auditlog

package
v2.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package auditlog facilitates communication with Intel® AMT devices to read the audit log records

Index

Constants

View Source 
const (
	AMTAuditLog   string = "AMT_AuditLog"
	ReadRecords   string = "ReadRecords"
	ValueNotFound string = "Value not found in map"
)
View Source 
const (
	SecurityAdmin         = 16
	RemoteControl         = 17
	RedirectionManager    = 18
	FirmwareUpdateManager = 19
	SecurityAuditLog      = 20
	NetworkTime           = 21
	NetworkAdministration = 22
	StorageAdministration = 23
	EventManager          = 24
	SystemDefenseManager  = 25
	AgentPresenceManager  = 26
	WirelessConfiguration = 27
	EndpointAccessControl = 28
	KeyboardVideoMouse    = 29
	UserOptIn             = 30
	ScreenBlanking        = 32
	Watchdog              = 33
)
View Source 
const (
	HTTPDigest     byte = 0
	Kerberos       byte = 1
	Local          byte = 2
	KvmDefaultPort byte = 3
)
View Source 
const UnknownEventID = "Unknown Event ID"

Variables

View Source 
var AMTAppIDToString = map[int]string{
	16: "Security Admin Events",
	17: "Remote Control Events",
	18: "Redirection Manager Events",
	19: "Firmware Update Manager Events",
	20: "Security AuditLog Events",
	21: "Network Time Events",
	22: "Network Administration Events",
	23: "Storage Administration Events",
	24: "Event Manager Events",
	25: "System Defense Manager Events",
	26: "Agent Presence Manager Events",
	27: "Wireless Configuration Events",
	28: "Endpoint Access Control Events",
	29: "Keyboard Video Mouse Events",
	30: "User Opt-In Events",
	32: "Screen Blanking Events",
	33: "Watchdog Events",
}
View Source 
var AMTAuditLogEventToString = map[int]string{
	1600: "AMT Provisioning Started",
	1601: "AMT Provisioning Completed",
	1602: "ACL Entry Added",
	1603: "ACL Entry Modified",
	1604: "ACL Entry Removed",
	1605: "ACL Access with Invalid Credentials",
	1606: "ACL Entry State Changed",
	1607: "TLS State Changed",
	1608: "TLS Server Certificate Set",
	1609: "TLS Server Certificate Removed",
	1610: "TLS Trusted Root Certificate Added",
	1611: "TLS Trusted Root Certificate Removed",
	1612: "TLS Pre-Shared Key Set",
	1613: "Kerberos Settings Modified",
	1614: "Kerberos Master Key or Passphrase Modified",
	1615: "Flash Wear out Counters Reset",
	1616: "Power Package Modified",
	1617: "Set Realm Authentication Mode",
	1618: "Upgrade Client to Admin Control Mode",
	1619: "AMT UnProvisioning Started",
	1700: "Performed Power Up",
	1701: "Performed Power Down",
	1702: "Performed Power Cycle",
	1703: "Performed Reset",
	1704: "Set Boot Options",
	1705: "Performed Graceful Power Down",
	1706: "Performed Graceful Power Reset",
	1707: "Preformed Standby",
	1708: "Performed Hibernate",
	1709: "Performed NMI",
	1800: "IDE-R Session Opened",
	1801: "IDE-R Session Closed",
	1802: "IDE-R Enabled",
	1803: "IDE-R Disabled",
	1804: "SoL Session Opened",
	1805: "SoL Session Closed",
	1806: "SoL Enabled",
	1807: "SoL Disabled",
	1808: "KVM Session Started",
	1809: "KVM Session Ended",
	1810: "KVM Enabled",
	1811: "KVM Disabled",
	1812: "VNC Password Failed 3 Times",
	1900: "Firmware Update Started",
	1901: "Firmware Update Failed",
	2000: "Security Audit Log Cleared",
	2001: "Security Audit Policy Modified",
	2002: "Security Audit Log Disabled",
	2003: "Security Audit Log Enabled",
	2004: "Security Audit Log Exported",
	2005: "Security Audit Log Recovered",
	2100: "AMT Time Set",
	2200: "TCP/IP Parameters Set",
	2201: "Host Name Set",
	2202: "Domain Name Set",
	2203: "VLAN Parameters Set",
	2204: "Link Policy Set",
	2205: "IPv6 Parameters Set",
	2300: "Global Storage Attributes Set",
	2301: "Storage EACL Modified",
	2302: "Storage FPACL Modified",
	2303: "Storage Write Operation",
	2400: "Alert Subscribed",
	2401: "Alert Unsubscribed",
	2402: "Event Log Cleared",
	2403: "Event Log Frozen",
	2500: "System Defense Filter Added",
	2501: "System Defense Filter Removed",
	2502: "System Defense Policy Added",
	2503: "System Defense Policy Removed",
	2504: "System Defense Default Policy Set",
	2505: "System Defense Heuristics Option Set",
	2506: "System Defense Heuristics State Cleared",
	2600: "Agent Watchdog Added",
	2601: "Agent Watchdog Removed",
	2602: "Agent Watchdog Action Set",
	2700: "Wireless Profile Added",
	2701: "Wireless Profile Removed",
	2702: "Wireless Profile Updated",
	2703: "Wireless Profile Modified",
	2704: "Wireless Link Preference Changed",
	2705: "Wireless Profile Share With UEFI Enabled Setting Changed",
	2800: "EAC Posture Signer Set",
	2801: "EAC Enabled",
	2802: "EAC Disabled",
	2803: "EAC Posture State Updated",
	2804: "EAC Set Options",
	2900: "KVM Opt-In Enabled",
	2901: "KVM Opt-In Disabled",
	2902: "KVM Password Changed",
	2903: "KVM Consent Succeeded",
	2904: "KVM Consent Failed",
	3000: "Opt-In Policy Change",
	3001: "Send Consent Code Event",
	3002: "Start Opt-In Blocked Event",
	3301: "Watchdog Reset Triggering Options Changed",
	3302: "Watchdog Action Pairing Changed",
}
View Source 
var EnabledStateToString = map[EnabledState]string{
	EnabledStateUnknown:           "Unknown",
	EnabledStateOther:             "Other",
	EnabledStateEnabled:           "Enabled",
	EnabledStateDisabled:          "Disabled",
	EnabledStateShuttingDown:      "ShuttingDown",
	EnabledStateNotApplicable:     "NotApplicable",
	EnabledStateEnabledButOffline: "EnabledButOffline",
	EnabledStateInTest:            "InTest",
	EnabledStateDeferred:          "Deferred",
	EnabledStateQuiesce:           "Quiesce",
	EnabledStateStarting:          "Starting",
}
View Source 
var ExtendedDataMap = map[int]string{
	0: "Invalid ME access",
	1: "Invalid MEBx access",
}
View Source 
var OverwritePolicyToString = map[OverwritePolicy]string{
	OverwritePolicyUnknown:                   "Unknown",
	OverwritePolicyWrapsWhenFull:             "WrapsWhenFull",
	OverwritePolicyNeverOverwrites:           "NeverOverwrites",
	OverwritePolicyPartialRestrictedRollover: "PartialRestrictedRollover",
}
View Source 
var RealmNames = []string{
	"Redirection",
	"PT Administration",
	"Hardware Asset",
	"Remote Control",
	"Storage",
	"Event Manager",
	"Storage Admin",
	"Agent Presence Local",
	"Agent Presence Remote",
	"Circuit Breaker",
	"Network Time",
	"General Information",
	"Firmware Update",
	"EIT",
	"LocalUN",
	"Endpoint Access Control",
	"Endpoint Access Control Admin",
	"Event Log Reader",
	"Audit Log",
	"ACL Realm",
	"",
	"",
	"Local System",
}
View Source 
var RequestedStateToString = map[RequestedState]string{
	RequestedStateUnknown:       "Unknown",
	RequestedStateEnabled:       "Enabled",
	RequestedStateDisabled:      "Disabled",
	RequestedStateShutDown:      "ShutDown",
	RequestedStateNoChange:      "NoChange",
	RequestedStateOffline:       "Offline",
	RequestedStateTest:          "Test",
	RequestedStateDeferred:      "Deferred",
	RequestedStateQuiesce:       "Quiesce",
	RequestedStateReboot:        "Reboot",
	RequestedStateReset:         "Reset",
	RequestedStateNotApplicable: "NotApplicable",
}
View Source 
var StoragePolicyToString = map[StoragePolicy]string{
	StoragePolicyNoRollOver:         "NoRollOver",
	StoragePolicyRollOver:           "RollOver",
	StoragePolicyRestrictedRollOver: "RestrictedRollOver",
}

Functions

func GetAuditLogExtendedDataString 

func GetAuditLogExtendedDataString(appId, eventId int, data string) string

Return human readable extended audit log data TODO: Just put some of them here, but many more still need to be added, helpful link here: https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm?turl=WordDocuments%2Fsecurityadminevents.htm

Types

type ACLEntry 

type ACLEntry struct {
	ParameterModified uint8
	AccessType        uint8
	EntryState        uint8
	InitiatorType     uint8
	UsernameLength    uint8
	SID               uint32
	Username          string
	DomainLength      uint8
	Domain            string
}

OUTPUTS Response Types.

type AgentPresenceManagerEvent 

type AgentPresenceManagerEvent struct {
	AgentID            []uint8
	AgentHeartBeatTime uint16
	AgentStartupTime   uint16
}

OUTPUTS Response Types.

type AuditLog 

type AuditLog struct {
	XMLName                xml.Name        `xml:"AMT_AuditLog"`
	OverwritePolicy        OverwritePolicy `xml:"OverwritePolicy,omitempty"`        // OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries.Unknown (0) indicates the log's overwrite policy is unknown
	CurrentNumberOfRecords int             `xml:"CurrentNumberOfRecords,omitempty"` // Current number of records in the Log
	MaxNumberOfRecords     int             `xml:"MaxNumberOfRecords,omitempty"`     // Maximum number of records that can be captured in the Log
	ElementName            string          `xml:"ElementName,omitempty"`            // A user-friendly name for the object
	EnabledState           int             `xml:"EnabledState,omitempty"`           // EnabledState is an integer enumeration that indicates the enabled and disabled states of an element
	RequestedState         int             `xml:"RequestedState,omitempty"`         // RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested
	PercentageFree         int             `xml:"PercentageFree,omitempty"`         // Indicates the percentage of free space in the storage dedicated to the audit log
	Name                   string          `xml:"Name,omitempty"`                   // The Name property uniquely identifies the Service and provides an indication of the functionality that is managed
	TimeOfLastRecord       Datetime        `xml:"TimeOfLastRecord"`                 // Time stamp of the most recent entry in the log if such an entry exists
	AuditState             int             `xml:"AuditState,omitempty"`             // State of log
	MaxAllowedAuditors     int             `xml:"MaxAllowedAuditors,omitempty"`     // Maximum number of auditors allowed
	StoragePolicy          StoragePolicy   `xml:"StoragePolicy,omitempty"`          // AuditLog storage policy
	MinDaysToKeep          int             `xml:"MinDaysToKeep,omitempty"`          // Minimum number of days to keep records in the AuditLog
}

OUTPUTS Response Types.

type AuditLogRecord 

type AuditLogRecord struct {
	AuditAppID     int       `json:"AuditAppId" binding:"required" example:"0"`
	EventID        int       `json:"EventId" binding:"required" example:"0"`
	InitiatorType  uint8     `json:"InitiatorType" binding:"required" example:"0"`
	AuditApp       string    `json:"AuditApp" binding:"required" example:"Security Admin"`
	Event          string    `json:"Event" binding:"required" example:"Provisioning Started"`
	Initiator      string    `json:"Initiator" binding:"required" example:"Local"`
	Time           time.Time `json:"Time" binding:"required" example:"2023-04-19T20:38:20.000Z"`
	MCLocationType uint8     `json:"MCLocationType" binding:"required" example:"0"`
	NetAddress     string    `json:"NetAddress" binding:"required" example:"127.0.0.1"`
	Ex             string    `json:"Ex" binding:"required" example:""`
	ExStr          string    `json:"ExStr" binding:"required" example:"Remote WSAMN"`
}

OUTPUTS Response Types.

type Body 

type Body struct {
	XMLName                xml.Name `xml:"Body"`
	EnumerateResponse      common.EnumerateResponse
	GetResponse            AuditLog
	PullResponse           PullResponse
	ReadRecordsResponse    ReadRecords_OUTPUT
	DecodedRecordsResponse []AuditLogRecord
}

OUTPUTS Response Types.

type Datetime 

type Datetime struct {
	Datetime string `xml:"Datetime,omitempty"`
}

OUTPUTS Response Types.

type EnabledState 

type EnabledState int

EnabledState is an integer enumeration that indicates the enabled and disabled states of an element. 

const (
	EnabledStateUnknown EnabledState = iota
	EnabledStateOther
	EnabledStateEnabled
	EnabledStateDisabled
	EnabledStateShuttingDown
	EnabledStateNotApplicable
	EnabledStateEnabledButOffline
	EnabledStateInTest
	EnabledStateDeferred
	EnabledStateQuiesce
	EnabledStateStarting
)

func (EnabledState) String 

func (r EnabledState) String() string

EnabledStateToString returns a string representation of a EnabledState.

type EventManagerEvent 

type EventManagerEvent struct {
	PolicyID              uint8
	SubscriptionAlertType uint8
	IPAddrType            uint8
	AlertTargetIPAddress  []uint8
	Freeze                uint8
}

OUTPUTS Response Types.

type FWUpdateFailure 

type FWUpdateFailure struct {
	Type   uint8
	Reason uint8
}

OUTPUTS Response Types.

type FWVersion 

type FWVersion struct {
	Major  uint16
	Minor  uint16
	Hotfix uint16
	Build  uint16
}

OUTPUTS Response Types.

type NetworkAdministrationEvent 

type NetworkAdministrationEvent struct {
	InterfaceHandle    uint32
	DHCPEnabled        uint8
	IPV4Address        uint32
	SubnetMask         uint32
	Gateway            uint32
	PrimaryDNS         uint32
	SecondaryDNS       uint32
	HostNameLength     uint8
	HostName           string
	DomainNameLength   uint8
	DomainName         string
	VLANTag            uint16
	LinkPolicy         uint32
	IPV6Enabled        uint8
	InterfaceIDGenType uint8
	InterfaceID        []uint8
	IPV6Address        []uint8
	IPV6Gateway        []uint8
	IPV6PrimaryDNS     []uint8
	IPV6SecondaryDNS   []uint8
}

OUTPUTS Response Types.

type OverwritePolicy 

type OverwritePolicy int

OverwritePolicy is an integer enumeration that indicates whether the log, represented by the CIM_Log subclasses, can overwrite its entries. 

const (
	OverwritePolicyUnknown                   OverwritePolicy = 0
	OverwritePolicyWrapsWhenFull             OverwritePolicy = 2
	OverwritePolicyNeverOverwrites           OverwritePolicy = 7
	OverwritePolicyPartialRestrictedRollover OverwritePolicy = 32768
)

func (OverwritePolicy) String 

func (r OverwritePolicy) String() string

OverwritePolicyToString returns a string representation of a OverwritePolicy.

type ProvisioningParameters 

type ProvisioningParameters struct {
	ProvisioningMethod        uint8
	HashType                  uint8
	TrustedRootCertHash       []byte
	NumberOfCertificates      uint8
	CertSerialNumbers         []string
	AdditionalCaSerialNumbers uint8
	ProvServFQDNLength        uint8
	ProvServFQDN              string
}

OUTPUTS Response Types.

type PullResponse 

type PullResponse struct {
	XMLName       xml.Name   `xml:"PullResponse"`
	AuditLogItems []AuditLog `xml:"Items>AMT_AuditLog"`
}

OUTPUTS Response Types.

type ReadRecordsInput 

type ReadRecordsInput struct {
	XMLName    xml.Name `xml:"h:ReadRecords_INPUT"`
	H          string   `xml:"xmlns:h,attr"`
	StartIndex int      `xml:"h:StartIndex" json:"StartIndex"`
}

INPUTS Request Types.

type ReadRecords_OUTPUT 

type ReadRecords_OUTPUT struct {
	XMLName          xml.Name `xml:"ReadRecords_OUTPUT,omitempty"`
	TotalRecordCount int      `xml:"TotalRecordCount,omitempty"` // The total number of records in the log.
	RecordsReturned  int      `xml:"RecordsReturned,omitempty"`  // The number of records returned + content of 10 records from the start index.
	EventRecords     []string `xml:"EventRecords,omitempty"`     // Notice: the values of this array are actually base64 encoded values. A list of event records.
	ReturnValue      int      `xml:"ReturnValue,omitempty"`      // ValueMap={0, 1, 2, 35} Values={PT_STATUS_SUCCESS, PT_STATUS_INTERNAL_ERROR, PT_STATUS_NOT_READY, PT_STATUS_INVALID_INDEX}
}

OUTPUTS Response Types.

type RemoteControlEvent 

type RemoteControlEvent struct {
	SpecialCommand                  uint8
	SpecialCommandParameterHighByte uint8
	SpecialCommandParameterLowByte  uint8
	BootOptionsMaskByte1            uint8
	BootOptionsMaskByte2            uint8
	OEMParameterByte1               uint8
	OEMParameterByte2               uint8
}

OUTPUTS Response Types.

type RequestedState 

type RequestedState int

RequestedState is an integer enumeration that indicates the last requested or desired state for the element, irrespective of the mechanism through which it was requested. 

const (
	RequestedStateUnknown       RequestedState = 0
	RequestedStateEnabled       RequestedState = 2
	RequestedStateDisabled      RequestedState = 3
	RequestedStateShutDown      RequestedState = 4
	RequestedStateNoChange      RequestedState = 5
	RequestedStateOffline       RequestedState = 6
	RequestedStateTest          RequestedState = 7
	RequestedStateDeferred      RequestedState = 8
	RequestedStateQuiesce       RequestedState = 9
	RequestedStateReboot        RequestedState = 10
	RequestedStateReset         RequestedState = 11
	RequestedStateNotApplicable RequestedState = 12
)

func (RequestedState) String 

func (r RequestedState) String() string

RequestedStateToString returns a string representation of a RequestedState.

type Response 

type Response struct {
	*client.Message
	XMLName xml.Name       `xml:"Envelope"`
	Header  message.Header `xml:"Header"`
	Body    Body           `xml:"Body"`
}

OUTPUTS Response Types.

func (*Response) JSON 

func (r *Response) JSON() string

JSON marshals the type into JSON format.

func (*Response) YAML 

func (r *Response) YAML() string

YAML marshals the type into YAML format.

type Service 

type Service struct {
	base.WSManService[Response]
}

func NewAuditLogWithClient 

func NewAuditLogWithClient(wsmanMessageCreator *message.WSManMessageCreator, client client.WSMan) Service

NewAuditLogWithClient instantiates a new Audit Log service.

func (Service) ReadRecords 

func (service Service) ReadRecords(startIndex int) (response Response, err error)

ReadRecords returns a list of consecutive audit log records in chronological order: The first record in the returned array is the oldest record stored in the log. startIndex Identifies the position of the first record to retrieve. An index of 1 indicates the first record in the log.

type StorageAdministrationEvent 

type StorageAdministrationEvent struct {
	MaxPartnerStorage                uint32
	MaxNonPartnerTotalAllocationSize uint32
}

OUTPUTS Response Types.

type StoragePolicy 

type StoragePolicy int

StoragePolicy is an integer enumeration that indicates the storage policy of the log. 

const (
	StoragePolicyNoRollOver StoragePolicy = iota
	StoragePolicyRollOver
	StoragePolicyRestrictedRollOver
)

func (StoragePolicy) String 

func (r StoragePolicy) String() string

StoragePolicyToString returns a string representation of a StoragePolicy.

type SystemDefenseManagerEvent 

type SystemDefenseManagerEvent struct {
	FilterHandle       uint32
	PolicyHandle       uint32
	HardwareInterface  uint32
	InterfaceHandle    uint32
	BlockAll           uint8
	BlockOffensivePort uint8
}

OUTPUTS Response Types.

type UserOptInEvent 

type UserOptInEvent struct {
	PreviousOptInPolicy uint8
	CurrentOptInPolicy  uint8
	OperationStatus     uint8
}

OUTPUTS Response Types.

type WirelessConfigurationEvent 

type WirelessConfigurationEvent struct {
	SSID                   []uint8
	ProfilePriority        uint8
	ProfileNameLength      uint8
	ProfileName            []uint8
	ProfileSync            uint32
	Timeout                uint32
	LinkPreference         uint32
	ProfileSharingWithUEFI uint8
}

OUTPUTS Response Types.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.