One feature about Intel AMT that I feel is quite valuable is the ability to get different logs from Intel AMT. The logs available are Event, AccessMonitor (audit), Redirection and Setup.
If you don’t have the Intel vPro PowerShell module yet, download at http://intel.com/go/powershell
The first thing to do is import the IntelvPro Module:
PS C:\Users\cdpiper> Import-Module IntelvPro
Now let us map a New-PSDrive to a remote vPro system. To do so, run the following command from the PowerShell console:
PS C:\Users\cdpiper> New-PSDrive -Name AMT -PSProvider amtsystem -Root "/" -ComputerName vproclient.vprodemo.com -Credential $myPScredential
If your AMT client is configured in TLS mode (TLS encrypted traffic over AMT Port 16993), add the –TLS switch to the command. The name of the drive can be whatever you would like, I have settled on a name of AMT for consistency, but feel free to change this. Now the PSDrive is mapped, so let’s get some event log data.
PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog
Looks like I booted this machine on May 8th.
Great! …but… how do I save this data?
There are several ways to do this.
PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog > out.txt
Will send the data to a text file named out.txt. But it will overwrite anything that is there. So use the out-file cmdlet:
PS C:\Users\cdpiper> Get-Content amt:\Logs\AccessMonitor | Out-File .\out.txt -Append
What if we wanted to get this data into excel?
Export-csv!
PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog | Export-Csv out.csv
Now I just type PS C:\Users\cdpiper> .\out.csv and since I have Excel installed, it pops right up!
Fantastic!
Comments