Clear-CMAmtAuditLog

Clear-CMAmtAuditLog

Clears audit log entries for Intel AMT-based computers.

Syntax

Parameter Set: SearchByNameMandatory
Clear-CMAmtAuditLog -DeviceName <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SearchByCollectionIdMandatory
Clear-CMAmtAuditLog -DeviceCollectionId <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SearchByCollectionNameMandatory
Clear-CMAmtAuditLog -DeviceCollectionName <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SearchByCollectionValueMandatory
Clear-CMAmtAuditLog -DeviceCollection <IResultObject> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SearchByIdMandatory
Clear-CMAmtAuditLog -DeviceId <String[]> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SearchByValueMandatory
Clear-CMAmtAuditLog -Device <IResultObject> [-Force] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Clear-CMAmtAuditLog cmdlet clears audit log entries for Intel Active Management Technology (Intel AMT)-based computers. The audit log records authorized and authenticated out-of-band management activities performed on Intel AMT computers.

Depending on your Intel AMT version, when the audit log becomes 85 percent full, noncritical log entries might not be written to the log or might overwrite old entries. This cmdlet does not stop audit logging. You can use the Disable-CMAmtAuditLog cmdlet to stop logging.

You can specify computers by using the Microsoft System Center 2012 SP1 Configuration Manager device name or device ID, or you can use the Get-CMDevice cmdlet to get a device object. You can also clear audit logs for all the devices in a System Center 2012 Configuration Manager collection. Specify a collection by using the collection name or collection ID, or you can use the Get-CMDeviceCollection cmdlet to get a device collection object.

Parameters

-Device<IResultObject>

Specifies a device object. To obtain a device object, use Get-CMDevice.

Aliases

InputObject

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeviceCollection<IResultObject>

Specifies a device collection object. To obtain a device collection object, use Get-CMDeviceCollection.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeviceCollectionId<String[]>

Specifies an array of IDs of device collections.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeviceCollectionName<String[]>

Specifies an array of names of device collections.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeviceId<String[]>

Specifies an array of IDs of devices.

Aliases

ResourceId

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeviceName<String[]>

Specifies an array of names of devices.

Aliases

Name

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Force

Forces the command to run without asking for user confirmation.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Clear the audit log by using an ID

This command clears the Intel AMT audit log for a device that has the ID 16777230.

PS C:\> Clear-CMAmtAuditLog -DeviceID "16777230"

Example 2: Clear audit logs for a device collection

This command clears Intel AMT audit logs for the devices in a collection named Floor03.

PS C:\> Clear-CMAmtAuditLog -DeviceCollectionName "Floor03"

Example 3: Clear the audit log by using a variable

The first command gets a device object by using the Get-CMDevice cmdlet, and then stores it in the $CMD variable.

The second command clears the Intel AMT audit for the device in $CMD. The command uses the Force parameter. Therefore, the command does not prompt you for confirmation.

PS C:\> $CMD = Get-CMDevice -Name "Accn023.Contoso.com" 
PS C:\> Clear-CMAmtAuditLog -Device $CMD -Force

Disable-CMAmtAuditLog

Enable-CMAmtAuditLog

Get-CMDevice

Get-CMDeviceCollection