( AMTAuditLog string = "AMT_AuditLog" ReadRecords string = "ReadRecords" ValueNotFound string = "Value not found in map" )
View Source
const ( SecurityAdmin = 16 RemoteControl = 17 RedirectionManager = 18 FirmwareUpdateManager = 19 SecurityAuditLog = 20 NetworkTime = 21 NetworkAdministration = 22 StorageAdministration = 23 EventManager = 24 SystemDefenseManager = 25 AgentPresenceManager = 26 WirelessConfiguration = 27 EndpointAccessControl = 28 KeyboardVideoMouse = 29 UserOptIn = 30 ScreenBlanking = 32 Watchdog = 33 )
View Source
const ( HTTPDigest byte = 0 Kerberos byte = 1 Local byte = 2 KvmDefaultPort byte = 3 )
View Source
const UnknownEventID = "Unknown Event ID"
Variables ¶
View Source
var AMTAppIDToString = map[int]string{
16: "Security Admin Events",
17: "Remote Control Events",
18: "Redirection Manager Events",
19: "Firmware Update Manager Events",
20: "Security AuditLog Events",
21: "Network Time Events",
22: "Network Administration Events",
23: "Storage Administration Events",
24: "Event Manager Events",
25: "System Defense Manager Events",
26: "Agent Presence Manager Events",
27: "Wireless Configuration Events",
28: "Endpoint Access Control Events",
29: "Keyboard Video Mouse Events",
30: "User Opt-In Events",
32: "Screen Blanking Events",
33: "Watchdog Events",
}
View Source
var AMTAuditLogEventToString = map[int]string{
1600: "AMT Provisioning Started",
1601: "AMT Provisioning Completed",
1602: "ACL Entry Added",
1603: "ACL Entry Modified",
1604: "ACL Entry Removed",
1605: "ACL Access with Invalid Credentials",
1606: "ACL Entry State Changed",
1607: "TLS State Changed",
1608: "TLS Server Certificate Set",
1609: "TLS Server Certificate Removed",
1610: "TLS Trusted Root Certificate Added",
1611: "TLS Trusted Root Certificate Removed",
1612: "TLS Pre-Shared Key Set",
1613: "Kerberos Settings Modified",
1614: "Kerberos Master Key or Passphrase Modified",
1615: "Flash Wear out Counters Reset",
1616: "Power Package Modified",
1617: "Set Realm Authentication Mode",
1618: "Upgrade Client to Admin Control Mode",
1619: "AMT UnProvisioning Started",
1700: "Performed Power Up",
1701: "Performed Power Down",
1702: "Performed Power Cycle",
1703: "Performed Reset",
1704: "Set Boot Options",
1705: "Performed Graceful Power Down",
1706: "Performed Graceful Power Reset",
1707: "Preformed Standby",
1708: "Performed Hibernate",
1709: "Performed NMI",
1800: "IDE-R Session Opened",
1801: "IDE-R Session Closed",
1802: "IDE-R Enabled",
1803: "IDE-R Disabled",
1804: "SoL Session Opened",
1805: "SoL Session Closed",
1806: "SoL Enabled",
1807: "SoL Disabled",
1808: "KVM Session Started",
1809: "KVM Session Ended",
1810: "KVM Enabled",
1811: "KVM Disabled",
1812: "VNC Password Failed 3 Times",
1900: "Firmware Update Started",
1901: "Firmware Update Failed",
2000: "Security Audit Log Cleared",
2001: "Security Audit Policy Modified",
2002: "Security Audit Log Disabled",
2003: "Security Audit Log Enabled",
2004: "Security Audit Log Exported",
2005: "Security Audit Log Recovered",
2100: "AMT Time Set",
2200: "TCP/IP Parameters Set",
2201: "Host Name Set",
2202: "Domain Name Set",
2203: "VLAN Parameters Set",
2204: "Link Policy Set",
2205: "IPv6 Parameters Set",
2300: "Global Storage Attributes Set",
2301: "Storage EACL Modified",
2302: "Storage FPACL Modified",
2303: "Storage Write Operation",
2400: "Alert Subscribed",
2401: "Alert Unsubscribed",
2402: "Event Log Cleared",
2403: "Event Log Frozen",
2500: "System Defense Filter Added",
2501: "System Defense Filter Removed",
2502: "System Defense Policy Added",
2503: "System Defense Policy Removed",
2504: "System Defense Default Policy Set",
2505: "System Defense Heuristics Option Set",
2506: "System Defense Heuristics State Cleared",
2600: "Agent Watchdog Added",
2601: "Agent Watchdog Removed",
2602: "Agent Watchdog Action Set",
2700: "Wireless Profile Added",
2701: "Wireless Profile Removed",
2702: "Wireless Profile Updated",
2703: "Wireless Profile Modified",
2704: "Wireless Link Preference Changed",
2705: "Wireless Profile Share With UEFI Enabled Setting Changed",
2800: "EAC Posture Signer Set",
2801: "EAC Enabled",
2802: "EAC Disabled",
2803: "EAC Posture State Updated",
2804: "EAC Set Options",
2900: "KVM Opt-In Enabled",
2901: "KVM Opt-In Disabled",
2902: "KVM Password Changed",
2903: "KVM Consent Succeeded",
2904: "KVM Consent Failed",
3000: "Opt-In Policy Change",
3001: "Send Consent Code Event",
3002: "Start Opt-In Blocked Event",
3301: "Watchdog Reset Triggering Options Changed",
3302: "Watchdog Action Pairing Changed",
}
View Source
var EnabledStateToString = map[EnabledState]string{ EnabledStateUnknown: "Unknown", EnabledStateOther: "Other", EnabledStateEnabled: "Enabled", EnabledStateDisabled: "Disabled", EnabledStateShuttingDown: "ShuttingDown", EnabledStateNotApplicable: "NotApplicable", EnabledStateEnabledButOffline: "EnabledButOffline", EnabledStateInTest: "InTest", EnabledStateDeferred: "Deferred", EnabledStateQuiesce: "Quiesce", EnabledStateStarting: "Starting", }
View Source
var ExtendedDataMap = map[int]string{
0: "Invalid ME access",
1: "Invalid MEBx access",
}
View Source
var OverwritePolicyToString = map[OverwritePolicy]string{ OverwritePolicyUnknown: "Unknown", OverwritePolicyWrapsWhenFull: "WrapsWhenFull", OverwritePolicyNeverOverwrites: "NeverOverwrites", OverwritePolicyPartialRestrictedRollover: "PartialRestrictedRollover", }
View Source
var RealmNames = []string{
"Redirection",
"PT Administration",
"Hardware Asset",
"Remote Control",
"Storage",
"Event Manager",
"Storage Admin",
"Agent Presence Local",
"Agent Presence Remote",
"Circuit Breaker",
"Network Time",
"General Information",
"Firmware Update",
"EIT",
"LocalUN",
"Endpoint Access Control",
"Endpoint Access Control Admin",
"Event Log Reader",
"Audit Log",
"ACL Realm",
"",
"",
"Local System",
}
View Source
var RequestedStateToString = map[RequestedState]string{ RequestedStateUnknown: "Unknown", RequestedStateEnabled: "Enabled", RequestedStateDisabled: "Disabled", RequestedStateShutDown: "ShutDown", RequestedStateNoChange: "NoChange", RequestedStateOffline: "Offline", RequestedStateTest: "Test", RequestedStateDeferred: "Deferred", RequestedStateQuiesce: "Quiesce", RequestedStateReboot: "Reboot", RequestedStateReset: "Reset", RequestedStateNotApplicable: "NotApplicable", }
View Source
var StoragePolicyToString = map[StoragePolicy]string{ StoragePolicyNoRollOver: "NoRollOver", StoragePolicyRollOver: "RollOver", StoragePolicyRestrictedRollOver: "RestrictedRollOver", }
Functions ¶
func GetAuditLogExtendedDataString ¶ added in v2.8.0
Return human readable extended audit log data TODO: Just put some of them here, but many more still need to be added, helpful link here: https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fsecurityadminevents.htm
Types ¶
type ACLEntry ¶ added in v2.10.0
type ACLEntry struct {
ParameterModified uint8
AccessType uint8
EntryState uint8
InitiatorType uint8
UsernameLength uint8
SID uint32
Username string
DomainLength uint8
Domain string
}
OUTPUTS Response Types.
type AgentPresenceManagerEvent ¶ added in v2.10.0
type AgentPresenceManagerEvent struct {
AgentID []uint8
AgentHeartBeatTime uint16
AgentStartupTime uint16
}
OUTPUTS Response Types.
type AuditLog ¶
type AuditLog struct {
XMLName xml.Name `xml:"AMT_AuditLog"`
OverwritePolicy OverwritePolicy `xml:"OverwritePolicy,omitempty"` // OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries.Unknown (0) indicates the log's overwrite policy is unknown
CurrentNumberOfRecords int `xml:"CurrentNumberOfRecords,omitempty"` // Current number of records in the Log
MaxNumberOfRecords int `xml:"MaxNumberOfRecords,omitempty"` // Maximum number of records that can be captured in the Log
ElementName string `xml:"ElementName,omitempty"` // A user-friendly name for the object
EnabledState int `xml:"EnabledState,omitempty"` // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element
RequestedState int `xml:"RequestedState,omitempty"` // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested
PercentageFree int `xml:"PercentageFree,omitempty"` // Indicates the percentage of free space in the storage dedicated to the audit log
Name string `xml:"Name,omitempty"` // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed
TimeOfLastRecord Datetime `xml:"TimeOfLastRecord"` // Time stamp of the most recent entry in the log if such an entry exists
AuditState int `xml:"AuditState,omitempty"` // State of log
MaxAllowedAuditors int `xml:"MaxAllowedAuditors,omitempty"` // Maximum number of auditors allowed
StoragePolicy StoragePolicy `xml:"StoragePolicy,omitempty"` // AuditLog storage policy
MinDaysToKeep int `xml:"MinDaysToKeep,omitempty"` // Minimum number of days to keep records in the AuditLog
}
OUTPUTS Response Types.
type AuditLogRecord ¶ added in v2.3.0
type AuditLogRecord struct {
AuditAppID int `json:"AuditAppId" binding:"required" example:"0"`
EventID int `json:"EventId" binding:"required" example:"0"`
InitiatorType uint8 `json:"InitiatorType" binding:"required" example:"0"`
AuditApp string `json:"AuditApp" binding:"required" example:"Security Admin"`
Event string `json:"Event" binding:"required" example:"Provisioning Started"`
Initiator string `json:"Initiator" binding:"required" example:"Local"`
Time time.Time `json:"Time" binding:"required" example:"2023-04-19T20:38:20.000Z"`
MCLocationType uint8 `json:"MCLocationType" binding:"required" example:"0"`
NetAddress string `json:"NetAddress" binding:"required" example:"127.0.0.1"`
Ex string `json:"Ex" binding:"required" example:""`
ExStr string `json:"ExStr" binding:"required" example:"Remote WSAMN"`
}
OUTPUTS Response Types.
type Body ¶
type Body struct {
XMLName xml.Name `xml:"Body"`
EnumerateResponse common.EnumerateResponse
GetResponse AuditLog
PullResponse PullResponse
ReadRecordsResponse ReadRecords_OUTPUT
DecodedRecordsResponse []AuditLogRecord
}
OUTPUTS Response Types.
type Datetime ¶
type Datetime struct {
Datetime string `xml:"Datetime,omitempty"`
}
OUTPUTS Response Types.
type EnabledState ¶
type EnabledState int
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.
const ( EnabledStateUnknown EnabledState = iota EnabledStateOther EnabledStateEnabled EnabledStateDisabled EnabledStateShuttingDown EnabledStateNotApplicable EnabledStateEnabledButOffline EnabledStateInTest EnabledStateDeferred EnabledStateQuiesce EnabledStateStarting )
func (EnabledState) String ¶ added in v2.3.0
func (r EnabledState) String() string
EnabledStateToString returns a string representation of a EnabledState.
type EventManagerEvent ¶ added in v2.10.0
type EventManagerEvent struct {
PolicyID uint8
SubscriptionAlertType uint8
IPAddrType uint8
AlertTargetIPAddress []uint8
Freeze uint8
}
OUTPUTS Response Types.
type FWUpdateFailure ¶ added in v2.10.0
OUTPUTS Response Types.
type NetworkAdministrationEvent ¶ added in v2.10.0
type NetworkAdministrationEvent struct {
InterfaceHandle uint32
DHCPEnabled uint8
IPV4Address uint32
SubnetMask uint32
Gateway uint32
PrimaryDNS uint32
SecondaryDNS uint32
HostNameLength uint8
HostName string
DomainNameLength uint8
DomainName string
VLANTag uint16
LinkPolicy uint32
IPV6Enabled uint8
InterfaceIDGenType uint8
InterfaceID []uint8
IPV6Address []uint8
IPV6Gateway []uint8
IPV6PrimaryDNS []uint8
IPV6SecondaryDNS []uint8
}
OUTPUTS Response Types.
type OverwritePolicy ¶
type OverwritePolicy int
OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries.
const ( OverwritePolicyUnknown OverwritePolicy = 0 OverwritePolicyWrapsWhenFull OverwritePolicy = 2 OverwritePolicyNeverOverwrites OverwritePolicy = 7 OverwritePolicyPartialRestrictedRollover OverwritePolicy = 32768 )
func (OverwritePolicy) String ¶ added in v2.2.4
func (r OverwritePolicy) String() string
OverwritePolicyToString returns a string representation of a OverwritePolicy.
type ProvisioningParameters ¶ added in v2.10.0
type ProvisioningParameters struct {
ProvisioningMethod uint8
HashType uint8
TrustedRootCertHash []byte
NumberOfCertificates uint8
CertSerialNumbers []string
AdditionalCaSerialNumbers uint8
ProvServFQDNLength uint8
ProvServFQDN string
}
OUTPUTS Response Types.
type PullResponse ¶
type PullResponse struct {
XMLName xml.Name `xml:"PullResponse"`
AuditLogItems []AuditLog `xml:"Items>AMT_AuditLog"`
}
OUTPUTS Response Types.
type ReadRecordsInput ¶ added in v2.5.2
type ReadRecordsInput struct {
XMLName xml.Name `xml:"h:ReadRecords_INPUT"`
H string `xml:"xmlns:h,attr"`
StartIndex int `xml:"h:StartIndex" json:"StartIndex"`
}
INPUTS Request Types.
type ReadRecords_OUTPUT ¶
type ReadRecords_OUTPUT struct {
XMLName xml.Name `xml:"ReadRecords_OUTPUT,omitempty"`
TotalRecordCount int `xml:"TotalRecordCount,omitempty"` // The total number of records in the log.
RecordsReturned int `xml:"RecordsReturned,omitempty"` // The number of records returned + content of 10 records from the start index.
EventRecords []string `xml:"EventRecords,omitempty"` // Notice: the values of this array are actually base64 encoded values. A list of event records.
ReturnValue int `xml:"ReturnValue,omitempty"` // ValueMap={0, 1, 2, 35} Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_READY, PT_STATUS_INVALID_INDEX}
}
OUTPUTS Response Types.
type RemoteControlEvent ¶ added in v2.10.0
type RemoteControlEvent struct {
SpecialCommand uint8
SpecialCommandParameterHighByte uint8
SpecialCommandParameterLowByte uint8
BootOptionsMaskByte1 uint8
BootOptionsMaskByte2 uint8
OEMParameterByte1 uint8
OEMParameterByte2 uint8
}
OUTPUTS Response Types.
type RequestedState ¶
type RequestedState int
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.
const ( RequestedStateUnknown RequestedState = 0 RequestedStateEnabled RequestedState = 2 RequestedStateDisabled RequestedState = 3 RequestedStateShutDown RequestedState = 4 RequestedStateNoChange RequestedState = 5 RequestedStateOffline RequestedState = 6 RequestedStateTest RequestedState = 7 RequestedStateDeferred RequestedState = 8 RequestedStateQuiesce RequestedState = 9 RequestedStateReboot RequestedState = 10 RequestedStateReset RequestedState = 11 RequestedStateNotApplicable RequestedState = 12 )
func (RequestedState) String ¶ added in v2.3.0
func (r RequestedState) String() string
RequestedStateToString returns a string representation of a RequestedState.
type Response ¶
type Response struct {
*client.Message
XMLName xml.Name `xml:"Envelope"`
Header message.Header `xml:"Header"`
Body Body `xml:"Body"`
}
OUTPUTS Response Types.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewAuditLogWithClient ¶
func NewAuditLogWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) Service
NewAuditLogWithClient instantiates a new Audit Log service.
func (Service) Enumerate ¶
Enumerate returns an enumeration context which is used in a subsequent Pull call.
func (Service) Pull ¶
Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.
func (Service) ReadRecords ¶
ReadRecords returns a list of consecutive audit log records in chronological order: The first record in the returned array is the oldest record stored in the log. startIndex Identifies the position of the first record to retrieve. An index of 1 indicates the first record in the log.
type StorageAdministrationEvent ¶ added in v2.10.0
type StorageAdministrationEvent struct {
MaxPartnerStorage uint32
MaxNonPartnerTotalAllocationSize uint32
}
OUTPUTS Response Types.
type StoragePolicy ¶
type StoragePolicy int
StoragePolicy is an integer enumeration that indicates the storage policy of the log.
const ( StoragePolicyNoRollOver StoragePolicy = iota StoragePolicyRollOver StoragePolicyRestrictedRollOver )
func (StoragePolicy) String ¶ added in v2.2.4
func (r StoragePolicy) String() string
StoragePolicyToString returns a string representation of a StoragePolicy.
type SystemDefenseManagerEvent ¶ added in v2.10.0
type SystemDefenseManagerEvent struct {
FilterHandle uint32
PolicyHandle uint32
HardwareInterface uint32
InterfaceHandle uint32
BlockAll uint8
BlockOffensivePort uint8
}
OUTPUTS Response Types.
type UserOptInEvent ¶ added in v2.10.0
type UserOptInEvent struct {
PreviousOptInPolicy uint8
CurrentOptInPolicy uint8
OperationStatus uint8
}
OUTPUTS Response Types.
Source Files
Click to show internal directories.
Click to hide internal directories.