SIEM IPMI Configuration and Setup

8/20/2019 SIEM IPMI Configuration and Setup

1/61

McAfee SIEM

IPMI / RMM Setup and Configuration Guide

V1.1 November 2014


2/61

Introduction

This document is designed to provide the reader with all the steps and information on

implementing and using the Intelligent Platform Management Interface (IPMI) and Remote

Management Monitor capabilities supported in the McAfee SIEM operating environment

v9.4 and later.

The Intelligent Platform Management Interface (IPMI) is a standardized computer

system interface used by system administrators for out-of-band management of computer

systems and monitoring of their operation. It is a way to manage a computer that may be

powered off or otherwise unresponsive by using a network connection to the hardware

rather than to an operating system or login shell.

IPMI information is exchanged though Baseboard Management Controllers (BMCs), which

are located on IPMI-compliant hardware components. The BMC is a specialized

microcontroller embedded on the motherboard of a computer, generally a server. The BMC

manages the interface between system management software, in this case RMM and

platform hardware. Using low-level hardware intelligence instead of the operating system

has two main benefits: First, this configuration allows for out-of-band server management;

Second, the operating system is not burdened with transporting system status data.

IPMI functions are designed to work in any of three scenarios:

• Before an OS has booted (allowing, for example, the remote monitoring orchanging of BIOS settings)

• When the system is powered down (but still attach to power)• After OS or system failure – the key characteristic of IPMI compared with in-

band system management such as by remote login to the operating system

using SSH

Remote monitoring and management (RMM) is a collection of information technology

tools that are found on workstations and servers. These tools gather information regarding

the applications and hardware operating within an environment as well as supply activity

reports allowing administrators to resolve any issues. RMM usually provides a set of IT

management tools like trouble ticket tracking, remote desktop monitoring, support, and user

information through a complete interface.

Within the McAfee SIEM appliance family, IPMI is provided through the Intel RMM4 moduleinstalled into every McAfee GEN4 SIEM Appliance.


3/61

IPMI and RMM Setup and Configuration Guide McAfee SIEM

3

Revision History

August 2014 V1.0 First Public Release

November 2014 V1.1

• Added Revision History Section

• Added links to motherboard SDR return codes.

• Corrected page number


4/61


4

Table of Contents

BIOS Update 5Updating your appliance(s) to enable IPMI and RMM

Enabling IPMI 15Turning on IPMI via ESM Management Interface

IPMItool 20Command line IPMI syntax and examples

BMC Web Console 32Using the web console interface

Appendix A 51Command line arguments for IPMItool

Appendix B 53Command syntax for IPMItool

Appendix C 60

SDR Entity Values

Appendix D 61SDR Type Values


5/61


5

BIOS Update

IPMI and RMM capabilities are only supported on the Generation 4 (GEN4) SIEM appliances. Before

proceeding with this document, make sure you have GEN4 appliances. The two images below highlight thestark differences between Generation 3 and Generation 4 SIEM appliances. While the examples below

display the 2U Gen4 appliance and the 3U Gen3 appliance, the orange bezel is always indicative of a Gen3

appliance.

GEN4 Appliance

GEN3 Appliance

Within the Gen4 SIEM appliance family, there are some exceptions on which platforms support IPMI

capabilities. Below is a table of what is and is not supported.

IPMI Supported IPMI NOT Supported

All Standalone ESM Models Any DAS Models

(These devices do not have an IPMI port)

All Combination ESM Models Any Receiver (ERC) in HA mode regardless of Model(All available ports are used to configure HA)

All Non-HA Receivers (ERC)

All ACE Appliances

All ADM Appliances

All DEM Appliances


6/61


6

Figure 1

Figure 2

BIOS Update

Before IPMI and Remote Management can be supported within the McAfee SIEM environment, the BIOS for

each appliance must be at a specific release to enable capabilities within the SIEM Management interface andSIEM operating environment. As outlined in the previous section, remote management is only available on

Generation 4 and later appliances as well as operating environment v9.4 and later. See previous section for a

description of the appliances to ensure you have a GEN4 appliance.

Check current appliance version

IPMI and RMM capabilities are only supported in the SIEM operating environment v9.4 and above. To check

which McAfee SIEM Operating Environment version your appliance(s) are currently at, log into your ESM

using any flash capable browser. Once the login screen appears, check the lower left corner of the browser

for the version number. It should be version 9.4.0 or greater. See Figure 1 for an example. If your appliance

does not have this version, access the McAfee download page to obtain the latest release. Once it has beenupgraded, continue with the steps following this topic.

The download link is: http://www.mcafee.com/us/downloads/downloads.aspx

While all McAfee SIEM appliances should be on the same operating environment release, it is possible thatthis may not be the case in your environment. We recommend checking each appliance’s SIEM Operating

Environment version. To do this, select the appliance and click the Properties icon (White Square in icon bar

above device tree display) and the resulting dialog will display the version. An example of this is in Figure 2.

Check current appliance BIOS version

Once you have identified your appliance as GEN4 hardware and that you are on the proper SIEM operating

environment version, you should check your BIOS version to ensure that it requires a BIOS update.

Depending on when you received your appliance(s), its BIOS may have already been updated.

http://www.mcafee.com/us/downloads/downloads.aspxhttp://www.mcafee.com/us/downloads/downloads.aspxhttp://www.mcafee.com/us/downloads/downloads.aspx


7/61


7

McAfee-ETM-6000 ~ # dmidecode -t 0

# dmidecode 2.10SMBIOS 2.6 present.172 structures occupying 10014 bytes.Table at 0x000EB570.

Handle 0x0000, DMI type 0, 24 bytesBIOS Information

Vendor: Intel Corp.Version: SE5C600.86B.02.02.0002.122320131210Release Date: 12/23/2013Address: 0xF0000Runtime Size: 64 kBROM Size: 8192 kB

Characteristics:PCI is supportedBIOS is upgradeableBIOS shadowing is allowedBoot from CD is supportedSelectable boot is supportedEDD is supported5.25"/1.2 MB floppy services are supported (int 13h)3.5"/720 kB floppy services are supported (int 13h)3.5"/2.88 MB floppy services are supported (int 13h)Print screen service is supported (int 5h)8042 keyboard services are supported (int 9h)

Serial services are supported (int 14h)Printer services are supported (int 17h)ACPI is supportedUSB legacy is supportedBIOS boot specification is supportedTargeted content distribution is supported

BIOS Revision: 4.6

McAfee-ETM-6000 ~ #

Figure 3

BIOS Update

To check the BIOS version, SSH into the appliance and issue the following command:

McAfee-ETM-6000 ~ # dmidecode –t 0

Figure 3 displays an example of the output the command will generate.

The correct BIOS version release date should be at or later than the example highlighted (yellow) above.

If yours is not, continue with the steps on the following pages. If your BIOS version is at or later than thisrelease date, continue onto the ESM Setup section on page 16.


8/61


8

The BIOS packages located here are specific Intel Security (McAfee) SIEM Appliances. Do not

attempt to use any other BIOS packages other than what is located here.

Because BIOS packages may change between SIEM operating environment releases, please refer to

the Contents-README.txt file for the correct package that is to be used for the appliance you

are upgrading.

BIOS Update

Obtaining the BIOS update package

To upgrade the appliance BIOS you will need extract the proper Intel Security BIOS update package to a USB

flash drive. These compressed packages are located on the ESM appliance in the following directory:

/etc/areca/system_bios_update/

The directory will contain files similar, but not exactly, as the ones below:

850-1773-03_032514.zip850-1904-00_012714.zip

Contents-README.txt

After you have identified which ZIP package is appropriate for the appliance you are upgrading, use an

application like SCP or WinSCP to download the ZIP package. If your environment requires both zip

packages, please extract each zip to its own properly labeled USB flash drive. Mixing the packages could

render an appliance un-bootable.

Once you have downloaded the zip package, unzip it to the root of your USB flash drive. The drive you use

should be empty, should be a 4GB drive or less and can be formatted using Windows or Linux file systems. It

also does not have to be bootable. The directory on the USB flash drive will look similar to Figure 4 below.

Figure 4


9/61


9

Do not make a selection. Let the system boot as normal. It will auto recognize that the USB drive is

attached and boot from it. The McAfee Splash screen may take up to 60 seconds before proceeding.

BIOS Update

Next, insert the USB flash drive into an unused USB port on the back of the appliance being upgraded. The

rear of both appliances (1U and 2U ), and their respective USB ports, are highlighted in Figure 5.

Once the USB flash drive has been attached, re-boot the appliance. To ensure a proper shutdown, use either

the SIEM Administrative interface (browser-based GUI ) or a monitor and keyboard attached to the system to

access the LCD emulator in the upper left corner of the console. The shutdown process may take several

minutes so that it can safely complete any outstanding task. Please be patient.

Once the system boots normally, it will display the McAfee Boot Splash screen as shown in Figure 6.

Figure 5

Figure 6


10/61


10

Figure 7

Do not interrupt or reset the update process, remove power to the system, or use the keyboard

(unless prompted ) while the update is taking place. Doing so could result in an unbootable

system.

Figure 8

BIOS Update

After the McAfee boot splash clears, the system will

recognize the USB and will start to boot. However,depending on when you received your SIEM appliance,

there may have been a BIOS password set and it will

need to be entered in order for the automated BIOS

update process to start. If this is the case in your

environment, the example in Figure 7 will appear. The

password you enter will depend on the type of appliance

you are updating.

For 1U Appliances use: appl1an

For 2U Appliances use: @ppl1@nc3

Once you have successfully entered the BIOS password, you should see a screen similar to Figure 8.

At this point it should start updating the system automatically and you will see messages scroll across the

screen. The entire process can take as much as 15 to 20 minutes to complete. There are multiple phases ofthe update process as the various subsystems of the motherboard are updated. You may notice that the

appliance cooling system power cycle a number of times, this is normal. You may also notice messages

indicating password failures, this also is normal.


11/61


11

BIOS Update

The update process should end successfully with a message similar to Figure 9. It will indicate that the USB

flash drive should be removed and the system rebooted using the front-panel reset button.

Troubleshooting

You may not always get the display in Figure 9 on your first attempt at updating the BIOS. This could be due

to issues where the FRU flags a few messages or recoverable errors have occurred. The following page(s)

will provide guidance on how to handle some of these issues should they arise.

Update file configuration: Revision S2600GZ.112FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation.

Auto-detecting chassis model and attached hardware.This may take up to 1 minute to complete.

FRUSDR update completed.

Setting BIOS Admin and User Password

Successfully Completed

Successfully CompletedBIOS Admin and User Password Set

Updates Completed. Please remove the USB key and reboot using the front panel button

Fs0:\>

Figure 9


12/61


12

BIOS Update

Chassis Selection

In some instances, after the BIOS appears to have successfully updated, an FRU message indicating an

issue detecting the backplane has occurred (figure 10) and it asks you to determine which chassis is in

use.

For all McAfee SIEM Appliances, choose option 2 Intel(R) Server Chassis R2000.

Once that is selected, an R2000 Chassis type message (Figure 11) will appear.

Choose option 3 R2312 Chassis

Once you’ve made the selections, the process should continue. However, the process may also stall. If the

process stalls, we recommend rebooting the appliance and perform the BIOS upgrade again. This second

BIOS upgrade should complete successfully and will end with the display similar to page 11.

ME firmware update completed.

FRUSDR 1.12 is being installed.Update file Configuration: Revision S2600GZ_112FRU & SDR Update Package for Intel(R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation


Hot-swap HDD backplane detected but its FRU details either corrupted or blank.Falling back to User chassis selection as auto detection is not possible.!

Select the Chassis1 Intel(R) Server Chassis R10002 Intel(R) Server Chassis R20003 Other Chassis

Figure 10

Hot-swap HDD backplane detected but its FRU details either corrupted or blank.Falling back to User chassis selection as auto detection is not possible.!

Select the Chassis1 Intel(R) Server Chassis R10002 Intel(R) Server Chassis R20003 Other ChassisSelect the R2000 chassis type1 R2208/R2216/R2308 chassis2 R2224 chassis3 R2312 chassis4 Intel(R) Server Chassis R2000 with Aux PCIe

Figure 11


13/61


13

BIOS Update

Password Set Failure

In some instances, after the BIOS appears to have successfully updated, one or more errors indicating

that a Password mismatch has occurred. It may appear like the example in Figure 12.

This error(s) should not affect the process and the admin and user passwords will ultimately get set

properly.

BMC Firmware is not Transitioning

In some instances, after the firmware has successfully updated, a message similar to Figure 13 will

appear.

If this occurs, press Y. Shortly after, you should receive an Updates Completed

message similar to Figure 9. However, it has been reported that once the USB

drive has been removed and the power switch pressed, the appliance does not

reboot. At this point you have two options. First, press and hold the reset button

(Figure 14) for 20 seconds. If the appliance still does not reboot, it is

recommended that power be removed from the appliance.

In either situation, it is recommended that the BIOS update be performed a second

time. On this second attempt the update should complete without error.Figure 14

Update file configuration: Revision S2600GZ.112FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation.


FRUSDR update completed.

Setting BIOS Admin and User Password

Error: Password Mismatch:entered password doesn’t match with current password

Error: Password Mismatch:entered password doesn’t match with current passwordBIOS Admin and User Password Set

Figure 12

BMC Firmware update Successful

BMC Firmware is not transitioning to operating modeCould not exit FW transfer modeAn Error occurredTo save the error to a fileY,N,ESC

Figure 13


14/61


14

BIOS Update

If you run into issues not previously highlighted, the update process stalls or prompts you for an entry of

some nature which you do not have the answer for.

DO NOT SHUT OFF THE APPLIANCE

Contact McAfee support at http://mysupport.mcafee.com; or at 800-937-2237; or your McAfee Platinum

Support representative.

http://mysupport.mcafee.com/http://mysupport.mcafee.com/http://mysupport.mcafee.com/http://mysupport.mcafee.com/


15/61


15

There are several security issues to be considered before enabling the IPMI LAN interface. Aremote station has the ability to control a system’s power state as well as being able to gather or

modify certain platform information. To reduce vulnerability it is strongly advised that the IPMI

LAN interface only be enabled in 'trusted' environments where system security is not an issue or

where there is a dedicated secure 'management network'.

Enabling IPMI

Now that the appliance(s) have been updated to the proper BIOS level, you will need to connect each

appliance’s IPMI port to your network. All of the IPMI capabilities outlined in the following pages are onlysupported via the IPMI port. McAfee SIEM appliances do not support Remote Management via the traditional

MGMT1 or MGMT2 ports.

The Figure 15 highlights the IPMI port location on each style (1U or 2U ) of SIEM appliance. A standard CAT5

or CAT6 cable can be used and there is no need to use a cross-over cable, as a standard Ethernet cable will

work.

Once you have cabled the appliance(s) use the steps on the following pages to set the IP address for each

appliance to enable remote management. To perform these tasks, launch a flash capable browser and log

into the ESM’s browser-based interface using the NGCP account.

Figure 15


16/61


16

If for some reason your BIOS update did not complete successfully, the Enable IPMI Settings section

will not appear.

Enabling IPMI

Once logged into the ESM, navigate to one of these locations depending on which appliance you need to

enable Remote Management on. Each appliance type sets the IP address differently. Please make sure youfollow the instructions for the appropriate appliance.

Setting IP address for ESM or All-in-One Appliances:

Select System Properties and then Network Settings. Next, select the Advanced tab

and the dialog in Figure 16 will appear.

Setting IP address for a Receiver, ACE, ELM, ADM, or DEM:

Select Device Properties and then Device Configuration. Next, select the Interface button and then the Advanced tab and a dialog similar to Figure 16 will appear.

Figure 16 is specific for an ESM, but each device (ERC, ACE, ELM, etc.,.) will have a

similar dialog with the exact same IPMI values.

Figure 16


17/61


17

Enabling IPMI

Regardless of which appliance you are configuring, the steps outlined here will be the same for all

appliances.

Check the Enable IPMI Settings check box and then fill in the appropriate network settings. Figure 17

provides an example of how these may appear. The VLAN setting is the only optional setting and everything

else will be required.

Once you have completed entering the network settings, click Apply or OK . In the background, the appliance

will have its IPMI IP address set. Then, depending on the appliance you made the settings on, you will see a

similar version of Figure 18 indicating the progress of the action. This may take a few seconds to complete

depending on the activity of the appliance.

When it has completed successfully, both the Apply and OK buttons may be grayed out temporarily.

If something in the preceding steps is different than what was outlined, see the next page for caveats to the

process.

Figure 17

Figure 18


18/61


18

Enabling IPMI

Caveats to setting the IPMI Network Settings

Wrong Version

If you have an ESM on version 9.4 but a new or existing ERC, ELM, ACE or other appliance has not been

upgraded, you may still see the IPMI setting for that appliance. However, because IPMI support requires

SIEM operating environment v9.4 and above, the process for setting an IP address may not complete

successfully. If you see a message similar to Figure 19, check the version of your appliance before

proceeding.

Re-keying Notice

For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, to change the IPMI root password you will need to

perform a re-key operation. On Receiver class devices, the dialog in Figure 20 will appear after you check

Enable IPMI Settings. Page 19 will provide the details on changing the password.

Stray VLAN Characters

For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, you may see a character in the VLAN field and it

will not be possible to remove it. This is currently a known issue and will be resolve, but it will not affect

your ability to set enter the network settings.

Figure 19

Figure 20


19/61


19

Enabling IPMI

Setting IPMI password

Once the network settings have been set, you will receive a prompt (Figure 21) to change the password for

the IPMI root account. Each appliance may have a slightly different dialog depending on appliance model and

operating environment version. Also, there is only one account defined for IPMI and that is root.

To set IPMI root password for ESM or All-in-One Appliance:

Option #1

Click NGCP in the upper right corner of the ESM browser-based interface. It will then

display a password change dialog. Following the password criteria, enter the existing

password followed by the new password. Once complete, click OK and assuming you

met the password criteria, the password will be modified for the IPMI root account as

well as NGCP.

Option #2

Select the System Properties icon in the Quick Connect icon bar. Then select Users

and Groups from the System Properties dialog. Enter the NGCP password when

prompted. Next select the NGCP account from the User list and click Edit . Within the

Edit user dialog, click the Set Password button and follow the password criteria for

the new password. Click OK and assuming you met the password criteria, the

password will be modified for the IPMI root account as well as NGCP.

To set IPMI root password for an ERC, ERCELM, ACE, ELM, ADM, or DBM:

Select the Device Properties. Next, select Key Management . Then click the Key

Device button. This will display the Key Device Wizard dialog and prompt you to

enter a new password. Once you have entered the password twice, click the Next

button. This will then re-key the appliance with the ESM and then set the IPMI root

password for this appliance. Because this password dialog does not have the same

password restrictions as the ESM, if you want to retain the password on the appliance,

simply enter the password you have used in the past.

Figure 21


20/61


20

It should be noted that remote use of IPMItool requires port 623. This cannot be changed. Ifthere is a firewall or other device between the IPMItool client and the McAfee SIEM appliance,

you will need to ensure that this port is open for traffic to pass.

IPMItool

As mentioned in the introduction of this document, the Intelligent Platform Management Interface (IPMI)

is an interface used by administrators for out-of-band management of computer systems and monitoring oftheir operation. In this section, we highlight the IPMItool application syntax and use case examples will be

highlighted.

IPMItool provides a simple, command-line interface to IPMI-enabled devices through an IPMIv1.5 or

IPMIv2.0 LAN interface. It is offered on a wide variety of platforms including Windows, UNIX, Linux and Mac.

Because of the variety of platforms that IPMItool can exist on, this document uses the Sourceforge syntax

and parameters. Your platform implementation may vary slightly and you are encouraged to review the

documentation for your variant.

IPMItool can be used in two basic forms. Locally on the SIEM appliance that you are managing or remotely

from a workstation or server running IPMItool to the SIEM appliance you need to manage.

The syntax for local access is:

McAfee-ETM-6000 ~ # ipmitool

The syntax for remote access is (See Appendix A for additional arguments):

C: \ i pmi t ool –H –U

– or –

[user@linux ~]# ipmitool –H –U

IPMItool Examples

The examples on the following pages all use remote techniques. However, simply removing the –H and –U

parameters and their associated values from the command string will allow for the same results if executed

on the local appliance or via SSH to the local appliance. Also, these examples do not include the password

parameter and you will be prompted for the password before the command can execute.

In the following examples, we only highlight the command arguments and not the common items for each

command. In the example below, the syntax in grey is common to all examples and the arguments in blue

are what we are highlighting. The username (-U) is always root and the password was set in the previous

Enabling IPMI section.

ipmitool -U root -H 10.1.1.13 chassis status

Because of the extensive command set of IPMItool, we are only highlighting the commands that would be the

most valuable for the wider McAfee SIEM customer base. At the end of this section there are some links you

can reference to learn more about additional IPMItool commands. In addition, the appendices have a

complete list of commands, arguments and parameters.


21/61


21

Syst emPower : onPower Over l oad : f al sePower I nt er l ock : i nacti veMai n Power Faul t : f al sePower Cont r ol Faul t : f al sePower Rest ore Pol i cy : al ways- onLast Power Event :Chassi s I nt rusi on : i nacti veFront - Panel Lockout : i nact i veDri ve Faul t : f al seCool i ng/ Fan Faul t : f al seSl eep But t on Di sabl e : not al l owedDi ag But t on Di sabl e : al l owedReset Butt on Di sabl e : al l owed

Power Butt on Di sabl e : al l owedSl eep But t on Di sabl ed: f al seDi ag But t on Di sabl ed : f al seReset But t on Di sabl ed: f al sePower But t on Di sabl ed: f al se

IPMItool not only can query a sensor, it has the ability to make changes to the system at the BIOSlevel as well as the ability to control power up and power down states. Any use or misuse of a

command that changes the operation of the McAfee SIEM appliance could result in data lost.

IPMItool

Query the chassis status

Chassis status is used for managing/monitoring an IPMI chassis, such as chassis power,

identification (i.e. LED control), and status of the appliance chassis.

ipmitool -U root -H 10.1.1.13 chassis status


22/61


22

FRU Devi ce Descr i pt i on : Bui l t i n FRU Devi ce (I D 0)Chassi s Type : Rack Mount Chassi sChassi s Par t Number : R2312GZ4

Chassi s Ser i al : A070220066Chassi s Ext r a : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chassi s Ext r a : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Board Mf g Dat e : Sat Aug 11 01: 22: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : S2600GZBoard Seri al : QSGR21701237Board Par t Number : G11481- 352Product Manufacturer : McAf ee I nc.Product Name : ELM4600

Pr oduct Par t Number : 610- 1905- 00Product Versi on : ELM- 4600Product Ser i al : A070220066Product Asset Tag : 060f ddbf9708

FRU Device Description : Pwr Supply 1 FRU (ID 2)Device not present (Unknown (0x81))

FRU Devi ce Descr i pt i on : Pwr Suppl y 2 FRU ( I D 3)Product Manuf act urer : DELTAPr oduct Name : DPS- 750XB APr oduct Par t Number : E98791- 006Product Versi on : 01Pr oduct Ser i al : E98791D1214020872

FRU Devi ce Descr i pt i on : Front Panel ( I D 4)Board Mf g Dat e : Mon J un 11 11: 34: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : F2USTOPANELBoar d Ser i al : . . . . . . . . . . . .

Board Par t Number : G28538- 250

FRU Devi ce Descr i pt i on : HS Backpl ane 1 ( I D 5)Board Mf g Dat e : Fr i Mar 30 10: 31: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : F2U12X35HSBPBoard Seri al : QSRU21300568Board Par t Number : G43212- 250

IPMItool

Query the Field Replaceable Unit (fru) Inventory

Print built-in FRU (Field Replaceable Unit) inventory and scan SDR (Sensor Data Record) for FRU locators

and their values. The example below shows a number of interesting items. First, highlighted in blue is the

product name. This is what was entered at the time of manufacture. Next, the area highlighted in red is a

power supply. In this example, the power supply was slid out of the machine used in testing and as you can

see from the example below, it is shown as not present.

ipmitool -U root -H 10.1.1.13 fru


23/61


23

Pwr Uni t St atus | 0x00 | okPwr Uni t Redund | 0x0a | okI PMI Wat chdog | 0x00 | okPhysi cal Scr t y | 0x00 | okFP NMI Di ag I nt | 0x00 | okBB +12. 0V | 11. 94 Vol t s | okBB +5. 0V | 4. 96 Vol t s | okBB +3. 3V | 3. 25 Vol t s | okBB P1 VR Temp | 28 degrees C | okFr ont Panel Temp | 22 degrees C | okSSB Temp | 43 degrees C | okBB P2 VR Temp | 28 degrees C | okBB Vt t 2 Temp | 32 degr ees C | okBB Vt t 1 Temp | 27 degr ees C | ok

HSBP 1 Temp | 28 degrees C | okSyst em Fan 1 | 11956 RPM | okSyst em Fan 2 | 12152 RPM | okSyst em Fan 3 | 12054 RPM | okNM Capabi l i t i es | Not Readabl e | nsMTT CPU1 | di sabl ed | nsMTT CPU2 | di sabl ed | ns

IPMItool

Query the Sensor Data Record (sdr)

Sensor Data Records (SDR) contains information about the type and number of sensors present on a given

appliance. An individual sensor record describes a specific sensor and its state or status. The sensor records

are stored in a central, non-volatile storage area, which is managed by the BMC. This storage area is called

the Sensor Data Record Repository. Using IPMItool, we can query that repository for the sensors and their

status. An example is below.

For a complete list of the BMC Core Sensors and possible return codes (offset triggers) please

see Table 61 in the Intel Server Board S2600GZ / GL Technical Product Specification Guide.

http://www.intel.com/support/motherboards/server/sb/CS-033134.htm

ipmitool -U root -H 10.1.1.13 sdr list

NOTE: The full sdr command results are truncated in the example above to preserve page space.

The column format from the sdr list output above is:

Sensor Type or ID

This is the type of sensor. There can be multiple entries of the same type. For

example, there could be one VCORE sensor for each processor. This has a 16character max length.

Sensor ReadingThis is the current reading of the sensor. Where available, the reading istranslated into the appropriate units (for example, degrees, volts or RPM).

Sensor Status

This indicates the sensor status. Possible values are:

ok – The sensor is present and operating correctlyns – No sensor (corresponding reading will say disabled or Not Readable)

nc – non-critical error regarding the sensor

cr – critical error regarding the sensor

nr – non-recoverable error regarding the sensor


24/61


24

BB P1 VR Temp | 20h | ok | 7.1 | 28 degrees C

Front Panel Temp | 21h | ok | 12.1 | 22 degrees C

SSB Temp | 22h | ok | 7.1 | 43 degrees C

BB P2 VR Temp | 23h | ok | 7.1 | 28 degrees C

BB Vtt 2 Temp | 24h | ok | 7.1 | 32 degrees C

BB Vtt 1 Temp | 25h | ok | 7.1 | 27 degrees C

HSBP 1 Temp | 29h | ok | 7.1 | 28 degrees C

Exit Air Temp | 2Eh | ok | 7.1 | 33 degrees C

LAN NIC Temp | 2Fh | ok | 7.1 | 42 degrees C

System Fan 1 | 30h | ok | 29.1 | 11956 RPM


System Fan 3 | 34h | ok | 29.3 | 12054 RPMSystem Fan 4 | 36h | ok | 29.4 | 12054 RPM


IPMItool

If the elist parameter is used, it will add the entity ID and the asserted discrete states.

ipmitool -U root -H 10.1.1.13 sdr elist

The column format from the sdr elist output above is:

Sensor Type or ID

This is the type of sensor. There can be multiple entries of the same type.

For example, there could be one VCORE sensor for each processor. This

has a 16 character max length

Sensor Number

The numeric value of the sensor. Once known, it can be used as a

parameter to query the sensor directly. Examples of this are on thefollowing page.

Sensor Status

This indicates the sensor status. Possible values are:

ok – The sensor is present and operating correctly

ns – No sensor (corresponding reading will say disabled or Not Readable)

nc – non-critical error regarding the sensor

cr – critical error regarding the sensor

nr – non-recoverable error regarding the sensor

Entity ID and

Instance

This is the entity value for the type of sensor being displayed. If there is

multiple of the same exact entity, then the instance will increment. See

Appendix C for a complete list of Entity ID’s.

Sensor Reading

This is the current reading of the sensor. Where appropriate, the reading

is translated into the appropriate units (for example, degrees for

temperature sensor).

Using the elist parameter provides additional values. These are Sensor Number (orange) and Entity

(green). These new values can provide additional capabilities when added to the command syntax. Notice

that some sensors can have the same entity (green) parent, 29 for system fan or 7 for internal temperature.

These values can be used with the entity parameter to display values for just those sensors. Sensor Number

(orange) is the unique ID for a given sensor and can be used with the sel parameter to obtain log and

sensor information.

Example of using specific Sensor Names, Numbers or Entity values to query specific sensors or groups of

sensors are on the following pages.


25/61


25

Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant



Fan 1 Present | 40h | ok | 29.1 | Device Present


PS1 Status | 50h | ok | 10.1 |

PS2 Status | 51h | ok | 10.2 | Presence detectedPS1 Input Power | 54h | ns | 10.1 | No Reading

PS2 Input Power | 55h | ok | 10.2 | 220 Watts

PS1 Curr Out % | 58h | ns | 10.1 | No Reading

PS2 Curr Out % | 59h | ok | 10.2 | 25 unspecified

PS1 Temperature | 5Ch | ns | 10.1 | No Reading

PS2 Temperature | 5Dh | ok | 10.2 | 28 degrees C

HDD 0 Status | F0h | ok | 15.1 | Drive Present

HDD 1 Status | F1h | ok | 15.1 | Drive Present

HDD 2 Status | F4h | ok | 15.1 |

HDD 3 Status | F5h | ok | 15.1 | HS Backplane 1 | 00h | ns | 15.1 | Logical FRU @05h

Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant



IPMItool

Query the SDR for Fan Device state

Ex #1: ipmitool -U root -H 10.1.1.13 sdr entity 29

The example above queries all Fan Devices in the system.

Ex #2: ipmitool -U root -H 10.1.1.13 sdr entity 29.1

The example above queries the entity 29 and instance 1 for a specific fan.

Query the SDR for Power Supply state

ipmitool -U root -H 10.1.1.13 sdr entity 10

The example above queries the entity for the appliance power supplies. In this example, you

can see that the Power Supply unit 1 has been removed from the appliance.

Query the SDR for Hard Drive state

ipmitool -U root -H 10.1.1.13 sdr entity 15

The example above queries the entity for the hard drives. In this example, you can see that

HDD 2 and HDD 3 are not present.


26/61


26

IPMItool

Lastly, a couple variants for a sdr query.

To view only the Temperature, Voltage, and Fan Sensors

ipmitool -U root -H 10.1.1.13 sdr elist full

To view ALL Temperature Sensors regardless of entity

ipmitool -U root -H 10.1.1.13 sdr type temperature

NOTE: See Appendix D for a complete list of type values.

To view status of Power Units

ipmitool -U root -H 10.1.1.13 sdr type ‘Power Unit’

NOTE: Multi-word type require single quotes. See Appendix D for a complete list of type values.

To view all sensor data in wide table format

This format will include thresholds for each value where present.

ipmitool -U root -H 10.1.1.13 sdr sensor

Or verbose mode which will even more labeling for the thresholds

ipmitool -U root -H 10.1.1.13 sdr sensor -v


27/61


27

Pwr Unit Status | 0x0 | discrete | 0x0000| na | na | na | na | na | naPwr Unit Redund | 0x0 | discrete | 0x0a00| na | na | na | na | na | na

BB P1 VR Temp | 27.000 | degrees C | ok | na | 0.000 | 5.000 | 110.000 | 115.000 | naFront Panel Temp | 21.000 | degrees C | ok | na | 0.000 | 5.000 | 50.000 | 55.000 | naSystem Fan 1 | 12054.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na

System Fan 2 | 12348.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | naBB +12.0V | 11.935 | Volts | ok | na | 10.635 | 10.947 | 13.027 | 13.391 | naBB +5.0V | 4.959 | Volts | ok | na | 4.416 | 4.546 | 5.415 | 5.566 | na

IPMItool

Query the Sensor information (sensor)

The sdr parameter is useful for current state. However, to view the complete sensor list

including thresholds, you will need to use the sensor parameter. Below are some common

example of how to use the parameter.

To query the complete sensor list.

ipmitool -U root -H 10.1.1.13 sensor list

NOTE: The full sensor command results are truncated in the example above to preserve page space.

The column format from the sensor output above is:

Sensor Type (name)This is the type or name of sensor. There can be multiple entries of the same

type. For example, there could be one VCORE sensor for each processor.

Reading This is the current reading of the sensor.

UnitThis is the units of the sensor reading (e.g., degrees for temperature sensor).Discrete is a binary sensor; other values are generally self explanatory.

Status

This indicates the status of the sensor. Possible values:

ok – okay

na – not available

a hex value

LNR This is the lower non-recoverable threshold value for this sensor.

LCR This is the lower critical threshold value for this sensor.

LNC This is the lower non-critical threshold value for this sensor.

UNC This is the upper non-critical threshold value for this sensor.

UCR This is the upper critical threshold value for this sensor.

UNR This is the upper non-recoverable threshold value for this sensor.

On the following pages are a few examples of how to use the sensor parameter. Also see

Appendix B for a syntax reference on sensor.


28/61


28

Locating sensor record...

Sensor ID : HDD 0 Status (0xf0)Entity ID : 15.1

Sensor Type (Discrete): Drive Slot / BayStates Asserted : Drive Slot

[Drive Present]


Sensor ID : PS1 Status (0x50)Entity ID : 10.1Sensor Type (Discrete): Power Supply


Sensor ID : PS2 Status (0x51)Entity ID : 10.2

Sensor Type (Discrete): Power SupplyStates Asserted : Power Supply

[Presence detected]

IPMItool

Query the status of a particular hard drive.

ipmitool -U root -H 10.1.1.13 sensor get 'HDD 0 Status'

The value within the single quotes is the sensor type (name) in column 1 from the

previous page example.

Query the status of the Power Supplies.

Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Status'

Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Status'

Notice that the presence detected value exists in Power Supply 2 and not on Power

Supply 1. This means that the PS1 unit may not plugged into the appliance.


29/61


29


Sensor ID : PS1 Input Power (0x54)Entity ID : 10.1

Sensor Type (Analog) : OtherSensor Reading : Unable to read sensor: Device Not Present

Event Status : Unavailable Assertions Enabled : unc+ ucr+Deassertions Enabled : unc+ ucr+


Sensor ID : PS2 Input Power (0x55)

Entity ID : 10.2

Sensor Type (Analog) : OtherSensor Reading : 228 (+/- 0) WattsStatus : ok

Lower Non-Recoverable : naLower Critical : na

Lower Non-Critical : naUpper Non-Critical : 868.000

Upper Critical : 920.000

Upper Non-Recoverable : na Assertion Events :

Assertions Enabled : unc+ ucr+Deassertions Enabled : unc+ ucr+

IPMItool

Query the input power of the Power Supplies.

Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Input Power'

Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Input Power'

Again notice that the Power Supply 2 values are consistent with a supply that is functioning

where as Power Supply 1 clearly shows it is not present.


30/61


30

2 | 06 13 2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted3 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted4 | 06/13/2014 | 19:19:43 | Power Unit #0x01 | Power off/down | Asserted5 | 06/16/2014 | 15:33:03 | Power Unit #0x01 | Power off/down | Deasserted

6 | 06/16/2014 | 15:33:03 | Button #0x09 | Power Button pressed | Asserted7 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Redundancy Lost8 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant9 | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Redundancy Losta | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant

b | 06/16/2014 | 15:33:16 | System Event #0x83 | Timestamp Clock Sync | Asserted

c | 06/16/2014 | 15:33:25 | System Event #0x83 | Timestamp Clock Sync | Assertedd | 06/16/2014 | 15:34:36 | System Event #0x83 | OEM System boot event | Asserted

e | 06/16/2014 | 15:34:36 | System Event #0x08 | PEF Action | Asserted

2 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted3 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted4 | 06/13/2014 | 19:19:43 | Power Unit Pwr Unit Status | Power off/down | Asserted5 | 06/16/2014 | 15:33:03 | Power Unit Pwr Unit Status | Power off/down | Deasserted6 | 06/16/2014 | 15:33:03 | Button Button | Power Button pressed | Asserted7 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Redundancy Lost8 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundan9 | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Redundancy Lost

a | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundan b | 06/16/2014 | 15:33:16 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Assertedc | 06/16/2014 | 15:33:25 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted

d | 06/16/2014 | 15:34:36 | System Event BIOS Evt Sensor | OEM System boot event | Assertede | 06/16/2014 | 15:34:36 | System Event System Event | PEF Action | Asserted

IPMItool

Query the System Event Log

The System Event Log (SEL) provides storage of all system events. You can view the contents of

the event log with IPMItool. The SEL keeps the last 12 events.

Query the SEL

ipmitool -U root -H 10.1.1.13 sel list

Query the SEL in a more human readable form

ipmitool -U root -H 10.1.1.13 sel elist


31/61


31

SEL Record ID : 0002Record Type : 02Timestamp : 06/16/2014 15:33:06

Generator ID : 0020EvM Revision : 04Sensor Type : Power UnitSensor Number : 02

Event Type : Generic DiscreteEvent Direction : Deassertion EventEvent Data (RAW) : 01ffffDescription : Redundancy Lost

Sensor ID : Pwr Unit Redund (0x2)

Entity ID : 21.1Sensor Type (Discrete): Power UnitStates Asserted : Redundancy State

[Redundancy Lost][Non-Redundant: Sufficient from Redundant]

IPMItool

Query the SEL to get more data for a specific event

ipmitool -U root -H 10.1.1.13 sel get 0x02

The value 0x02 is the example is the record ID and you can see this in the first sel example

on the previous page.


32/61


32

BMC Web Console

As mentioned in the preface of this document, the Intelligent Platform Management Interface (IPMI) is an

interface used by administrators for out-of-band management of computer systems and monitoring of theiroperation. In the previous section, we demonstrated how to use the command line IPMItool to access the

IPMI sensors. In this section, we’ll cover the Integrated BMC Web Console.

The Embedded Web Console is available without the requirements for any agents or remote IPMItools and is

always accessible regardless of the state of the operating system. The web console is able to:

• View the sensors, event log, and asset inventory of the system.

• Retrieve and download the diagnostics log, containing important information about system crashes.

• Launch KVM and media redirection Intel® Remote Management Module (Intel® RMM) required.

• Configure e-mail or SNMP alerting as well as other settings.

This section will give you a description of a number of areas within the Integrated BMC Web Console thathave value relative to the McAfee SIEM appliances. However, there are some areas that could cause loss of

contact or service interruptions should you make modification. We strong encourage you limit your activity

to the sections we have outlined.

The console is divided into four tabs in a horizontal menu. Within each tab, a menu is provided on the left

side. Each tab and each menu option within each tab has a short description on its function. Figure 22 is a

legend of each Tab and its associated Menu options.

Figure 22


33/61


33

If for some reason you do not see the dialog above, check with your networking team to ensure

that your desktop has access to the IPMI IP address. For security reason, the IPMI IP address may

be on a different subnet. In addition, you should ensure that the IPMI NIC has been cabled to your

switched environment. See page 15 for the location of the IPMI NIC.

BMC Web Console

To access the web console, launch your favorite browser and enter the IP address you used to configure the

IPMI interface on page 16. Your browser should support HTTPS. In addition, if you wish to use RemoteConsole, your browser will need to be Java enabled. Using JRE version 6 Update 22 and above.

Figure 23 display the login screen you should see.

Once the dialog above appears, enter the user root and the password you used to set the IPMI root password

on page 17. When successful, you will see Figure 15 ( following page), the System Information page of the

BMC Web Console.

Figure 23


34/61


34

BMC Web Console

As you navigate through the menu options, the browser will fetch information to populate the section you

navigated to. Sometimes, it may take several seconds or more for the display to fully populate. During this

time you will see a progress bar on the right side of the page, just beneath the blue horizontal line that

separates the header of the section and its content. The progress bar will look similar to the image below.

At this point, feel free to navigate through the options using the legend on page 36 to get acquainted with theinterface and the return time performance of certain pages.

Figure 24


35/61


35

BMC Web Console

Server Health Tab – Sensor Readings

The Server Health tab, Figure 25, shows you data related to the server's health, such as sensor readings, the

event log, and power statistics as explained in the following sub sections. When you click on the Server

Health tab, by default you will open the Sensor Readings page.

The Sensor Readings displays system sensor information including status, health, and reading value every

60 seconds by default. A list of option for the Sensor Readings page is below.

Option Task

Sensor Selection dropdown boxSelect the type of sensor readings to display in

the list. The default is to display all sensors.

Sensor Readings listSelected sensors shown with their name,

status, health, and readings.

Refresh button Click to refresh the selected sensor readings.

Show Thresholds button

Click to expand the list, showing low and high

threshold Assignments. Shows the critical

(CT) and noncritical (NC) thresholds for theselected sensors. Use scroll bar at the bottom

to move the display left and right.

Hide Thresholds buttonClick to return to the original display, hiding

the threshold values.

Set auto - refresh in seconds (0 to disable) selection

Enter the time (in seconds) to wait between

updates of the Sensor Readings and then clickthe Set button.

Figure 25


36/61


36

BMC Web Console

Server Health Tab – Event Log

The Event Log page, Figure 26, displays the systems server management events. Events are

logged as various tasks (booting), status changes (power supple removal) or other events occur.

The following table lists the options available for Server Health.

Option Task

Event Log Dropdown box Select the type of events to display in the list.

Event Log List

Selected sensors are shown with their name, status,and readings. This includes a list of the events with

their ID, time stamp, sensor name, sensor type, and

description.

Clear Event Log button Click to clear Event Logs.

Figure 26


37/61


37

BMC Web Console

Server Health Tab – Power Statistics

The Power Statistics page, Figure 27, displays the systems power statistics in watts and over

what duration.

NOTE: The time value, at the top of the dialog, will be reset when the appliance is powered off.

Figure 27


38/61


38

McAfee advises customers to use the sections within the Configuration Tab as view only options

except where indicated in this guide. Any modification may result in inaccessibility or possible

data lost on the SIEM appliance.

While this document refers to the IPMI channel, the actual name for that channel is the Intel(R)

RMM channel.

Do not make any changes within this dialog. Any change to the IPMI IP address should always

be done via the ESM browser-based interface. The two additional LAN channels, Baseboard

MGMT and MGMT 2 are the same as the SIEM MGMT1 and MGMT2 ports but should be left at

their default values. Any modification here will cause the appliance to become unreachable by the

SIEM environment.

BMC Web Console

Configuration Tab

The Configuration Tab contains a large number of options such as Network, Remote Session and

Alerts. Users have the option to view or modify a number of these settings. This section will

cover only the items McAfee believes are needed to remote manage the SIEM appliances

Configuration Tab – IPv4 Network

The IPv4 Network Settings page, Figure 28, is used to configure the IPv4 network settings for the Server

Management LAN interface (IPMI) to the BMC controller. The settings you see below will match the ones

used on page 18 to configure the IPMI interface from the ESM browser-based interface. If you need to

change the IPMI IP Address, please do so via the ESM browser-based interface.

Figure 28


39/61


39

BMC Web Console

Configuration Tab – IPv4 Network

While McAfee does not recommend changing the network settings here, the following table lists the options

available for IPv4 Networking.

Option Task

Enable LAN Failover

Used to enable LAN Failover (only available on EPSD

Platforms Based on Intel Xeon Processor E5 -4600/2600/2400/1600/1400

Product Families)

LAN Channel dropdown box

Used to select the channel on which you want to configure

the network settings. Lists the LAN Channels available forserver management. The LAN channels describe the

physical NIC connection on the server.

• Intel RMM (BMC LAN Channel 3) is the add-in RMM4Dedicated Management NIC.

• Baseboard Mgmt (BMC LAN Channel 1) is the on-board, shared NIC configured for management and

shared with the operating system.

• Baseboard Mgmt 2 (BMC LAN Channel 2) is the secondon-board, shared NIC configured for management and

shared with the operating system.

MAC Address The MAC address of the device (read only)

IP address radio buttons

Select one of the three options for configuring the IP

address:

• Obtain an IP address automatically (use DHCP) - UsesDHCP to obtain the IP address.

• Use the following IP address – Manually configure theIP address.

• Disable LAN Channel – Sets the IP address, SubnetMask, and Default Gateway to 0.0.0.0.

IP Address Subnet Mask Gateway

If configuring a static IP, enter the requested address,

subnet mask, and gateway in the given fields.

The IP Address is made of four numbers separated by dotsas in

"xxx.xxx.xxx.xxx". 'xxx' ranges from 0 to 255.

First 'xxx' must not be 0.

Primary DNS Server

Secondary DNS Server If configuring a dynamic IP, enter the Primary andSecondary DNS servers.

Save button Click to save any changes made.


40/61


40

By default, root is the only user enabled and is the user account whose password is set when

changing the NGCP account password in the ESM browser-based interface. Do not change the

password here. Also, while other users can be enabled, McAfee strongly recommends leaving the

configuration as shown in figure 29.

BMC Web Console

Configuration Tab – Users

The User List page, Figure 29, lists the configured users, along with their status and network

privilege. It also provides the capability to add, modify, and delete users.

This page allows the operator to configure the IPMI users and privileges for this server:

• UserID 1 (anonymous) may not be renamed or deleted.

• UserID 2 (root) may not be renamed or deleted, nor can the network privileges of UserID 2be changed.

• User Names cannot be changed. To rename a user you must first delete the existing user,and then add the user with the new name.

To delete a user, select the user in the list and click Delete User.

To add a user, select an empty slot in the list and click Add User.

Figure 29


41/61


41

BMC Web Console

Configuration Tab – Alerts

The Alerts page, Figure 30, is used to configure which system events an alert can be generated

for and the destination for these alerts. Up to two destinations can be selected for each LAN

channel. Each destination will receive an alert, based on its protocol (SNMP or SMTP), when one

of the selected trigger events occurs.

NOTE: Only configure Alerts for the Intel(R) RMM channel.

Globally Enable Platform Event Filtering:

This can be used to prevent sending alerts until you have fully specified your desired alerting

policies.

Log Event on Filter Action:

This can be used to enable or disable the logging of an event into the System Event Log when a

Filter Action is taken.

Figure 30


42/61


42

BMC Web Console

Configuration Tab – Alerts

The following table lists the options allowing you to select which events that alerts should be sent on and

selection of where the alerts are to be sent to.

Option Task

Select the events that will trigger alerts. Select one or more system events that will trigger an alert.

Check / Clear All buttons Click to select or clear all events.

LAN Channel to ConfigureSelect either the BMC or RMM4 to configure the

destination

Alert Destination #1 / #2

Select either SNMP along with the IP address or email

address that the alert will be sent to. Up to twodestinations can be elected for each LAN channel

Save button Click to use selected setup.

Send Test Alerts button After configuring select this to send a test alert.


43/61


43

BMC Web Console

Remote Control Tab

The Remote Control tab helps you perform the following remote operations on the server.

These are Console Redirection, Server Power Control and Virtual Front Panel. Below is an

explanation of each.

Remote Control Tab – Console Redirection

By default, the Remote Control tab opens the Console Redirection page as shown in Figure 31.

To launch the console redirect, click the Launch Console button. Once done, two dialogs will

appear. See examples below. Figure 32 prompt you to that a Java package will be downloaded.

Figure 33 asks you to open the package.

Fi ure 31

Figure 32

Figure 33


44/61


44

Figure 34

BMC Web Console


What is a JNLP file? JNLP is an acronym for Java Network Launching Protocol. The JNLP file

format is used by Java to launch and manage various Java applications over a network or on the

Internet. The JNLP files are saved in the XML file format. The files are actually comprised of a

group of protocols that define the specific requirements of a JAVA launching mechanism.

NOTE: Java will have to be installed in order to take advantage of this capability. Java Run time

Environment (JRE) Version 6 Update 22 or higher is required.

Once Java has been installed, click OK on the opening of the JNLP file, Figure 24 ( previous page).

This will then launch the Java Run Time Environment. You may briefly see a Java splash screen.

At this point, one of two scenarios will occur.

Scenario #1

Once Java is loaded, a Security Warning

popup, Figure 34, will ask you to confirm that

this application should be run. Check Accept

and then click Run.

To continue, simply click the

check box to accept and then

the Run button. Once done,

the JNLP will complete

execution and the JViewer will

load displaying the console as

it is at that time. See Figure

35.

Figure 35


45/61


45

BMC Web Console

Scenario #2

If you are running Java 7, Update 51 or later, a blocked application dialog will appear. See Figure 36.

Previous to update 51, the pop-up similar to the ones in Scenario #1 would have appeared. However,

starting with Java 7 Update 51, a new Security Exception list has been added and you will need to provide

an exception in order to proceed.

To do this, go to Control Panel, then select Java. Next, select the Security tab. The Security dialog will look

similar to the example in Figure 37.

Next, click the Edit Site List button and enter the full path of the appliances IPMI NIC. The example in Figure

37 displays the completed exception list. Once this entry is saved, the Java app will allow access to the

Remote Control app and scenario #1 should occur.

NOTE: You also may need to make additional security adjustments on your desktop. Applications such as

Windows Firewall or McAfee End-Point products may also prevent access this application.

Figure 36

Figure 37


46/61


46

Figure 38

Figure 39

BMC Web Console


Using the console

Once the Web Console has started and you see the Appliance Menu (White LCD display in upper

left corner ) you are ready to use the console as if you were directly attached via a monitor and

keyboard. However, there are a few navigation techniques you will need to know. Like most

Windows apps, JViewer has a number of menu options that will come in handy as you use the

console.

Refresh the display

During the testing of the IPMI interface for this

document, it was noticed that on a rareoccasion, the interface seemed to either stall or

stop completely. This could be due to network

congestion or the failure / error within JRE

itself. Fortunately, there is an easy remedy.

Located in the Video menu is a Refresh Video

option. Simply selecting this and allowing the

connection to be rebuilt should solve the

problem. Figure 38 shows the location of

Refresh Video.

Using an ALT key

Like most Linux-based products, the McAfee

SIEM appliances allow for multiple TTY sessions

at the command-line. The standard keystroke to

enter these is to use the ALT key followed by F2,

F3, etc. However, in the Web Console, the ALT

key is not transmitted, so a helper option is

provided. Located in the Keyboard menu, Figure

39, there are a number of check boxes that you

can select to allow for multi-key commands.

As an example, to perform an ALT-F2, select

Keyboard, and then check Hold Left Alt Key.

Next press F2 and this will take you to tty2. Using

F3, F4, etc, will access addition tty session.

However, you will have to re-select Keyboard

and then uncheck Hold Left Alt Key to turn off

this capability as this is an on/off toggle function.


47/61


47

While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,

McAfee recommends that resetting or powering down the appliance should always be done via the

ESM browser-based interface.

While the McAfee SIEM appliances are ACPI aware, it is possible for the Graceful OS Shutdown to

not function properly or timeout if the appliance is performing other tasks. After a Graceful

Shutdown has been requested, if the system does not shut down as requested, the command

cannot be executed again for five minutes. However, McAfee recommends that powering down theappliance(s) should always be done via the ESM browser-based interface.

BMC Web Console

Remote Control Tab – Server Power Control

The Server Power Control page, Figure 40, shows the current power status and allows power/reset control

of the appliance.

Figure 40


48/61


48

BMC Web Console

Remote Control Tab – Server Power Control

The following table lists the options for power control.

Option Task

Reset Server Select option to hard reset the host without powering off.

Force-Enter BIOS SetupCheck this option to enter into the BIOS setup after resetting theserver.

Power OFF Server Select option to immediately power off the host.

Graceful Shutdown Select option to soft power off the host.

Power ON Server Select option to power on the host

Power Cycle ServerSelect option to immediately power off the host, and then power itback on after one second.

Perform Action button Click to execute the selected remote power command.

Note: All power control actions are done through the BMC and are immediate actions. It is stronglysuggested to gracefully shut through the ESM browser-based interface.


49/61


49

While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,

McAfee recommends that resetting or powering down the appliance should always be done via the

ESM browser-based interface.

BMC Web Console

Remote Control Tab – Virtual Front Panel

The Virtual Front Panel page, Figure 41, allows users to control the appliance in the same

manner as if they we next to the physical appliance.

Figure 41


50/61


50

BMC Web Console

Remote Control Tab – Virtual Front Panel

The following table lists the options for Virtual Front Panel.

Option Task

Power Button The Power button is used to power on or power off.

Reset Button The Reset button is used to reset the server while system is ON.

Chassis ID ButtonWhen the Chassis ID button is pressed, the chassis ID LED changes to solid

on. If the button is pressed again, the chassis ID LED turns off.

Graceful Shutdown Select option to soft power off the host.

Power LEDThe Power LED shows the system power status. If the Power LED is green,

the system is ON. If the Power LED is grey, the system is OFF.

Status LEDThe Status LED reflects the system status LED status and it is automatically

in sync with the BMC every 60 seconds. This reflects the System Status LED.

Chassis ID LED

The Chassis ID LED shows the current system chassis ID status. If the

Chassis ID LED is blue, the Chassis ID is indefinite ON. Ifthe Chassis ID LED is grey, the Chassis ID is OFF


51/61


51

Appendix A – Command Line Arguments for IPMItool

-a Prompt for the Remote IPMI server password.

-A Specify an authentication type to use during IPMIv1.5 lan session

activation. Supported types are NONE, PASSWORD, MD2, MD5, or OEM.

-cPresent output in CSV (comma separated variable) format. This is not

available with all commands.

-e Use supplied character for SOL session escape character. The default isto use ~ but this can conflict with ssh sessions.

-k Use supplied Kg key for IPMIv2 authentication. The default is not to

use any Kg key.

-y

Use supplied Kg key for IPMIv2 authentication. The key is expected in

hexadecimal format and can be used to specify keys with non-printable

characters. For example, "-k PASSWORD" and "-y 50415353574F5244"are equivalent. The default is not to use any Kg key.

-C

The Remote IPMI server authentication, integrity, and encryption

algorithms to use for IPMIv2 lanplus connections. See table 22-19 inthe IPMIv2 specification. The default is 3 which specifies RAKP-HMAC-

SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128

encryption algorithms.

-EThe Remote IPMI server password is specified by the environment

variable IPMI_PASSWORD.

-f Specifies a file containing the Remote IPMI server password. If this

option is absent, or if password file is empty, the password will default

to NULL.

-h Get basic usage help from the command line.

-H Remote IPMI server address can be IP address or hostname. NOTE:

This is not the appliance’s main IP. The IPMI controller will have its own

unique IP address.

-I

Selects IPMI interface to use. Supported interfaces that are compiled inare visible in the usage help output. Options are lan or open. If lan it

tells IPMItool to use the network to send commands instead ofinterfacing with the local IPMI controller.

-L Force session privilege level. Can be CALLBACK, USER, OPERATOR, and

ADMINISTRATOR. Default is ADMINISTRATOR.

-m Set the local IPMB address. The default is 0x20 and there should be no

need to change it for normal operation.

-o Select OEM type to support. This usually involves minor hacks in place

in the code to work around quirks in various BMCs from various

manufacturers. Use -o list to see a list of current supported OEM types.

-O Open selected file and read OEM SEL vent descriptions to be used

during SEL listings. See examples in contrib dir for file format.

-p Remote IPMI server UDP port to connect to. Default is 623.


52/61


52

-P

Remote IPMI server password is specified on the command line. If

supported, it will be obscured in the process list. However this

password is store the password in your history file and may be visible

to other users (through “ps” or similar).

Note: Specifying the password as a command line option is not

recommended.

-S

Use local file for remote SDR cache. Using a local SDR cache can

drastically increase performance for commands that require

knowledge of the entire SDR to perform their function. Local SDR cache

from a remote system can be created with the sdr dump command.

-t Bridge IPMI requests to the remote target address.

-U Remote IPMI server username. For McAfee SIEM appliances this will

always be root.

-v

Increase verbose output level. This option may be specified multiple

times to increase the level of debug output. If given three times youwill get hex dumps of all incoming and outgoing packets.

-V Display version information.


53/61


53

Appendix B – Command Syntax Guide for IPMItool

NOTE: Columns / commands which are grayed out either do not return values on McAfee SIEM Appliances or are not

intended for general use without support or development assistance and could result in data loss on the appliance. Thisalso hold true for certain commands within supported commands.

raw

This will allow you to execute raw IPMI commands.

Usage:raw [data]

Example:ipmitool raw 0x0 0xf

For example to query the POH counter with a raw command.

Network Function Codes (netfn):

VAL HEX STRING==============================================

0 0x00 Chassis

2 0x02 Bridge

4 0x04 SensorEvent

6 0x06 Application

8 0x08 Firmware

10 0x0a Storage

12 0x0c Transport

i2cSend an I2C Master Write-Read command and print response

spd Print SPD info from remote I2C device

lan Configure LAN Channels

chassis

Get chassis status and set power state of the appliance.

Usage:chassis

Example:

ipmitool chassis poh

ipmitool chassis power status

Arguments:

status

Displays information regarding the high-level status of the system chassis and

main power subsystem.

Power (see power section below)

identify

Control the front panel identify light. Default is 15. Use 0 to turn off.

Policy


54/61


54

Set the chassis power policy in the event power failure.

list

Return supported policies.

always-on

Turn on when power is restored.

previous

Returned to previous state when power is restored.

always-off

Stay off after power is restored.

restart_cause

Query the chassis for the cause of the last system restart.

poh

This command will return the Power-On Hours counter.

bootdev [clear-cmos=yes|no]

bootdev [options=help,]

Request the system to boot from an alternate boot device on next reboot. The

clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the next

reboot.

Currently supported values for are:

none

Do not change boot device

pxe

Force PXE boot

disk

Force boot from BIOS default boot device

safe

Force boot from BIOS default boot device, request Safe Mode

diag

Force boot from diagnostic partition

cdrom

Force boot from CD/DVD

bios

Force boot into BIOS setup

bootparam get

bootparam set bootflag

Request the system to force a boot from an alternate boot device on next reboot.

The clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the

next reboot.

Currently supported values for are:

force_pxe

Force PXE boot

force_disk


55/61


55

Force boot from BIOS default boot device

force_safe

Force boot from BIOS default boot device, request Safe Mode

force_diag

Force boot from diagnostic partition

force_cdrom

Force boot from CD/DVD

force_bios

Force boot into BIOS setup

selftest

Will display a pass or fail of the chassis components.

power

Shortcut to chassis power commands and performs a chassis control command to

view and change the power state.

Usage: power

Example:

ipmitool power status

Arguments:

status

Show current chassis power status.

on

Power up chassis.

off

Power down chassis into soft off (S4/S5 state). WARNING: This command does

not initiate a clean shutdown of the operating system prior to powering down the

system.

cycle

Provides a power off interval of at least 1 second. No action should occur if

chassis power is in S4/S5 state, but it is recommended to check power statefirst and only issue a power cycle command if the system power is on or in

lower sleep state than S4/S5.

resetThis command will perform a hard reset.

diag

Pulse a diagnostic interrupt (NMI) directly to the processor(s).

soft

Initiate a soft-shutdown of OS via ACPI. This can be done in a number of ways,

commonly by simulating an over temperature or by simulating a power button

press. It is necessary for there to be Operating System support for ACPI and some

sort of daemon watching for events for this soft power to work.

event Send pre-defined events to MC

mc Management Controller status and global enables


56/61


56

sdr

Print Sensor Data Repository entries and readings. Each command will display a

slightly different output but the main elements will be Sensor Name, Sensor

Number, Status and Entity ID. See Appendix C for an explanation Entity values.

Note: Depending on which IPMI command you use the sensor number that is

displayed for an event might appear in slightly different formats. A sensor number

can be displayed as either 1Fh or 0x1F.

Usage:sdr

Example:ipmitool sdr elist

Parameter:-v

Verbose output.

Arguments:

list | elist []

This command will read the Sensor Data Records (SDR) and extract sensor

information of a given type, then query each sensor and print its name, reading,and status. If invoked as elist then it will also print sensor number, entity id

and instance, and asserted discrete states.

The default output will only display full and compact sensor types, to see all

sensors use the all type with this command.

Valid types are:

all

All SDR records (Sensor and Locator)

full

Full Sensor Record

compact

Compact Sensor Record

event

Event-Only Sensor Record

mcloc

Management Controller Locator Record

fruFRU Locator Record

generic

Generic SDR records

type

This command will display all records from the SDR of a specific type. Run withtype list to see the list of available types. Also see Appendix D for the list. Note

that you can leave List and Get off and still get the same information. For exampleto query for all Temperature sensors:

ipmitool sdr type temperature

Baseboard Temp | 30h | ok | 7.1 | 28 degrees C


57/61


57

FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees C

Processor1 Temp | 98h | ok | 3.1 | 57 degrees C

Processor2 Temp | 99h | ok | 3.2 | 53 degrees C

info

This command will query the BMC for SDR information.

entity [.]

Displays all sensors associated with an entity. Get a list of valid entity ids on the

target system by issuing the sdr elist command. A list of all entity ids can be

found in the IPMI specifications.

dump

Dumps raw SDR data to a file. This data file can then be used as a local SDR cache

of the remote managed system with the -S option on the ipmitool

command line.

This can greatly improve performance over system interface or remote LAN.

fill sensors

fill

Creates the SDR repository for the current configuration or dumps raw SDR data

to a file.

sensor

Print detailed sensor information

Usage:sensor -v

Example:ipmitool sensor list

Parameter:-v

Verbose output.

Arguments:

list

Lists sensors and thresholds in a wide table format. Leaving this argument off will

produce the same wide format table.

get ... []

Prints information for sensors specified by name.

thresh

This allows you to set a particular sensor threshold value. The sensor is specifiedby name. Valid thresholds are:

unr Upper Non-Recoverable

ucr Upper Critical

unc Upper Non-Critical

lnc Lower Non-Critical

lcr Lower Critical

lnr Lower Non-Recoverable

thresh lower

This allows you to set all lower thresholds for a sensor at the same time. The

sensor is specified by name and the thresholds are listed in order of Lower Non-

Recoverable, Lower Critical, and Lower Non-Critical.


58/61


58

thresh upper

This allows you to set all upper thresholds for a sensor at the same time. The

sensor is specified by name and the thresholds are listed in order of Upper Non-

Critical, Upper Critical, and Upper Non-Recoverable.

reading

Similar to a get.

fru

This command will read all Field Replaceable Unit (FRU) inventory data and

extract such information as serial number, part number, asset tags, and short

strings describing the chassis, board, or product.

Usage:fru print

Example:ipmitool fru print

gendevRead/Write Device associated with Generic Device locators sdr

sel

View the System Event Log (SEL).

Usage:sel

Example:ipmitool sel elist

Arguments:

info

This command will query the BMC for information about the System Event Log(SEL) and its contents.

clear

This command will clear the contents of the SEL. It cannot be undone so be

careful.

list | elist

When this command is invoked without arguments, the entire contents of the

System Event Log are displayed. If invoked as elist it will also use the Sensor

Data Record entries to display the sensor ID for the sensor that caused each event.

Note this can take a long time over the system interface.

|first Displays the first count (least-recent) entries in the SEL. If count is zero, all

entries are displayed.

last

Displays the last count (most-recent) entries in the SEL. If count is zero, all

entries are displayed.

delete

Delete a single event.

save

Save SEL records to text file that can be fed back into the event file ipmitool

command. This can be useful for testing Event generation by building an

appropriate Platform Event Message file based on existing events. Please see the


59/61


59

help for that command to view the format of this file.

writeraw

Save SEL records to a file in raw, binary format. This file can be fed back to the

sel readraw ipmitool command for viewing.

readraw

Read and display SEL records from a binary file. Such a file can be created using

the sel writera

Documents

SIEM IPMI Configuration and Setup