SIEM IPMI Configuration and Setup - McAfee Support Community · McAfee SIEM IPMI / RMM Setup and Configuration Guide V1.3 November 2015 . Introduction This document is designed to

McAfee SIEM IPMI / RMM Setup and Configuration Guide

V1.3 November 2015

Introduction

ThisdocumentisdesignedtoprovidethereaderwithallthestepsandinformationonimplementingandusingtheIntelligentPlatformManagementInterface(IPMI)andRemoteManagementMonitorcapabilitiessupportedintheMcAfeeSIEMoperatingenvironmentv9.4andlater.TheIntelligentPlatformManagementInterface(IPMI)isastandardizedcomputersysteminterfaceusedbysystemadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Itisawaytomanageacomputerthatmaybepoweredofforotherwiseunresponsivebyusinganetworkconnectiontothehardwareratherthantoanoperatingsystemorloginshell.IPMIinformationisexchangedthoughBaseboardManagementControllers(BMCs),whicharelocatedonIPMI‐complianthardwarecomponents.TheBMCisaspecializedmicrocontrollerembeddedonthemotherboardofacomputer,generallyaserver.TheBMCmanagestheinterfacebetweensystemmanagementsoftware,inthiscaseRMMandplatformhardware.Usinglow‐levelhardwareintelligenceinsteadoftheoperatingsystemhastwomainbenefits:First,thisconfigurationallowsforout‐of‐bandservermanagement;Second,theoperatingsystemisnotburdenedwithtransportingsystemstatusdata.IPMIfunctionsaredesignedtoworkinanyofthreescenarios:

BeforeanOShasbooted(allowing,forexample,theremotemonitoringorchangingofBIOSsettings)

Whenthesystemispowereddown(butstillattachtopower) AfterOSorsystemfailure–thekeycharacteristicofIPMIcomparedwithin‐bandsystemmanagementsuchasbyremotelogintotheoperatingsystemusingSSH

Remotemonitoringandmanagement(RMM)isacollectionofinformationtechnologytoolsthatarefoundonworkstationsandservers.Thesetoolsgatherinformationregardingtheapplicationsandhardwareoperatingwithinanenvironmentaswellassupplyactivityreportsallowingadministratorstoresolveanyissues.RMMusuallyprovidesasetofITmanagementtoolsliketroubletickettracking,remotedesktopmonitoring,support,anduserinformationthroughacompleteinterface.WithintheMcAfeeSIEMappliancefamily,IPMIisprovidedthroughtheIntelRMM4moduleinstalledintoeveryMcAfeeGEN4SIEMAppliance.

IPMI and RMM Setup and Configuration Guide McAfee SIEM

3

Revision History

August2014 V1.0 FirstPublicRelease

November2014 V1.1

AddedRevisionHistorySection AddedlinkstomotherboardSDRreturncodes. Correctedpagenumber Correctedpasswordonpage10

August2015

V1.2 Updatedlinktomotherboardmanual.

November2015

V1.3 AddeddisclaimeronIPMIbeingdisabledforsecurityconcerns. AddedstepstoenableordisableviaIPMItool


4

Table of Contents

BIOSUpdate 5Updatingyourappliance(s)toenableIPMIandRMM

EnablingIPMI 15TurningonIPMIviaESMManagementInterface

IPMItool 20CommandlineIPMIsyntaxandexamples

BMCWebConsole 32Usingthewebconsoleinterface

AppendixA 51CommandlineargumentsforIPMItool

AppendixB 53CommandsyntaxforIPMItool

AppendixC 60SDREntityValues

AppendixD 61SDRTypeValues


5

BIOS Update IPMIandRMMcapabilitiesareonlysupportedontheGeneration4(GEN4)SIEMappliances.Beforeproceedingwiththisdocument,makesureyouhaveGEN4appliances.ThetwoimagesbelowhighlightthestarkdifferencesbetweenGeneration3andGeneration4SIEMappliances.Whiletheexamplesbelowdisplaythe2UGen4applianceandthe3UGen3appliance,theorangebezelisalwaysindicativeofaGen3appliance.

GEN4Appliance

GEN3ApplianceWithintheGen4SIEMappliancefamily,therearesomeexceptionsonwhichplatformssupportIPMIcapabilities.Belowisatableofwhatisandisnotsupported.

IPMISupported IPMINOTSupported

All Standalone ESM Models Any DAS Models (These devices do not have an IPMI port)

All Combination ESM Models Any Receiver (ERC) in HA mode regardless of Model (All available ports are used to configure HA)

All Non-HA Receivers (ERC)

All ACE Appliances

All ADM Appliances

All DEM Appliances


6

Figure 1

Figure 2

BIOS Update BeforeIPMIandRemoteManagementcanbesupportedwithintheMcAfeeSIEMenvironment,theBIOSforeachappliancemustbeataspecificreleasetoenablecapabilitieswithintheSIEMManagementinterfaceandSIEMoperatingenvironment.Asoutlinedintheprevioussection,remotemanagementisonlyavailableonGeneration4andlaterappliancesaswellasoperatingenvironmentv9.4andlater.SeeprevioussectionforadescriptionoftheappliancestoensureyouhaveaGEN4appliance.CheckcurrentapplianceversionIPMIandRMMcapabilitiesareonlysupportedintheSIEMoperatingenvironmentv9.4andabove.TocheckwhichMcAfeeSIEMOperatingEnvironmentversionyourappliance(s)arecurrentlyat,logintoyourESMusinganyflashcapablebrowser.Oncetheloginscreenappears,checkthelowerleftcornerofthebrowserfortheversionnumber.Itshouldbeversion9.4.0orgreater.SeeFigure1foranexample.Ifyourappliancedoesnothavethisversion,accesstheMcAfeedownloadpagetoobtainthelatestrelease.Onceithasbeenupgraded,continuewiththestepsfollowingthistopic.

Thedownloadlinkis:http://www.mcafee.com/us/downloads/downloads.aspxWhileallMcAfeeSIEMappliancesshouldbeonthesameoperatingenvironmentrelease,itispossiblethatthismaynotbethecaseinyourenvironment.Werecommendcheckingeachappliance’sSIEMOperatingEnvironmentversion.Todothis,selecttheapplianceandclickthePropertiesicon(WhiteSquareiniconbarabovedevicetreedisplay)andtheresultingdialogwilldisplaytheversion.AnexampleofthisisinFigure2. CheckcurrentapplianceBIOSversionOnceyouhaveidentifiedyourapplianceasGEN4hardwareandthatyouareontheproperSIEMoperatingenvironmentversion,youshouldcheckyourBIOSversiontoensurethatitrequiresaBIOSupdate.Dependingonwhenyoureceivedyourappliance(s),itsBIOSmayhavealreadybeenupdated.


7

McAfee-ETM-6000 ~ # dmidecode -t 0 # dmidecode 2.10 SMBIOS 2.6 present. 172 structures occupying 10014 bytes. Table at 0x000EB570. Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: Intel Corp. Version: SE5C600.86B.02.02.0002.122320131210 Release Date: 12/23/2013 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 8192 kB Characteristics: PCI is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported BIOS Revision: 4.6 McAfee-ETM-6000 ~ #

Figure 3

IfyourapplianceBIOSReleasedateisbefore12/23/2013ANDyouarerunningv9.5.0TheIPMIdialogsaredisabledwithintheGUI.Tocorrect,youwillhavetoperformtheBIOSupgradestepsinthefollowingpages.

BIOS Update TochecktheBIOSversion,SSHintotheapplianceandissuethefollowingcommand:

McAfee-ETM-6000 ~ # dmidecode –t 0 Figure3displaysanexampleoftheoutputthecommandwillgenerate.

ThecorrectBIOSversionreleasedateshouldbeatorlaterthantheexamplehighlighted(yellow)above.Ifyoursisnot,continuewiththestepsonthefollowingpages.IfyourBIOSversionisatorlaterthanthisreleasedate,continueontotheESMSetupsectiononpage16.


8

TheBIOSpackageslocatedherearespecificIntelSecurity(McAfee)SIEMAppliances.DonotattempttouseanyotherBIOSpackagesotherthanwhatislocatedhere.

BecauseBIOSpackagesmaychangebetweenSIEMoperatingenvironmentreleases,pleaserefertotheContents-README.txtfileforthecorrectpackagethatistobeusedfortheapplianceyouareupgrading.

BIOS Update ObtainingtheBIOSupdatepackageToupgradetheapplianceBIOSyouwillneedextracttheproperIntelSecurityBIOSupdatepackagetoaUSBflashdrive.ThesecompressedpackagesarelocatedontheESMapplianceinthefollowingdirectory:

/etc/areca/system_bios_update/ Thedirectorywillcontainfilessimilar,butnotexactly,astheonesbelow:

850-1773-03_032514.zip 850-1904-00_012714.zip Contents-README.txt

AfteryouhaveidentifiedwhichZIPpackageisappropriatefortheapplianceyouareupgrading,useanapplicationlikeSCPorWinSCPtodownloadtheZIPpackage.Ifyourenvironmentrequiresbothzippackages,pleaseextracteachziptoitsownproperlylabeledUSBflashdrive.Mixingthepackagescouldrenderanapplianceun‐bootable.Onceyouhavedownloadedthezippackage,unzipittotherootofyourUSBflashdrive.Thedriveyouuseshouldbeempty,shouldbea4GBdriveorlessandcanbeformattedusingWindowsorLinuxfilesystems.Italsodoesnothavetobebootable.ThedirectoryontheUSBflashdrivewilllooksimilartoFigure4below.

Figure 4


9

Donotmakeaselection.Letthesystembootasnormal.ItwillautorecognizethattheUSBdriveisattachedandbootfromit.TheMcAfeeSplashscreenmaytakeupto60secondsbeforeproceeding.

BIOS Update Next,inserttheUSBflashdriveintoanunusedUSBportonthebackoftheappliancebeingupgraded.Therearofbothappliances(1Uand2U),andtheirrespectiveUSBports,arehighlightedinFigure5.OncetheUSBflashdrivehasbeenattached,re‐boottheappliance.Toensureapropershutdown,useeithertheSIEMAdministrativeinterface(browser‐basedGUI)oramonitorandkeyboardattachedtothesystemtoaccesstheLCDemulatorintheupperleftcorneroftheconsole.Theshutdownprocessmaytakeseveralminutessothatitcansafelycompleteanyoutstandingtask.Pleasebepatient.Oncethesystembootsnormally,itwilldisplaytheMcAfeeBootSplashscreenasshowninFigure6.

Figure 5

Figure 6


10

Figure 7

Donotinterruptorresettheupdateprocess,removepowertothesystem,orusethekeyboard(unlessprompted)whiletheupdateistakingplace.Doingsocouldresultinanunbootablesystem.

Figure 8

BIOS Update After the McAfee boot splash clears, the system willrecognize the USB and will start to boot. However,depending onwhen you received your SIEM appliance,there may have been a BIOS password set and it willneed to be entered in order for the automated BIOSupdate process to start. If this is the case in yourenvironment, the example in Figure 7will appear. Thepasswordyouenterwilldependonthetypeofapplianceyouareupdating.

For1UAppliancesuse: appl1anFor2UAppliancesuse: @ppl1@nc3

OnceyouhavesuccessfullyenteredtheBIOSpassword,youshouldseeascreensimilartoFigure8.Atthispointitshouldstartupdatingthesystemautomaticallyandyouwillseemessagesscrollacrossthescreen.Theentireprocesscantakeasmuchas15to20minutestocomplete.Therearemultiplephasesoftheupdateprocessasthevarioussubsystemsofthemotherboardareupdated.Youmaynoticethattheappliancecoolingsystempowercycleanumberoftimes,thisisnormal.Youmayalsonoticemessagesindicatingpasswordfailures,thisalsoisnormal.


11

BIOS Update TheupdateprocessshouldendsuccessfullywithamessagesimilartoFigure9.ItwillindicatethattheUSBflashdriveshouldberemovedandthesystemrebootedusingthefront‐panelresetbutton.TroubleshootingYoumaynotalwaysgetthedisplayinFigure9onyourfirstattemptatupdatingtheBIOS.ThiscouldbeduetoissueswheretheFRUflagsafewmessagesorrecoverableerrorshaveoccurred.Thefollowingpage(s)willprovideguidanceonhowtohandlesomeoftheseissuesshouldtheyarise.

Update file configuration: Revision S2600GZ.112 FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation. Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. FRUSDR update completed. Setting BIOS Admin and User Password Successfully Completed Successfully Completed BIOS Admin and User Password Set Updates Completed. Please remove the USB key and reboot using the front panel bu tton Fs0:\>

Figure 9


12

BIOS Update Chassis Selection Insomeinstances,aftertheBIOSappearstohavesuccessfullyupdated,anFRUmessageindicatinganissuedetectingthebackplanehasoccurred(figure10)anditasksyoutodeterminewhichchassisisinuse.ForallMcAfeeSIEMAppliances,chooseoption2 Intel(R) Server Chassis R2000.Oncethatisselected,anR2000Chassistypemessage(Figure11)willappear.Chooseoption3 R2312 ChassisOnceyou’vemadetheselections,theprocessshouldcontinue.However,theprocessmayalsostall.Iftheprocessstalls,werecommendrebootingtheapplianceandperformtheBIOSupgradeagain.ThissecondBIOSupgradeshouldcompletesuccessfullyandwillendwiththedisplaysimilartopage11.

ME firmware update completed. FRUSDR 1.12 is being installed. Update file Configuration: Revision S2600GZ_112 FRU & SDR Update Package for Intel(R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. Hot-swap HDD backplane detected but its FRU details either corrupted or blank. Falling back to User chassis selection as auto detection is not possible.! Select the Chassis 1 Intel(R) Server Chassis R1000 2 Intel(R) Server Chassis R2000 3 Other Chassis

Figure 10

Hot-swap HDD backplane detected but its FRU details either corrupted or blank. Falling back to User chassis selection as auto detection is not possible.! Select the Chassis 1 Intel(R) Server Chassis R1000 2 Intel(R) Server Chassis R2000 3 Other Chassis Select the R2000 chassis type 1 R2208/R2216/R2308 chassis 2 R2224 chassis 3 R2312 chassis 4 Intel(R) Server Chassis R2000 with Aux PCIe

Figure 11


13

BIOS Update Password Set Failure Insomeinstances,aftertheBIOSappearstohavesuccessfullyupdated,oneormoreerrorsindicatingthataPasswordmismatchhasoccurred.ItmayappearliketheexampleinFigure12.Thiserror(s)shouldnotaffecttheprocessandtheadminanduserpasswordswillultimatelygetsetproperly.BMCFirmwareisnotTransitioningInsomeinstances,afterthefirmwarehassuccessfullyupdated,amessagesimilartoFigure13willappear.Ifthisoccurs,pressY.Shortlyafter,youshouldreceiveanUpdatesCompletedmessagesimilartoFigure9.However,ithasbeenreportedthatoncetheUSBdrivehasbeenremovedandthepowerswitchpressed,theappliancedoesnotreboot.Atthispointyouhavetwooptions.First,pressandholdtheresetbutton(Figure14)for20seconds.Iftheappliancestilldoesnotreboot,itisrecommendedthatpowerberemovedfromtheappliance.Ineithersituation,itisrecommendedthattheBIOSupdatebeperformedasecondtime.Onthissecondattempttheupdateshouldcompletewithouterror.

Figure 14

Update file configuration: Revision S2600GZ.112 FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation. Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. FRUSDR update completed. Setting BIOS Admin and User Password Error: Password Mismatch:entered password doesn’t match with current password Error: Password Mismatch:entered password doesn’t match with current password BIOS Admin and User Password Set

Figure 12

BMC Firmware update Successful BMC Firmware is not transitioning to operating mode Could not exit FW transfer mode An Error occurred To save the error to a file Y,N,ESC

Figure 13


14

BIOS Update Ifyourunintoissuesnotpreviouslyhighlighted,theupdateprocessstallsorpromptsyouforanentryofsomenaturewhichyoudonothavetheanswerfor.

DONOTSHUTOFFTHEAPPLIANCEContactMcAfeesupportathttp://mysupport.mcafee.com;orat800‐937‐2237;oryourMcAfeePlatinumSupportrepresentative.


15

ThereareseveralsecurityissuestobeconsideredbeforeenablingtheIPMILANinterface.Aremotestationhastheabilitytocontrolasystem’spowerstateaswellasbeingabletogatherormodifycertainplatforminformation.ToreducevulnerabilityitisstronglyadvisedthattheIPMILANinterfaceonlybeenabledin'trusted'environmentswheresystemsecurityisnotanissueorwherethereisadedicatedsecure'managementnetwork.

DependingontheBIOSversion your appliance was shipped with, IPMI maybedisabledor possiblyenabledoninterfacesotherthantheIPMIinterface(highlightedbelow).EnablingIPMIonanyinterfacebuttheIPMIinterfacecancauseconnectivityissuestotheappliance.IfyoubelievethatyourappliancehasbeenincorrectlyconfiguredforIPMI,belowareafewtroubleshootingsteps.Useonlyifallotherconnectivityoptionshavefailed.TodisableIPMIontheMGMT1interfacesrun:

McAfee-ETM-6000 ~ # ipmitool lan set 1 ipsrc static McAfee-ETM-6000 ~ # ipmitool lan set 1 ipaddr 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 netmask 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 defgw ipaddr 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 access off

(Replace1with2forMGMT2) ToenabletheIPMIinterfacesrun:

McAfee-ETM-6000 ~ # ipmitool lan set 3 ipsrc static McAfee-ETM-6000 ~ # ipmitool lan set 3 ipaddr x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 netmask x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 defgw ipaddr x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 access on

(WheretheIP,NetmaskandGatewayaresettingappropriatelyforyourenvironment)

Enabling IPMI Oncetheappliance(s)havetheproperBIOSlevel,youwillneedtoconnectandconfigeachappliance’sIPMIinterfacetoyournetwork.TheIPMIcapabilitiesoutlinedinthefollowingpagesareonlysupportedviatheIPMIinterface.McAfeeSIEMappliancesdonotsupportRemoteManagementviathetraditionalMGMT1orMGMT2ports.TheFigure15highlightstheIPMIportlocationoneachstyle(1Uor2U)ofSIEMappliance.AstandardCAT5orCAT6cablecanbeusedandthereisnoneedtouseacross‐overcable,asastandardEthernetcablewillwork.

Figure 15


16

IfforsomereasonyourBIOSupdatedidnotcompletesuccessfully,theEnableIPMISettingssectionwillnotappear.

Enabling IPMI OnceloggedintotheESMusingtheNGCPaccount,navigatetooneoftheselocationsdependingonwhichapplianceyouneedtoenableRemoteManagementon.EachappliancetypesetstheIPaddressdifferently.Pleasemakesureyoufollowtheinstructionsfortheappropriateappliance.SettingIPaddressforESMorAll‐in‐OneAppliances:

SelectSystemPropertiesandthenNetworkSettings.Next,selecttheAdvancedtabandthedialoginFigure16willappear.

SettingIPaddressforaReceiver,ACE,ELM,ADM,orDEM:

SelectDevicePropertiesandthenDeviceConfiguration.Next,selecttheInterfacebuttonandthentheAdvancedtabandadialogsimilartoFigure16willappear.Figure16isspecificforanESM,buteachdevice(ERC,ACE,ELM,etc.,.)willhaveasimilardialogwiththeexactsameIPMIvalues.

Figure 16


17

Enabling IPMI Regardlessofwhichapplianceyouareconfiguring,thestepsoutlinedherewillbethesameforallappliances.ChecktheEnableIPMISettingscheckboxandthenfillintheappropriatenetworksettings.Figure17providesanexampleofhowthesemayappear.TheVLANsettingistheonlyoptionalsettingandeverythingelsewillberequired. Onceyouhavecompletedenteringthenetworksettings,clickApplyorOK.Inthebackground,theappliancewillhaveitsIPMIIPaddressset.Then,dependingontheapplianceyoumadethesettingson,youwillseeasimilarversionofFigure18indicatingtheprogressoftheaction.Thismaytakeafewsecondstocompletedependingontheactivityoftheappliance.Whenithascompletedsuccessfully,boththeApplyandOKbuttonsmaybegrayedouttemporarily.Ifsomethingintheprecedingstepsisdifferentthanwhatwasoutlined,seethenextpageforcaveatstotheprocess.

Figure 17

Figure 18


18

Enabling IPMI CaveatstosettingtheIPMINetworkSettingsWrongVersionIfyouhaveanESMonversion9.4butaneworexistingERC,ELM,ACEorotherappliancehasnotbeenupgraded,youmaystillseetheIPMIsettingforthatappliance.However,becauseIPMIsupportrequiresSIEMoperatingenvironmentv9.4andabove,theprocessforsettinganIPaddressmaynotcompletesuccessfully.IfyouseeamessagesimilartoFigure19,checktheversionofyourappliancebeforeproceeding. Re‐keyingNotice ForanERC,ERCELM,ELM,ACE,ADMorDBMappliance,tochangetheIPMIrootpasswordyouwillneedtoperformare‐keyoperation.OnReceiverclassdevices,thedialoginFigure20willappearafteryoucheckEnableIPMISettings.Page19willprovidethedetailsonchangingthepassword.StrayVLANCharacters ForanERC,ERCELM,ELM,ACE,ADMorDBMappliance,youmayseeacharacterintheVLANfieldanditwillnotbepossibletoremoveit.Thisiscurrentlyaknownissueandwillberesolve,butitwillnotaffectyourabilitytosetenterthenetworksettings.

Figure 19

Figure 20


19

Enabling IPMI SettingIPMIpasswordOncethenetworksettingshavebeenset,youwillreceiveaprompt(Figure21)tochangethepasswordfortheIPMIrootaccount.Eachappliancemayhaveaslightlydifferentdialogdependingonappliancemodelandoperatingenvironmentversion.Also,thereisonlyoneaccountdefinedforIPMIandthatisroot. TosetIPMIrootpasswordforESMorAll‐in‐OneAppliance:

Option#1

ClickNGCPintheupperrightcorneroftheESMbrowser‐basedinterface.Itwillthendisplayapasswordchangedialog.Followingthepasswordcriteria,entertheexistingpasswordfollowedbythenewpassword.Oncecomplete,clickOKandassumingyoumetthepasswordcriteria,thepasswordwillbemodifiedfortheIPMIrootaccountaswellasNGCP.

Option#2

SelecttheSystemPropertiesiconintheQuickConnecticonbar.ThenselectUsersandGroupsfromtheSystemPropertiesdialog.EntertheNGCPpasswordwhenprompted.NextselecttheNGCPaccountfromtheUserlistandclickEdit.WithintheEdituserdialog,clicktheSetPasswordbuttonandfollowthepasswordcriteriaforthenewpassword.ClickOKandassumingyoumetthepasswordcriteria,thepasswordwillbemodifiedfortheIPMIrootaccountaswellasNGCP.

TosetIPMIrootpasswordforanERC,ERCELM,ACE,ELM,ADM,orDBM:

SelecttheDeviceProperties.Next,selectKeyManagement.ThenclicktheKeyDevicebutton.ThiswilldisplaytheKeyDeviceWizarddialogandpromptyoutoenteranewpassword.Onceyouhaveenteredthepasswordtwice,clicktheNextbutton.Thiswillthenre‐keytheappliancewiththeESMandthensettheIPMIrootpasswordforthisappliance.BecausethispassworddialogdoesnothavethesamepasswordrestrictionsastheESM,ifyouwanttoretainthepasswordontheappliance,simplyenterthepasswordyouhaveusedinthepast.

Figure 21


20

ItshouldbenotedthatremoteuseofIPMItoolrequiresport623.Thiscannotbechanged.IfthereisafirewallorotherdevicebetweentheIPMItoolclientandtheMcAfeeSIEMappliance,youwillneedtoensurethatthisportisopenfortraffictopass.

IPMItool Asmentionedintheintroductionofthisdocument,theIntelligentPlatformManagementInterface(IPMI)isaninterfaceusedbyadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Inthissection,wehighlighttheIPMItoolapplicationsyntaxandusecaseexampleswillbehighlighted.IPMItoolprovidesasimple,command‐lineinterfacetoIPMI‐enableddevicesthroughanIPMIv1.5orIPMIv2.0LANinterface.ItisofferedonawidevarietyofplatformsincludingWindows,UNIX,LinuxandMac.BecauseofthevarietyofplatformsthatIPMItoolcanexiston,thisdocumentusestheSourceforgesyntaxandparameters.Yourplatformimplementationmayvaryslightlyandyouareencouragedtoreviewthedocumentationforyourvariant.IPMItoolcanbeusedintwobasicforms.LocallyontheSIEMappliancethatyouaremanagingorremotelyfromaworkstationorserverrunningIPMItooltotheSIEMapplianceyouneedtomanage.Thesyntaxforlocalaccessis:

McAfee-ETM-6000 ~ # ipmitool <command> <parameters> Thesyntaxforremoteaccessis(SeeAppendixAforadditionalarguments):

C:\ ipmitool –H <remote_IP> –U <username> <command> <parameters> –or– [user@linux ~]# ipmitool –H <remote_IP> –U <username> <command> <parameters>

IPMItoolExamplesTheexamplesonthefollowingpagesalluseremotetechniques.However,simplyremovingthe–Hand–UparametersandtheirassociatedvaluesfromthecommandstringwillallowforthesameresultsifexecutedonthelocalapplianceorviaSSHtothelocalappliance.Also,theseexamplesdonotincludethepasswordparameterandyouwillbepromptedforthepasswordbeforethecommandcanexecute.Inthefollowingexamples,weonlyhighlightthecommandargumentsandnotthecommonitemsforeachcommand.Intheexamplebelow,thesyntaxingreyiscommontoallexamplesandtheargumentsinbluearewhatwearehighlighting.Theusername(-U)isalwaysrootandthepasswordwassetinthepreviousEnablingIPMIsection.

ipmitool -U root -H 10.1.1.13 chassis status BecauseoftheextensivecommandsetofIPMItool,weareonlyhighlightingthecommandsthatwouldbethemostvaluableforthewiderMcAfeeSIEMcustomerbase.AttheendofthissectiontherearesomelinksyoucanreferencetolearnmoreaboutadditionalIPMItoolcommands.Inaddition,theappendiceshaveacompletelistofcommands,argumentsandparameters.


21

System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-on Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false Sleep Button Disable : not allowed Diag Button Disable : allowed Reset Button Disable : allowed Power Button Disable : allowed Sleep Button Disabled: false Diag Button Disabled : false Reset Button Disabled: false Power Button Disabled: false

IPMItoolnotonlycanqueryasensor,ithastheabilitytomakechangestothesystemattheBIOSlevelaswellastheabilitytocontrolpowerupandpowerdownstates.AnyuseormisuseofacommandthatchangestheoperationoftheMcAfeeSIEMappliancecouldresultindatalost.

IPMItool QuerythechassisstatusChassisstatusisusedformanaging/monitoringanIPMIchassis,suchaschassispower,identification(i.e.LEDcontrol),andstatusoftheappliancechassis.

ipmitool -U root -H 10.1.1.13 chassis status


22

FRU Device Description : Builtin FRU Device (ID 0) Chassis Type : Rack Mount Chassis Chassis Part Number : R2312GZ4 Chassis Serial : A070220066 Chassis Extra : ............................... Chassis Extra : ............................... Board Mfg Date : Sat Aug 11 01:22:00 2012 Board Mfg : Intel Corporation Board Product : S2600GZ Board Serial : QSGR21701237 Board Part Number : G11481-352 Product Manufacturer : McAfee Inc. Product Name : ELM4600 Product Part Number : 610-1905-00 Product Version : ELM-4600 Product Serial : A070220066 Product Asset Tag : 060fddbf9708 FRU Device Description : Pwr Supply 1 FRU (ID 2) Device not present (Unknown (0x81)) FRU Device Description : Pwr Supply 2 FRU (ID 3) Product Manufacturer : DELTA Product Name : DPS-750XB A Product Part Number : E98791-006 Product Version : 01 Product Serial : E98791D1214020872 FRU Device Description : Front Panel (ID 4) Board Mfg Date : Mon Jun 11 11:34:00 2012 Board Mfg : Intel Corporation Board Product : F2USTOPANEL Board Serial : ............ Board Part Number : G28538-250 FRU Device Description : HS Backplane 1 (ID 5) Board Mfg Date : Fri Mar 30 10:31:00 2012 Board Mfg : Intel Corporation Board Product : F2U12X35HSBP Board Serial : QSRU21300568 Board Part Number : G43212-250

IPMItool QuerytheFieldReplaceableUnit(fru)InventoryPrintbuilt‐inFRU(FieldReplaceableUnit)inventoryandscanSDR(SensorDataRecord)forFRUlocatorsandtheirvalues.Theexamplebelowshowsanumberofinterestingitems.First,highlightedinblueistheproductname.Thisiswhatwasenteredatthetimeofmanufacture.Next,theareahighlightedinredisapowersupply.Inthisexample,thepowersupplywasslidoutofthemachineusedintestingandasyoucanseefromtheexamplebelow,itisshownasnotpresent.

ipmitool -U root -H 10.1.1.13 fru


23

Pwr Unit Status | 0x00 | ok Pwr Unit Redund | 0x0a | ok IPMI Watchdog | 0x00 | ok Physical Scrty | 0x00 | ok FP NMI Diag Int | 0x00 | ok BB +12.0V | 11.94 Volts | ok BB +5.0V | 4.96 Volts | ok BB +3.3V | 3.25 Volts | ok BB P1 VR Temp | 28 degrees C | ok Front Panel Temp | 22 degrees C | ok SSB Temp | 43 degrees C | ok BB P2 VR Temp | 28 degrees C | ok BB Vtt 2 Temp | 32 degrees C | ok BB Vtt 1 Temp | 27 degrees C | ok HSBP 1 Temp | 28 degrees C | ok System Fan 1 | 11956 RPM | ok System Fan 2 | 12152 RPM | ok System Fan 3 | 12054 RPM | ok NM Capabilities | Not Readable | ns MTT CPU1 | disabled | ns MTT CPU2 | disabled | ns

IPMItool QuerytheSensorDataRecord(sdr)SensorDataRecords(SDR)containsinformationaboutthetypeandnumberofsensorspresentonagivenappliance.Anindividualsensorrecorddescribesaspecificsensoranditsstateorstatus.Thesensorrecordsarestoredinacentral,non‐volatilestoragearea,whichismanagedbytheBMC.ThisstorageareaiscalledtheSensorDataRecordRepository.UsingIPMItool,wecanquerythatrepositoryforthesensorsandtheirstatus.Anexampleisbelow.

ForacompletelistoftheBMCCoreSensorsandpossiblereturncodes(offsettriggers)pleaseseeTable61intheIntel Server Board S2600GZ / GL Technical Product Specification Guide. http://www.intel.com/support/motherboards/server/sb/CS‐033134.htm

ipmitool -U root -H 10.1.1.13 sdr list

NOTE:Thefullsdrcommandresultsaretruncatedintheexampleabovetopreservepagespace.Thecolumnformatfromthesdr listoutputaboveis:

SensorTypeorIDThisisthetypeofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.Thishasa16charactermaxlength.

SensorReadingThisisthecurrentreadingofthesensor.Whereavailable,thereadingistranslatedintotheappropriateunits(forexample,degrees,voltsorRPM).

SensorStatus

Thisindicatesthesensorstatus.Possiblevaluesare:ok–Thesensorispresentandoperatingcorrectlyns–Nosensor(correspondingreadingwillsaydisabledorNotReadable)nc–non‐criticalerrorregardingthesensorcr–criticalerrorregardingthesensornr–non‐recoverableerrorregardingthesensor


24

BB P1 VR Temp | 20h | ok | 7.1 | 28 degrees CFront Panel Temp | 21h | ok | 12.1 | 22 degrees C SSB Temp | 22h | ok | 7.1 | 43 degrees C BB P2 VR Temp | 23h | ok | 7.1 | 28 degrees C BB Vtt 2 Temp | 24h | ok | 7.1 | 32 degrees C BB Vtt 1 Temp | 25h | ok | 7.1 | 27 degrees C HSBP 1 Temp | 29h | ok | 7.1 | 28 degrees C Exit Air Temp | 2Eh | ok | 7.1 | 33 degrees C LAN NIC Temp | 2Fh | ok | 7.1 | 42 degrees C System Fan 1 | 30h | ok | 29.1 | 11956 RPM System Fan 2 | 32h | ok | 29.2 | 12152 RPM System Fan 3 | 34h | ok | 29.3 | 12054 RPM System Fan 4 | 36h | ok | 29.4 | 12054 RPM System Fan 5 | 38h | ok | 29.5 | 12152 RPM

IPMItool Iftheelistparameterisused,itwilladdtheentityIDandtheasserteddiscretestates.

ipmitool -U root -H 10.1.1.13 sdr elist

Thecolumnformatfromthesdr elistoutputaboveis:

SensorTypeorIDThisisthetypeofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.Thishasa16charactermaxlength

SensorNumberThenumericvalueofthesensor.Onceknown,itcanbeusedasaparametertoquerythesensordirectly.Examplesofthisareonthefollowingpage.

SensorStatus

Thisindicatesthesensorstatus.Possiblevaluesare:ok–Thesensorispresentandoperatingcorrectlyns–Nosensor(correspondingreadingwillsaydisabledorNotReadable)nc–non‐criticalerrorregardingthesensorcr–criticalerrorregardingthesensornr–non‐recoverableerrorregardingthesensor

EntityIDandInstance

Thisistheentityvalueforthetypeofsensorbeingdisplayed.Ifthereismultipleofthesameexactentity,thentheinstancewillincrement.SeeAppendixCforacompletelistofEntityID’s.

SensorReadingThisisthecurrentreadingofthesensor.Whereappropriate,thereadingistranslatedintotheappropriateunits(forexample,degreesfortemperaturesensor).

Usingtheelistparameterprovidesadditionalvalues.TheseareSensorNumber(orange)andEntity(green).Thesenewvaluescanprovideadditionalcapabilitieswhenaddedtothecommandsyntax.Noticethatsomesensorscanhavethesameentity(green)parent,29forsystemfanor7forinternaltemperature.Thesevaluescanbeusedwiththeentityparametertodisplayvaluesforjustthosesensors.SensorNumber(orange)istheuniqueIDforagivensensorandcanbeusedwiththeselparametertoobtainlogandsensorinformation.ExampleofusingspecificSensorNames,NumbersorEntityvaluestoqueryspecificsensorsorgroupsofsensorsareonthefollowingpages.


25

Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant System Fan 1 | 30h | ok | 29.1 | 11956 RPM System Fan 2 | 32h | ok | 29.2 | 12054 RPM Fan 1 Present | 40h | ok | 29.1 | Device Present Fan 2 Present | 41h | ok | 29.2 | Device Present

PS1 Status | 50h | ok | 10.1 |PS2 Status | 51h | ok | 10.2 | Presence detected PS1 Input Power | 54h | ns | 10.1 | No Reading PS2 Input Power | 55h | ok | 10.2 | 220 Watts PS1 Curr Out % | 58h | ns | 10.1 | No Reading PS2 Curr Out % | 59h | ok | 10.2 | 25 unspecified PS1 Temperature | 5Ch | ns | 10.1 | No Reading PS2 Temperature | 5Dh | ok | 10.2 | 28 degrees C

HDD 0 Status | F0h | ok | 15.1 | Drive PresentHDD 1 Status | F1h | ok | 15.1 | Drive Present HDD 2 Status | F4h | ok | 15.1 | HDD 3 Status | F5h | ok | 15.1 |HS Backplane 1 | 00h | ns | 15.1 | Logical FRU @05h

Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant System Fan 1 | 30h | ok | 29.1 | 12054 RPM Fan 1 Present | 40h | ok | 29.1 | Device Present

IPMItool QuerytheSDRforFanDevicestate

Ex#1:ipmitool -U root -H 10.1.1.13 sdr entity 29

TheexampleabovequeriesallFanDevicesinthesystem.

Ex#2:ipmitool -U root -H 10.1.1.13 sdr entity 29.1

Theexampleabovequeriestheentity29andinstance1foraspecificfan.QuerytheSDRforPowerSupplystate

ipmitool -U root -H 10.1.1.13 sdr entity 10

Theexampleabovequeriestheentityfortheappliancepowersupplies.Inthisexample,youcanseethatthePowerSupplyunit1hasbeenremovedfromtheappliance.

QuerytheSDRforHardDrivestate

ipmitool -U root -H 10.1.1.13 sdr entity 15

Theexampleabovequeriestheentityfortheharddrives.Inthisexample,youcanseethatHDD2andHDD3arenotpresent.


26

IPMItool Lastly,acouplevariantsforasdrquery.

ToviewonlytheTemperature,Voltage,andFanSensors

ipmitool -U root -H 10.1.1.13 sdr elist full

ToviewALLTemperatureSensorsregardlessofentity

ipmitool -U root -H 10.1.1.13 sdr type temperature

NOTE:SeeAppendixDforacompletelistoftypevalues.

ToviewstatusofPowerUnits

ipmitool -U root -H 10.1.1.13 sdr type ‘Power Unit’

NOTE:Multi‐wordtyperequiresinglequotes.SeeAppendixDforacompletelistoftypevalues.

Toviewallsensordatainwidetableformat

Thisformatwillincludethresholdsforeachvaluewherepresent.

ipmitool -U root -H 10.1.1.13 sdr sensor Orverbosemodewhichwillevenmorelabelingforthethresholds

ipmitool -U root -H 10.1.1.13 sdr sensor -v


27

Pwr Unit Status | 0x0 | discrete | 0x0000| na | na | na | na | na | naPwr Unit Redund | 0x0 | discrete | 0x0a00| na | na | na | na | na | na BB P1 VR Temp | 27.000 | degrees C | ok | na | 0.000 | 5.000 | 110.000 | 115.000 | na Front Panel Temp | 21.000 | degrees C | ok | na | 0.000 | 5.000 | 50.000 | 55.000 | na System Fan 1 | 12054.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na System Fan 2 | 12348.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na BB +12.0V | 11.935 | Volts | ok | na | 10.635 | 10.947 | 13.027 | 13.391 | na BB +5.0V | 4.959 | Volts | ok | na | 4.416 | 4.546 | 5.415 | 5.566 | na

IPMItool QuerytheSensorinformation(sensor)Thesdrparameterisusefulforcurrentstate.However,toviewthecompletesensorlistincludingthresholds,youwillneedtousethesensorparameter.Belowaresomecommonexampleofhowtousetheparameter.Toquerythecompletesensorlist.

ipmitool -U root -H 10.1.1.13 sensor list NOTE:Thefullsensorcommandresultsaretruncatedintheexampleabovetopreservepagespace.Thecolumnformatfromthesensoroutputaboveis:

SensorType(name)Thisisthetypeornameofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.

Reading Thisisthecurrentreadingofthesensor.

UnitThisistheunitsofthesensorreading(e.g.,degreesfortemperaturesensor).Discreteisabinarysensor;othervaluesaregenerallyselfexplanatory.

Status

Thisindicatesthestatusofthesensor.Possiblevalues:ok–okayna–notavailableahexvalue

LNR Thisisthelowernon‐recoverablethresholdvalueforthissensor.

LCR Thisisthelowercriticalthresholdvalueforthissensor.

LNC Thisisthelowernon‐criticalthresholdvalueforthissensor.

UNC Thisistheuppernon‐criticalthresholdvalueforthissensor.

UCR Thisistheuppercriticalthresholdvalueforthissensor.

UNR Thisistheuppernon‐recoverablethresholdvalueforthissensor.

Onthefollowingpagesareafewexamplesofhowtousethesensorparameter.AlsoseeAppendixBforasyntaxreferenceonsensor.


28

Locating sensor record...Sensor ID : HDD 0 Status (0xf0) Entity ID : 15.1 Sensor Type (Discrete): Drive Slot / Bay States Asserted : Drive Slot [Drive Present]

Locating sensor record...Sensor ID : PS1 Status (0x50) Entity ID : 10.1 Sensor Type (Discrete): Power Supply

Locating sensor record...Sensor ID : PS2 Status (0x51) Entity ID : 10.2 Sensor Type (Discrete): Power Supply States Asserted : Power Supply [Presence detected]

IPMItool Querythestatusofaparticularharddrive.

ipmitool -U root -H 10.1.1.13 sensor get 'HDD 0 Status'

Thevaluewithinthesinglequotesisthesensortype(name)incolumn1fromthepreviouspageexample.

QuerythestatusofthePowerSupplies.

Ex#1:ipmitool -U root -H 10.1.1.13 sensor get 'PS1 Status'

Ex#2:ipmitool -U root -H 10.1.1.13 sensor get 'PS2 Status'

NoticethatthepresencedetectedvalueexistsinPowerSupply2andnotonPowerSupply1.ThismeansthatthePS1unitmaynotpluggedintotheappliance.


29

Locating sensor record...Sensor ID : PS1 Input Power (0x54) Entity ID : 10.1 Sensor Type (Analog) : Other Sensor Reading : Unable to read sensor: Device Not Present Event Status : Unavailable Assertions Enabled : unc+ ucr+ Deassertions Enabled : unc+ ucr+

Locating sensor record...Sensor ID : PS2 Input Power (0x55) Entity ID : 10.2 Sensor Type (Analog) : Other Sensor Reading : 228 (+/- 0) Watts Status : ok Lower Non-Recoverable : na Lower Critical : na Lower Non-Critical : na Upper Non-Critical : 868.000 Upper Critical : 920.000 Upper Non-Recoverable : na Assertion Events : Assertions Enabled : unc+ ucr+ Deassertions Enabled : unc+ ucr+

IPMItool QuerytheinputpowerofthePowerSupplies.

Ex#1:ipmitool -U root -H 10.1.1.13 sensor get 'PS1 Input Power'

Ex#2:ipmitool -U root -H 10.1.1.13 sensor get 'PS2 Input Power'

AgainnoticethatthePowerSupply2valuesareconsistentwithasupplythatisfunctioningwhereasPowerSupply1clearlyshowsitisnotpresent.


30

2 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted 3 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted 4 | 06/13/2014 | 19:19:43 | Power Unit #0x01 | Power off/down | Asserted 5 | 06/16/2014 | 15:33:03 | Power Unit #0x01 | Power off/down | Deasserted 6 | 06/16/2014 | 15:33:03 | Button #0x09 | Power Button pressed | Asserted 7 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Redundancy Lost 8 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant 9 | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Redundancy Lost a | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant b | 06/16/2014 | 15:33:16 | System Event #0x83 | Timestamp Clock Sync | Asserted c | 06/16/2014 | 15:33:25 | System Event #0x83 | Timestamp Clock Sync | Asserted d | 06/16/2014 | 15:34:36 | System Event #0x83 | OEM System boot event | Asserted e | 06/16/2014 | 15:34:36 | System Event #0x08 | PEF Action | Asserted

2 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted 3 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted 4 | 06/13/2014 | 19:19:43 | Power Unit Pwr Unit Status | Power off/down | Asserted 5 | 06/16/2014 | 15:33:03 | Power Unit Pwr Unit Status | Power off/down | Deasserted 6 | 06/16/2014 | 15:33:03 | Button Button | Power Button pressed | Asserted 7 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Redundancy Lost 8 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant 9 | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Redundancy Lost a | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant b | 06/16/2014 | 15:33:16 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted c | 06/16/2014 | 15:33:25 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted d | 06/16/2014 | 15:34:36 | System Event BIOS Evt Sensor | OEM System boot event | Asserted e | 06/16/2014 | 15:34:36 | System Event System Event | PEF Action | Asserted

IPMItool QuerytheSystemEventLogTheSystemEventLog(SEL)providesstorageofallsystemevents.YoucanviewthecontentsoftheeventlogwithIPMItool.TheSELkeepsthelast12events.QuerytheSEL

ipmitool -U root -H 10.1.1.13 sel list QuerytheSELinamorehumanreadableform

ipmitool -U root -H 10.1.1.13 sel elist


31

SEL Record ID : 0002 Record Type : 02 Timestamp : 06/16/2014 15:33:06 Generator ID : 0020 EvM Revision : 04 Sensor Type : Power Unit Sensor Number : 02 Event Type : Generic Discrete Event Direction : Deassertion Event Event Data (RAW) : 01ffff Description : Redundancy Lost Sensor ID : Pwr Unit Redund (0x2) Entity ID : 21.1 Sensor Type (Discrete): Power Unit States Asserted : Redundancy State [Redundancy Lost] [Non-Redundant: Sufficient from Redundant]

IPMItool QuerytheSELtogetmoredataforaspecificevent

ipmitool -U root -H 10.1.1.13 sel get 0x02

Thevalue0x02istheexampleistherecordIDandyoucanseethisinthefirstselexampleonthepreviouspage.


32

BMC Web Console Asmentionedintheprefaceofthisdocument,theIntelligentPlatformManagementInterface(IPMI)isaninterfaceusedbyadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Intheprevioussection,wedemonstratedhowtousethecommandlineIPMItooltoaccesstheIPMIsensors.Inthissection,we’llcovertheIntegratedBMCWebConsole.TheEmbeddedWebConsoleisavailablewithouttherequirementsforanyagentsorremoteIPMItoolsandisalwaysaccessibleregardlessofthestateoftheoperatingsystem.Thewebconsoleisableto:

Viewthesensors,eventlog,andassetinventoryofthesystem. Retrieveanddownloadthediagnosticslog,containingimportantinformationaboutsystemcrashes. LaunchKVMandmediaredirectionIntel®RemoteManagementModule(Intel®RMM)required. Configuree‐mailorSNMPalertingaswellasothersettings.

ThissectionwillgiveyouadescriptionofanumberofareaswithintheIntegratedBMCWebConsolethathavevaluerelativetotheMcAfeeSIEMappliances.However,therearesomeareasthatcouldcauselossofcontactorserviceinterruptionsshouldyoumakemodification.Westrongencourageyoulimityouractivitytothesectionswehaveoutlined.Theconsoleisdividedintofourtabsinahorizontalmenu.Withineachtab,amenuisprovidedontheleftside.Eachtabandeachmenuoptionwithineachtabhasashortdescriptiononitsfunction.Figure22isalegendofeachTabanditsassociatedMenuoptions.

Figure 22


33

Ifforsomereasonyoudonotseethedialogabove,checkwithyournetworkingteamtoensurethatyourdesktophasaccesstotheIPMIIPaddress.Forsecurityreason,theIPMIIPaddressmaybeonadifferentsubnet.Inaddition,youshouldensurethattheIPMINIChasbeencabledtoyourswitchedenvironment.Seepage15forthelocationoftheIPMINIC.

BMC Web Console Toaccessthewebconsole,launchyourfavoritebrowserandentertheIPaddressyouusedtoconfiguretheIPMIinterfaceonpage16.YourbrowsershouldsupportHTTPS.Inaddition,ifyouwishtouseRemoteConsole,yourbrowserwillneedtobeJavaenabled.UsingJREversion6Update22andabove.Figure23displaytheloginscreenyoushouldsee.

Oncethedialogaboveappears,entertheuserrootandthepasswordyouusedtosettheIPMIrootpasswordonpage17.Whensuccessful,youwillseeFigure15(followingpage),theSystemInformationpageoftheBMCWebConsole.

Figure 23


34

BMC Web Console

Asyounavigatethroughthemenuoptions,thebrowserwillfetchinformationtopopulatethesectionyounavigatedto.Sometimes,itmaytakeseveralsecondsormoreforthedisplaytofullypopulate.Duringthistimeyouwillseeaprogressbarontherightsideofthepage,justbeneaththebluehorizontallinethatseparatestheheaderofthesectionanditscontent.Theprogressbarwilllooksimilartotheimagebelow.

Atthispoint,feelfreetonavigatethroughtheoptionsusingthelegendonpage36togetacquaintedwiththeinterfaceandthereturntimeperformanceofcertainpages.

Figure 24


35

BMC Web Console ServerHealthTab–SensorReadingsTheServerHealthtab,Figure25,showsyoudatarelatedtotheserver'shealth,suchassensorreadings,theeventlog,andpowerstatisticsasexplainedinthefollowingsubsections.WhenyouclickontheServerHealthtab,bydefaultyouwillopentheSensorReadingspage.

TheSensorReadingsdisplayssystemsensorinformationincludingstatus,health,andreadingvalueevery60secondsbydefault.AlistofoptionfortheSensorReadingspageisbelow.

Option Task

SensorSelectiondropdownboxSelectthetypeofsensorreadingstodisplayinthelist.Thedefaultistodisplayallsensors.

SensorReadingslistSelectedsensorsshownwiththeirname,status,health,andreadings.

Refreshbutton Clicktorefreshtheselectedsensorreadings.

ShowThresholdsbutton

Clicktoexpandthelist,showinglowandhighthresholdAssignments.Showsthecritical(CT)andnoncritical(NC)thresholdsfortheselectedsensors.Usescrollbaratthebottomtomovethedisplayleftandright.

HideThresholdsbuttonClicktoreturntotheoriginaldisplay,hidingthethresholdvalues.

Setauto‐refreshinseconds(0todisable)selection

Enterthetime(inseconds)towaitbetweenupdatesoftheSensorReadingsandthenclicktheSetbutton.

Figure 25


36

BMC Web Console ServerHealthTab–EventLogTheEventLogpage,Figure26,displaysthesystemsservermanagementevents.Eventsareloggedasvarioustasks(booting),statuschanges(powersuppleremoval)orothereventsoccur.ThefollowingtableliststheoptionsavailableforServerHealth.

Option Task

EventLogDropdownbox Selectthetypeofeventstodisplayinthelist.

EventLogList

Selectedsensorsareshownwiththeirname,status,andreadings.ThisincludesalistoftheeventswiththeirID,timestamp,sensorname,sensortype,anddescription.

ClearEventLogbutton ClicktoclearEventLogs.

Figure 26


37

BMC Web Console ServerHealthTab–PowerStatisticsThePowerStatisticspage,Figure27,displaysthesystemspowerstatisticsinwattsandoverwhatduration.

NOTE:Thetimevalue,atthetopofthedialog,willberesetwhentheapplianceispoweredoff.

Figure 27


38

McAfeeadvisescustomerstousethesectionswithintheConfigurationTab asviewonlyoptionsexceptwhereindicatedinthisguide.AnymodificationmayresultininaccessibilityorpossibledatalostontheSIEMappliance.

WhilethisdocumentreferstotheIPMIchannel,theactualnameforthatchannelistheIntel(R)RMMchannel.Donotmakeanychangeswithinthisdialog.AnychangetotheIPMIIPaddressshouldalwaysbedoneviatheESMbrowser‐basedinterface.ThetwoadditionalLANchannels,BaseboardMGMTandMGMT2arethesameastheSIEMMGMT1andMGMT2portsbutshouldbeleftattheirdefaultvalues.AnymodificationherewillcausetheappliancetobecomeunreachablebytheSIEMenvironment.

BMC Web Console ConfigurationTabTheConfigurationTabcontainsalargenumberofoptionssuchasNetwork,RemoteSessionandAlerts.Usershavetheoptiontoviewormodifyanumberofthesesettings.ThissectionwillcoveronlytheitemsMcAfeebelievesareneededtoremotemanagetheSIEMappliances

ConfigurationTab–IPv4Network

TheIPv4NetworkSettingspage,Figure28,isusedtoconfiguretheIPv4networksettingsfortheServerManagementLANinterface(IPMI)totheBMCcontroller.Thesettingsyouseebelowwillmatchtheonesusedonpage18toconfiguretheIPMIinterfacefromtheESMbrowser‐basedinterface.IfyouneedtochangetheIPMIIPAddress,pleasedosoviatheESMbrowser‐basedinterface.

Figure 28


39

BMC Web Console ConfigurationTab–IPv4NetworkWhileMcAfeedoesnotrecommendchangingthenetworksettingshere,thefollowingtableliststheoptionsavailableforIPv4Networking.

Option Task

EnableLANFailover

UsedtoenableLANFailover(onlyavailableonEPSDPlatformsBasedonIntelXeonProcessorE5‐4600/2600/2400/1600/1400ProductFamilies)

LANChanneldropdownbox

Usedtoselectthechannelonwhichyouwanttoconfigurethenetworksettings.ListstheLANChannelsavailableforservermanagement.TheLANchannelsdescribethephysicalNICconnectionontheserver.

IntelRMM(BMCLANChannel3)istheadd‐inRMM4DedicatedManagementNIC.

BaseboardMgmt(BMCLANChannel1)istheon‐board,sharedNICconfiguredformanagementandsharedwiththeoperatingsystem.

BaseboardMgmt2(BMCLANChannel2)isthesecondon‐board,sharedNICconfiguredformanagementandsharedwiththeoperatingsystem.

MACAddress TheMACaddressofthedevice(readonly)

IPaddressradiobuttons

SelectoneofthethreeoptionsforconfiguringtheIPaddress:

ObtainanIPaddressautomatically(useDHCP)‐UsesDHCPtoobtaintheIPaddress.

UsethefollowingIPaddress–ManuallyconfiguretheIPaddress.

DisableLANChannel–SetstheIPaddress,SubnetMask,andDefaultGatewayto0.0.0.0.

IPAddressSubnetMaskGateway

IfconfiguringastaticIP,entertherequestedaddress,subnetmask,andgatewayinthegivenfields.TheIPAddressismadeoffournumbersseparatedbydotsasin"xxx.xxx.xxx.xxx".'xxx'rangesfrom0to255.First'xxx'mustnotbe0.

PrimaryDNSServerSecondaryDNSServer

IfconfiguringadynamicIP,enterthePrimaryandSecondaryDNSservers.

Savebutton Clicktosaveanychangesmade.


40

Bydefault,rootistheonlyuserenabledandistheuseraccountwhosepasswordissetwhenchangingtheNGCPaccountpasswordintheESMbrowser‐basedinterface.Donotchangethepasswordhere.Also,whileotheruserscanbeenabled,McAfeestronglyrecommendsleavingtheconfigurationasshowninfigure29.

BMC Web Console ConfigurationTab–UsersTheUserListpage,Figure29,liststheconfiguredusers,alongwiththeirstatusandnetworkprivilege.Italsoprovidesthecapabilitytoadd,modify,anddeleteusers.

ThispageallowstheoperatortoconfiguretheIPMIusersandprivilegesforthisserver: UserID1(anonymous)maynotberenamedordeleted. UserID2(root)maynotberenamedordeleted,norcanthenetworkprivilegesofUserID2

bechanged. UserNamescannotbechanged.Torenameauseryoumustfirstdeletetheexistinguser,

andthenaddtheuserwiththenewname.Todeleteauser,selecttheuserinthelistandclickDeleteUser.Toaddauser,selectanemptyslotinthelistandclickAddUser.

Figure 29


41

BMC Web Console ConfigurationTab–AlertsTheAlertspage,Figure30,isusedtoconfigurewhichsystemeventsanalertcanbegeneratedforandthedestinationforthesealerts.UptotwodestinationscanbeselectedforeachLANchannel.Eachdestinationwillreceiveanalert,basedonitsprotocol(SNMPorSMTP),whenoneoftheselectedtriggereventsoccurs.

NOTE:OnlyconfigureAlertsfortheIntel(R)RMMchannel.GloballyEnablePlatformEventFiltering:

Thiscanbeusedtopreventsendingalertsuntilyouhavefullyspecifiedyourdesiredalertingpolicies.LogEventonFilterAction:

ThiscanbeusedtoenableordisabletheloggingofaneventintotheSystemEventLogwhenaFilterActionistaken.

Figure 30


42

BMC Web Console ConfigurationTab–AlertsThefollowingtableliststheoptionsallowingyoutoselectwhicheventsthatalertsshouldbesentonandselectionofwherethealertsaretobesentto.

Option Task

Selecttheeventsthatwilltriggeralerts. Selectoneormoresystemeventsthatwilltriggeranalert.

Check/ClearAllbuttons Clicktoselectorclearallevents.

LANChanneltoConfigureSelecteithertheBMCorRMM4toconfigurethedestination

AlertDestination#1/#2SelecteitherSNMPalongwiththeIPaddressoremailaddressthatthealertwillbesentto.UptotwodestinationscanbeelectedforeachLANchannel

Savebutton Clicktouseselectedsetup.

SendTestAlertsbutton Afterconfiguringselectthistosendatestalert.


43

BMC Web Console RemoteControlTabTheRemoteControltabhelpsyouperformthefollowingremoteoperationsontheserver.TheseareConsoleRedirection,ServerPowerControlandVirtualFrontPanel.Belowisanexplanationofeach.RemoteControlTab–ConsoleRedirectionBydefault,theRemoteControltabopenstheConsoleRedirectionpageasshowninFigure31.Tolaunchtheconsoleredirect,clicktheLaunchConsolebutton.Oncedone,twodialogswillappear.Seeexamplesbelow.Figure32promptyoutothataJavapackagewillbedownloaded.Figure33asksyoutoopenthepackage.

Figure 31

Figure 32

Figure 33


44

Figure 34

BMC Web Console RemoteControlTab–ConsoleRedirectionWhatisaJNLPfile?JNLPisanacronymforJavaNetworkLaunchingProtocol.TheJNLPfileformatisusedbyJavatolaunchandmanagevariousJavaapplicationsoveranetworkorontheInternet.TheJNLPfilesaresavedintheXMLfileformat.ThefilesareactuallycomprisedofagroupofprotocolsthatdefinethespecificrequirementsofaJAVAlaunchingmechanism.NOTE:Javawillhavetobeinstalledinordertotakeadvantageofthiscapability.JavaRuntimeEnvironment(JRE)Version6Update22orhigherisrequired.OnceJavahasbeeninstalled,clickOKontheopeningoftheJNLPfile,Figure24(previouspage).ThiswillthenlaunchtheJavaRunTimeEnvironment.YoumaybrieflyseeaJavasplashscreen.Atthispoint,oneoftwoscenarioswilloccur.Scenario#1OnceJavaisloaded,aSecurityWarningpopup,Figure34,willaskyoutoconfirmthatthisapplicationshouldberun.CheckAcceptandthenclickRun.Tocontinue,simplyclickthecheckboxtoacceptandthentheRunbutton.Oncedone,theJNLPwillcompleteexecutionandtheJViewerwillloaddisplayingtheconsoleasitisatthattime.SeeFigure35.

Figure 35


45

BMC Web Console Scenario#2IfyouarerunningJava7,Update51orlater,ablockedapplicationdialogwillappear.SeeFigure36.Previoustoupdate51,thepop‐upsimilartotheonesinScenario#1wouldhaveappeared.However,startingwithJava7Update51,anewSecurityExceptionlisthasbeenaddedandyouwillneedtoprovideanexceptioninordertoproceed.Todothis,gotoControlPanel,thenselectJava.Next,selecttheSecuritytab.TheSecuritydialogwilllooksimilartotheexampleinFigure37.Next,clicktheEditSiteListbuttonandenterthefullpathoftheappliancesIPMINIC.TheexampleinFigure37displaysthecompletedexceptionlist.Oncethisentryissaved,theJavaappwillallowaccesstotheRemoteControlappandscenario#1shouldoccur.NOTE:Youalsomayneedtomakeadditionalsecurityadjustmentsonyourdesktop.ApplicationssuchasWindowsFirewallorMcAfeeEnd‐Pointproductsmayalsopreventaccessthisapplication.

Figure 36

Figure 37


46

Figure 38

Figure 39

BMC Web Console RemoteControlTab–ConsoleRedirectionUsingtheconsoleOncetheWebConsolehasstartedandyouseetheApplianceMenu(WhiteLCDdisplayinupperleftcorner)youarereadytousetheconsoleasifyouweredirectlyattachedviaamonitorandkeyboard.However,thereareafewnavigationtechniquesyouwillneedtoknow.LikemostWindowsapps,JViewerhasanumberofmenuoptionsthatwillcomeinhandyasyouusetheconsole.RefreshthedisplayDuringthetestingoftheIPMIinterfaceforthisdocument,itwasnoticedthatonarareoccasion,theinterfaceseemedtoeitherstallorstopcompletely.Thiscouldbeduetonetworkcongestionorthefailure/errorwithinJREitself.Fortunately,thereisaneasyremedy.LocatedintheVideomenuisaRefreshVideooption.Simplyselectingthisandallowingtheconnectiontoberebuiltshouldsolvetheproblem.Figure38showsthelocationofRefreshVideo.UsinganALTkeyLikemostLinux‐basedproducts,theMcAfeeSIEMappliancesallowformultipleTTYsessionsatthecommand‐line.ThestandardkeystroketoentertheseistousetheALTkeyfollowedbyF2,F3,etc.However,intheWebConsole,theALTkeyisnottransmitted,soahelperoptionisprovided.LocatedintheKeyboardmenu,Figure39,thereareanumberofcheckboxesthatyoucanselecttoallowformulti‐keycommands.Asanexample,toperformanALT‐F2,selectKeyboard,andthencheckHoldLeftAltKey.NextpressF2andthiswilltakeyoutotty2.UsingF3,F4,etc,willaccessadditionttysession.However,youwillhavetore‐selectKeyboardandthenuncheckHoldLeftAltKeytoturnoffthiscapabilityasthisisanon/offtogglefunction.


47

WhilethisdialogwillallowadministratorstoperformgracefulshutdownsoftheSIEMappliances,McAfeerecommendsthatresettingorpoweringdowntheapplianceshouldalwaysbedoneviatheESMbrowser‐basedinterface.

WhiletheMcAfeeSIEMappliancesareACPIaware,itispossiblefortheGracefulOSShutdowntonotfunctionproperlyortimeoutiftheapplianceisperformingothertasks.AfteraGracefulShutdownhasbeenrequested,ifthesystemdoesnotshutdownasrequested,thecommandcannotbeexecutedagainforfiveminutes.However,McAfeerecommendsthatpoweringdowntheappliance(s)shouldalwaysbedoneviatheESMbrowser‐basedinterface.

BMC Web Console RemoteControlTab–ServerPowerControlTheServerPowerControlpage,Figure40,showsthecurrentpowerstatusandallowspower/resetcontroloftheappliance.

Figure 40


48

BMC Web Console RemoteControlTab–ServerPowerControlThefollowingtableliststheoptionsforpowercontrol.

Option Task

Reset Server Select option to hard reset the host without powering off.

Force-Enter BIOS Setup Check this option to enter into the BIOS setup after resetting the server.

Power OFF Server Select option to immediately power off the host.

Graceful Shutdown Select option to soft power off the host.

Power ON Server Select option to power on the host

Power Cycle Server Select option to immediately power off the host, and then power it back on after one second.

Perform Action button Click to execute the selected remote power command.

Note: All power control actions are done through the BMC and are immediate actions. It is strongly suggested to gracefully shut through the ESM browser-based interface.


49

WhilethisdialogwillallowadministratorstoperformgracefulshutdownsoftheSIEMappliances,McAfeerecommendsthatresettingorpoweringdowntheapplianceshouldalwaysbedoneviatheESMbrowser‐basedinterface.

BMC Web Console RemoteControlTab–VirtualFrontPanelTheVirtualFrontPanelpage,Figure41,allowsuserstocontroltheapplianceinthesamemannerasiftheywenexttothephysicalappliance.

Figure 41


50

BMC Web Console RemoteControlTab–VirtualFrontPanelThefollowingtableliststheoptionsforVirtualFrontPanel.

Option Task

PowerButton ThePowerbuttonisusedtopoweronorpoweroff.

ResetButton TheResetbuttonisusedtoresettheserverwhilesystemisON.

ChassisIDButtonWhentheChassisIDbuttonispressed,thechassisIDLEDchangestosolidon.Ifthebuttonispressedagain,thechassisIDLEDturnsoff.

GracefulShutdown Selectoptiontosoftpoweroffthehost.

PowerLEDThePowerLEDshowsthesystempowerstatus.IfthePowerLEDisgreen,thesystemisON.IfthePowerLEDisgrey,thesystemisOFF.

StatusLEDTheStatusLEDreflectsthesystemstatusLEDstatusanditisautomaticallyinsyncwiththeBMCevery60seconds.ThisreflectstheSystemStatusLED.

ChassisIDLEDTheChassisIDLEDshowsthecurrentsystemchassisIDstatus.IftheChassisIDLEDisblue,theChassisIDisindefiniteON.IftheChassisIDLEDisgrey,theChassisIDisOFF


51

Appendix A – Command Line Arguments for IPMItool -a PromptfortheRemoteIPMIserverpassword.

-A <authtype>

SpecifyanauthenticationtypetouseduringIPMIv1.5lansessionactivation.SupportedtypesareNONE,PASSWORD,MD2,MD5,orOEM.

-c PresentoutputinCSV(commaseparatedvariable)format.Thisisnotavailablewithallcommands.

-e <sol_escape_char> UsesuppliedcharacterforSOLsessionescapecharacter.Thedefaultistouse~butthiscanconflictwithsshsessions.

-k <key> UsesuppliedKgkeyforIPMIv2authentication.ThedefaultisnottouseanyKgkey.

-y <hex key>

UsesuppliedKgkeyforIPMIv2authentication.Thekeyisexpectedinhexadecimalformatandcanbeusedtospecifykeyswithnon‐printablecharacters.Forexample,"‐kPASSWORD"and"‐y50415353574F5244"areequivalent.ThedefaultisnottouseanyKgkey.

-C <ciphersuite>

TheRemoteIPMIserverauthentication,integrity,andencryptionalgorithmstouseforIPMIv2lanplusconnections.Seetable22‐19intheIPMIv2specification.Thedefaultis3whichspecifiesRAKP‐HMAC‐SHA1authentication,HMAC‐SHA1‐96integrity,andAES‐CBC‐128encryptionalgorithms.

-E TheRemoteIPMIserverpasswordisspecifiedbytheenvironmentvariableIPMI_PASSWORD.

-f <password_file> SpecifiesafilecontainingtheRemoteIPMIserverpassword.Ifthisoptionisabsent,orifpasswordfileisempty,thepasswordwilldefaulttoNULL.

-h Getbasicusagehelpfromthecommandline.

-H <address> RemoteIPMIserveraddresscanbeIPaddressorhostname.NOTE:Thisisnottheappliance’smainIP.TheIPMIcontrollerwillhaveitsownuniqueIPaddress.

-I <interface>

SelectsIPMIinterfacetouse.Supportedinterfacesthatarecompiledinarevisibleintheusagehelpoutput.Optionsarelanoropen.IflanittellsIPMItooltousethenetworktosendcommandsinsteadofinterfacingwiththelocalIPMIcontroller.

-L <privlvl> Forcesessionprivilegelevel.CanbeCALLBACK,USER,OPERATOR,andADMINISTRATOR.DefaultisADMINISTRATOR.

-m <local_address> SetthelocalIPMBaddress.Thedefaultis0x20andthereshouldbenoneedtochangeitfornormaloperation.

-o <oemtype> SelectOEMtypetosupport.ThisusuallyinvolvesminorhacksinplaceinthecodetoworkaroundquirksinvariousBMCsfromvariousmanufacturers.Use‐olisttoseealistofcurrentsupportedOEMtypes.

-O <sel oem> OpenselectedfileandreadOEMSELventdescriptionstobeusedduringSELlistings.Seeexamplesincontribdirforfileformat.

-p <port> RemoteIPMIserverUDPporttoconnectto.Defaultis623.


52

-P <password>

RemoteIPMIserverpasswordisspecifiedonthecommandline.Ifsupported,itwillbeobscuredintheprocesslist.Howeverthispasswordisstorethepasswordinyourhistoryfileandmaybevisibletootherusers(through“ps”orsimilar).Note:Specifyingthepasswordasacommandlineoptionisnotrecommended.

-S <sdr_cache_file>

UselocalfileforremoteSDRcache.UsingalocalSDRcachecandrasticallyincreaseperformanceforcommandsthatrequireknowledgeoftheentireSDRtoperformtheirfunction.LocalSDRcachefromaremotesystemcanbecreatedwiththesdrdumpcommand.

-t <target_address> BridgeIPMIrequeststotheremotetargetaddress.

-U <username> RemoteIPMIserverusername. ForMcAfeeSIEMappliancesthiswillalwaysberoot.

-v Increaseverboseoutputlevel.Thisoptionmaybespecifiedmultipletimestoincreasethelevelofdebugoutput.Ifgiventhreetimesyouwillgethexdumpsofallincomingandoutgoingpackets.

-V Displayversioninformation.


53

Appendix B – Command Syntax Guide for IPMItool NOTE: Columns / commands which are grayed out either do not return values on McAfee SIEM Appliances or are not intended for general use without support or development assistance and could result in data loss on the appliance. This also hold true for certain commands within supported commands.

raw

ThiswillallowyoutoexecuterawIPMIcommands.Usage:raw <netfn> <cmd> [data] Example:ipmitool raw 0x0 0xf ForexampletoquerythePOHcounterwitharawcommand.NetworkFunctionCodes(netfn): VAL HEX STRING ============================================== 0 0x00 Chassis 2 0x02 Bridge 4 0x04 SensorEvent 6 0x06 Application 8 0x08 Firmware 10 0x0a Storage 12 0x0c Transport

i2c SendanI2CMasterWrite‐Readcommandandprintresponse

spd PrintSPDinfofromremoteI2Cdevice

lan ConfigureLANChannels

chassis

Getchassisstatusandsetpowerstateoftheappliance.Usage:chassis <status|power|identify|policy|restart_cause| poh|bootdev|bootparam|selftest> Example:ipmitool chassis poh ipmitool chassis power status Arguments:status Displaysinformationregardingthehigh‐levelstatusofthesystemchassisandmainpowersubsystem.Power(seepowersectionbelow)identify <interval> Controlthefrontpanelidentifylight.Defaultis15.Use0toturnoff.Policy <state>


54

Setthechassispowerpolicyintheeventpowerfailure. list Returnsupportedpolicies.always-on Turnonwhenpowerisrestored.previous Returnedtopreviousstatewhenpowerisrestored.always-off Stayoffafterpowerisrestored. restart_cause Querythechassisforthecauseofthelastsystemrestart.poh ThiscommandwillreturnthePower‐OnHourscounter. bootdev <device> [clear-cmos=yes|no] bootdev <device> [options=help,] Requestthesystemtobootfromanalternatebootdeviceonnextreboot.Theclear‐cmosoption,ifsupplied,willinstructtheBIOStoclearitsCMOSonthenextreboot.Currentlysupportedvaluesfor<device>are:none Donotchangebootdevicepxe ForcePXEbootdisk ForcebootfromBIOSdefaultbootdevicesafe ForcebootfromBIOSdefaultbootdevice,requestSafeModediag Forcebootfromdiagnosticpartitioncdrom ForcebootfromCD/DVDbios ForcebootintoBIOSsetupbootparam get <param #> bootparam set bootflag <flag> Requestthesystemtoforceabootfromanalternatebootdeviceonnextreboot.Theclear‐cmosoption,ifsupplied,willinstructtheBIOStoclearitsCMOSonthenextreboot.Currentlysupportedvaluesfor<device>are:force_pxe ForcePXEbootforce_disk


55

ForcebootfromBIOSdefaultbootdeviceforce_safe ForcebootfromBIOSdefaultbootdevice,requestSafeModeforce_diag Forcebootfromdiagnosticpartitionforce_cdrom ForcebootfromCD/DVDforce_bios ForcebootintoBIOSsetupselftest Willdisplayapassorfailofthechassiscomponents.

power

Shortcuttochassispowercommandsandperformsachassiscontrolcommandtoviewandchangethepowerstate.Usage:power <status|on|off|cycle|reset|diag|soft> Example:ipmitool power status Arguments:status Showcurrentchassispowerstatus.on Powerupchassis.off Powerdownchassisintosoftoff(S4/S5state).WARNING:Thiscommanddoesnotinitiateacleanshutdownoftheoperatingsystempriortopoweringdownthesystem.cycle Providesapoweroffintervalofatleast1second.NoactionshouldoccurifchassispowerisinS4/S5state,butitisrecommendedtocheckpowerstatefirstandonlyissueapowercyclecommandifthesystempowerisonorinlowersleepstatethanS4/S5.reset Thiscommandwillperformahardreset.diag Pulseadiagnosticinterrupt(NMI)directlytotheprocessor(s).soft Initiateasoft‐shutdownofOSviaACPI.Thiscanbedoneinanumberofways,commonlybysimulatinganovertemperatureorbysimulatingapowerbuttonpress.ItisnecessaryfortheretobeOperatingSystemsupportforACPIandsomesortofdaemonwatchingforeventsforthissoftpowertowork.

event Sendpre‐definedeventstoMC

mc ManagementControllerstatusandglobalenables


56

sdr

PrintSensorDataRepositoryentriesandreadings.EachcommandwilldisplayaslightlydifferentoutputbutthemainelementswillbeSensorName,SensorNumber,StatusandEntityID.SeeAppendixCforanexplanationEntityvalues.Note:DependingonwhichIPMIcommandyouusethesensornumberthatisdisplayedforaneventmightappearinslightlydifferentformats.Asensornumbercanbedisplayedaseither1Fhor0x1F.Usage:sdr <list|elist|type|info|entity|dump|fill> Example:ipmitool sdr elistParameter:-v Verboseoutput.Arguments: list | elist [<all|full|compact|event|mcloc|fru|generic>] ThiscommandwillreadtheSensorDataRecords(SDR)andextractsensorinformationofagiventype,thenqueryeachsensorandprintitsname,reading,andstatus.Ifinvokedaselistthenitwillalsoprintsensornumber,entityidandinstance,andasserteddiscretestates.Thedefaultoutputwillonlydisplayfullandcompactsensortypes,toseeallsensorsusethealltypewiththiscommand.Validtypesare:all AllSDRrecords(SensorandLocator)full FullSensorRecordcompact CompactSensorRecordevent Event‐OnlySensorRecordmcloc ManagementControllerLocatorRecordfru FRULocatorRecordgeneric GenericSDRrecordstype <sensor type> <list|get> ThiscommandwilldisplayallrecordsfromtheSDRofaspecifictype.Runwithtype listtoseethelistofavailabletypes.AlsoseeAppendixDforthelist.NotethatyoucanleaveListandGetoffandstillgetthesameinformation.ForexampletoqueryforallTemperaturesensors:ipmitool sdr type temperature Baseboard Temp | 30h | ok | 7.1 | 28 degrees C


57

FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees CProcessor1 Temp | 98h | ok | 3.1 | 57 degrees C Processor2 Temp | 99h | ok | 3.2 | 53 degrees C info ThiscommandwillquerytheBMCforSDRinformation. entity <id>[.<instance>] Displaysallsensorsassociatedwithanentity.Getalistofvalidentityidsonthetargetsystembyissuingthesdr elistcommand.AlistofallentityidscanbefoundintheIPMIspecifications.dump <file> DumpsrawSDRdatatoafile.ThisdatafilecanthenbeusedasalocalSDRcacheoftheremotemanagedsystemwiththe-S <file>optionontheipmitoolcommandline.ThiscangreatlyimproveperformanceoversysteminterfaceorremoteLAN.fill sensors fill <filename> CreatestheSDRrepositoryforthecurrentconfigurationordumpsrawSDRdatatoafile.

sensor

PrintdetailedsensorinformationUsage:sensor <list|get|thresh|reading> -v Example:ipmitool sensor listParameter:-v Verboseoutput.Arguments:list Listssensorsandthresholdsinawidetableformat.Leavingthisargumentoffwillproducethesamewideformattable.get <id> ... [<id>] Printsinformationforsensorsspecifiedbyname.thresh <id> <threshold> <setting> Thisallowsyoutosetaparticularsensorthresholdvalue.Thesensorisspecifiedbyname.Validthresholdsare:unr UpperNon‐Recoverable ucr UpperCritical unc UpperNon‐Critical lnc LowerNon‐Critical lcr LowerCritical lnr LowerNon‐Recoverable thresh <id> lower <lnr> <lcr> <lnc> Thisallowsyoutosetalllowerthresholdsforasensoratthesametime.ThesensorisspecifiedbynameandthethresholdsarelistedinorderofLowerNon‐Recoverable,LowerCritical,andLowerNon‐Critical.


58

thresh <id> upper <unc> <ucr> <unr> Thisallowsyoutosetallupperthresholdsforasensoratthesametime.ThesensorisspecifiedbynameandthethresholdsarelistedinorderofUpperNon‐Critical,UpperCritical,andUpperNon‐Recoverable. reading Similartoaget.

fru

ThiscommandwillreadallFieldReplaceableUnit(FRU)inventorydataandextractsuchinformationasserialnumber,partnumber,assettags,andshortstringsdescribingthechassis,board,orproduct.Usage:fru print Example:ipmitool fru print

gendev Read/WriteDeviceassociatedwithGenericDevicelocatorssdr

sel

ViewtheSystemEventLog(SEL).Usage:sel <info|clear|list|elist|delete|save|writeraw|readraw|time> Example:ipmitool sel elist Arguments: info ThiscommandwillquerytheBMCforinformationabouttheSystemEventLog(SEL)anditscontents.clear ThiscommandwillclearthecontentsoftheSEL.Itcannotbeundonesobecareful.list | elist Whenthiscommandisinvokedwithoutarguments,the entirecontentsoftheSystemEventLogaredisplayed.IfinvokedaselistitwillalsousetheSensorDataRecordentriestodisplaythesensorIDforthesensorthatcausedeachevent.Notethiscantakealongtimeoverthesysteminterface.<count>|first <count> Displaysthefirstcount(least‐recent)entriesintheSEL.Ifcountiszero,allentriesaredisplayed.last <count> Displaysthelastcount(most‐recent)entriesintheSEL.Ifcountiszero,allentriesaredisplayed.delete <number> Deleteasingleevent.save <file> SaveSELrecordstotextfilethatcanbefedbackintotheeventfileipmitoolcommand.ThiscanbeusefulfortestingEventgenerationbybuildinganappropriatePlatformEventMessagefilebasedonexistingevents.Pleaseseethe


59

helpforthatcommandtoviewtheformatofthisfile.writeraw <file> SaveSELrecordstoafileinraw,binaryformat.Thisfilecanbefedbacktotheselreadrawipmitoolcommandforviewing.readraw <file> ReadanddisplaySELrecordsfromabinaryfile.Suchafilecanbecreatedusingtheselwriterawipmitoolcommand.time get DisplaystheSELclock'scurrenttime.set <time string> SetstheSELclock.FutureSELentrieswillusethetimesetbythiscommand.<Timestring>isoftheform"MM/DD/YYYYHH:MM:SS".Notethathoursarein24‐hourform.ItisrecommendedthattheSELbeclearedbeforesettingthetime.

pef ConfigurePlatformEventFiltering(PEF)

sol ConfigureandconnectIPMIv2.0Serial‐over‐LAN

tsol ConfigureandconnectwithTyanIPMIv1.5Serial‐over‐LAN

isol ConfigureIPMIv1.5Serial‐over‐LAN

user ConfigureManagementControllerusers

channel ConfigureManagementControllerchannels

session

Printsessioninformation.Getinformationaboutthespecifiedsession(s).Youmayidentifysessionsbytheirid,bytheirhandlenumber,bytheiractivestatus,orbyusingthekeyword`all'tospecifyallsessions.Usage:info <active | all | id 0xnnnnnnnn | handle 0xnn> Example:ipmitool session all

sunoem OEMCommandsforSunservers.WillnotreturnvaluesonMcAfeeSIEMAppliances.

kontronoem OEMCommandsforKontrondevicesWillnotreturnvaluesonMcAfeeSIEMAppliances.

picmg RunaPICMG/ATCAextendedcmd

fwum UpdateIPMCusingKontronOEMFirmwareUpdateManager

firewall ConfigureFirmwareFirewall

shell

ThiscommandwilllaunchaninteractiveshellwhichyoucanusetosendmultipleipmitoolcommandstoaBMCandseetheresponses.Thiscanbeusefulinsteadofrunningthefullipmitoolcommandeachtime.SomecommandswillmakeuseofaSensorDataRecordcacheandyouwillseemarkedimprovementinspeedifthesecommandsareabletoreusethesamecacheinashellsession.LANsessionswillsendaperiodickeepalivecommandtokeeptheIPMIsessionfromtimingout.

exec Runlistofcommandsfromfile

set Setruntimevariableforshellandexec

hpm UpdateHPMcomponentsusingPICMGHPM.1file

ekanalyzer RunFRU‐EkeyinganalyzerusingFRUfiles.WillnotreturnvaluesonMcAfeeSIEMAppliances.


60

Appendix C – SDR Entities Values NOTE:Dependingonhardwareversion,thislistmaycontainmoreorlessvaluesonyourappliance.Someentitiesmaynotreturnanyvalues.Toseecompletelist,usethefollowingcommand:

ipmitool -U root -H 10.1.1.13 sdr entity 0 Unspecified 1 Other 2 Unknown

3 Processor 4 DiskorDiskBay 5 PeripheralBay

6 SystemManagementModule 7 SystemBoard 8 MemoryModule

9 ProcessorModule 10 PowerSupply 11 Add‐inCard

12 FrontPanelBoard 13 BackPanelBoard 14 PowerSystemBoard

15 DriveBackplane 16SystemInternalExpansionBoard

17 OtherSystemBoard

18 ProcessorBoard 19 PowerUnit 20 PowerModule

21 PowerManagement 22 ChassisBackPanelBoard 23 SystemChassis

24 Sub‐Chassis 25 OtherChassisBoard 26 DiskDriveBay

27 PeripheralBay 28 DeviceBay 29 FanDevice

30 CoolingUnit 31 Cable/Interconnect 32 MemoryDevice

33SystemManagementSoftware

34 BIOS 35 OperatingSystem

36 SystemBus 37 Group 38 RemoteManagementDevice

39 ExternalEnvironment 40 Battery 41 ProcessingBlade

42 ConnectivitySwitch 43 Processor/MemoryModule 44 I/OModule

45 Processor/IOModule 46ManagementControllerFirmware

47 IPMIChannel

48 PCIBus 49 PCIExpressBus 50 SCSIBus(parallel)

51 SATA/SASBus 52 Processor/Front‐SideBus 160 PICMGFrontBoard

192PICMGRearTransitionModule

193 PICMGAdvancedMCModule 240PICMGShelfManagementController

241 PICMGFiltrationUnit 242 PICMGShelfFRUInformation 243 PICMGAlarmPanel

Ifthereareanumberofthesameentities,youwillgetadecimalversionofentityID.Forinstance,FanDevicemaydisplayas:

2a |FM5/F0/TACH | 76h | ok | 29.5 | 5300 RPM Where29istheentityvalueand5istheinstanceofthatentity.



61

Appendix D – SDR Type Values NOTE:Noteverytypeparametermaybeusedwiththetypeargumentandmayreturnanerrorornoresults.Toseecompletelist,usethefollowingcommand:

ipmitool -U root -H 10.1.1.13 sdr type

Temperature Voltage

Current Fan

PhysicalSecurity PlatformSecurity

Processor PowerSupply

PowerUnit CoolingDevice

Other Memory

DriveSlot/Bay POSTMemoryResize

SystemFirmware EventLoggingDisabled

Watchdog SystemEvent

CriticalInterrupt Button

Module/Board Microcontroller

Add‐inCard Chassis

ChipSet OtherFRU

Cable/Interconnect Terminator

SystemBootInitiated BootError

OSBoot OSCriticalStop

Slot/Connector SystemACPIPowerState

Watchdog PlatformAlert

EntityPresence MonitorASIC

LAN ManagementSubsystemHealth

Battery SessionAudit

VersionChange FRUState


Documents

SIEM IPMI Configuration and Setup - McAfee Support Community · McAfee SIEM IPMI / RMM Setup and Configuration Guide V1.3 November 2015 . Introduction This document is designed to