Currently Being Moderated

One feature about Intel AMT that I feel is quite valuable is the ability to get different logs from Intel AMT. The logs available are Event, AccessMonitor (audit), Redirection and Setup.

 

If you don’t have the Intel vPro PowerShell module yet, download at http://intel.com/go/powershell

The first thing to do is import the IntelvPro Module:

PS C:\Users\cdpiper> Import-Module IntelvPro

 

Now let us map a New-PSDrive to a remote vPro system.  To do so, run the following command from the PowerShell console:

PS C:\Users\cdpiper> New-PSDrive -Name AMT -PSProvider amtsystem -Root "/" -ComputerName vproclient.vprodemo.com -Credential $myPScredential

 

If your AMT client is configured in TLS mode (TLS encrypted traffic over AMT Port 16993), add the –TLS switch to the command. The name of the drive can be whatever you would like, I have settled on a name of AMT for consistency, but feel free to change this. Now the PSDrive is mapped, so let’s get some event log data.

PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog

get-content to prompt.PNG

 

 

Looks like I booted this machine on May 8th.

 

Great! …but… how do I save this data?

 

There are several ways to do this.

PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog > out.txt

 

Will send the data to a text file named out.txt. But it will overwrite anything that is there. So use the out-file cmdlet:

PS C:\Users\cdpiper> Get-Content amt:\Logs\AccessMonitor | Out-File .\out.txt -Append

textoutput.PNG

 

What if we wanted to get this data into excel?

 

Export-csv!

 

PS C:\Users\cdpiper> Get-Content amt:\Logs\EventLog | Export-Csv out.csv

 

Now I just type PS C:\Users\cdpiper> .\out.csv and since I have Excel installed, it pops right up!

 

Fantastic!

excel output.PNG

Comments

Filter Blog

By author:
By date:
By tag: