Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2931 Discussions

Remote access Logs

smolisso
Novice
3,241 Views

Hello,

we use Intel EMA to provide remote assistance to our colleagues.
We have enabled the option that allows connection only after acceptance by the user.


Our internal Legal Dept asks us if there is a log tracking system for accesses made on the clients (log-in and log-out).

 

I have made a check in the C:\Program Files (x86)\Intel\Platform Manager\EMALogs folder but whithout luck.

 

Could you help me?

 

Thank you

 

Stefano

0 Kudos
10 Replies
Victor_G_Intel
Employee
3,212 Views

Hello smolisso,


Thank you for posting on the Intel® communities.


To further assist you with this request, can you please provide the following:


  1. EMA version being used:
  2. The number of endpoints in your deployment:
  3. AMT version(s) being used:
  4. Is the Intel EMA server installed on a physical server or on a virtual machine?
  5. OS built being used on the EMA server:


Regards,


Victor G.

Intel Technical Support Technician  


0 Kudos
smolisso
Novice
3,206 Views

 

Hello,

 

in Bold, the answers to your questions:

 

  1. EMA version being used: 1.9.0
  2. The number of endpoints in your deployment: 170
  3. AMT version(s) being used: v16.1.25, v16.0.15, v15.0.42, v15.0.23, v14.1.53,v14.0.47, v14.0.39
  4. Is the Intel EMA server installed on a physical server or on a virtual machine? Virtual Machine
  5. OS built being used on the EMA server: Windows Server 2019 Standard

Thanks and regards

 

Stefano

0 Kudos
Victor_G_Intel
Employee
3,181 Views

Hello smolisso,


Thank you for posting on the Intel® communities.


Please let me review this information internally, and kindly wait for an update.


Once we have more information to share, we will post it on this thread.


Regards,


Victor G.

Intel Technical Support Technician


0 Kudos
smolisso
Novice
3,158 Views

Hello Victor,

 

do you have any update about my question?

 

Thanks you very much.

 

Stefano

0 Kudos
Paul_R_Intel
Moderator
3,135 Views

Hello smolisso,


Thank you for your patience and time, upon further investigation we see that the feature has been deprecated the service does not do any user login or failure tracking anymore. In most enterprise environments this would be done via Active Directory so we recommend you to find a solution using that route.


Please let us know if there is anything else that we can do for you or if we can mark the thread as closed.


Best regards


Paul R.

Intel Technical Support Technician


0 Kudos
smolisso
Novice
3,114 Views

Hello Paul,

 

"In most enterprise environments this would be done via Active Directory so we recommend you to find a solution using that route."

 

Our Clients are in an Active Directory domain, but I can't understand what is the connection with the Intel EMA and with the question I asked you.

How can Active Directory solve my problem of verifying connections to clients via intel EMA?

 

Thanks 

 

Stefano

0 Kudos
Victor_G_Intel
Employee
3,069 Views

Hello smolisso,


Thank you so much for contacting Intel customer support,


As we have previously mentioned the option/feature to do what you are trying to do with EMA has been deprecated, which means that EMA doesn’t do any user login or failure tracking anymore; therefore, what we think is best for you is to look for a way to do it with Active Directory; however, we don’t support AD directly; consequently, you will need to find a way to do it on your end by contacting Microsoft support directly.


Important note: Since we have no more information to provide, we will proceed to close this thread. Feel free to use the following link to contact Microsoft.


Best regards,


Victor G.

Intel Technical Support Technician  


0 Kudos
smolisso
Novice
3,060 Views

Ok,

 

is it possible to log at least the Login/Logout sessions to the Intel Ema web interface?

0 Kudos
Jimmy_Wai_Intel
Employee
3,053 Views

Hi smolisso,

There are a couple ways you can retrieve audit logs/events from the EMA server - from the DB, and thru the API. For the DB method, there is a sample PowerShell script you can download at https://www.intel.co.uk/content/www/uk/en/download/19693/intel-endpoint-management-assistant-intel-ema-api-sample-scripts.html (look under the Snippets directory inside the downloaded file). For the API method, you can go to https://your_ema_server_url/swagger and look for information about the AuditEvents API. You can refer to other API samples in the download above to understand how to use API to interact with the EMA server.

Regards,

Jimmy Wai

Technical Sales Specialist

0 Kudos
smolisso
Novice
3,041 Views

Hello Jimmy,

 

I have solved with the script: EMA_DB-GetActionLogs.ps1

 

Here there is everithing I need!

 

#TYPE Selected.System.Management.Automation.ScriptBlock
"Tenant","Timestamp","ComputerName","EndpointID","Action","User","Message"
"Remote Workers","1/19/2023 10:04:40 AM","dell15test","882D6A2****","Internal","","New endpoint added"
"Remote Workers","1/19/2023 10:04:40 AM","dell15test","882D6A2****","Internal","","Intel(R) AMT support detected."
"Remote Workers","1/19/2023 10:05:23 AM","dell15test","882D6A2****","Internal","","Ema Agent version changed from 10801 to 10900."
"Remote Workers","1/19/2023 10:06:07 AM","dell15test","882D6A2****","Terminal","stefano.molisso@foo.bar",""
"Remote Workers","1/19/2023 10:07:21 AM","dell15test","882D6A2****","Desktop (In Band)","stefano.molisso@foo.bar",""
"Remote Workers","1/19/2023 10:09:10 AM","dell15test","882D6A2****","Terminal","stefano.molisso@foo.bar",""

 

Thank you very much!

 

Stefano

0 Kudos
Reply