// Copyright (c) 2007-2010, Intel Corporation. All rights reserved. [Version ( "7.0.0" ), Description ( "Represents event policies." )] class AMT_AuditPolicyRule : CIM_PolicyRule { [Required, Description ( "List of application events the policy rule applies to." )] uint32 AuditApplicationEventID[]; [Required, Description ( "For each audited event, a flag indicating the type of " "policy. For example: indicating if the policy is defined " "as critical." ), ValueMap { "0", "1", "2..65535" }, Values { "NONE", "CRITICAL", "RESERVED" }] uint32 PolicyType[]; [Description ( "This routine is used to enable or disable auditing of a " "single event. Certain events are predefined as always " "logged. They are included in the audit log policy " "whether they were requested explicitly or not. " "Attempting to remove such events from audit log policy " "will return an error. Certain events are predefined as " "never critical. Attempting to include such events in a " "policy and marking them as critical will return an " "error."), ValueMap { "0", "1", "2", "16", "36", "38", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_INVALID_PARAMETER", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_AUDIT_FAIL" }] uint32 SetAuditPolicy( [Required, IN, Description ( "This flag indicates whether the requested " "operation is enable or disable." )] boolean Enable, [Required, IN, Description ( "The application ID of the event." )] uint16 AuditedAppID, [Required, IN, Description ( "The ID of the event." )] uint16 EventID, [IN, Description ( "A flag indicating the type of policy. For " "example: indicating if the policy is defined as " "critical. When the audit log is locked or full, " "all critical events will not be executed, and will " "return a failure status code. This flag is not " "required for a disable request." ), ValueMap { "0", "1", "2..65535" }, Values { "NONE", "CRITICAL", "RESERVED" }] uint32 PolicyType); [Description ( "This method enables or disables auditing of multiple events.\n" "Certain events are predefined as always logged. They are included " "in the audit log policy whether they were requested explicitly or " "not. Attempting to remove such events from the audit log policy " "will return an error.\n" "Certain events are predefined as never critical. Attempting to " "include such events in a policy and marking them as critical will " "return an error.\n" "If a policy event is configured more than once, the last " "configuration will be applied.\n" "If there is an error, the current audit log policy configuration " "will not be changed.\n" "If the request size is too large to be processed, divide the " "request into multiple smaller requests." "As a rule of thumb, it is recommended not to add more than 6k " "of data to the request."), ValueMap { "0", "1", "2", "16", "36", "38", "2075" }, Values { "PT_STATUS_SUCCESS", "PT_STATUS_INTERNAL_ERROR", "PT_STATUS_NOT_READY", "PT_STATUS_NOT_PERMITTED", "PT_STATUS_INVALID_PARAMETER", "PT_STATUS_FLASH_WRITE_LIMIT_EXCEEDED", "PT_STATUS_AUDIT_FAIL" }] uint32 SetAuditPolicyBulk( [Required, IN, Description ( "Array of flags, each one indicates whether to enable or " "disable the corresponding policy event." )] boolean Enable[], [Required, IN, Description ( "Array of application IDs of the policy events." )] uint16 AuditedAppID[], [Required, IN, Description ( "Array of event IDs of the policy events." )] uint16 EventID[], [Required, IN, Description ( "Array of flags, each one indicates the type of the " "corresponding policy event. For example: indicating " "if the policy is defined as critical. When the audit " "log is locked or full, all critical events will not " "be executed, and will return a failure status code."), ValueMap { "0", "1", "2..65535" }, Values { "NONE", "CRITICAL", "RESERVED" }] uint32 PolicyType[]); };