// Copyright (c) 2007-2010, Intel Corporation. All rights reserved. [Version ( "6.0.0" ), Description ( "Represents an Audit Log" )] class AMT_AuditLog : CIM_Log { [Required, Description ( "Indicates the percentage of free space in the storage " "dedicated to the audit log." ), MinValue ( 0 ), MaxValue ( 100 )] uint32 PercentageFree; [Key, Override ( "Name" )] string Name; [Description ( "Time stamp of the most recent entry in the log if such " "an entry exists." )] datetime TimeOfLastRecord; [Required, Description ( "State of log. A bitwise combination of one or more of: " "0x00 (Enabled), 0x01 (Disabled), 0x02 (Locked), 0x04 " "(Almost Full - The storage area dedicated for the audit " "log reached 85% full, and non-critical events will not " "be logged.), 0x08 (Full - The storage area dedicated for " "the audit log is completely full; no events will be " "logged and critical events in policy will not be " "executed.), 0x10 (No Key - No key and certificate were " "set for the signing of the audit log. Feature cannot be " "enabled)." )] uint32 AuditState; [Required, Description ( "Maximum number of auditors allowed" )] uint16 MaxAllowedAuditors; [Description ( "AuditLog storage policy. The available policies are: " "\"NO_ROLL_OVER\" - No roll-over in storage. Old events " "will not be overwritten. \"ROLL_OVER\" - Full rollover. " "Any old record will be overwritten. " "\"RESTRICTED_ROLL_OVER\" - Parital (restricted) " "rollover. Only old events (under certain threshold, " "which can be set using SetStoragePolicy) will be " "overwritten. If not specified default is \"ROLL_OVER\" " "unless FW was upgraded from AMT 5.0 and then " "\"NO_ROLL_OVER\" will be used as default." ), ValueMap { "0", "1", "2" }, Values { "NO_ROLL_OVER", "ROLL_OVER", "RESTRICTED_ROLL_OVER" }] uint8 StoragePolicy; [Description ( "Minimum number of days to keep records in the AuditLog. " "Relevant only if \"storagePolicy\" is set to " "\"RESTRICTED_ROLL_OVER\"." )] uint8 MinDaysToKeep; [Description ( "Returns a list of consecutive audit log records in " "chronological order: The first record in the returned " "array is the oldest record stored in the log . The " "record entries are returned as an array of base64Binary " "elements. Each record holds the following information: " "uint16 AuditAppID -A unique ID for each auditable " "application. uint16 EventID -ID of an event of the " "application. uint8 InitiatorType -0 (HTTP Digest " "username), 1 (Kerberos SID), 2 (Local). See below " "InitiatorData -See below. uint32 TimeStamp -Time when " "the event occurred in seconds since 1.1.1970. uint8 " "MCLocationType -0 (IPv4 Address), 1 (IPv6 Address), 2 " "(None). uint8 NetAddressLength -Length of the NetAddress " "field. Array of uint8 NetAddress\t -ASCII representation " "of the network address of management console or Local " "Host IP (e.g. 127.0.0.1). Note: In Intel AMT Release 4.0 " "IP address representation includes null-terminator and " "NetAddressLength includes the null terminator. uint8 " "ExtendedDataLength -Length of event specific data. Array " "of uint8 ExtendedData -Event specific data. \n" "\n" "The InitiatorData field may hold different data types " "according to the InitiatorType field: HTTP digest " "initiator: In Intel AMT Release 4.0 data for username " "includes null terminator and UsernameLength includes the " "null terminator. uint8 UsernameLength Array of uint8 " "Username Kerberos SID initiator: uint32 UserInDomain " "uint8 DomainLength Array of uint8 Domain Local: Empty." ), ValueMap { "0", "1", "2", "35" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_INVALID_INDEX" }] uint32 ReadRecords( [Required, IN, Description ( "Identifies the position of the first record to " "retrieve. An index of 1 indicates the first record " "in the log." )] uint32 StartIndex, [OUT, Description ( "The total number of records in the log." )] uint32 TotalRecordCount, [OUT, Description ( "The number of records returned + content of " "10 records from the start index. " )] uint32 RecordsReturned, [OUT, Description ( "Notice: the values of this array are actually " "base64 encoded values. A list of event records." ), EOBase64] string EventRecords[]); [Description ( "This method is used by an auditor to stop the system " "from logging any records while exporting and clearing " "the log. It performs lock, unlock or allows " "unprovisioning of the system. When the audit log is " "locked, no events are written into the log. Any events " "marked in the policy as critical will not be executed. " "If the log is locked and another lock is requested with " "the same handle, so the timeout will be renewed with the " "new LockTimeoutInSeconds." ), ValueMap { "0", "1", "2", "16", "36", "2053" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_INVALID_PARAMETER", "PT_STATUS_INVALID_HANDLE" }] uint32 SetAuditLock( [IN, Description ( "The maximum number of seconds that the audit log " "will be locked in case for some reason the auditor " "fails to unlock the log. Max value is 5 minutes. " "This parameter is required when the flag parameter " "has a value of AUDIT_LOG_LOCK, or " "UNPROVISIONING_LOCK. This parameter is not " "required and is ignored when AUDIT_LOG_UNLOCK flag " "is used." )] uint32 LockTimeoutInSeconds, [Required, IN, Description ( "Defines the locking action." ), valueMap { "0", "1", "2" }, values { "AUDIT_LOG_LOCK", "UNPROVISIONING_LOCK", "AUDIT_LOG_UNLOCK" }] uint32 Flag, [IN, OUT, Description ( "A handle is received when locking the log. As long " "as the log is locked, lock and unlock requests can " "be performed only by using the same handle. If the " "log is not locked so Handle-IN is not required and " "is ignored. Handle-OUT is not supplied when " "SetAuditLock failed to lock the audit log or when " "unlock is preformed." )] uint32 Handle); [Description ( "Returns the audit log signature and log related information." ), ValueMap { "0", "1", "2", "16" ,"2066"}, Values { "PT_STATUS_SUCCESS", "PT_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_UNSUPPORTED" }] uint32 ExportAuditLogSignature( [Required, IN, Description ( "Signing Mechanism" ), ValueMap { "0", "1", "2", "3..65535" }, values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384", "Reserved" }] uint32 SigningMechanism, [OUT, Description ( "The total number of event records in the event log." )] uint32 TotalRecordCount, [OUT, Description ( "Time stamp of the first record." )] datetime StartLogTime, [OUT, Description ( "Time stamp of the last record." )] datetime EndLogTime, [OUT, Description ( "Time stamp indicating when was the signature generated." )] datetime GenerationTime, [OUT, Description ( "UUID of the current system for identifying it in " "the audit repository." ), OctetString] string UUID[1], [OUT, Description ( "FQDN of the system." ), MaxLen ( 1024 )] string FQDN, [OUT, Description ( "Signature mechanism." ), ValueMap { "0", "1", "2", "3..65535" }, values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384", "Reserved" }] uint32 SignatureMechanism, [OUT, Description ( "The audit log signature, 1024 bytes long." ), OctetString] uint8 Signature[1024], [OUT, Description ( "An array specifying the length of each certificate." )] uint16 LengthOfCertificates[], [OUT, Description ( "The certificates, cascaded into one stream." ), OctetString] uint8 Certificates[4100]); [Description ( "Sets the key and certificates needed for the signing of " "the audit log. This method must be called before " "enabling the audit log." ), ValueMap { "0", "1", "2", "36", "38", "2062", "2063", "2064", "2066" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_INVALID_PARAMETER", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_INVALID_KEY", "PT_STATUS_INVALID_CERT", "PT_STATUS_CERT_KEY_NOT_MATCH", "PT_STATUS_UNSUPPORTED" }] uint32 SetSigningKeyMaterial( [Required, IN, Description ( "Audit data signing mechanism type." ), valueMap { "0", "1", "2", "3..65535" }, values { "RSA_SHA1", "RSA_SHA256", "RSA_SHA384", "Reserved" }] uint32 SigningMechanismType, [Required, IN, Description ( "Key pair (RSA 2048 bit modulus)." ), OctetString] uint8 SigningKey[], [Required, IN, Description ( "An array specifying the length of each certificate." )] uint16 LengthOfCertificates[], [Required, IN, Description ( "Up to 5 certificates cascaded into one stream (with a total length of 4100 bytes)." ), OctetString] uint8 Certificates[4100]); };