Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
McAfee SIEM IPMI / RMM Setup and Configuration Guide
V1.3 November 2015
Introduction
ThisdocumentisdesignedtoprovidethereaderwithallthestepsandinformationonimplementingandusingtheIntelligentPlatformManagementInterface(IPMI)andRemoteManagementMonitorcapabilitiessupportedintheMcAfeeSIEMoperatingenvironmentv9.4andlater.TheIntelligentPlatformManagementInterface(IPMI)isastandardizedcomputersysteminterfaceusedbysystemadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Itisawaytomanageacomputerthatmaybepoweredofforotherwiseunresponsivebyusinganetworkconnectiontothehardwareratherthantoanoperatingsystemorloginshell.IPMIinformationisexchangedthoughBaseboardManagementControllers(BMCs),whicharelocatedonIPMI‐complianthardwarecomponents.TheBMCisaspecializedmicrocontrollerembeddedonthemotherboardofacomputer,generallyaserver.TheBMCmanagestheinterfacebetweensystemmanagementsoftware,inthiscaseRMMandplatformhardware.Usinglow‐levelhardwareintelligenceinsteadoftheoperatingsystemhastwomainbenefits:First,thisconfigurationallowsforout‐of‐bandservermanagement;Second,theoperatingsystemisnotburdenedwithtransportingsystemstatusdata.IPMIfunctionsaredesignedtoworkinanyofthreescenarios:
BeforeanOShasbooted(allowing,forexample,theremotemonitoringorchangingofBIOSsettings)
Whenthesystemispowereddown(butstillattachtopower) AfterOSorsystemfailure–thekeycharacteristicofIPMIcomparedwithin‐bandsystemmanagementsuchasbyremotelogintotheoperatingsystemusingSSH
Remotemonitoringandmanagement(RMM)isacollectionofinformationtechnologytoolsthatarefoundonworkstationsandservers.Thesetoolsgatherinformationregardingtheapplicationsandhardwareoperatingwithinanenvironmentaswellassupplyactivityreportsallowingadministratorstoresolveanyissues.RMMusuallyprovidesasetofITmanagementtoolsliketroubletickettracking,remotedesktopmonitoring,support,anduserinformationthroughacompleteinterface.WithintheMcAfeeSIEMappliancefamily,IPMIisprovidedthroughtheIntelRMM4moduleinstalledintoeveryMcAfeeGEN4SIEMAppliance.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
3
Revision History
August2014 V1.0 FirstPublicRelease
November2014 V1.1
AddedRevisionHistorySection AddedlinkstomotherboardSDRreturncodes. Correctedpagenumber Correctedpasswordonpage10
August2015
V1.2 Updatedlinktomotherboardmanual.
November2015
V1.3 AddeddisclaimeronIPMIbeingdisabledforsecurityconcerns. AddedstepstoenableordisableviaIPMItool
IPMI and RMM Setup and Configuration Guide McAfee SIEM
4
Table of Contents
BIOSUpdate 5Updatingyourappliance(s)toenableIPMIandRMM
EnablingIPMI 15TurningonIPMIviaESMManagementInterface
IPMItool 20CommandlineIPMIsyntaxandexamples
BMCWebConsole 32Usingthewebconsoleinterface
AppendixA 51CommandlineargumentsforIPMItool
AppendixB 53CommandsyntaxforIPMItool
AppendixC 60SDREntityValues
AppendixD 61SDRTypeValues
IPMI and RMM Setup and Configuration Guide McAfee SIEM
5
BIOS Update IPMIandRMMcapabilitiesareonlysupportedontheGeneration4(GEN4)SIEMappliances.Beforeproceedingwiththisdocument,makesureyouhaveGEN4appliances.ThetwoimagesbelowhighlightthestarkdifferencesbetweenGeneration3andGeneration4SIEMappliances.Whiletheexamplesbelowdisplaythe2UGen4applianceandthe3UGen3appliance,theorangebezelisalwaysindicativeofaGen3appliance.
GEN4Appliance
GEN3ApplianceWithintheGen4SIEMappliancefamily,therearesomeexceptionsonwhichplatformssupportIPMIcapabilities.Belowisatableofwhatisandisnotsupported.
IPMISupported IPMINOTSupported
All Standalone ESM Models Any DAS Models (These devices do not have an IPMI port)
All Combination ESM Models Any Receiver (ERC) in HA mode regardless of Model (All available ports are used to configure HA)
All Non-HA Receivers (ERC)
All ACE Appliances
All ADM Appliances
All DEM Appliances
IPMI and RMM Setup and Configuration Guide McAfee SIEM
6
Figure 1
Figure 2
BIOS Update BeforeIPMIandRemoteManagementcanbesupportedwithintheMcAfeeSIEMenvironment,theBIOSforeachappliancemustbeataspecificreleasetoenablecapabilitieswithintheSIEMManagementinterfaceandSIEMoperatingenvironment.Asoutlinedintheprevioussection,remotemanagementisonlyavailableonGeneration4andlaterappliancesaswellasoperatingenvironmentv9.4andlater.SeeprevioussectionforadescriptionoftheappliancestoensureyouhaveaGEN4appliance.CheckcurrentapplianceversionIPMIandRMMcapabilitiesareonlysupportedintheSIEMoperatingenvironmentv9.4andabove.TocheckwhichMcAfeeSIEMOperatingEnvironmentversionyourappliance(s)arecurrentlyat,logintoyourESMusinganyflashcapablebrowser.Oncetheloginscreenappears,checkthelowerleftcornerofthebrowserfortheversionnumber.Itshouldbeversion9.4.0orgreater.SeeFigure1foranexample.Ifyourappliancedoesnothavethisversion,accesstheMcAfeedownloadpagetoobtainthelatestrelease.Onceithasbeenupgraded,continuewiththestepsfollowingthistopic.
Thedownloadlinkis:http://www.mcafee.com/us/downloads/downloads.aspxWhileallMcAfeeSIEMappliancesshouldbeonthesameoperatingenvironmentrelease,itispossiblethatthismaynotbethecaseinyourenvironment.Werecommendcheckingeachappliance’sSIEMOperatingEnvironmentversion.Todothis,selecttheapplianceandclickthePropertiesicon(WhiteSquareiniconbarabovedevicetreedisplay)andtheresultingdialogwilldisplaytheversion.AnexampleofthisisinFigure2. CheckcurrentapplianceBIOSversionOnceyouhaveidentifiedyourapplianceasGEN4hardwareandthatyouareontheproperSIEMoperatingenvironmentversion,youshouldcheckyourBIOSversiontoensurethatitrequiresaBIOSupdate.Dependingonwhenyoureceivedyourappliance(s),itsBIOSmayhavealreadybeenupdated.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
7
McAfee-ETM-6000 ~ # dmidecode -t 0 # dmidecode 2.10 SMBIOS 2.6 present. 172 structures occupying 10014 bytes. Table at 0x000EB570. Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: Intel Corp. Version: SE5C600.86B.02.02.0002.122320131210 Release Date: 12/23/2013 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 8192 kB Characteristics: PCI is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported BIOS Revision: 4.6 McAfee-ETM-6000 ~ #
Figure 3
IfyourapplianceBIOSReleasedateisbefore12/23/2013ANDyouarerunningv9.5.0TheIPMIdialogsaredisabledwithintheGUI.Tocorrect,youwillhavetoperformtheBIOSupgradestepsinthefollowingpages.
BIOS Update TochecktheBIOSversion,SSHintotheapplianceandissuethefollowingcommand:
McAfee-ETM-6000 ~ # dmidecode –t 0 Figure3displaysanexampleoftheoutputthecommandwillgenerate.
ThecorrectBIOSversionreleasedateshouldbeatorlaterthantheexamplehighlighted(yellow)above.Ifyoursisnot,continuewiththestepsonthefollowingpages.IfyourBIOSversionisatorlaterthanthisreleasedate,continueontotheESMSetupsectiononpage16.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
8
TheBIOSpackageslocatedherearespecificIntelSecurity(McAfee)SIEMAppliances.DonotattempttouseanyotherBIOSpackagesotherthanwhatislocatedhere.
BecauseBIOSpackagesmaychangebetweenSIEMoperatingenvironmentreleases,pleaserefertotheContents-README.txtfileforthecorrectpackagethatistobeusedfortheapplianceyouareupgrading.
BIOS Update ObtainingtheBIOSupdatepackageToupgradetheapplianceBIOSyouwillneedextracttheproperIntelSecurityBIOSupdatepackagetoaUSBflashdrive.ThesecompressedpackagesarelocatedontheESMapplianceinthefollowingdirectory:
/etc/areca/system_bios_update/ Thedirectorywillcontainfilessimilar,butnotexactly,astheonesbelow:
850-1773-03_032514.zip 850-1904-00_012714.zip Contents-README.txt
AfteryouhaveidentifiedwhichZIPpackageisappropriatefortheapplianceyouareupgrading,useanapplicationlikeSCPorWinSCPtodownloadtheZIPpackage.Ifyourenvironmentrequiresbothzippackages,pleaseextracteachziptoitsownproperlylabeledUSBflashdrive.Mixingthepackagescouldrenderanapplianceun‐bootable.Onceyouhavedownloadedthezippackage,unzipittotherootofyourUSBflashdrive.Thedriveyouuseshouldbeempty,shouldbea4GBdriveorlessandcanbeformattedusingWindowsorLinuxfilesystems.Italsodoesnothavetobebootable.ThedirectoryontheUSBflashdrivewilllooksimilartoFigure4below.
Figure 4
IPMI and RMM Setup and Configuration Guide McAfee SIEM
9
Donotmakeaselection.Letthesystembootasnormal.ItwillautorecognizethattheUSBdriveisattachedandbootfromit.TheMcAfeeSplashscreenmaytakeupto60secondsbeforeproceeding.
BIOS Update Next,inserttheUSBflashdriveintoanunusedUSBportonthebackoftheappliancebeingupgraded.Therearofbothappliances(1Uand2U),andtheirrespectiveUSBports,arehighlightedinFigure5.OncetheUSBflashdrivehasbeenattached,re‐boottheappliance.Toensureapropershutdown,useeithertheSIEMAdministrativeinterface(browser‐basedGUI)oramonitorandkeyboardattachedtothesystemtoaccesstheLCDemulatorintheupperleftcorneroftheconsole.Theshutdownprocessmaytakeseveralminutessothatitcansafelycompleteanyoutstandingtask.Pleasebepatient.Oncethesystembootsnormally,itwilldisplaytheMcAfeeBootSplashscreenasshowninFigure6.
Figure 5
Figure 6
IPMI and RMM Setup and Configuration Guide McAfee SIEM
10
Figure 7
Donotinterruptorresettheupdateprocess,removepowertothesystem,orusethekeyboard(unlessprompted)whiletheupdateistakingplace.Doingsocouldresultinanunbootablesystem.
Figure 8
BIOS Update After the McAfee boot splash clears, the system willrecognize the USB and will start to boot. However,depending onwhen you received your SIEM appliance,there may have been a BIOS password set and it willneed to be entered in order for the automated BIOSupdate process to start. If this is the case in yourenvironment, the example in Figure 7will appear. Thepasswordyouenterwilldependonthetypeofapplianceyouareupdating.
For1UAppliancesuse: appl1anFor2UAppliancesuse: @ppl1@nc3
OnceyouhavesuccessfullyenteredtheBIOSpassword,youshouldseeascreensimilartoFigure8.Atthispointitshouldstartupdatingthesystemautomaticallyandyouwillseemessagesscrollacrossthescreen.Theentireprocesscantakeasmuchas15to20minutestocomplete.Therearemultiplephasesoftheupdateprocessasthevarioussubsystemsofthemotherboardareupdated.Youmaynoticethattheappliancecoolingsystempowercycleanumberoftimes,thisisnormal.Youmayalsonoticemessagesindicatingpasswordfailures,thisalsoisnormal.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
11
BIOS Update TheupdateprocessshouldendsuccessfullywithamessagesimilartoFigure9.ItwillindicatethattheUSBflashdriveshouldberemovedandthesystemrebootedusingthefront‐panelresetbutton.TroubleshootingYoumaynotalwaysgetthedisplayinFigure9onyourfirstattemptatupdatingtheBIOS.ThiscouldbeduetoissueswheretheFRUflagsafewmessagesorrecoverableerrorshaveoccurred.Thefollowingpage(s)willprovideguidanceonhowtohandlesomeoftheseissuesshouldtheyarise.
Update file configuration: Revision S2600GZ.112 FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation. Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. FRUSDR update completed. Setting BIOS Admin and User Password Successfully Completed Successfully Completed BIOS Admin and User Password Set Updates Completed. Please remove the USB key and reboot using the front panel bu tton Fs0:\>
Figure 9
IPMI and RMM Setup and Configuration Guide McAfee SIEM
12
BIOS Update Chassis Selection Insomeinstances,aftertheBIOSappearstohavesuccessfullyupdated,anFRUmessageindicatinganissuedetectingthebackplanehasoccurred(figure10)anditasksyoutodeterminewhichchassisisinuse.ForallMcAfeeSIEMAppliances,chooseoption2 Intel(R) Server Chassis R2000.Oncethatisselected,anR2000Chassistypemessage(Figure11)willappear.Chooseoption3 R2312 ChassisOnceyou’vemadetheselections,theprocessshouldcontinue.However,theprocessmayalsostall.Iftheprocessstalls,werecommendrebootingtheapplianceandperformtheBIOSupgradeagain.ThissecondBIOSupgradeshouldcompletesuccessfullyandwillendwiththedisplaysimilartopage11.
ME firmware update completed. FRUSDR 1.12 is being installed. Update file Configuration: Revision S2600GZ_112 FRU & SDR Update Package for Intel(R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. Hot-swap HDD backplane detected but its FRU details either corrupted or blank. Falling back to User chassis selection as auto detection is not possible.! Select the Chassis 1 Intel(R) Server Chassis R1000 2 Intel(R) Server Chassis R2000 3 Other Chassis
Figure 10
Hot-swap HDD backplane detected but its FRU details either corrupted or blank. Falling back to User chassis selection as auto detection is not possible.! Select the Chassis 1 Intel(R) Server Chassis R1000 2 Intel(R) Server Chassis R2000 3 Other Chassis Select the R2000 chassis type 1 R2208/R2216/R2308 chassis 2 R2224 chassis 3 R2312 chassis 4 Intel(R) Server Chassis R2000 with Aux PCIe
Figure 11
IPMI and RMM Setup and Configuration Guide McAfee SIEM
13
BIOS Update Password Set Failure Insomeinstances,aftertheBIOSappearstohavesuccessfullyupdated,oneormoreerrorsindicatingthataPasswordmismatchhasoccurred.ItmayappearliketheexampleinFigure12.Thiserror(s)shouldnotaffecttheprocessandtheadminanduserpasswordswillultimatelygetsetproperly.BMCFirmwareisnotTransitioningInsomeinstances,afterthefirmwarehassuccessfullyupdated,amessagesimilartoFigure13willappear.Ifthisoccurs,pressY.Shortlyafter,youshouldreceiveanUpdatesCompletedmessagesimilartoFigure9.However,ithasbeenreportedthatoncetheUSBdrivehasbeenremovedandthepowerswitchpressed,theappliancedoesnotreboot.Atthispointyouhavetwooptions.First,pressandholdtheresetbutton(Figure14)for20seconds.Iftheappliancestilldoesnotreboot,itisrecommendedthatpowerberemovedfromtheappliance.Ineithersituation,itisrecommendedthattheBIOSupdatebeperformedasecondtime.Onthissecondattempttheupdateshouldcompletewithouterror.
Figure 14
Update file configuration: Revision S2600GZ.112 FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL Copyright (c) 2013 Intel Corporation. Auto-detecting chassis model and attached hardware. This may take up to 1 minute to complete. FRUSDR update completed. Setting BIOS Admin and User Password Error: Password Mismatch:entered password doesn’t match with current password Error: Password Mismatch:entered password doesn’t match with current password BIOS Admin and User Password Set
Figure 12
BMC Firmware update Successful BMC Firmware is not transitioning to operating mode Could not exit FW transfer mode An Error occurred To save the error to a file Y,N,ESC
Figure 13
IPMI and RMM Setup and Configuration Guide McAfee SIEM
14
BIOS Update Ifyourunintoissuesnotpreviouslyhighlighted,theupdateprocessstallsorpromptsyouforanentryofsomenaturewhichyoudonothavetheanswerfor.
DONOTSHUTOFFTHEAPPLIANCEContactMcAfeesupportathttp://mysupport.mcafee.com;orat800‐937‐2237;oryourMcAfeePlatinumSupportrepresentative.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
15
ThereareseveralsecurityissuestobeconsideredbeforeenablingtheIPMILANinterface.Aremotestationhastheabilitytocontrolasystem’spowerstateaswellasbeingabletogatherormodifycertainplatforminformation.ToreducevulnerabilityitisstronglyadvisedthattheIPMILANinterfaceonlybeenabledin'trusted'environmentswheresystemsecurityisnotanissueorwherethereisadedicatedsecure'managementnetwork.
DependingontheBIOSversion your appliance was shipped with, IPMI maybedisabledor possiblyenabledoninterfacesotherthantheIPMIinterface(highlightedbelow).EnablingIPMIonanyinterfacebuttheIPMIinterfacecancauseconnectivityissuestotheappliance.IfyoubelievethatyourappliancehasbeenincorrectlyconfiguredforIPMI,belowareafewtroubleshootingsteps.Useonlyifallotherconnectivityoptionshavefailed.TodisableIPMIontheMGMT1interfacesrun:
McAfee-ETM-6000 ~ # ipmitool lan set 1 ipsrc static McAfee-ETM-6000 ~ # ipmitool lan set 1 ipaddr 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 netmask 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 defgw ipaddr 0.0.0.0 McAfee-ETM-6000 ~ # ipmitool lan set 1 access off
(Replace1with2forMGMT2) ToenabletheIPMIinterfacesrun:
McAfee-ETM-6000 ~ # ipmitool lan set 3 ipsrc static McAfee-ETM-6000 ~ # ipmitool lan set 3 ipaddr x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 netmask x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 defgw ipaddr x.x.x.x McAfee-ETM-6000 ~ # ipmitool lan set 3 access on
(WheretheIP,NetmaskandGatewayaresettingappropriatelyforyourenvironment)
Enabling IPMI Oncetheappliance(s)havetheproperBIOSlevel,youwillneedtoconnectandconfigeachappliance’sIPMIinterfacetoyournetwork.TheIPMIcapabilitiesoutlinedinthefollowingpagesareonlysupportedviatheIPMIinterface.McAfeeSIEMappliancesdonotsupportRemoteManagementviathetraditionalMGMT1orMGMT2ports.TheFigure15highlightstheIPMIportlocationoneachstyle(1Uor2U)ofSIEMappliance.AstandardCAT5orCAT6cablecanbeusedandthereisnoneedtouseacross‐overcable,asastandardEthernetcablewillwork.
Figure 15
IPMI and RMM Setup and Configuration Guide McAfee SIEM
16
IfforsomereasonyourBIOSupdatedidnotcompletesuccessfully,theEnableIPMISettingssectionwillnotappear.
Enabling IPMI OnceloggedintotheESMusingtheNGCPaccount,navigatetooneoftheselocationsdependingonwhichapplianceyouneedtoenableRemoteManagementon.EachappliancetypesetstheIPaddressdifferently.Pleasemakesureyoufollowtheinstructionsfortheappropriateappliance.SettingIPaddressforESMorAll‐in‐OneAppliances:
SelectSystemPropertiesandthenNetworkSettings.Next,selecttheAdvancedtabandthedialoginFigure16willappear.
SettingIPaddressforaReceiver,ACE,ELM,ADM,orDEM:
SelectDevicePropertiesandthenDeviceConfiguration.Next,selecttheInterfacebuttonandthentheAdvancedtabandadialogsimilartoFigure16willappear.Figure16isspecificforanESM,buteachdevice(ERC,ACE,ELM,etc.,.)willhaveasimilardialogwiththeexactsameIPMIvalues.
Figure 16
IPMI and RMM Setup and Configuration Guide McAfee SIEM
17
Enabling IPMI Regardlessofwhichapplianceyouareconfiguring,thestepsoutlinedherewillbethesameforallappliances.ChecktheEnableIPMISettingscheckboxandthenfillintheappropriatenetworksettings.Figure17providesanexampleofhowthesemayappear.TheVLANsettingistheonlyoptionalsettingandeverythingelsewillberequired. Onceyouhavecompletedenteringthenetworksettings,clickApplyorOK.Inthebackground,theappliancewillhaveitsIPMIIPaddressset.Then,dependingontheapplianceyoumadethesettingson,youwillseeasimilarversionofFigure18indicatingtheprogressoftheaction.Thismaytakeafewsecondstocompletedependingontheactivityoftheappliance.Whenithascompletedsuccessfully,boththeApplyandOKbuttonsmaybegrayedouttemporarily.Ifsomethingintheprecedingstepsisdifferentthanwhatwasoutlined,seethenextpageforcaveatstotheprocess.
Figure 17
Figure 18
IPMI and RMM Setup and Configuration Guide McAfee SIEM
18
Enabling IPMI CaveatstosettingtheIPMINetworkSettingsWrongVersionIfyouhaveanESMonversion9.4butaneworexistingERC,ELM,ACEorotherappliancehasnotbeenupgraded,youmaystillseetheIPMIsettingforthatappliance.However,becauseIPMIsupportrequiresSIEMoperatingenvironmentv9.4andabove,theprocessforsettinganIPaddressmaynotcompletesuccessfully.IfyouseeamessagesimilartoFigure19,checktheversionofyourappliancebeforeproceeding. Re‐keyingNotice ForanERC,ERCELM,ELM,ACE,ADMorDBMappliance,tochangetheIPMIrootpasswordyouwillneedtoperformare‐keyoperation.OnReceiverclassdevices,thedialoginFigure20willappearafteryoucheckEnableIPMISettings.Page19willprovidethedetailsonchangingthepassword.StrayVLANCharacters ForanERC,ERCELM,ELM,ACE,ADMorDBMappliance,youmayseeacharacterintheVLANfieldanditwillnotbepossibletoremoveit.Thisiscurrentlyaknownissueandwillberesolve,butitwillnotaffectyourabilitytosetenterthenetworksettings.
Figure 19
Figure 20
IPMI and RMM Setup and Configuration Guide McAfee SIEM
19
Enabling IPMI SettingIPMIpasswordOncethenetworksettingshavebeenset,youwillreceiveaprompt(Figure21)tochangethepasswordfortheIPMIrootaccount.Eachappliancemayhaveaslightlydifferentdialogdependingonappliancemodelandoperatingenvironmentversion.Also,thereisonlyoneaccountdefinedforIPMIandthatisroot. TosetIPMIrootpasswordforESMorAll‐in‐OneAppliance:
Option#1
ClickNGCPintheupperrightcorneroftheESMbrowser‐basedinterface.Itwillthendisplayapasswordchangedialog.Followingthepasswordcriteria,entertheexistingpasswordfollowedbythenewpassword.Oncecomplete,clickOKandassumingyoumetthepasswordcriteria,thepasswordwillbemodifiedfortheIPMIrootaccountaswellasNGCP.
Option#2
SelecttheSystemPropertiesiconintheQuickConnecticonbar.ThenselectUsersandGroupsfromtheSystemPropertiesdialog.EntertheNGCPpasswordwhenprompted.NextselecttheNGCPaccountfromtheUserlistandclickEdit.WithintheEdituserdialog,clicktheSetPasswordbuttonandfollowthepasswordcriteriaforthenewpassword.ClickOKandassumingyoumetthepasswordcriteria,thepasswordwillbemodifiedfortheIPMIrootaccountaswellasNGCP.
TosetIPMIrootpasswordforanERC,ERCELM,ACE,ELM,ADM,orDBM:
SelecttheDeviceProperties.Next,selectKeyManagement.ThenclicktheKeyDevicebutton.ThiswilldisplaytheKeyDeviceWizarddialogandpromptyoutoenteranewpassword.Onceyouhaveenteredthepasswordtwice,clicktheNextbutton.Thiswillthenre‐keytheappliancewiththeESMandthensettheIPMIrootpasswordforthisappliance.BecausethispassworddialogdoesnothavethesamepasswordrestrictionsastheESM,ifyouwanttoretainthepasswordontheappliance,simplyenterthepasswordyouhaveusedinthepast.
Figure 21
IPMI and RMM Setup and Configuration Guide McAfee SIEM
20
ItshouldbenotedthatremoteuseofIPMItoolrequiresport623.Thiscannotbechanged.IfthereisafirewallorotherdevicebetweentheIPMItoolclientandtheMcAfeeSIEMappliance,youwillneedtoensurethatthisportisopenfortraffictopass.
IPMItool Asmentionedintheintroductionofthisdocument,theIntelligentPlatformManagementInterface(IPMI)isaninterfaceusedbyadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Inthissection,wehighlighttheIPMItoolapplicationsyntaxandusecaseexampleswillbehighlighted.IPMItoolprovidesasimple,command‐lineinterfacetoIPMI‐enableddevicesthroughanIPMIv1.5orIPMIv2.0LANinterface.ItisofferedonawidevarietyofplatformsincludingWindows,UNIX,LinuxandMac.BecauseofthevarietyofplatformsthatIPMItoolcanexiston,thisdocumentusestheSourceforgesyntaxandparameters.Yourplatformimplementationmayvaryslightlyandyouareencouragedtoreviewthedocumentationforyourvariant.IPMItoolcanbeusedintwobasicforms.LocallyontheSIEMappliancethatyouaremanagingorremotelyfromaworkstationorserverrunningIPMItooltotheSIEMapplianceyouneedtomanage.Thesyntaxforlocalaccessis:
McAfee-ETM-6000 ~ # ipmitool <command> <parameters> Thesyntaxforremoteaccessis(SeeAppendixAforadditionalarguments):
C:\ ipmitool –H <remote_IP> –U <username> <command> <parameters> –or– [user@linux ~]# ipmitool –H <remote_IP> –U <username> <command> <parameters>
IPMItoolExamplesTheexamplesonthefollowingpagesalluseremotetechniques.However,simplyremovingthe–Hand–UparametersandtheirassociatedvaluesfromthecommandstringwillallowforthesameresultsifexecutedonthelocalapplianceorviaSSHtothelocalappliance.Also,theseexamplesdonotincludethepasswordparameterandyouwillbepromptedforthepasswordbeforethecommandcanexecute.Inthefollowingexamples,weonlyhighlightthecommandargumentsandnotthecommonitemsforeachcommand.Intheexamplebelow,thesyntaxingreyiscommontoallexamplesandtheargumentsinbluearewhatwearehighlighting.Theusername(-U)isalwaysrootandthepasswordwassetinthepreviousEnablingIPMIsection.
ipmitool -U root -H 10.1.1.13 chassis status BecauseoftheextensivecommandsetofIPMItool,weareonlyhighlightingthecommandsthatwouldbethemostvaluableforthewiderMcAfeeSIEMcustomerbase.AttheendofthissectiontherearesomelinksyoucanreferencetolearnmoreaboutadditionalIPMItoolcommands.Inaddition,theappendiceshaveacompletelistofcommands,argumentsandparameters.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
21
System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-on Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false Sleep Button Disable : not allowed Diag Button Disable : allowed Reset Button Disable : allowed Power Button Disable : allowed Sleep Button Disabled: false Diag Button Disabled : false Reset Button Disabled: false Power Button Disabled: false
IPMItoolnotonlycanqueryasensor,ithastheabilitytomakechangestothesystemattheBIOSlevelaswellastheabilitytocontrolpowerupandpowerdownstates.AnyuseormisuseofacommandthatchangestheoperationoftheMcAfeeSIEMappliancecouldresultindatalost.
IPMItool QuerythechassisstatusChassisstatusisusedformanaging/monitoringanIPMIchassis,suchaschassispower,identification(i.e.LEDcontrol),andstatusoftheappliancechassis.
ipmitool -U root -H 10.1.1.13 chassis status
IPMI and RMM Setup and Configuration Guide McAfee SIEM
22
FRU Device Description : Builtin FRU Device (ID 0) Chassis Type : Rack Mount Chassis Chassis Part Number : R2312GZ4 Chassis Serial : A070220066 Chassis Extra : ............................... Chassis Extra : ............................... Board Mfg Date : Sat Aug 11 01:22:00 2012 Board Mfg : Intel Corporation Board Product : S2600GZ Board Serial : QSGR21701237 Board Part Number : G11481-352 Product Manufacturer : McAfee Inc. Product Name : ELM4600 Product Part Number : 610-1905-00 Product Version : ELM-4600 Product Serial : A070220066 Product Asset Tag : 060fddbf9708 FRU Device Description : Pwr Supply 1 FRU (ID 2) Device not present (Unknown (0x81)) FRU Device Description : Pwr Supply 2 FRU (ID 3) Product Manufacturer : DELTA Product Name : DPS-750XB A Product Part Number : E98791-006 Product Version : 01 Product Serial : E98791D1214020872 FRU Device Description : Front Panel (ID 4) Board Mfg Date : Mon Jun 11 11:34:00 2012 Board Mfg : Intel Corporation Board Product : F2USTOPANEL Board Serial : ............ Board Part Number : G28538-250 FRU Device Description : HS Backplane 1 (ID 5) Board Mfg Date : Fri Mar 30 10:31:00 2012 Board Mfg : Intel Corporation Board Product : F2U12X35HSBP Board Serial : QSRU21300568 Board Part Number : G43212-250
IPMItool QuerytheFieldReplaceableUnit(fru)InventoryPrintbuilt‐inFRU(FieldReplaceableUnit)inventoryandscanSDR(SensorDataRecord)forFRUlocatorsandtheirvalues.Theexamplebelowshowsanumberofinterestingitems.First,highlightedinblueistheproductname.Thisiswhatwasenteredatthetimeofmanufacture.Next,theareahighlightedinredisapowersupply.Inthisexample,thepowersupplywasslidoutofthemachineusedintestingandasyoucanseefromtheexamplebelow,itisshownasnotpresent.
ipmitool -U root -H 10.1.1.13 fru
IPMI and RMM Setup and Configuration Guide McAfee SIEM
23
Pwr Unit Status | 0x00 | ok Pwr Unit Redund | 0x0a | ok IPMI Watchdog | 0x00 | ok Physical Scrty | 0x00 | ok FP NMI Diag Int | 0x00 | ok BB +12.0V | 11.94 Volts | ok BB +5.0V | 4.96 Volts | ok BB +3.3V | 3.25 Volts | ok BB P1 VR Temp | 28 degrees C | ok Front Panel Temp | 22 degrees C | ok SSB Temp | 43 degrees C | ok BB P2 VR Temp | 28 degrees C | ok BB Vtt 2 Temp | 32 degrees C | ok BB Vtt 1 Temp | 27 degrees C | ok HSBP 1 Temp | 28 degrees C | ok System Fan 1 | 11956 RPM | ok System Fan 2 | 12152 RPM | ok System Fan 3 | 12054 RPM | ok NM Capabilities | Not Readable | ns MTT CPU1 | disabled | ns MTT CPU2 | disabled | ns
IPMItool QuerytheSensorDataRecord(sdr)SensorDataRecords(SDR)containsinformationaboutthetypeandnumberofsensorspresentonagivenappliance.Anindividualsensorrecorddescribesaspecificsensoranditsstateorstatus.Thesensorrecordsarestoredinacentral,non‐volatilestoragearea,whichismanagedbytheBMC.ThisstorageareaiscalledtheSensorDataRecordRepository.UsingIPMItool,wecanquerythatrepositoryforthesensorsandtheirstatus.Anexampleisbelow.
ForacompletelistoftheBMCCoreSensorsandpossiblereturncodes(offsettriggers)pleaseseeTable61intheIntel Server Board S2600GZ / GL Technical Product Specification Guide. http://www.intel.com/support/motherboards/server/sb/CS‐033134.htm
ipmitool -U root -H 10.1.1.13 sdr list
NOTE:Thefullsdrcommandresultsaretruncatedintheexampleabovetopreservepagespace.Thecolumnformatfromthesdr listoutputaboveis:
SensorTypeorIDThisisthetypeofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.Thishasa16charactermaxlength.
SensorReadingThisisthecurrentreadingofthesensor.Whereavailable,thereadingistranslatedintotheappropriateunits(forexample,degrees,voltsorRPM).
SensorStatus
Thisindicatesthesensorstatus.Possiblevaluesare:ok–Thesensorispresentandoperatingcorrectlyns–Nosensor(correspondingreadingwillsaydisabledorNotReadable)nc–non‐criticalerrorregardingthesensorcr–criticalerrorregardingthesensornr–non‐recoverableerrorregardingthesensor
IPMI and RMM Setup and Configuration Guide McAfee SIEM
24
BB P1 VR Temp | 20h | ok | 7.1 | 28 degrees CFront Panel Temp | 21h | ok | 12.1 | 22 degrees C SSB Temp | 22h | ok | 7.1 | 43 degrees C BB P2 VR Temp | 23h | ok | 7.1 | 28 degrees C BB Vtt 2 Temp | 24h | ok | 7.1 | 32 degrees C BB Vtt 1 Temp | 25h | ok | 7.1 | 27 degrees C HSBP 1 Temp | 29h | ok | 7.1 | 28 degrees C Exit Air Temp | 2Eh | ok | 7.1 | 33 degrees C LAN NIC Temp | 2Fh | ok | 7.1 | 42 degrees C System Fan 1 | 30h | ok | 29.1 | 11956 RPM System Fan 2 | 32h | ok | 29.2 | 12152 RPM System Fan 3 | 34h | ok | 29.3 | 12054 RPM System Fan 4 | 36h | ok | 29.4 | 12054 RPM System Fan 5 | 38h | ok | 29.5 | 12152 RPM
IPMItool Iftheelistparameterisused,itwilladdtheentityIDandtheasserteddiscretestates.
ipmitool -U root -H 10.1.1.13 sdr elist
Thecolumnformatfromthesdr elistoutputaboveis:
SensorTypeorIDThisisthetypeofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.Thishasa16charactermaxlength
SensorNumberThenumericvalueofthesensor.Onceknown,itcanbeusedasaparametertoquerythesensordirectly.Examplesofthisareonthefollowingpage.
SensorStatus
Thisindicatesthesensorstatus.Possiblevaluesare:ok–Thesensorispresentandoperatingcorrectlyns–Nosensor(correspondingreadingwillsaydisabledorNotReadable)nc–non‐criticalerrorregardingthesensorcr–criticalerrorregardingthesensornr–non‐recoverableerrorregardingthesensor
EntityIDandInstance
Thisistheentityvalueforthetypeofsensorbeingdisplayed.Ifthereismultipleofthesameexactentity,thentheinstancewillincrement.SeeAppendixCforacompletelistofEntityID’s.
SensorReadingThisisthecurrentreadingofthesensor.Whereappropriate,thereadingistranslatedintotheappropriateunits(forexample,degreesfortemperaturesensor).
Usingtheelistparameterprovidesadditionalvalues.TheseareSensorNumber(orange)andEntity(green).Thesenewvaluescanprovideadditionalcapabilitieswhenaddedtothecommandsyntax.Noticethatsomesensorscanhavethesameentity(green)parent,29forsystemfanor7forinternaltemperature.Thesevaluescanbeusedwiththeentityparametertodisplayvaluesforjustthosesensors.SensorNumber(orange)istheuniqueIDforagivensensorandcanbeusedwiththeselparametertoobtainlogandsensorinformation.ExampleofusingspecificSensorNames,NumbersorEntityvaluestoqueryspecificsensorsorgroupsofsensorsareonthefollowingpages.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
25
Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant System Fan 1 | 30h | ok | 29.1 | 11956 RPM System Fan 2 | 32h | ok | 29.2 | 12054 RPM Fan 1 Present | 40h | ok | 29.1 | Device Present Fan 2 Present | 41h | ok | 29.2 | Device Present
PS1 Status | 50h | ok | 10.1 |PS2 Status | 51h | ok | 10.2 | Presence detected PS1 Input Power | 54h | ns | 10.1 | No Reading PS2 Input Power | 55h | ok | 10.2 | 220 Watts PS1 Curr Out % | 58h | ns | 10.1 | No Reading PS2 Curr Out % | 59h | ok | 10.2 | 25 unspecified PS1 Temperature | 5Ch | ns | 10.1 | No Reading PS2 Temperature | 5Dh | ok | 10.2 | 28 degrees C
HDD 0 Status | F0h | ok | 15.1 | Drive PresentHDD 1 Status | F1h | ok | 15.1 | Drive Present HDD 2 Status | F4h | ok | 15.1 | HDD 3 Status | F5h | ok | 15.1 |HS Backplane 1 | 00h | ns | 15.1 | Logical FRU @05h
Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant System Fan 1 | 30h | ok | 29.1 | 12054 RPM Fan 1 Present | 40h | ok | 29.1 | Device Present
IPMItool QuerytheSDRforFanDevicestate
Ex#1:ipmitool -U root -H 10.1.1.13 sdr entity 29
TheexampleabovequeriesallFanDevicesinthesystem.
Ex#2:ipmitool -U root -H 10.1.1.13 sdr entity 29.1
Theexampleabovequeriestheentity29andinstance1foraspecificfan.QuerytheSDRforPowerSupplystate
ipmitool -U root -H 10.1.1.13 sdr entity 10
Theexampleabovequeriestheentityfortheappliancepowersupplies.Inthisexample,youcanseethatthePowerSupplyunit1hasbeenremovedfromtheappliance.
QuerytheSDRforHardDrivestate
ipmitool -U root -H 10.1.1.13 sdr entity 15
Theexampleabovequeriestheentityfortheharddrives.Inthisexample,youcanseethatHDD2andHDD3arenotpresent.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
26
IPMItool Lastly,acouplevariantsforasdrquery.
ToviewonlytheTemperature,Voltage,andFanSensors
ipmitool -U root -H 10.1.1.13 sdr elist full
ToviewALLTemperatureSensorsregardlessofentity
ipmitool -U root -H 10.1.1.13 sdr type temperature
NOTE:SeeAppendixDforacompletelistoftypevalues.
ToviewstatusofPowerUnits
ipmitool -U root -H 10.1.1.13 sdr type ‘Power Unit’
NOTE:Multi‐wordtyperequiresinglequotes.SeeAppendixDforacompletelistoftypevalues.
Toviewallsensordatainwidetableformat
Thisformatwillincludethresholdsforeachvaluewherepresent.
ipmitool -U root -H 10.1.1.13 sdr sensor Orverbosemodewhichwillevenmorelabelingforthethresholds
ipmitool -U root -H 10.1.1.13 sdr sensor -v
IPMI and RMM Setup and Configuration Guide McAfee SIEM
27
Pwr Unit Status | 0x0 | discrete | 0x0000| na | na | na | na | na | naPwr Unit Redund | 0x0 | discrete | 0x0a00| na | na | na | na | na | na BB P1 VR Temp | 27.000 | degrees C | ok | na | 0.000 | 5.000 | 110.000 | 115.000 | na Front Panel Temp | 21.000 | degrees C | ok | na | 0.000 | 5.000 | 50.000 | 55.000 | na System Fan 1 | 12054.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na System Fan 2 | 12348.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na BB +12.0V | 11.935 | Volts | ok | na | 10.635 | 10.947 | 13.027 | 13.391 | na BB +5.0V | 4.959 | Volts | ok | na | 4.416 | 4.546 | 5.415 | 5.566 | na
IPMItool QuerytheSensorinformation(sensor)Thesdrparameterisusefulforcurrentstate.However,toviewthecompletesensorlistincludingthresholds,youwillneedtousethesensorparameter.Belowaresomecommonexampleofhowtousetheparameter.Toquerythecompletesensorlist.
ipmitool -U root -H 10.1.1.13 sensor list NOTE:Thefullsensorcommandresultsaretruncatedintheexampleabovetopreservepagespace.Thecolumnformatfromthesensoroutputaboveis:
SensorType(name)Thisisthetypeornameofsensor.Therecanbemultipleentriesofthesametype.Forexample,therecouldbeoneVCOREsensorforeachprocessor.
Reading Thisisthecurrentreadingofthesensor.
UnitThisistheunitsofthesensorreading(e.g.,degreesfortemperaturesensor).Discreteisabinarysensor;othervaluesaregenerallyselfexplanatory.
Status
Thisindicatesthestatusofthesensor.Possiblevalues:ok–okayna–notavailableahexvalue
LNR Thisisthelowernon‐recoverablethresholdvalueforthissensor.
LCR Thisisthelowercriticalthresholdvalueforthissensor.
LNC Thisisthelowernon‐criticalthresholdvalueforthissensor.
UNC Thisistheuppernon‐criticalthresholdvalueforthissensor.
UCR Thisistheuppercriticalthresholdvalueforthissensor.
UNR Thisistheuppernon‐recoverablethresholdvalueforthissensor.
Onthefollowingpagesareafewexamplesofhowtousethesensorparameter.AlsoseeAppendixBforasyntaxreferenceonsensor.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
28
Locating sensor record...Sensor ID : HDD 0 Status (0xf0) Entity ID : 15.1 Sensor Type (Discrete): Drive Slot / Bay States Asserted : Drive Slot [Drive Present]
Locating sensor record...Sensor ID : PS1 Status (0x50) Entity ID : 10.1 Sensor Type (Discrete): Power Supply
Locating sensor record...Sensor ID : PS2 Status (0x51) Entity ID : 10.2 Sensor Type (Discrete): Power Supply States Asserted : Power Supply [Presence detected]
IPMItool Querythestatusofaparticularharddrive.
ipmitool -U root -H 10.1.1.13 sensor get 'HDD 0 Status'
Thevaluewithinthesinglequotesisthesensortype(name)incolumn1fromthepreviouspageexample.
QuerythestatusofthePowerSupplies.
Ex#1:ipmitool -U root -H 10.1.1.13 sensor get 'PS1 Status'
Ex#2:ipmitool -U root -H 10.1.1.13 sensor get 'PS2 Status'
NoticethatthepresencedetectedvalueexistsinPowerSupply2andnotonPowerSupply1.ThismeansthatthePS1unitmaynotpluggedintotheappliance.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
29
Locating sensor record...Sensor ID : PS1 Input Power (0x54) Entity ID : 10.1 Sensor Type (Analog) : Other Sensor Reading : Unable to read sensor: Device Not Present Event Status : Unavailable Assertions Enabled : unc+ ucr+ Deassertions Enabled : unc+ ucr+
Locating sensor record...Sensor ID : PS2 Input Power (0x55) Entity ID : 10.2 Sensor Type (Analog) : Other Sensor Reading : 228 (+/- 0) Watts Status : ok Lower Non-Recoverable : na Lower Critical : na Lower Non-Critical : na Upper Non-Critical : 868.000 Upper Critical : 920.000 Upper Non-Recoverable : na Assertion Events : Assertions Enabled : unc+ ucr+ Deassertions Enabled : unc+ ucr+
IPMItool QuerytheinputpowerofthePowerSupplies.
Ex#1:ipmitool -U root -H 10.1.1.13 sensor get 'PS1 Input Power'
Ex#2:ipmitool -U root -H 10.1.1.13 sensor get 'PS2 Input Power'
AgainnoticethatthePowerSupply2valuesareconsistentwithasupplythatisfunctioningwhereasPowerSupply1clearlyshowsitisnotpresent.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
30
2 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted 3 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted 4 | 06/13/2014 | 19:19:43 | Power Unit #0x01 | Power off/down | Asserted 5 | 06/16/2014 | 15:33:03 | Power Unit #0x01 | Power off/down | Deasserted 6 | 06/16/2014 | 15:33:03 | Button #0x09 | Power Button pressed | Asserted 7 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Redundancy Lost 8 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant 9 | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Redundancy Lost a | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant b | 06/16/2014 | 15:33:16 | System Event #0x83 | Timestamp Clock Sync | Asserted c | 06/16/2014 | 15:33:25 | System Event #0x83 | Timestamp Clock Sync | Asserted d | 06/16/2014 | 15:34:36 | System Event #0x83 | OEM System boot event | Asserted e | 06/16/2014 | 15:34:36 | System Event #0x08 | PEF Action | Asserted
2 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted 3 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted 4 | 06/13/2014 | 19:19:43 | Power Unit Pwr Unit Status | Power off/down | Asserted 5 | 06/16/2014 | 15:33:03 | Power Unit Pwr Unit Status | Power off/down | Deasserted 6 | 06/16/2014 | 15:33:03 | Button Button | Power Button pressed | Asserted 7 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Redundancy Lost 8 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant 9 | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Redundancy Lost a | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant b | 06/16/2014 | 15:33:16 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted c | 06/16/2014 | 15:33:25 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted d | 06/16/2014 | 15:34:36 | System Event BIOS Evt Sensor | OEM System boot event | Asserted e | 06/16/2014 | 15:34:36 | System Event System Event | PEF Action | Asserted
IPMItool QuerytheSystemEventLogTheSystemEventLog(SEL)providesstorageofallsystemevents.YoucanviewthecontentsoftheeventlogwithIPMItool.TheSELkeepsthelast12events.QuerytheSEL
ipmitool -U root -H 10.1.1.13 sel list QuerytheSELinamorehumanreadableform
ipmitool -U root -H 10.1.1.13 sel elist
IPMI and RMM Setup and Configuration Guide McAfee SIEM
31
SEL Record ID : 0002 Record Type : 02 Timestamp : 06/16/2014 15:33:06 Generator ID : 0020 EvM Revision : 04 Sensor Type : Power Unit Sensor Number : 02 Event Type : Generic Discrete Event Direction : Deassertion Event Event Data (RAW) : 01ffff Description : Redundancy Lost Sensor ID : Pwr Unit Redund (0x2) Entity ID : 21.1 Sensor Type (Discrete): Power Unit States Asserted : Redundancy State [Redundancy Lost] [Non-Redundant: Sufficient from Redundant]
IPMItool QuerytheSELtogetmoredataforaspecificevent
ipmitool -U root -H 10.1.1.13 sel get 0x02
Thevalue0x02istheexampleistherecordIDandyoucanseethisinthefirstselexampleonthepreviouspage.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
32
BMC Web Console Asmentionedintheprefaceofthisdocument,theIntelligentPlatformManagementInterface(IPMI)isaninterfaceusedbyadministratorsforout‐of‐bandmanagementofcomputersystemsandmonitoringoftheiroperation.Intheprevioussection,wedemonstratedhowtousethecommandlineIPMItooltoaccesstheIPMIsensors.Inthissection,we’llcovertheIntegratedBMCWebConsole.TheEmbeddedWebConsoleisavailablewithouttherequirementsforanyagentsorremoteIPMItoolsandisalwaysaccessibleregardlessofthestateoftheoperatingsystem.Thewebconsoleisableto:
Viewthesensors,eventlog,andassetinventoryofthesystem. Retrieveanddownloadthediagnosticslog,containingimportantinformationaboutsystemcrashes. LaunchKVMandmediaredirectionIntel®RemoteManagementModule(Intel®RMM)required. Configuree‐mailorSNMPalertingaswellasothersettings.
ThissectionwillgiveyouadescriptionofanumberofareaswithintheIntegratedBMCWebConsolethathavevaluerelativetotheMcAfeeSIEMappliances.However,therearesomeareasthatcouldcauselossofcontactorserviceinterruptionsshouldyoumakemodification.Westrongencourageyoulimityouractivitytothesectionswehaveoutlined.Theconsoleisdividedintofourtabsinahorizontalmenu.Withineachtab,amenuisprovidedontheleftside.Eachtabandeachmenuoptionwithineachtabhasashortdescriptiononitsfunction.Figure22isalegendofeachTabanditsassociatedMenuoptions.
Figure 22
IPMI and RMM Setup and Configuration Guide McAfee SIEM
33
Ifforsomereasonyoudonotseethedialogabove,checkwithyournetworkingteamtoensurethatyourdesktophasaccesstotheIPMIIPaddress.Forsecurityreason,theIPMIIPaddressmaybeonadifferentsubnet.Inaddition,youshouldensurethattheIPMINIChasbeencabledtoyourswitchedenvironment.Seepage15forthelocationoftheIPMINIC.
BMC Web Console Toaccessthewebconsole,launchyourfavoritebrowserandentertheIPaddressyouusedtoconfiguretheIPMIinterfaceonpage16.YourbrowsershouldsupportHTTPS.Inaddition,ifyouwishtouseRemoteConsole,yourbrowserwillneedtobeJavaenabled.UsingJREversion6Update22andabove.Figure23displaytheloginscreenyoushouldsee.
Oncethedialogaboveappears,entertheuserrootandthepasswordyouusedtosettheIPMIrootpasswordonpage17.Whensuccessful,youwillseeFigure15(followingpage),theSystemInformationpageoftheBMCWebConsole.
Figure 23
IPMI and RMM Setup and Configuration Guide McAfee SIEM
34
BMC Web Console
Asyounavigatethroughthemenuoptions,thebrowserwillfetchinformationtopopulatethesectionyounavigatedto.Sometimes,itmaytakeseveralsecondsormoreforthedisplaytofullypopulate.Duringthistimeyouwillseeaprogressbarontherightsideofthepage,justbeneaththebluehorizontallinethatseparatestheheaderofthesectionanditscontent.Theprogressbarwilllooksimilartotheimagebelow.
Atthispoint,feelfreetonavigatethroughtheoptionsusingthelegendonpage36togetacquaintedwiththeinterfaceandthereturntimeperformanceofcertainpages.
Figure 24
IPMI and RMM Setup and Configuration Guide McAfee SIEM
35
BMC Web Console ServerHealthTab–SensorReadingsTheServerHealthtab,Figure25,showsyoudatarelatedtotheserver'shealth,suchassensorreadings,theeventlog,andpowerstatisticsasexplainedinthefollowingsubsections.WhenyouclickontheServerHealthtab,bydefaultyouwillopentheSensorReadingspage.
TheSensorReadingsdisplayssystemsensorinformationincludingstatus,health,andreadingvalueevery60secondsbydefault.AlistofoptionfortheSensorReadingspageisbelow.
Option Task
SensorSelectiondropdownboxSelectthetypeofsensorreadingstodisplayinthelist.Thedefaultistodisplayallsensors.
SensorReadingslistSelectedsensorsshownwiththeirname,status,health,andreadings.
Refreshbutton Clicktorefreshtheselectedsensorreadings.
ShowThresholdsbutton
Clicktoexpandthelist,showinglowandhighthresholdAssignments.Showsthecritical(CT)andnoncritical(NC)thresholdsfortheselectedsensors.Usescrollbaratthebottomtomovethedisplayleftandright.
HideThresholdsbuttonClicktoreturntotheoriginaldisplay,hidingthethresholdvalues.
Setauto‐refreshinseconds(0todisable)selection
Enterthetime(inseconds)towaitbetweenupdatesoftheSensorReadingsandthenclicktheSetbutton.
Figure 25
IPMI and RMM Setup and Configuration Guide McAfee SIEM
36
BMC Web Console ServerHealthTab–EventLogTheEventLogpage,Figure26,displaysthesystemsservermanagementevents.Eventsareloggedasvarioustasks(booting),statuschanges(powersuppleremoval)orothereventsoccur.ThefollowingtableliststheoptionsavailableforServerHealth.
Option Task
EventLogDropdownbox Selectthetypeofeventstodisplayinthelist.
EventLogList
Selectedsensorsareshownwiththeirname,status,andreadings.ThisincludesalistoftheeventswiththeirID,timestamp,sensorname,sensortype,anddescription.
ClearEventLogbutton ClicktoclearEventLogs.
Figure 26
IPMI and RMM Setup and Configuration Guide McAfee SIEM
37
BMC Web Console ServerHealthTab–PowerStatisticsThePowerStatisticspage,Figure27,displaysthesystemspowerstatisticsinwattsandoverwhatduration.
NOTE:Thetimevalue,atthetopofthedialog,willberesetwhentheapplianceispoweredoff.
Figure 27
IPMI and RMM Setup and Configuration Guide McAfee SIEM
38
McAfeeadvisescustomerstousethesectionswithintheConfigurationTab asviewonlyoptionsexceptwhereindicatedinthisguide.AnymodificationmayresultininaccessibilityorpossibledatalostontheSIEMappliance.
WhilethisdocumentreferstotheIPMIchannel,theactualnameforthatchannelistheIntel(R)RMMchannel.Donotmakeanychangeswithinthisdialog.AnychangetotheIPMIIPaddressshouldalwaysbedoneviatheESMbrowser‐basedinterface.ThetwoadditionalLANchannels,BaseboardMGMTandMGMT2arethesameastheSIEMMGMT1andMGMT2portsbutshouldbeleftattheirdefaultvalues.AnymodificationherewillcausetheappliancetobecomeunreachablebytheSIEMenvironment.
BMC Web Console ConfigurationTabTheConfigurationTabcontainsalargenumberofoptionssuchasNetwork,RemoteSessionandAlerts.Usershavetheoptiontoviewormodifyanumberofthesesettings.ThissectionwillcoveronlytheitemsMcAfeebelievesareneededtoremotemanagetheSIEMappliances
ConfigurationTab–IPv4Network
TheIPv4NetworkSettingspage,Figure28,isusedtoconfiguretheIPv4networksettingsfortheServerManagementLANinterface(IPMI)totheBMCcontroller.Thesettingsyouseebelowwillmatchtheonesusedonpage18toconfiguretheIPMIinterfacefromtheESMbrowser‐basedinterface.IfyouneedtochangetheIPMIIPAddress,pleasedosoviatheESMbrowser‐basedinterface.
Figure 28
IPMI and RMM Setup and Configuration Guide McAfee SIEM
39
BMC Web Console ConfigurationTab–IPv4NetworkWhileMcAfeedoesnotrecommendchangingthenetworksettingshere,thefollowingtableliststheoptionsavailableforIPv4Networking.
Option Task
EnableLANFailover
UsedtoenableLANFailover(onlyavailableonEPSDPlatformsBasedonIntelXeonProcessorE5‐4600/2600/2400/1600/1400ProductFamilies)
LANChanneldropdownbox
Usedtoselectthechannelonwhichyouwanttoconfigurethenetworksettings.ListstheLANChannelsavailableforservermanagement.TheLANchannelsdescribethephysicalNICconnectionontheserver.
IntelRMM(BMCLANChannel3)istheadd‐inRMM4DedicatedManagementNIC.
BaseboardMgmt(BMCLANChannel1)istheon‐board,sharedNICconfiguredformanagementandsharedwiththeoperatingsystem.
BaseboardMgmt2(BMCLANChannel2)isthesecondon‐board,sharedNICconfiguredformanagementandsharedwiththeoperatingsystem.
MACAddress TheMACaddressofthedevice(readonly)
IPaddressradiobuttons
SelectoneofthethreeoptionsforconfiguringtheIPaddress:
ObtainanIPaddressautomatically(useDHCP)‐UsesDHCPtoobtaintheIPaddress.
UsethefollowingIPaddress–ManuallyconfiguretheIPaddress.
DisableLANChannel–SetstheIPaddress,SubnetMask,andDefaultGatewayto0.0.0.0.
IPAddressSubnetMaskGateway
IfconfiguringastaticIP,entertherequestedaddress,subnetmask,andgatewayinthegivenfields.TheIPAddressismadeoffournumbersseparatedbydotsasin"xxx.xxx.xxx.xxx".'xxx'rangesfrom0to255.First'xxx'mustnotbe0.
PrimaryDNSServerSecondaryDNSServer
IfconfiguringadynamicIP,enterthePrimaryandSecondaryDNSservers.
Savebutton Clicktosaveanychangesmade.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
40
Bydefault,rootistheonlyuserenabledandistheuseraccountwhosepasswordissetwhenchangingtheNGCPaccountpasswordintheESMbrowser‐basedinterface.Donotchangethepasswordhere.Also,whileotheruserscanbeenabled,McAfeestronglyrecommendsleavingtheconfigurationasshowninfigure29.
BMC Web Console ConfigurationTab–UsersTheUserListpage,Figure29,liststheconfiguredusers,alongwiththeirstatusandnetworkprivilege.Italsoprovidesthecapabilitytoadd,modify,anddeleteusers.
ThispageallowstheoperatortoconfiguretheIPMIusersandprivilegesforthisserver: UserID1(anonymous)maynotberenamedordeleted. UserID2(root)maynotberenamedordeleted,norcanthenetworkprivilegesofUserID2
bechanged. UserNamescannotbechanged.Torenameauseryoumustfirstdeletetheexistinguser,
andthenaddtheuserwiththenewname.Todeleteauser,selecttheuserinthelistandclickDeleteUser.Toaddauser,selectanemptyslotinthelistandclickAddUser.
Figure 29
IPMI and RMM Setup and Configuration Guide McAfee SIEM
41
BMC Web Console ConfigurationTab–AlertsTheAlertspage,Figure30,isusedtoconfigurewhichsystemeventsanalertcanbegeneratedforandthedestinationforthesealerts.UptotwodestinationscanbeselectedforeachLANchannel.Eachdestinationwillreceiveanalert,basedonitsprotocol(SNMPorSMTP),whenoneoftheselectedtriggereventsoccurs.
NOTE:OnlyconfigureAlertsfortheIntel(R)RMMchannel.GloballyEnablePlatformEventFiltering:
Thiscanbeusedtopreventsendingalertsuntilyouhavefullyspecifiedyourdesiredalertingpolicies.LogEventonFilterAction:
ThiscanbeusedtoenableordisabletheloggingofaneventintotheSystemEventLogwhenaFilterActionistaken.
Figure 30
IPMI and RMM Setup and Configuration Guide McAfee SIEM
42
BMC Web Console ConfigurationTab–AlertsThefollowingtableliststheoptionsallowingyoutoselectwhicheventsthatalertsshouldbesentonandselectionofwherethealertsaretobesentto.
Option Task
Selecttheeventsthatwilltriggeralerts. Selectoneormoresystemeventsthatwilltriggeranalert.
Check/ClearAllbuttons Clicktoselectorclearallevents.
LANChanneltoConfigureSelecteithertheBMCorRMM4toconfigurethedestination
AlertDestination#1/#2SelecteitherSNMPalongwiththeIPaddressoremailaddressthatthealertwillbesentto.UptotwodestinationscanbeelectedforeachLANchannel
Savebutton Clicktouseselectedsetup.
SendTestAlertsbutton Afterconfiguringselectthistosendatestalert.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
43
BMC Web Console RemoteControlTabTheRemoteControltabhelpsyouperformthefollowingremoteoperationsontheserver.TheseareConsoleRedirection,ServerPowerControlandVirtualFrontPanel.Belowisanexplanationofeach.RemoteControlTab–ConsoleRedirectionBydefault,theRemoteControltabopenstheConsoleRedirectionpageasshowninFigure31.Tolaunchtheconsoleredirect,clicktheLaunchConsolebutton.Oncedone,twodialogswillappear.Seeexamplesbelow.Figure32promptyoutothataJavapackagewillbedownloaded.Figure33asksyoutoopenthepackage.
Figure 31
Figure 32
Figure 33
IPMI and RMM Setup and Configuration Guide McAfee SIEM
44
Figure 34
BMC Web Console RemoteControlTab–ConsoleRedirectionWhatisaJNLPfile?JNLPisanacronymforJavaNetworkLaunchingProtocol.TheJNLPfileformatisusedbyJavatolaunchandmanagevariousJavaapplicationsoveranetworkorontheInternet.TheJNLPfilesaresavedintheXMLfileformat.ThefilesareactuallycomprisedofagroupofprotocolsthatdefinethespecificrequirementsofaJAVAlaunchingmechanism.NOTE:Javawillhavetobeinstalledinordertotakeadvantageofthiscapability.JavaRuntimeEnvironment(JRE)Version6Update22orhigherisrequired.OnceJavahasbeeninstalled,clickOKontheopeningoftheJNLPfile,Figure24(previouspage).ThiswillthenlaunchtheJavaRunTimeEnvironment.YoumaybrieflyseeaJavasplashscreen.Atthispoint,oneoftwoscenarioswilloccur.Scenario#1OnceJavaisloaded,aSecurityWarningpopup,Figure34,willaskyoutoconfirmthatthisapplicationshouldberun.CheckAcceptandthenclickRun.Tocontinue,simplyclickthecheckboxtoacceptandthentheRunbutton.Oncedone,theJNLPwillcompleteexecutionandtheJViewerwillloaddisplayingtheconsoleasitisatthattime.SeeFigure35.
Figure 35
IPMI and RMM Setup and Configuration Guide McAfee SIEM
45
BMC Web Console Scenario#2IfyouarerunningJava7,Update51orlater,ablockedapplicationdialogwillappear.SeeFigure36.Previoustoupdate51,thepop‐upsimilartotheonesinScenario#1wouldhaveappeared.However,startingwithJava7Update51,anewSecurityExceptionlisthasbeenaddedandyouwillneedtoprovideanexceptioninordertoproceed.Todothis,gotoControlPanel,thenselectJava.Next,selecttheSecuritytab.TheSecuritydialogwilllooksimilartotheexampleinFigure37.Next,clicktheEditSiteListbuttonandenterthefullpathoftheappliancesIPMINIC.TheexampleinFigure37displaysthecompletedexceptionlist.Oncethisentryissaved,theJavaappwillallowaccesstotheRemoteControlappandscenario#1shouldoccur.NOTE:Youalsomayneedtomakeadditionalsecurityadjustmentsonyourdesktop.ApplicationssuchasWindowsFirewallorMcAfeeEnd‐Pointproductsmayalsopreventaccessthisapplication.
Figure 36
Figure 37
IPMI and RMM Setup and Configuration Guide McAfee SIEM
46
Figure 38
Figure 39
BMC Web Console RemoteControlTab–ConsoleRedirectionUsingtheconsoleOncetheWebConsolehasstartedandyouseetheApplianceMenu(WhiteLCDdisplayinupperleftcorner)youarereadytousetheconsoleasifyouweredirectlyattachedviaamonitorandkeyboard.However,thereareafewnavigationtechniquesyouwillneedtoknow.LikemostWindowsapps,JViewerhasanumberofmenuoptionsthatwillcomeinhandyasyouusetheconsole.RefreshthedisplayDuringthetestingoftheIPMIinterfaceforthisdocument,itwasnoticedthatonarareoccasion,theinterfaceseemedtoeitherstallorstopcompletely.Thiscouldbeduetonetworkcongestionorthefailure/errorwithinJREitself.Fortunately,thereisaneasyremedy.LocatedintheVideomenuisaRefreshVideooption.Simplyselectingthisandallowingtheconnectiontoberebuiltshouldsolvetheproblem.Figure38showsthelocationofRefreshVideo.UsinganALTkeyLikemostLinux‐basedproducts,theMcAfeeSIEMappliancesallowformultipleTTYsessionsatthecommand‐line.ThestandardkeystroketoentertheseistousetheALTkeyfollowedbyF2,F3,etc.However,intheWebConsole,theALTkeyisnottransmitted,soahelperoptionisprovided.LocatedintheKeyboardmenu,Figure39,thereareanumberofcheckboxesthatyoucanselecttoallowformulti‐keycommands.Asanexample,toperformanALT‐F2,selectKeyboard,andthencheckHoldLeftAltKey.NextpressF2andthiswilltakeyoutotty2.UsingF3,F4,etc,willaccessadditionttysession.However,youwillhavetore‐selectKeyboardandthenuncheckHoldLeftAltKeytoturnoffthiscapabilityasthisisanon/offtogglefunction.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
47
WhilethisdialogwillallowadministratorstoperformgracefulshutdownsoftheSIEMappliances,McAfeerecommendsthatresettingorpoweringdowntheapplianceshouldalwaysbedoneviatheESMbrowser‐basedinterface.
WhiletheMcAfeeSIEMappliancesareACPIaware,itispossiblefortheGracefulOSShutdowntonotfunctionproperlyortimeoutiftheapplianceisperformingothertasks.AfteraGracefulShutdownhasbeenrequested,ifthesystemdoesnotshutdownasrequested,thecommandcannotbeexecutedagainforfiveminutes.However,McAfeerecommendsthatpoweringdowntheappliance(s)shouldalwaysbedoneviatheESMbrowser‐basedinterface.
BMC Web Console RemoteControlTab–ServerPowerControlTheServerPowerControlpage,Figure40,showsthecurrentpowerstatusandallowspower/resetcontroloftheappliance.
Figure 40
IPMI and RMM Setup and Configuration Guide McAfee SIEM
48
BMC Web Console RemoteControlTab–ServerPowerControlThefollowingtableliststheoptionsforpowercontrol.
Option Task
Reset Server Select option to hard reset the host without powering off.
Force-Enter BIOS Setup Check this option to enter into the BIOS setup after resetting the server.
Power OFF Server Select option to immediately power off the host.
Graceful Shutdown Select option to soft power off the host.
Power ON Server Select option to power on the host
Power Cycle Server Select option to immediately power off the host, and then power it back on after one second.
Perform Action button Click to execute the selected remote power command.
Note: All power control actions are done through the BMC and are immediate actions. It is strongly suggested to gracefully shut through the ESM browser-based interface.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
49
WhilethisdialogwillallowadministratorstoperformgracefulshutdownsoftheSIEMappliances,McAfeerecommendsthatresettingorpoweringdowntheapplianceshouldalwaysbedoneviatheESMbrowser‐basedinterface.
BMC Web Console RemoteControlTab–VirtualFrontPanelTheVirtualFrontPanelpage,Figure41,allowsuserstocontroltheapplianceinthesamemannerasiftheywenexttothephysicalappliance.
Figure 41
IPMI and RMM Setup and Configuration Guide McAfee SIEM
50
BMC Web Console RemoteControlTab–VirtualFrontPanelThefollowingtableliststheoptionsforVirtualFrontPanel.
Option Task
PowerButton ThePowerbuttonisusedtopoweronorpoweroff.
ResetButton TheResetbuttonisusedtoresettheserverwhilesystemisON.
ChassisIDButtonWhentheChassisIDbuttonispressed,thechassisIDLEDchangestosolidon.Ifthebuttonispressedagain,thechassisIDLEDturnsoff.
GracefulShutdown Selectoptiontosoftpoweroffthehost.
PowerLEDThePowerLEDshowsthesystempowerstatus.IfthePowerLEDisgreen,thesystemisON.IfthePowerLEDisgrey,thesystemisOFF.
StatusLEDTheStatusLEDreflectsthesystemstatusLEDstatusanditisautomaticallyinsyncwiththeBMCevery60seconds.ThisreflectstheSystemStatusLED.
ChassisIDLEDTheChassisIDLEDshowsthecurrentsystemchassisIDstatus.IftheChassisIDLEDisblue,theChassisIDisindefiniteON.IftheChassisIDLEDisgrey,theChassisIDisOFF
IPMI and RMM Setup and Configuration Guide McAfee SIEM
51
Appendix A – Command Line Arguments for IPMItool -a PromptfortheRemoteIPMIserverpassword.
-A <authtype>
SpecifyanauthenticationtypetouseduringIPMIv1.5lansessionactivation.SupportedtypesareNONE,PASSWORD,MD2,MD5,orOEM.
-c PresentoutputinCSV(commaseparatedvariable)format.Thisisnotavailablewithallcommands.
-e <sol_escape_char> UsesuppliedcharacterforSOLsessionescapecharacter.Thedefaultistouse~butthiscanconflictwithsshsessions.
-k <key> UsesuppliedKgkeyforIPMIv2authentication.ThedefaultisnottouseanyKgkey.
-y <hex key>
UsesuppliedKgkeyforIPMIv2authentication.Thekeyisexpectedinhexadecimalformatandcanbeusedtospecifykeyswithnon‐printablecharacters.Forexample,"‐kPASSWORD"and"‐y50415353574F5244"areequivalent.ThedefaultisnottouseanyKgkey.
-C <ciphersuite>
TheRemoteIPMIserverauthentication,integrity,andencryptionalgorithmstouseforIPMIv2lanplusconnections.Seetable22‐19intheIPMIv2specification.Thedefaultis3whichspecifiesRAKP‐HMAC‐SHA1authentication,HMAC‐SHA1‐96integrity,andAES‐CBC‐128encryptionalgorithms.
-E TheRemoteIPMIserverpasswordisspecifiedbytheenvironmentvariableIPMI_PASSWORD.
-f <password_file> SpecifiesafilecontainingtheRemoteIPMIserverpassword.Ifthisoptionisabsent,orifpasswordfileisempty,thepasswordwilldefaulttoNULL.
-h Getbasicusagehelpfromthecommandline.
-H <address> RemoteIPMIserveraddresscanbeIPaddressorhostname.NOTE:Thisisnottheappliance’smainIP.TheIPMIcontrollerwillhaveitsownuniqueIPaddress.
-I <interface>
SelectsIPMIinterfacetouse.Supportedinterfacesthatarecompiledinarevisibleintheusagehelpoutput.Optionsarelanoropen.IflanittellsIPMItooltousethenetworktosendcommandsinsteadofinterfacingwiththelocalIPMIcontroller.
-L <privlvl> Forcesessionprivilegelevel.CanbeCALLBACK,USER,OPERATOR,andADMINISTRATOR.DefaultisADMINISTRATOR.
-m <local_address> SetthelocalIPMBaddress.Thedefaultis0x20andthereshouldbenoneedtochangeitfornormaloperation.
-o <oemtype> SelectOEMtypetosupport.ThisusuallyinvolvesminorhacksinplaceinthecodetoworkaroundquirksinvariousBMCsfromvariousmanufacturers.Use‐olisttoseealistofcurrentsupportedOEMtypes.
-O <sel oem> OpenselectedfileandreadOEMSELventdescriptionstobeusedduringSELlistings.Seeexamplesincontribdirforfileformat.
-p <port> RemoteIPMIserverUDPporttoconnectto.Defaultis623.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
52
-P <password>
RemoteIPMIserverpasswordisspecifiedonthecommandline.Ifsupported,itwillbeobscuredintheprocesslist.Howeverthispasswordisstorethepasswordinyourhistoryfileandmaybevisibletootherusers(through“ps”orsimilar).Note:Specifyingthepasswordasacommandlineoptionisnotrecommended.
-S <sdr_cache_file>
UselocalfileforremoteSDRcache.UsingalocalSDRcachecandrasticallyincreaseperformanceforcommandsthatrequireknowledgeoftheentireSDRtoperformtheirfunction.LocalSDRcachefromaremotesystemcanbecreatedwiththesdrdumpcommand.
-t <target_address> BridgeIPMIrequeststotheremotetargetaddress.
-U <username> RemoteIPMIserverusername. ForMcAfeeSIEMappliancesthiswillalwaysberoot.
-v Increaseverboseoutputlevel.Thisoptionmaybespecifiedmultipletimestoincreasethelevelofdebugoutput.Ifgiventhreetimesyouwillgethexdumpsofallincomingandoutgoingpackets.
-V Displayversioninformation.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
53
Appendix B – Command Syntax Guide for IPMItool NOTE: Columns / commands which are grayed out either do not return values on McAfee SIEM Appliances or are not intended for general use without support or development assistance and could result in data loss on the appliance. This also hold true for certain commands within supported commands.
raw
ThiswillallowyoutoexecuterawIPMIcommands.Usage:raw <netfn> <cmd> [data] Example:ipmitool raw 0x0 0xf ForexampletoquerythePOHcounterwitharawcommand.NetworkFunctionCodes(netfn): VAL HEX STRING ============================================== 0 0x00 Chassis 2 0x02 Bridge 4 0x04 SensorEvent 6 0x06 Application 8 0x08 Firmware 10 0x0a Storage 12 0x0c Transport
i2c SendanI2CMasterWrite‐Readcommandandprintresponse
spd PrintSPDinfofromremoteI2Cdevice
lan ConfigureLANChannels
chassis
Getchassisstatusandsetpowerstateoftheappliance.Usage:chassis <status|power|identify|policy|restart_cause| poh|bootdev|bootparam|selftest> Example:ipmitool chassis poh ipmitool chassis power status Arguments:status Displaysinformationregardingthehigh‐levelstatusofthesystemchassisandmainpowersubsystem.Power(seepowersectionbelow)identify <interval> Controlthefrontpanelidentifylight.Defaultis15.Use0toturnoff.Policy <state>
IPMI and RMM Setup and Configuration Guide McAfee SIEM
54
Setthechassispowerpolicyintheeventpowerfailure. list Returnsupportedpolicies.always-on Turnonwhenpowerisrestored.previous Returnedtopreviousstatewhenpowerisrestored.always-off Stayoffafterpowerisrestored. restart_cause Querythechassisforthecauseofthelastsystemrestart.poh ThiscommandwillreturnthePower‐OnHourscounter. bootdev <device> [clear-cmos=yes|no] bootdev <device> [options=help,] Requestthesystemtobootfromanalternatebootdeviceonnextreboot.Theclear‐cmosoption,ifsupplied,willinstructtheBIOStoclearitsCMOSonthenextreboot.Currentlysupportedvaluesfor<device>are:none Donotchangebootdevicepxe ForcePXEbootdisk ForcebootfromBIOSdefaultbootdevicesafe ForcebootfromBIOSdefaultbootdevice,requestSafeModediag Forcebootfromdiagnosticpartitioncdrom ForcebootfromCD/DVDbios ForcebootintoBIOSsetupbootparam get <param #> bootparam set bootflag <flag> Requestthesystemtoforceabootfromanalternatebootdeviceonnextreboot.Theclear‐cmosoption,ifsupplied,willinstructtheBIOStoclearitsCMOSonthenextreboot.Currentlysupportedvaluesfor<device>are:force_pxe ForcePXEbootforce_disk
IPMI and RMM Setup and Configuration Guide McAfee SIEM
55
ForcebootfromBIOSdefaultbootdeviceforce_safe ForcebootfromBIOSdefaultbootdevice,requestSafeModeforce_diag Forcebootfromdiagnosticpartitionforce_cdrom ForcebootfromCD/DVDforce_bios ForcebootintoBIOSsetupselftest Willdisplayapassorfailofthechassiscomponents.
power
Shortcuttochassispowercommandsandperformsachassiscontrolcommandtoviewandchangethepowerstate.Usage:power <status|on|off|cycle|reset|diag|soft> Example:ipmitool power status Arguments:status Showcurrentchassispowerstatus.on Powerupchassis.off Powerdownchassisintosoftoff(S4/S5state).WARNING:Thiscommanddoesnotinitiateacleanshutdownoftheoperatingsystempriortopoweringdownthesystem.cycle Providesapoweroffintervalofatleast1second.NoactionshouldoccurifchassispowerisinS4/S5state,butitisrecommendedtocheckpowerstatefirstandonlyissueapowercyclecommandifthesystempowerisonorinlowersleepstatethanS4/S5.reset Thiscommandwillperformahardreset.diag Pulseadiagnosticinterrupt(NMI)directlytotheprocessor(s).soft Initiateasoft‐shutdownofOSviaACPI.Thiscanbedoneinanumberofways,commonlybysimulatinganovertemperatureorbysimulatingapowerbuttonpress.ItisnecessaryfortheretobeOperatingSystemsupportforACPIandsomesortofdaemonwatchingforeventsforthissoftpowertowork.
event Sendpre‐definedeventstoMC
mc ManagementControllerstatusandglobalenables
IPMI and RMM Setup and Configuration Guide McAfee SIEM
56
sdr
PrintSensorDataRepositoryentriesandreadings.EachcommandwilldisplayaslightlydifferentoutputbutthemainelementswillbeSensorName,SensorNumber,StatusandEntityID.SeeAppendixCforanexplanationEntityvalues.Note:DependingonwhichIPMIcommandyouusethesensornumberthatisdisplayedforaneventmightappearinslightlydifferentformats.Asensornumbercanbedisplayedaseither1Fhor0x1F.Usage:sdr <list|elist|type|info|entity|dump|fill> Example:ipmitool sdr elistParameter:-v Verboseoutput.Arguments: list | elist [<all|full|compact|event|mcloc|fru|generic>] ThiscommandwillreadtheSensorDataRecords(SDR)andextractsensorinformationofagiventype,thenqueryeachsensorandprintitsname,reading,andstatus.Ifinvokedaselistthenitwillalsoprintsensornumber,entityidandinstance,andasserteddiscretestates.Thedefaultoutputwillonlydisplayfullandcompactsensortypes,toseeallsensorsusethealltypewiththiscommand.Validtypesare:all AllSDRrecords(SensorandLocator)full FullSensorRecordcompact CompactSensorRecordevent Event‐OnlySensorRecordmcloc ManagementControllerLocatorRecordfru FRULocatorRecordgeneric GenericSDRrecordstype <sensor type> <list|get> ThiscommandwilldisplayallrecordsfromtheSDRofaspecifictype.Runwithtype listtoseethelistofavailabletypes.AlsoseeAppendixDforthelist.NotethatyoucanleaveListandGetoffandstillgetthesameinformation.ForexampletoqueryforallTemperaturesensors:ipmitool sdr type temperature Baseboard Temp | 30h | ok | 7.1 | 28 degrees C
IPMI and RMM Setup and Configuration Guide McAfee SIEM
57
FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees CProcessor1 Temp | 98h | ok | 3.1 | 57 degrees C Processor2 Temp | 99h | ok | 3.2 | 53 degrees C info ThiscommandwillquerytheBMCforSDRinformation. entity <id>[.<instance>] Displaysallsensorsassociatedwithanentity.Getalistofvalidentityidsonthetargetsystembyissuingthesdr elistcommand.AlistofallentityidscanbefoundintheIPMIspecifications.dump <file> DumpsrawSDRdatatoafile.ThisdatafilecanthenbeusedasalocalSDRcacheoftheremotemanagedsystemwiththe-S <file>optionontheipmitoolcommandline.ThiscangreatlyimproveperformanceoversysteminterfaceorremoteLAN.fill sensors fill <filename> CreatestheSDRrepositoryforthecurrentconfigurationordumpsrawSDRdatatoafile.
sensor
PrintdetailedsensorinformationUsage:sensor <list|get|thresh|reading> -v Example:ipmitool sensor listParameter:-v Verboseoutput.Arguments:list Listssensorsandthresholdsinawidetableformat.Leavingthisargumentoffwillproducethesamewideformattable.get <id> ... [<id>] Printsinformationforsensorsspecifiedbyname.thresh <id> <threshold> <setting> Thisallowsyoutosetaparticularsensorthresholdvalue.Thesensorisspecifiedbyname.Validthresholdsare:unr UpperNon‐Recoverable ucr UpperCritical unc UpperNon‐Critical lnc LowerNon‐Critical lcr LowerCritical lnr LowerNon‐Recoverable thresh <id> lower <lnr> <lcr> <lnc> Thisallowsyoutosetalllowerthresholdsforasensoratthesametime.ThesensorisspecifiedbynameandthethresholdsarelistedinorderofLowerNon‐Recoverable,LowerCritical,andLowerNon‐Critical.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
58
thresh <id> upper <unc> <ucr> <unr> Thisallowsyoutosetallupperthresholdsforasensoratthesametime.ThesensorisspecifiedbynameandthethresholdsarelistedinorderofUpperNon‐Critical,UpperCritical,andUpperNon‐Recoverable. reading Similartoaget.
fru
ThiscommandwillreadallFieldReplaceableUnit(FRU)inventorydataandextractsuchinformationasserialnumber,partnumber,assettags,andshortstringsdescribingthechassis,board,orproduct.Usage:fru print Example:ipmitool fru print
gendev Read/WriteDeviceassociatedwithGenericDevicelocatorssdr
sel
ViewtheSystemEventLog(SEL).Usage:sel <info|clear|list|elist|delete|save|writeraw|readraw|time> Example:ipmitool sel elist Arguments: info ThiscommandwillquerytheBMCforinformationabouttheSystemEventLog(SEL)anditscontents.clear ThiscommandwillclearthecontentsoftheSEL.Itcannotbeundonesobecareful.list | elist Whenthiscommandisinvokedwithoutarguments,the entirecontentsoftheSystemEventLogaredisplayed.IfinvokedaselistitwillalsousetheSensorDataRecordentriestodisplaythesensorIDforthesensorthatcausedeachevent.Notethiscantakealongtimeoverthesysteminterface.<count>|first <count> Displaysthefirstcount(least‐recent)entriesintheSEL.Ifcountiszero,allentriesaredisplayed.last <count> Displaysthelastcount(most‐recent)entriesintheSEL.Ifcountiszero,allentriesaredisplayed.delete <number> Deleteasingleevent.save <file> SaveSELrecordstotextfilethatcanbefedbackintotheeventfileipmitoolcommand.ThiscanbeusefulfortestingEventgenerationbybuildinganappropriatePlatformEventMessagefilebasedonexistingevents.Pleaseseethe
IPMI and RMM Setup and Configuration Guide McAfee SIEM
59
helpforthatcommandtoviewtheformatofthisfile.writeraw <file> SaveSELrecordstoafileinraw,binaryformat.Thisfilecanbefedbacktotheselreadrawipmitoolcommandforviewing.readraw <file> ReadanddisplaySELrecordsfromabinaryfile.Suchafilecanbecreatedusingtheselwriterawipmitoolcommand.time get DisplaystheSELclock'scurrenttime.set <time string> SetstheSELclock.FutureSELentrieswillusethetimesetbythiscommand.<Timestring>isoftheform"MM/DD/YYYYHH:MM:SS".Notethathoursarein24‐hourform.ItisrecommendedthattheSELbeclearedbeforesettingthetime.
pef ConfigurePlatformEventFiltering(PEF)
sol ConfigureandconnectIPMIv2.0Serial‐over‐LAN
tsol ConfigureandconnectwithTyanIPMIv1.5Serial‐over‐LAN
isol ConfigureIPMIv1.5Serial‐over‐LAN
user ConfigureManagementControllerusers
channel ConfigureManagementControllerchannels
session
Printsessioninformation.Getinformationaboutthespecifiedsession(s).Youmayidentifysessionsbytheirid,bytheirhandlenumber,bytheiractivestatus,orbyusingthekeyword`all'tospecifyallsessions.Usage:info <active | all | id 0xnnnnnnnn | handle 0xnn> Example:ipmitool session all
sunoem OEMCommandsforSunservers.WillnotreturnvaluesonMcAfeeSIEMAppliances.
kontronoem OEMCommandsforKontrondevicesWillnotreturnvaluesonMcAfeeSIEMAppliances.
picmg RunaPICMG/ATCAextendedcmd
fwum UpdateIPMCusingKontronOEMFirmwareUpdateManager
firewall ConfigureFirmwareFirewall
shell
ThiscommandwilllaunchaninteractiveshellwhichyoucanusetosendmultipleipmitoolcommandstoaBMCandseetheresponses.Thiscanbeusefulinsteadofrunningthefullipmitoolcommandeachtime.SomecommandswillmakeuseofaSensorDataRecordcacheandyouwillseemarkedimprovementinspeedifthesecommandsareabletoreusethesamecacheinashellsession.LANsessionswillsendaperiodickeepalivecommandtokeeptheIPMIsessionfromtimingout.
exec Runlistofcommandsfromfile
set Setruntimevariableforshellandexec
hpm UpdateHPMcomponentsusingPICMGHPM.1file
ekanalyzer RunFRU‐EkeyinganalyzerusingFRUfiles.WillnotreturnvaluesonMcAfeeSIEMAppliances.
IPMI and RMM Setup and Configuration Guide McAfee SIEM
60
Appendix C – SDR Entities Values NOTE:Dependingonhardwareversion,thislistmaycontainmoreorlessvaluesonyourappliance.Someentitiesmaynotreturnanyvalues.Toseecompletelist,usethefollowingcommand:
ipmitool -U root -H 10.1.1.13 sdr entity 0 Unspecified 1 Other 2 Unknown
3 Processor 4 DiskorDiskBay 5 PeripheralBay
6 SystemManagementModule 7 SystemBoard 8 MemoryModule
9 ProcessorModule 10 PowerSupply 11 Add‐inCard
12 FrontPanelBoard 13 BackPanelBoard 14 PowerSystemBoard
15 DriveBackplane 16SystemInternalExpansionBoard
17 OtherSystemBoard
18 ProcessorBoard 19 PowerUnit 20 PowerModule
21 PowerManagement 22 ChassisBackPanelBoard 23 SystemChassis
24 Sub‐Chassis 25 OtherChassisBoard 26 DiskDriveBay
27 PeripheralBay 28 DeviceBay 29 FanDevice
30 CoolingUnit 31 Cable/Interconnect 32 MemoryDevice
33SystemManagementSoftware
34 BIOS 35 OperatingSystem
36 SystemBus 37 Group 38 RemoteManagementDevice
39 ExternalEnvironment 40 Battery 41 ProcessingBlade
42 ConnectivitySwitch 43 Processor/MemoryModule 44 I/OModule
45 Processor/IOModule 46ManagementControllerFirmware
47 IPMIChannel
48 PCIBus 49 PCIExpressBus 50 SCSIBus(parallel)
51 SATA/SASBus 52 Processor/Front‐SideBus 160 PICMGFrontBoard
192PICMGRearTransitionModule
193 PICMGAdvancedMCModule 240PICMGShelfManagementController
241 PICMGFiltrationUnit 242 PICMGShelfFRUInformation 243 PICMGAlarmPanel
Ifthereareanumberofthesameentities,youwillgetadecimalversionofentityID.Forinstance,FanDevicemaydisplayas:
2a |FM5/F0/TACH | 76h | ok | 29.5 | 5300 RPM Where29istheentityvalueand5istheinstanceofthatentity.
ForacompletelistoftheBMCCoreSensorsandpossiblereturncodes(offsettriggers)pleaseseeTable61intheIntel Server Board S2600GZ / GL Technical Product Specification Guide. http://www.intel.com/support/motherboards/server/sb/CS‐033134.htm
IPMI and RMM Setup and Configuration Guide McAfee SIEM
61
Appendix D – SDR Type Values NOTE:Noteverytypeparametermaybeusedwiththetypeargumentandmayreturnanerrorornoresults.Toseecompletelist,usethefollowingcommand:
ipmitool -U root -H 10.1.1.13 sdr type
Temperature Voltage
Current Fan
PhysicalSecurity PlatformSecurity
Processor PowerSupply
PowerUnit CoolingDevice
Other Memory
DriveSlot/Bay POSTMemoryResize
SystemFirmware EventLoggingDisabled
Watchdog SystemEvent
CriticalInterrupt Button
Module/Board Microcontroller
Add‐inCard Chassis
ChipSet OtherFRU
Cable/Interconnect Terminator
SystemBootInitiated BootError
OSBoot OSCriticalStop
Slot/Connector SystemACPIPowerState
Watchdog PlatformAlert
EntityPresence MonitorASIC
LAN ManagementSubsystemHealth
Battery SessionAudit
VersionChange FRUState
ForacompletelistoftheBMCCoreSensorsandpossiblereturncodes(offsettriggers)pleaseseeTable61intheIntel Server Board S2600GZ / GL Technical Product Specification Guide. http://www.intel.com/support/motherboards/server/sb/CS‐033134.htm