Documentation
¶
Overview ¶
Package auditlog facilitates communication with Intel® AMT devices to read the audit log records
Index ¶
- Constants
- Variables
- func GetAuditLogExtendedDataString(auditEventId int, data string) string
- type AuditLog
- type AuditLogRecord
- type Body
- type Datetime
- type EnabledState
- type OverwritePolicy
- type PullResponse
- type ReadRecordsInput
- type ReadRecords_OUTPUT
- type RequestedState
- type Response
- type Service
- type StoragePolicy
Constants ¶
View Source
const ( AMTAuditLog string = "AMT_AuditLog" ReadRecords string = "ReadRecords" ValueNotFound string = "Value not found in map" )
View Source
const ( ACLEntryAdded = 1602 ACLEntryModified = 1603 ACLEntryRemoved = 1604 ACLAccessWithInvalidCredentials = 1605 ACLEntryStateChanged = 1606 TLSStateChanged = 1607 SetRealmAuthenticationMode = 1617 AMTUnprovisioningStarted = 1619 FirmwareUpdate = 1900 AMTTimeSet = 2100 OptInPolicyChange = 3000 SendConsentCode = 3001 )
View Source
const ( HTTPDigest byte = 0 Kerberos byte = 1 Local byte = 2 KvmDefaultPort byte = 3 )
Variables ¶
View Source
var AMTAuditStringTable = map[int]string{}/* 114 elements not displayed */
View Source
var EnabledStateToString = map[EnabledState]string{ EnabledStateUnknown: "Unknown", EnabledStateOther: "Other", EnabledStateEnabled: "Enabled", EnabledStateDisabled: "Disabled", EnabledStateShuttingDown: "ShuttingDown", EnabledStateNotApplicable: "NotApplicable", EnabledStateEnabledButOffline: "EnabledButOffline", EnabledStateInTest: "InTest", EnabledStateDeferred: "Deferred", EnabledStateQuiesce: "Quiesce", EnabledStateStarting: "Starting", }
View Source
var ExtendedDataMap = map[int]string{
0: "Invalid ME access",
1: "Invalid MEBx access",
}
View Source
var OverwritePolicyToString = map[OverwritePolicy]string{ OverwritePolicyUnknown: "Unknown", OverwritePolicyWrapsWhenFull: "WrapsWhenFull", OverwritePolicyNeverOverwrites: "NeverOverwrites", OverwritePolicyPartialRestrictedRollover: "PartialRestrictedRollover", }
View Source
var RealmNames = []string{
"Redirection",
"PT Administration",
"Hardware Asset",
"Remote Control",
"Storage",
"Event Manager",
"Storage Admin",
"Agent Presence Local",
"Agent Presence Remote",
"Circuit Breaker",
"Network Time",
"General Information",
"Firmware Update",
"EIT",
"LocalUN",
"Endpoint Access Control",
"Endpoint Access Control Admin",
"Event Log Reader",
"Audit Log",
"ACL Realm",
"",
"",
"Local System",
}
View Source
var RequestedStateToString = map[RequestedState]string{ RequestedStateUnknown: "Unknown", RequestedStateEnabled: "Enabled", RequestedStateDisabled: "Disabled", RequestedStateShutDown: "ShutDown", RequestedStateNoChange: "NoChange", RequestedStateOffline: "Offline", RequestedStateTest: "Test", RequestedStateDeferred: "Deferred", RequestedStateQuiesce: "Quiesce", RequestedStateReboot: "Reboot", RequestedStateReset: "Reset", RequestedStateNotApplicable: "NotApplicable", }
View Source
var StoragePolicyToString = map[StoragePolicy]string{ StoragePolicyNoRollOver: "NoRollOver", StoragePolicyRollOver: "RollOver", StoragePolicyRestrictedRollOver: "RestrictedRollOver", }
Functions ¶
func GetAuditLogExtendedDataString ¶ added in v2.8.0
Return human readable extended audit log data TODO: Just put some of them here, but many more still need to be added, helpful link here: https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fsecurityadminevents.htm
Types ¶
type AuditLog ¶
type AuditLog struct {
XMLName xml.Name `xml:"AMT_AuditLog"`
OverwritePolicy OverwritePolicy `xml:"OverwritePolicy,omitempty"` // OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries.Unknown (0) indicates the log's overwrite policy is unknown
CurrentNumberOfRecords int `xml:"CurrentNumberOfRecords,omitempty"` // Current number of records in the Log
MaxNumberOfRecords int `xml:"MaxNumberOfRecords,omitempty"` // Maximum number of records that can be captured in the Log
ElementName string `xml:"ElementName,omitempty"` // A user-friendly name for the object
EnabledState int `xml:"EnabledState,omitempty"` // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element
RequestedState int `xml:"RequestedState,omitempty"` // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested
PercentageFree int `xml:"PercentageFree,omitempty"` // Indicates the percentage of free space in the storage dedicated to the audit log
Name string `xml:"Name,omitempty"` // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed
TimeOfLastRecord Datetime `xml:"TimeOfLastRecord"` // Time stamp of the most recent entry in the log if such an entry exists
AuditState int `xml:"AuditState,omitempty"` // State of log
MaxAllowedAuditors int `xml:"MaxAllowedAuditors,omitempty"` // Maximum number of auditors allowed
StoragePolicy StoragePolicy `xml:"StoragePolicy,omitempty"` // AuditLog storage policy
MinDaysToKeep int `xml:"MinDaysToKeep,omitempty"` // Minimum number of days to keep records in the AuditLog
}
OUTPUTS Response Types.
type AuditLogRecord ¶ added in v2.3.0
type AuditLogRecord struct {
AuditAppID int `json:"AuditAppId" binding:"required" example:"0"`
EventID int `json:"EventId" binding:"required" example:"0"`
InitiatorType uint8 `json:"InitiatorType" binding:"required" example:"0"`
AuditApp string `json:"AuditApp" binding:"required" example:"Security Admin"`
Event string `json:"Event" binding:"required" example:"Provisioning Started"`
Initiator string `json:"Initiator" binding:"required" example:"Local"`
Time time.Time `json:"Time" binding:"required" example:"2023-04-19T20:38:20.000Z"`
MCLocationType uint8 `json:"MCLocationType" binding:"required" example:"0"`
NetAddress string `json:"NetAddress" binding:"required" example:"127.0.0.1"`
Ex string `json:"Ex" binding:"required" example:""`
ExStr string `json:"ExStr" binding:"required" example:"Remote WSAMN"`
}
OUTPUTS Response Types.
type Body ¶
type Body struct {
XMLName xml.Name `xml:"Body"`
EnumerateResponse common.EnumerateResponse
GetResponse AuditLog
PullResponse PullResponse
ReadRecordsResponse ReadRecords_OUTPUT
DecodedRecordsResponse []AuditLogRecord
}
OUTPUTS Response Types.
type Datetime ¶
type Datetime struct {
Datetime string `xml:"Datetime,omitempty"`
}
OUTPUTS Response Types.
type EnabledState ¶
type EnabledState int
EnabledState is an integer enumeration that indicates the enabled and disabled states of an element.
const ( EnabledStateUnknown EnabledState = iota EnabledStateOther EnabledStateEnabled EnabledStateDisabled EnabledStateShuttingDown EnabledStateNotApplicable EnabledStateEnabledButOffline EnabledStateInTest EnabledStateDeferred EnabledStateQuiesce EnabledStateStarting )
func (EnabledState) String ¶ added in v2.3.0
func (r EnabledState) String() string
EnabledStateToString returns a string representation of a EnabledState.
type OverwritePolicy ¶
type OverwritePolicy int
OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries.
const ( OverwritePolicyUnknown OverwritePolicy = 0 OverwritePolicyWrapsWhenFull OverwritePolicy = 2 OverwritePolicyNeverOverwrites OverwritePolicy = 7 OverwritePolicyPartialRestrictedRollover OverwritePolicy = 32768 )
func (OverwritePolicy) String ¶ added in v2.2.4
func (r OverwritePolicy) String() string
OverwritePolicyToString returns a string representation of a OverwritePolicy.
type PullResponse ¶
type PullResponse struct {
XMLName xml.Name `xml:"PullResponse"`
AuditLogItems []AuditLog `xml:"Items>AMT_AuditLog"`
}
OUTPUTS Response Types.
type ReadRecordsInput ¶ added in v2.5.2
type ReadRecordsInput struct {
XMLName xml.Name `xml:"h:ReadRecords_INPUT"`
H string `xml:"xmlns:h,attr"`
StartIndex int `xml:"h:StartIndex" json:"StartIndex"`
}
INPUTS Request Types.
type ReadRecords_OUTPUT ¶
type ReadRecords_OUTPUT struct {
XMLName xml.Name `xml:"ReadRecords_OUTPUT,omitempty"`
TotalRecordCount int `xml:"TotalRecordCount,omitempty"` // The total number of records in the log.
RecordsReturned int `xml:"RecordsReturned,omitempty"` // The number of records returned + content of 10 records from the start index.
EventRecords []string `xml:"EventRecords,omitempty"` // Notice: the values of this array are actually base64 encoded values. A list of event records.
ReturnValue int `xml:"ReturnValue,omitempty"` // ValueMap={0, 1, 2, 35} Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_READY, PT_STATUS_INVALID_INDEX}
}
OUTPUTS Response Types.
type RequestedState ¶
type RequestedState int
RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested.
const ( RequestedStateUnknown RequestedState = 0 RequestedStateEnabled RequestedState = 2 RequestedStateDisabled RequestedState = 3 RequestedStateShutDown RequestedState = 4 RequestedStateNoChange RequestedState = 5 RequestedStateOffline RequestedState = 6 RequestedStateTest RequestedState = 7 RequestedStateDeferred RequestedState = 8 RequestedStateQuiesce RequestedState = 9 RequestedStateReboot RequestedState = 10 RequestedStateReset RequestedState = 11 RequestedStateNotApplicable RequestedState = 12 )
func (RequestedState) String ¶ added in v2.3.0
func (r RequestedState) String() string
RequestedStateToString returns a string representation of a RequestedState.
type Response ¶
type Response struct {
*client.Message
XMLName xml.Name `xml:"Envelope"`
Header message.Header `xml:"Header"`
Body Body `xml:"Body"`
}
OUTPUTS Response Types.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewAuditLogWithClient ¶
func NewAuditLogWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) Service
NewAuditLogWithClient instantiates a new Audit Log service.
func (Service) Enumerate ¶
Enumerate returns an enumeration context which is used in a subsequent Pull call.
func (Service) Pull ¶
Pull returns the instances of this class. An enumeration context provided by the Enumerate call is used as input.
func (Service) ReadRecords ¶
ReadRecords returns a list of consecutive audit log records in chronological order: The first record in the returned array is the oldest record stored in the log. startIndex Identifies the position of the first record to retrieve. An index of 1 indicates the first record in the log.
type StoragePolicy ¶
type StoragePolicy int
StoragePolicy is an integer enumeration that indicates the storage policy of the log.
const ( StoragePolicyNoRollOver StoragePolicy = iota StoragePolicyRollOver StoragePolicyRestrictedRollOver )
func (StoragePolicy) String ¶ added in v2.2.4
func (r StoragePolicy) String() string
StoragePolicyToString returns a string representation of a StoragePolicy.
Source Files
Click to show internal directories.
Click to hide internal directories.