From 8368acfc9574fb1bbadb58fe1bb8fee5140e2ef0 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Mon, 15 Jul 2019 15:44:18 -0700
Subject: [PATCH] Fixed MeshCMD audit log and added AmtEventLog command

---
 agents/MeshCmd-signed.exe   | Bin 4110112 -> 4113368 bytes
 agents/MeshCmd64-signed.exe | Bin 3692832 -> 3696088 bytes
 agents/meshcmd.js           |  87 ++++++++++++++++++++++++++++++++----
 agents/meshcmd.min.js       |  87 ++++++++++++++++++++++++++++++++----
 package.json                |   2 +-
 5 files changed, 159 insertions(+), 17 deletions(-)

diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe
index 92cbde26c6fefd82afdc6c47b0111c1b6f106e0e..16be673d582d829cbf3599e66dbf0659e793cdfa 100644
GIT binary patch
delta 2083
zcmb`_c~BEq7yxiKL}CI#Zsc@Pks}b22t;LfEhypvs2o-;S^`}#mL!l}RJ=ezu&C7$
zhlfWI5FC#xP{g!?;0a8{TD4Od2P_tfqR4noIn?$GD(KXII&EftliBya?|bik?-lh9
zU@bX=SVabAn3F#}FB2m<vrlARz;Z5NdK_Q~xL_180z5Dp@PPmr0}~(wreF*(1LnX2
zSOP0x4Qzld7z^xxJ#YYyzzH~maR3J{U_6)rCIVM53Ah1w-~l{=2zUW+Al6;Le1hiY
z7=`)(36KIAm<)V@AMgiqFa=Bn(?EdED3tKB;RY`X4%fNG5hW(pD;bU217C+TG|MX0
ziHul3psQ39VxD*KDq78kY7+4`KW{v8g=RI*uAuQbYL-sI1H+<lS|5WaX%cnkQi-xz
zqldoX6X7R_@neQ7DB@YAMvcam5;m3^Ev}_i8kQbOM$%1$>qu^WDM1N_DluYq4U6s`
zBbK1pGD6NDUJeE35#x1N%Lp}w%6}lNMf!ce-RQ{Q{8TnMmBkeduE6I;&JV{EG+LDc
z#U3Txb#yJU7ej`t2pbfhM_B)-S~c}VS~OR`IW%ZNhM){*l8=P;<U~xUliHJs7^<}*
z1!J_d;)_5P`>rb}*^U(He67h!C$xA6Wj=mr0*8(Ze0&6ggjDrV*PvU&X~=dm`J>=n
zf#5aht|w`4{C<F$FX_S62k1y&SlB6yW*9{x4MpAG3)5d~@EX}rI@++4G`0(&*^h^!
zK|j(}HnOD5onaO6UwYxHH<cN9K0<-M=gI`!{oNo=qUJ>ej;?(J=T4;Ak-HYVy;=35
zKWT#kZV|$%Z{OgXBJVCw1NTM_U7DC-weU2R32DRCy>MSI+zm%kF*N~|Po<0#l<N2Q
zgX^<J<nYjE%4OmxrHaNyxSKvv^ubK9npLuCk*xOP(=%x%UOy9~jX|b7(hdo3lR`BA
z3gLwYR+6Uqa*~T)$Vm_32M0jTQ^*Ns9v%T7j<z=uR_OQblm${wA;+TLI7*;<AtO5t
z|7|O@G?T1RGxR@Nfja$3M`Xsru98{G7#YjS2(&~_Mxo}7lo@j7!PER-PLKm9&?%=-
z)+;y)3Cbv<Hc4FbHLsTz9T<BnppbjLQrL65q%1=8Jl*?9gw(ID$nj-I#}ea?SBvi+
z>QpJrV=vy*NsB3=g`}~OUnJ!Vcdut;m5=LZ_c-`nNurCNwQUQ3!Yj86*)wn1W7TM9
zV|DlKrbWN?X{(XCipoqsVl_Bp`N8LfG5Z_$HdQ@1J?ntqtF-lDlvl#Ehp}5GRm?n@
zd&Vh!EwSOGQCQN<=BE`09=<xbI`dRdgn4WUzdz9KX`x}3q#&l|npS?3x+#ymx4x*i
zs`^RF4UYCs>cWTxZk+5G%Q>3P*YO3qx@kX&Dr{SQb}9Gm$O_K8v73|L`-|hDLYI{2
zQMRf$ZjV_~OkL$A6V0x1Kl^dB@5i>x7-whCx;oL4i2Uw#NkJ|`+flPT{4+jnS-yM+
zs`P)Dw7j|RFk@bKcxL&Arsmvb*X8Z|O2ng|r<`Z{14GY65}XySeGU!#_a}A*Z1p$0
z*LJHty#Gne`AZAR*KT;mbK+D=(UVhDZ@SD^DwQmiOfcemX3x(4Q;6}oQX8&Sqsc?d
z$(_106{-N19PIP#2x)7T2#13(Y?J|aGiH$08SSwBvQ&I(|17tRhPcOeje##yH!bXs
zj9BlGd01v*NUJyVwTZR^ZO6N(XVr$a7;M^XZFpy(1q<3fIYhnj*Yv3N%7&epN#7Uk
z>gt-aqx7!_xoJ<&zo_c?Zf<hZBkbGO((3xU+H!QirFRumBe~jlL0hr7IDMPxp{1?;
z%$A#ziVkwmn%8Ix+)NujulDmjE)24_qBNgy%4N8P=rldBAR>A<bz|?gniJK@n4m9+
zJx0@KclSIyp4ry&N6WDpRqoHeZi{NTJ)=EpOHb)ntf97lWx<&g$F%HMJlpz5k|RA-
l?9tMEW@~6{?m)MBr}>r3U7PppP2m+5yIh`Ex7NVG;BRUh9lHPk

delta 1091
zcmX}iZ!nt&9Kdl;5+Rn9k_06voe)bzr6Fmau&AOl+=N5zs_u%lZhB`7bEvpv)zdlL
z9;Fm*W%0L$KG<=gs~S#i#wu1R+A6N88&0bY`|ZtMe7>)~PgL)b2E!h5uLvP>A4)3~
z2udh#P>dj|5#&DvKm;UU3dq0=m;(y103QJ=pn*fc5?F!5z#7;9I$!`MumyI&9vlG<
zz!9*36L1DD;3#kfZr~XB7`OvA@Bp5G1H8Z|fD3r|2;wa}qauWR13vHp$AK>pfD=Fn
z{D40Y0Wmm<6T&4tCLWM1!KgSfL&7w}FJw!Ur!h}kl!~9zO3DzN)hroA@YfF{xiJ{j
z9ItRdH7tBbif$7za~*mJOA12mu_!4@!mb3N@z`Pz8imnTPz$V<fzq(jNl88Sw-j|&
ziGopF6f8BS66D#Kf4lSwf4_;{Vs*rC`|2BION($i-$Z`L-fLwpNq9KKP;x)^^SS-a
zzIpwa8F}&6t^VR|I=<E}rCIa2JiYrXa_T_K)}`%4SzDSS@(ZV^yu8ixT{$zJ7alnU
z9<NPm4ew9Ug$pxEDyDofcdb-Ws4a{8>FFPV)T+EK>V0o^(Oh-H+c3vhLwjkt(S04g
zUO)4HQFo(8@$%H-QMB6Yd-C<nUD7oV-Sc>-8I9VXIWVA@$kp<z71=3zO!ebl&Zhj7
zh#83a9aJQzY%YX;>Cz?(jo65uxNDhV6L32$K(_99bz?N@ol`(;dVyVG$>rGkaaWex
zjT+M#v+Kg~)bFUF5;UY!ALN=eM9!{U-JixfpB=cA$1itotqapD@*B_Q9}G2HuCgx?
z`MlYe)~+!~&s<g8>8R*|BF4>{*X;(~<brxFUcPoCVtAoctQ)l0ix!*<E`7T|eEOnb
zp|^SNQ_<Ofe!Wx2?m9!*AH_7oQbVDSfbT0v;JcA29A&6-mxfSCK1>qb`J}Vls9sTh
zI}sdF^I5ev%ckWSpZ5QRAf_gyV#Fkp=Qir8tq*V8|C&(lmqz&}Gsikjc2GMO*u*Er
zEqTx?)|aMwPjsm1vbfe4Q(Wh|W05`d$C~7er{=F|c5GG)8$VR`H$C5OiYYd-*FSXo
zqvEnLjze+rgAiL?-f9l<rHfs~BhFuX<1S-i{;}BgUa%mf&U?A1`(Rtos*NKg{NDUN
zv4`7AZSV|9{4;;PX12R)Hj>4tp3d~y<=K;&5oMv{Kd1*)oE;&#a`@)RCZj`?th;>P
zcWh%ayE8~uo}`&k7Wul_892*wdxP{VfnFT*MlvNrY8tA#i0{%H!!CAF$c<tO{o&o;
Y#J8VxXIUAgOH1>8Zrp+_rHP5jzfLXQS^xk5

diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe
index 16b14ebc106c84d801ca5bccef576d688689d921..ba0c3affd7990770fe01aacc9f160a301fda3c08 100644
GIT binary patch
delta 2059
zcmb`_do<Kp902h7F~l&T45{$Tc+7-hChkm$LLQMvOje;x{AgrmnE7FdRk76ekhbk^
zMbk--GirOx#_S@s>W>zcPHjrtLr;5FwyhNDv3C^eZ2#=popU~C&hOsu_j~XC-n&QB
zja_T&#*Qg5y_k+~3b07M(5RADth^P|(L?kRDq?^bBI6Jv#2BF=CWt9QN5&&&h&f_`
zOh6_gmIwo}LadQVhz&9snSxA3Y!N%e9>I}mhy%hz91$nP8FA6JVys!caJ2(&Qf|@5
zLfFW3#1(Nv+z}4qfp{WZgon&PytEd5-qWn8L2*HmS{EwVYs$z_$fRt16|NviQY=kZ
zaC8IO<K}=f&OIoXkdg~z>G=DfJ0812mWPuo2z<VjBr<XT2q8}BV(?5^y7sg+*dJ^(
z{Ea>#9t9lCMk|O?NU=-`?Sp~UM423y6A~Foj3q-Z6F80Ko(cwjwBbq$4yhzz_X4mO
zCWipN@#u2U-y1k+&xZgh29G8HhO2JhA2vGn7nMV1<&d~Yfs634*r-T6O(vI!U~)KM
zX^Ev^2L|;g0V^2k4H*BaR-*{yFQV!;2Zv685V-m@FoyId;E2(++$NBY!KQjZGm{gd
zRDTIM(iNE12wb&ZT5#MJ#(M}X9EK-w)Nz`J2aT4NBOUG<>egr)wEh*e(nbmdDPeaz
zm~8TKfcaIxrs@K;zE{!0wh@FvAxbAuQPxLcx@!$m@`lr45tnab6GD)m4~0XWz==1u
zB#)&aMJX%YaLN113iN#FG+ocdX*g?S5ch@c1Kv2iIEPO&ODD*&yXLsOU-is2)OnwL
zK%e>H4Zbfja(OazZ@$Bq#!--R^fbk3`J>g{a4$F91&7=YJ`*0j!8b`0OF!NZuFH1y
z9UV##Cvk*g34y!fF1ke5PiBIoq?pW)CFP%=o<}HBbTf(aL^xgzY#^<WPlr(w;09lr
z^2cw#4ydsII$+a3IRLcl0!(u@+vn5KI~l+d-sK1;KyeqC1pBB0nzsK6xUc_jTOlVD
zSu&}D_(v<?{cB(<G`HeYVV0G^1e#n2F>vv9AcXC>z#Q7C(bN22PEd|cpcQxV87uTe
zo^W-5V2x+Q<M6Jud<x6(T=$opsN~H?n>xc@JMVW65C$dqms8{qA9OrPRTt1T9y#^y
zcPgv3+&}?+g6A*cKgX!A<jCXt53yN_S!EsVXNlzO&g8xmGQX?QuR^}~z9Jws*0JWG
zGrfh^rpblUMS_yzotoMojV=wE-tcZudY-tk`IL1}k6fBt;eAr3G<9@r9Ws|YD?oY|
zC%>riu5p#0<2F1mPh<MiT;ZS3S8&_xH=I{<=lj~LLN$`5Rn;+EtaNL8(Z=)7cGgzd
ze>bhsErVsd@J&f+!n9lKwm8L|gv|>!7ulEWdNbIDwd@GKSln-2c;#mJeO7eYuBhI_
zZFpnclz~EKvVpkgJngWF;WG8jx|VUfAyocxk8vziGc?gG!cRYox4)Hts;TN3Z{W?X
zlHX3}sP|i|&Nc+r)~32M@|F$EHf&jbp~tDOy2c>uF}$50866g%AYNDsh1Aj^+Q748
zGmd=wAfIvj?OeUh&G4@{L0>V?i_4v{#FJ@gJiRQm>?IvDrgE*Qmg2<%BCT^Udpps5
z=<ph|jl$%IyFKZnK^SI0p{~U!s=O^Jp8MKVLv7wYakdR5d$M~Ar&bOAo(<2{#2eJl
zH#<;WDc@~#nUl?`e7EDk3{L6e4&M@CQew`aL+-(fYpaSgNp|cq(tB-ufuwik;hm1P
z+dGvrm&adt%Bai?P|j1^>7U3*y|P%c?1+zEM?ENxSru9751z#AT8KUP@-6e#Yxh1%
ziL0vI?Lf>Tp}6iuUISy%p4oGjtUU9gtl^;zToRw8s`IhfR@WB))zh%AoB00fvo^IS
z@2xwxuFkTdCh&)S+(b^`OuyUHGl2%GUeq%s=gzcDmRi1hw^vo{wf=JS;I>DX3O2P%
fwwkUFF33$eUie7)a_O-ak120GHf$cCP$+)`@ZcS@

delta 1067
zcmX}ido)`I9KiA12!bSvEYgP(1V!h1U4+vrPGxja=5bORsVuB@R%_CEt!;`^EUN8_
z-k91+J?2@*v~`(BS85EWTcbN3?INZYt5@elyRzzj`)7ZAzJGnE#^w-J#~jk0jgS+h
zWx0red^MzC6e$`-{zC=^fC3DG5ikZ+U;<2m8K40=U;uNl16Tk{U<H`q9l!$CfDLwn
zU0^rZ18l%vU<>R32iOA#;0U<D2{;p@hzoBSKW}eGFEU?s0sDX}a0BjOKX?~-02Fuv
zFW?P)2=i564vRQQ!EhR3V1coW2?-l3JdE$_#%M%x3Ra2`HhioPAyy<<P8<%U64&~$
zCL3Zyi|Gw;>RCSqE?U5L;zzX@1<zZ+gt%q_JBrgU`kCTY1V+adr?7AEr&`RmC_sl1
z0Xn}oY2?^U+&{`c4?Q<x-LtFTN<4h44lB4W-M`l<*6LC2lbU9Zj`y)5)5t@UVE0UX
zX@yD)j<h^kmPGs+<xjUn-)|GeJie1E*w!~~MWN>}4unPA<IHL5x5o0t*VjGt2`)9$
z&05RyDDBLBhWsO2+$qJsK<@mjTEx-yD0Z*$M#{?--ybJWL{4Yr70+ZV-`vcx8S1U2
zzI1RE#06RP$Xj<L4poXnE;zH2LncdREoTGcsE5wAlqvCVSHpa7EV;*WB(EKQ57w=v
z7!?kDm8Iv^D@CZWJL9+2=cM9As}T)>=cMI_|1s5J%WX}ltJ>nq^^M7kN!*`#73|Ja
zhR#x5tXg$1hZi|s+l6mp;xjKUSH-<GQ^pw1+$x!jnfUQ>T<V<%%A#_w8qEvifw><N
z!&Nux`8?s>%k)83_4;>C?fjMPl8tQ}@`riN2scQb`1$M5p(~eqS{hx(Q6C+L-+dt3
zZ85d)Zr%K#gyl<~zJ@o6{a59lKB%|fG1S4x#I=xL_==90P&`=_<_DqWveKom72Mf*
zW^c)IXVw8>B1->%LJ&g|B_APG&$p+!uq!vaBENK^jR<5~+u#hJJ*vh8rl@3MhLX|H
z7Oz|yCW-AbD*onJ3|&CEa(mWRXZCi_?N`z1zXV3h1KV2F#dx^v4CguP&}qSyc!_(9
zyHp)<yDjpw39jRy{H%%GT(EZ7F>JZobkT=dRxz2*XR0<9;@=)jGdVHP%eY!_q|r!N
zWT+W^+TTBq9x42%z43&v+M6jG-|AX=GE~}NntAhK*IzQ*2M&*f3{h!PV7_*}f9jKd
z>kiLQMo2A5=H|B9{oehcYP~e2d)>Mr)-2%oN@DlJ7_WsfA=;X8@}=tZGsPTD!p>E&
XKV>U*>C)lxh+{u}QOS!Ukx2gn8o}J$

diff --git a/agents/meshcmd.js b/agents/meshcmd.js
index 0315eb24..afa9d3c1 100644
--- a/agents/meshcmd.js
+++ b/agents/meshcmd.js
@@ -114,7 +114,7 @@ function run(argv) {
     //console.log('addedModules = ' + JSON.stringify(addedModules));
     var actionpath = 'meshaction.txt';
     if (args.actionfile != null) { actionpath = args.actionfile; }
-    var actions = ['HELP', 'ROUTE', 'MICROLMS', 'AMTPOWER', 'AMTFEATURES', 'AMTNETWORK', 'AMTLOADWEBAPP', 'AMTLOADSMALLWEBAPP', 'AMTLOADLARGEWEBAPP', 'AMTCLEARWEBAPP', 'AMTSTORAGESTATE', 'AMTINFO', 'AMTINFODEBUG', 'AMTVERSIONS', 'AMTHASHES', 'AMTSAVESTATE', 'AMTSCRIPT', 'AMTUUID', 'AMTCCM', 'AMTACM', 'AMTDEACTIVATE', 'AMTACMDEACTIVATE', 'SMBIOS', 'RAWSMBIOS', 'MESHCOMMANDER', 'AMTAUDITLOG', 'AMTPRESENCE'];
+    var actions = ['HELP', 'ROUTE', 'MICROLMS', 'AMTPOWER', 'AMTFEATURES', 'AMTNETWORK', 'AMTLOADWEBAPP', 'AMTLOADSMALLWEBAPP', 'AMTLOADLARGEWEBAPP', 'AMTCLEARWEBAPP', 'AMTSTORAGESTATE', 'AMTINFO', 'AMTINFODEBUG', 'AMTVERSIONS', 'AMTHASHES', 'AMTSAVESTATE', 'AMTSCRIPT', 'AMTUUID', 'AMTCCM', 'AMTACM', 'AMTDEACTIVATE', 'AMTACMDEACTIVATE', 'SMBIOS', 'RAWSMBIOS', 'MESHCOMMANDER', 'AMTAUDITLOG', 'AMTEVENTLOG', 'AMTPRESENCE'];
 
     // Load the action file
     var actionfile = null;
@@ -157,6 +157,7 @@ function run(argv) {
     if (args.noconsole) { settings.noconsole = true; }
     if (args.nocommander) { settings.noconsole = true; }
     if (args.lmsdebug) { settings.lmsdebug = true; }
+    if (args.json) { settings.json = true; }
     if (args.tls) { settings.tls = true; }
     if ((argv.length > 1) && (actions.indexOf(argv[1].toUpperCase()) >= 0)) { settings.action = argv[1]; }
 
@@ -181,6 +182,7 @@ function run(argv) {
         console.log('\r\nValid local or remote actions:');
         console.log('  MeshCommander     - Launch a local MeshCommander web server.');
         console.log('  AmtUUID           - Show Intel AMT unique identifier.');
+        console.log('  AmtEventLog       - Show the Intel AMT event log.');
         console.log('  AmtAuditLog       - Show the Intel AMT audit log.');
         console.log('  AmtLoadWebApp     - Load MeshCommander in Intel AMT 11.6+ firmware.');
         console.log('  AmtClearWebApp    - Clear everything from Intel AMT web storage.');
@@ -342,14 +344,24 @@ function run(argv) {
             console.log('  --localport [port]     Local port used for the web server, 3000 is default.');
             console.log('\r\nRun as a background service:\r\n');
             console.log('  meshcommander install/uninstall/start/stop.');
-        } else if (action == 'amtauditlog') {
-            console.log('AmtAuditLog action will fetch the local or remote audit log. If used localy, no username/password is required. Example usage:\r\n\r\n  meshcmd amtauditlog --host 1.2.3.4 --user admin --pass mypassword --tls --output audit.json');
+        } else if (action == 'amteventlog') {
+            console.log('AmtEventLog action will fetch the local or remote event log. Example usage:\r\n\r\n  meshcmd amteventlog --host 1.2.3.4 --user admin --pass mypassword --tls --output events.txt');
             console.log('\r\nPossible arguments:\r\n');
-            console.log('  --output [filename]    The output file for the Intel AMT state in JSON format.');
+            console.log('  --output [filename]    The output file for the Intel AMT event log.');
             console.log('  --host [hostname]      The IP address or DNS name of Intel AMT, 127.0.0.1 is default.');
             console.log('  --user [username]      The Intel AMT login username, admin is default.');
             console.log('  --pass [password]      The Intel AMT login password.');
             console.log('  --tls                  Specifies that TLS must be used.');
+            console.log('  --json                 Output as a JSON format.');
+        } else if (action == 'amtauditlog') {
+            console.log('AmtAuditLog action will fetch the local or remote audit log. If used localy, no username/password is required. Example usage:\r\n\r\n  meshcmd amtauditlog --host 1.2.3.4 --user admin --pass mypassword --tls --output audit.json');
+            console.log('\r\nPossible arguments:\r\n');
+            console.log('  --output [filename]    The output file for the Intel AMT audit log.');
+            console.log('  --host [hostname]      The IP address or DNS name of Intel AMT, 127.0.0.1 is default.');
+            console.log('  --user [username]      The Intel AMT login username, admin is default.');
+            console.log('  --pass [password]      The Intel AMT login password.');
+            console.log('  --tls                  Specifies that TLS must be used.');
+            console.log('  --json                 Output as a JSON format.');
         } else if (action == 'amtider') {
             console.log('AmtIDER will mount a local disk images to a remote Intel AMT computer. Example usage:\r\n\r\n  meshcmd amtider --host 1.2.3.4 --user admin --pass mypassword --tls --floppy disk.img --cdrom disk.iso');
             console.log('\r\nPossible arguments:\r\n');
@@ -605,6 +617,11 @@ function run(argv) {
             if ((settings.username == null) || (typeof settings.username != 'string') || (settings.username == '')) { settings.username = 'admin'; }
         } else { settings.hostname = '127.0.0.1'; }
         readAmtAuditLog();
+    } else if (settings.action == 'amteventlog') { // Read the Intel AMT audit log
+        if (settings.hostname == null) { settings.hostname = '127.0.0.1'; }
+        if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; }
+        if ((settings.username == null) || (typeof settings.username != 'string') || (settings.username == '')) { settings.username = 'admin'; }
+        readAmtEventLog();
     } else if (settings.action == 'amtider') { // Remote mount IDER image
         if ((settings.hostname == null) || (typeof settings.hostname != 'string') || (settings.hostname == '')) { console.log('No or invalid \"hostname\" specified, use --hostname [password].'); exit(1); return; }
         if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; }
@@ -739,6 +756,52 @@ function performAmtAgentPresenceEx5(stack, name, response, status, watchdog) {
     }
 }
 
+
+//
+// Intel AMT Event Log
+//
+
+function readAmtEventLog() {
+    // See if MicroLMS needs to be started
+    if ((settings.hostname == '127.0.0.1') || (settings.hostname.toLowerCase() == 'localhost')) {
+        settings.noconsole = true; startLms(readAmtEventLogEx);
+    } else {
+        readAmtEventLogEx(9999);
+    }
+}
+
+function readAmtEventLogEx(x) {
+    if (x == 9999) {
+        var transport = require('amt-wsman-duk');
+        var wsman = require('amt-wsman');
+        var amt = require('amt');
+        wsstack = new wsman(transport, settings.hostname, settings.tls ? 16993 : 16992, settings.username, settings.password, settings.tls);
+        amtstack = new amt(wsstack);
+        amtstack.GetMessageLog(readAmtEventLogEx2);
+    } else {
+        osamtstack.GetMessageLog(readAmtEventLogEx2);
+    }
+}
+
+function readAmtEventLogEx2(stack, messages) {
+    if (messages == null) {
+        console.log('Unable to get event log.');
+    } else {
+        var out = '';
+        if (settings.json) {
+            out = JSON.stringify(messages, 4, ' ');
+        } else {
+            for (var i in messages) { out += messages[i].Time + ', ' + messages[i].EntityStr + ', ' + messages[i].Desc + '\r\n'; }
+        }
+        if (settings.output == null) { console.log(out); } else {
+            var file = fs.openSync(settings.output, 'w');
+            fs.writeSync(file, Buffer.from(out));
+            fs.closeSync(file);
+        }
+    }
+    exit(1);
+}
+
 //
 // Intel AMT Audit Log
 //
@@ -770,11 +833,19 @@ function readAmtAuditLogEx2(stack, response, status) {
         console.log('Unable to get audit log, status = ' + status + '.');
     } else {
         var out = '';
-        for (var i in response) {
-            var name = ((response[i].Initiator != '') ? (response[i].Initiator + ': ') : '')
-            out += (response[i].Time + ' - ' + name + response[i].Event + '\r\n');
+        if (settings.json) {
+            out = JSON.stringify(response, 4, ' ');
+        } else {
+            for (var i in response) {
+                var name = ((response[i].Initiator != '') ? (response[i].Initiator + ': ') : '')
+                out += (response[i].Time + ' - ' + name + response[i].Event + '\r\n');
+            }
+        }
+        if (settings.output == null) { console.log(out); } else {
+            var file = fs.openSync(settings.output, 'w');
+            fs.writeSync(file, Buffer.from(out));
+            fs.closeSync(file);
         }
-        if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); }
     }
     exit(1);
 }
diff --git a/agents/meshcmd.min.js b/agents/meshcmd.min.js
index 0315eb24..afa9d3c1 100644
--- a/agents/meshcmd.min.js
+++ b/agents/meshcmd.min.js
@@ -114,7 +114,7 @@ function run(argv) {
     //console.log('addedModules = ' + JSON.stringify(addedModules));
     var actionpath = 'meshaction.txt';
     if (args.actionfile != null) { actionpath = args.actionfile; }
-    var actions = ['HELP', 'ROUTE', 'MICROLMS', 'AMTPOWER', 'AMTFEATURES', 'AMTNETWORK', 'AMTLOADWEBAPP', 'AMTLOADSMALLWEBAPP', 'AMTLOADLARGEWEBAPP', 'AMTCLEARWEBAPP', 'AMTSTORAGESTATE', 'AMTINFO', 'AMTINFODEBUG', 'AMTVERSIONS', 'AMTHASHES', 'AMTSAVESTATE', 'AMTSCRIPT', 'AMTUUID', 'AMTCCM', 'AMTACM', 'AMTDEACTIVATE', 'AMTACMDEACTIVATE', 'SMBIOS', 'RAWSMBIOS', 'MESHCOMMANDER', 'AMTAUDITLOG', 'AMTPRESENCE'];
+    var actions = ['HELP', 'ROUTE', 'MICROLMS', 'AMTPOWER', 'AMTFEATURES', 'AMTNETWORK', 'AMTLOADWEBAPP', 'AMTLOADSMALLWEBAPP', 'AMTLOADLARGEWEBAPP', 'AMTCLEARWEBAPP', 'AMTSTORAGESTATE', 'AMTINFO', 'AMTINFODEBUG', 'AMTVERSIONS', 'AMTHASHES', 'AMTSAVESTATE', 'AMTSCRIPT', 'AMTUUID', 'AMTCCM', 'AMTACM', 'AMTDEACTIVATE', 'AMTACMDEACTIVATE', 'SMBIOS', 'RAWSMBIOS', 'MESHCOMMANDER', 'AMTAUDITLOG', 'AMTEVENTLOG', 'AMTPRESENCE'];
 
     // Load the action file
     var actionfile = null;
@@ -157,6 +157,7 @@ function run(argv) {
     if (args.noconsole) { settings.noconsole = true; }
     if (args.nocommander) { settings.noconsole = true; }
     if (args.lmsdebug) { settings.lmsdebug = true; }
+    if (args.json) { settings.json = true; }
     if (args.tls) { settings.tls = true; }
     if ((argv.length > 1) && (actions.indexOf(argv[1].toUpperCase()) >= 0)) { settings.action = argv[1]; }
 
@@ -181,6 +182,7 @@ function run(argv) {
         console.log('\r\nValid local or remote actions:');
         console.log('  MeshCommander     - Launch a local MeshCommander web server.');
         console.log('  AmtUUID           - Show Intel AMT unique identifier.');
+        console.log('  AmtEventLog       - Show the Intel AMT event log.');
         console.log('  AmtAuditLog       - Show the Intel AMT audit log.');
         console.log('  AmtLoadWebApp     - Load MeshCommander in Intel AMT 11.6+ firmware.');
         console.log('  AmtClearWebApp    - Clear everything from Intel AMT web storage.');
@@ -342,14 +344,24 @@ function run(argv) {
             console.log('  --localport [port]     Local port used for the web server, 3000 is default.');
             console.log('\r\nRun as a background service:\r\n');
             console.log('  meshcommander install/uninstall/start/stop.');
-        } else if (action == 'amtauditlog') {
-            console.log('AmtAuditLog action will fetch the local or remote audit log. If used localy, no username/password is required. Example usage:\r\n\r\n  meshcmd amtauditlog --host 1.2.3.4 --user admin --pass mypassword --tls --output audit.json');
+        } else if (action == 'amteventlog') {
+            console.log('AmtEventLog action will fetch the local or remote event log. Example usage:\r\n\r\n  meshcmd amteventlog --host 1.2.3.4 --user admin --pass mypassword --tls --output events.txt');
             console.log('\r\nPossible arguments:\r\n');
-            console.log('  --output [filename]    The output file for the Intel AMT state in JSON format.');
+            console.log('  --output [filename]    The output file for the Intel AMT event log.');
             console.log('  --host [hostname]      The IP address or DNS name of Intel AMT, 127.0.0.1 is default.');
             console.log('  --user [username]      The Intel AMT login username, admin is default.');
             console.log('  --pass [password]      The Intel AMT login password.');
             console.log('  --tls                  Specifies that TLS must be used.');
+            console.log('  --json                 Output as a JSON format.');
+        } else if (action == 'amtauditlog') {
+            console.log('AmtAuditLog action will fetch the local or remote audit log. If used localy, no username/password is required. Example usage:\r\n\r\n  meshcmd amtauditlog --host 1.2.3.4 --user admin --pass mypassword --tls --output audit.json');
+            console.log('\r\nPossible arguments:\r\n');
+            console.log('  --output [filename]    The output file for the Intel AMT audit log.');
+            console.log('  --host [hostname]      The IP address or DNS name of Intel AMT, 127.0.0.1 is default.');
+            console.log('  --user [username]      The Intel AMT login username, admin is default.');
+            console.log('  --pass [password]      The Intel AMT login password.');
+            console.log('  --tls                  Specifies that TLS must be used.');
+            console.log('  --json                 Output as a JSON format.');
         } else if (action == 'amtider') {
             console.log('AmtIDER will mount a local disk images to a remote Intel AMT computer. Example usage:\r\n\r\n  meshcmd amtider --host 1.2.3.4 --user admin --pass mypassword --tls --floppy disk.img --cdrom disk.iso');
             console.log('\r\nPossible arguments:\r\n');
@@ -605,6 +617,11 @@ function run(argv) {
             if ((settings.username == null) || (typeof settings.username != 'string') || (settings.username == '')) { settings.username = 'admin'; }
         } else { settings.hostname = '127.0.0.1'; }
         readAmtAuditLog();
+    } else if (settings.action == 'amteventlog') { // Read the Intel AMT audit log
+        if (settings.hostname == null) { settings.hostname = '127.0.0.1'; }
+        if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; }
+        if ((settings.username == null) || (typeof settings.username != 'string') || (settings.username == '')) { settings.username = 'admin'; }
+        readAmtEventLog();
     } else if (settings.action == 'amtider') { // Remote mount IDER image
         if ((settings.hostname == null) || (typeof settings.hostname != 'string') || (settings.hostname == '')) { console.log('No or invalid \"hostname\" specified, use --hostname [password].'); exit(1); return; }
         if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; }
@@ -739,6 +756,52 @@ function performAmtAgentPresenceEx5(stack, name, response, status, watchdog) {
     }
 }
 
+
+//
+// Intel AMT Event Log
+//
+
+function readAmtEventLog() {
+    // See if MicroLMS needs to be started
+    if ((settings.hostname == '127.0.0.1') || (settings.hostname.toLowerCase() == 'localhost')) {
+        settings.noconsole = true; startLms(readAmtEventLogEx);
+    } else {
+        readAmtEventLogEx(9999);
+    }
+}
+
+function readAmtEventLogEx(x) {
+    if (x == 9999) {
+        var transport = require('amt-wsman-duk');
+        var wsman = require('amt-wsman');
+        var amt = require('amt');
+        wsstack = new wsman(transport, settings.hostname, settings.tls ? 16993 : 16992, settings.username, settings.password, settings.tls);
+        amtstack = new amt(wsstack);
+        amtstack.GetMessageLog(readAmtEventLogEx2);
+    } else {
+        osamtstack.GetMessageLog(readAmtEventLogEx2);
+    }
+}
+
+function readAmtEventLogEx2(stack, messages) {
+    if (messages == null) {
+        console.log('Unable to get event log.');
+    } else {
+        var out = '';
+        if (settings.json) {
+            out = JSON.stringify(messages, 4, ' ');
+        } else {
+            for (var i in messages) { out += messages[i].Time + ', ' + messages[i].EntityStr + ', ' + messages[i].Desc + '\r\n'; }
+        }
+        if (settings.output == null) { console.log(out); } else {
+            var file = fs.openSync(settings.output, 'w');
+            fs.writeSync(file, Buffer.from(out));
+            fs.closeSync(file);
+        }
+    }
+    exit(1);
+}
+
 //
 // Intel AMT Audit Log
 //
@@ -770,11 +833,19 @@ function readAmtAuditLogEx2(stack, response, status) {
         console.log('Unable to get audit log, status = ' + status + '.');
     } else {
         var out = '';
-        for (var i in response) {
-            var name = ((response[i].Initiator != '') ? (response[i].Initiator + ': ') : '')
-            out += (response[i].Time + ' - ' + name + response[i].Event + '\r\n');
+        if (settings.json) {
+            out = JSON.stringify(response, 4, ' ');
+        } else {
+            for (var i in response) {
+                var name = ((response[i].Initiator != '') ? (response[i].Initiator + ': ') : '')
+                out += (response[i].Time + ' - ' + name + response[i].Event + '\r\n');
+            }
+        }
+        if (settings.output == null) { console.log(out); } else {
+            var file = fs.openSync(settings.output, 'w');
+            fs.writeSync(file, Buffer.from(out));
+            fs.closeSync(file);
         }
-        if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); }
     }
     exit(1);
 }
diff --git a/package.json b/package.json
index 168187f1..3eb303a6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.3.7-u",
+  "version": "0.3.7-v",
   "keywords": [
     "Remote Management",
     "Intel AMT",