Upload
berrezeg-mahieddine
View
251
Download
1
Embed Size (px)
Citation preview
8/20/2019 SIEM IPMI Configuration and Setup
1/61
McAfee SIEM
IPMI / RMM Setup and Configuration Guide
V1.1 November 2014
8/20/2019 SIEM IPMI Configuration and Setup
2/61
Introduction
This document is designed to provide the reader with all the steps and information on
implementing and using the Intelligent Platform Management Interface (IPMI) and Remote
Management Monitor capabilities supported in the McAfee SIEM operating environment
v9.4 and later.
The Intelligent Platform Management Interface (IPMI) is a standardized computer
system interface used by system administrators for out-of-band management of computer
systems and monitoring of their operation. It is a way to manage a computer that may be
powered off or otherwise unresponsive by using a network connection to the hardware
rather than to an operating system or login shell.
IPMI information is exchanged though Baseboard Management Controllers (BMCs), which
are located on IPMI-compliant hardware components. The BMC is a specialized
microcontroller embedded on the motherboard of a computer, generally a server. The BMC
manages the interface between system management software, in this case RMM and
platform hardware. Using low-level hardware intelligence instead of the operating system
has two main benefits: First, this configuration allows for out-of-band server management;
Second, the operating system is not burdened with transporting system status data.
IPMI functions are designed to work in any of three scenarios:
• Before an OS has booted (allowing, for example, the remote monitoring orchanging of BIOS settings)
• When the system is powered down (but still attach to power)• After OS or system failure – the key characteristic of IPMI compared with in-
band system management such as by remote login to the operating system
using SSH
Remote monitoring and management (RMM) is a collection of information technology
tools that are found on workstations and servers. These tools gather information regarding
the applications and hardware operating within an environment as well as supply activity
reports allowing administrators to resolve any issues. RMM usually provides a set of IT
management tools like trouble ticket tracking, remote desktop monitoring, support, and user
information through a complete interface.
Within the McAfee SIEM appliance family, IPMI is provided through the Intel RMM4 moduleinstalled into every McAfee GEN4 SIEM Appliance.
8/20/2019 SIEM IPMI Configuration and Setup
3/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
3
Revision History
August 2014 V1.0 First Public Release
November 2014 V1.1
• Added Revision History Section
• Added links to motherboard SDR return codes.
• Corrected page number
8/20/2019 SIEM IPMI Configuration and Setup
4/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
4
Table of Contents
BIOS Update 5Updating your appliance(s) to enable IPMI and RMM
Enabling IPMI 15Turning on IPMI via ESM Management Interface
IPMItool 20Command line IPMI syntax and examples
BMC Web Console 32Using the web console interface
Appendix A 51Command line arguments for IPMItool
Appendix B 53Command syntax for IPMItool
Appendix C 60
SDR Entity Values
Appendix D 61SDR Type Values
8/20/2019 SIEM IPMI Configuration and Setup
5/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
5
BIOS Update
IPMI and RMM capabilities are only supported on the Generation 4 (GEN4) SIEM appliances. Before
proceeding with this document, make sure you have GEN4 appliances. The two images below highlight thestark differences between Generation 3 and Generation 4 SIEM appliances. While the examples below
display the 2U Gen4 appliance and the 3U Gen3 appliance, the orange bezel is always indicative of a Gen3
appliance.
GEN4 Appliance
GEN3 Appliance
Within the Gen4 SIEM appliance family, there are some exceptions on which platforms support IPMI
capabilities. Below is a table of what is and is not supported.
IPMI Supported IPMI NOT Supported
All Standalone ESM Models Any DAS Models
(These devices do not have an IPMI port)
All Combination ESM Models Any Receiver (ERC) in HA mode regardless of Model(All available ports are used to configure HA)
All Non-HA Receivers (ERC)
All ACE Appliances
All ADM Appliances
All DEM Appliances
8/20/2019 SIEM IPMI Configuration and Setup
6/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
6
Figure 1
Figure 2
BIOS Update
Before IPMI and Remote Management can be supported within the McAfee SIEM environment, the BIOS for
each appliance must be at a specific release to enable capabilities within the SIEM Management interface andSIEM operating environment. As outlined in the previous section, remote management is only available on
Generation 4 and later appliances as well as operating environment v9.4 and later. See previous section for a
description of the appliances to ensure you have a GEN4 appliance.
Check current appliance version
IPMI and RMM capabilities are only supported in the SIEM operating environment v9.4 and above. To check
which McAfee SIEM Operating Environment version your appliance(s) are currently at, log into your ESM
using any flash capable browser. Once the login screen appears, check the lower left corner of the browser
for the version number. It should be version 9.4.0 or greater. See Figure 1 for an example. If your appliance
does not have this version, access the McAfee download page to obtain the latest release. Once it has beenupgraded, continue with the steps following this topic.
The download link is: http://www.mcafee.com/us/downloads/downloads.aspx
While all McAfee SIEM appliances should be on the same operating environment release, it is possible thatthis may not be the case in your environment. We recommend checking each appliance’s SIEM Operating
Environment version. To do this, select the appliance and click the Properties icon (White Square in icon bar
above device tree display) and the resulting dialog will display the version. An example of this is in Figure 2.
Check current appliance BIOS version
Once you have identified your appliance as GEN4 hardware and that you are on the proper SIEM operating
environment version, you should check your BIOS version to ensure that it requires a BIOS update.
Depending on when you received your appliance(s), its BIOS may have already been updated.
http://www.mcafee.com/us/downloads/downloads.aspxhttp://www.mcafee.com/us/downloads/downloads.aspxhttp://www.mcafee.com/us/downloads/downloads.aspx
8/20/2019 SIEM IPMI Configuration and Setup
7/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
7
McAfee-ETM-6000 ~ # dmidecode -t 0
# dmidecode 2.10SMBIOS 2.6 present.172 structures occupying 10014 bytes.Table at 0x000EB570.
Handle 0x0000, DMI type 0, 24 bytesBIOS Information
Vendor: Intel Corp.Version: SE5C600.86B.02.02.0002.122320131210Release Date: 12/23/2013Address: 0xF0000Runtime Size: 64 kBROM Size: 8192 kB
Characteristics:PCI is supportedBIOS is upgradeableBIOS shadowing is allowedBoot from CD is supportedSelectable boot is supportedEDD is supported5.25"/1.2 MB floppy services are supported (int 13h)3.5"/720 kB floppy services are supported (int 13h)3.5"/2.88 MB floppy services are supported (int 13h)Print screen service is supported (int 5h)8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)Printer services are supported (int 17h)ACPI is supportedUSB legacy is supportedBIOS boot specification is supportedTargeted content distribution is supported
BIOS Revision: 4.6
McAfee-ETM-6000 ~ #
Figure 3
BIOS Update
To check the BIOS version, SSH into the appliance and issue the following command:
McAfee-ETM-6000 ~ # dmidecode –t 0
Figure 3 displays an example of the output the command will generate.
The correct BIOS version release date should be at or later than the example highlighted (yellow) above.
If yours is not, continue with the steps on the following pages. If your BIOS version is at or later than thisrelease date, continue onto the ESM Setup section on page 16.
8/20/2019 SIEM IPMI Configuration and Setup
8/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
8
The BIOS packages located here are specific Intel Security (McAfee) SIEM Appliances. Do not
attempt to use any other BIOS packages other than what is located here.
Because BIOS packages may change between SIEM operating environment releases, please refer to
the Contents-README.txt file for the correct package that is to be used for the appliance you
are upgrading.
BIOS Update
Obtaining the BIOS update package
To upgrade the appliance BIOS you will need extract the proper Intel Security BIOS update package to a USB
flash drive. These compressed packages are located on the ESM appliance in the following directory:
/etc/areca/system_bios_update/
The directory will contain files similar, but not exactly, as the ones below:
850-1773-03_032514.zip850-1904-00_012714.zip
Contents-README.txt
After you have identified which ZIP package is appropriate for the appliance you are upgrading, use an
application like SCP or WinSCP to download the ZIP package. If your environment requires both zip
packages, please extract each zip to its own properly labeled USB flash drive. Mixing the packages could
render an appliance un-bootable.
Once you have downloaded the zip package, unzip it to the root of your USB flash drive. The drive you use
should be empty, should be a 4GB drive or less and can be formatted using Windows or Linux file systems. It
also does not have to be bootable. The directory on the USB flash drive will look similar to Figure 4 below.
Figure 4
8/20/2019 SIEM IPMI Configuration and Setup
9/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
9
Do not make a selection. Let the system boot as normal. It will auto recognize that the USB drive is
attached and boot from it. The McAfee Splash screen may take up to 60 seconds before proceeding.
BIOS Update
Next, insert the USB flash drive into an unused USB port on the back of the appliance being upgraded. The
rear of both appliances (1U and 2U ), and their respective USB ports, are highlighted in Figure 5.
Once the USB flash drive has been attached, re-boot the appliance. To ensure a proper shutdown, use either
the SIEM Administrative interface (browser-based GUI ) or a monitor and keyboard attached to the system to
access the LCD emulator in the upper left corner of the console. The shutdown process may take several
minutes so that it can safely complete any outstanding task. Please be patient.
Once the system boots normally, it will display the McAfee Boot Splash screen as shown in Figure 6.
Figure 5
Figure 6
8/20/2019 SIEM IPMI Configuration and Setup
10/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
10
Figure 7
Do not interrupt or reset the update process, remove power to the system, or use the keyboard
(unless prompted ) while the update is taking place. Doing so could result in an unbootable
system.
Figure 8
BIOS Update
After the McAfee boot splash clears, the system will
recognize the USB and will start to boot. However,depending on when you received your SIEM appliance,
there may have been a BIOS password set and it will
need to be entered in order for the automated BIOS
update process to start. If this is the case in your
environment, the example in Figure 7 will appear. The
password you enter will depend on the type of appliance
you are updating.
For 1U Appliances use: appl1an
For 2U Appliances use: @ppl1@nc3
Once you have successfully entered the BIOS password, you should see a screen similar to Figure 8.
At this point it should start updating the system automatically and you will see messages scroll across the
screen. The entire process can take as much as 15 to 20 minutes to complete. There are multiple phases ofthe update process as the various subsystems of the motherboard are updated. You may notice that the
appliance cooling system power cycle a number of times, this is normal. You may also notice messages
indicating password failures, this also is normal.
8/20/2019 SIEM IPMI Configuration and Setup
11/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
11
BIOS Update
The update process should end successfully with a message similar to Figure 9. It will indicate that the USB
flash drive should be removed and the system rebooted using the front-panel reset button.
Troubleshooting
You may not always get the display in Figure 9 on your first attempt at updating the BIOS. This could be due
to issues where the FRU flags a few messages or recoverable errors have occurred. The following page(s)
will provide guidance on how to handle some of these issues should they arise.
Update file configuration: Revision S2600GZ.112FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation.
Auto-detecting chassis model and attached hardware.This may take up to 1 minute to complete.
FRUSDR update completed.
Setting BIOS Admin and User Password
Successfully Completed
Successfully CompletedBIOS Admin and User Password Set
Updates Completed. Please remove the USB key and reboot using the front panel button
Fs0:\>
Figure 9
8/20/2019 SIEM IPMI Configuration and Setup
12/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
12
BIOS Update
Chassis Selection
In some instances, after the BIOS appears to have successfully updated, an FRU message indicating an
issue detecting the backplane has occurred (figure 10) and it asks you to determine which chassis is in
use.
For all McAfee SIEM Appliances, choose option 2 Intel(R) Server Chassis R2000.
Once that is selected, an R2000 Chassis type message (Figure 11) will appear.
Choose option 3 R2312 Chassis
Once you’ve made the selections, the process should continue. However, the process may also stall. If the
process stalls, we recommend rebooting the appliance and perform the BIOS upgrade again. This second
BIOS upgrade should complete successfully and will end with the display similar to page 11.
ME firmware update completed.
FRUSDR 1.12 is being installed.Update file Configuration: Revision S2600GZ_112FRU & SDR Update Package for Intel(R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation
Auto-detecting chassis model and attached hardware.This may take up to 1 minute to complete.
Hot-swap HDD backplane detected but its FRU details either corrupted or blank.Falling back to User chassis selection as auto detection is not possible.!
Select the Chassis1 Intel(R) Server Chassis R10002 Intel(R) Server Chassis R20003 Other Chassis
Figure 10
Hot-swap HDD backplane detected but its FRU details either corrupted or blank.Falling back to User chassis selection as auto detection is not possible.!
Select the Chassis1 Intel(R) Server Chassis R10002 Intel(R) Server Chassis R20003 Other ChassisSelect the R2000 chassis type1 R2208/R2216/R2308 chassis2 R2224 chassis3 R2312 chassis4 Intel(R) Server Chassis R2000 with Aux PCIe
Figure 11
8/20/2019 SIEM IPMI Configuration and Setup
13/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
13
BIOS Update
Password Set Failure
In some instances, after the BIOS appears to have successfully updated, one or more errors indicating
that a Password mismatch has occurred. It may appear like the example in Figure 12.
This error(s) should not affect the process and the admin and user passwords will ultimately get set
properly.
BMC Firmware is not Transitioning
In some instances, after the firmware has successfully updated, a message similar to Figure 13 will
appear.
If this occurs, press Y. Shortly after, you should receive an Updates Completed
message similar to Figure 9. However, it has been reported that once the USB
drive has been removed and the power switch pressed, the appliance does not
reboot. At this point you have two options. First, press and hold the reset button
(Figure 14) for 20 seconds. If the appliance still does not reboot, it is
recommended that power be removed from the appliance.
In either situation, it is recommended that the BIOS update be performed a second
time. On this second attempt the update should complete without error.Figure 14
Update file configuration: Revision S2600GZ.112FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GLCopyright (c) 2013 Intel Corporation.
Auto-detecting chassis model and attached hardware.This may take up to 1 minute to complete.
FRUSDR update completed.
Setting BIOS Admin and User Password
Error: Password Mismatch:entered password doesn’t match with current password
Error: Password Mismatch:entered password doesn’t match with current passwordBIOS Admin and User Password Set
Figure 12
BMC Firmware update Successful
BMC Firmware is not transitioning to operating modeCould not exit FW transfer modeAn Error occurredTo save the error to a fileY,N,ESC
Figure 13
8/20/2019 SIEM IPMI Configuration and Setup
14/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
14
BIOS Update
If you run into issues not previously highlighted, the update process stalls or prompts you for an entry of
some nature which you do not have the answer for.
DO NOT SHUT OFF THE APPLIANCE
Contact McAfee support at http://mysupport.mcafee.com; or at 800-937-2237; or your McAfee Platinum
Support representative.
http://mysupport.mcafee.com/http://mysupport.mcafee.com/http://mysupport.mcafee.com/http://mysupport.mcafee.com/
8/20/2019 SIEM IPMI Configuration and Setup
15/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
15
There are several security issues to be considered before enabling the IPMI LAN interface. Aremote station has the ability to control a system’s power state as well as being able to gather or
modify certain platform information. To reduce vulnerability it is strongly advised that the IPMI
LAN interface only be enabled in 'trusted' environments where system security is not an issue or
where there is a dedicated secure 'management network'.
Enabling IPMI
Now that the appliance(s) have been updated to the proper BIOS level, you will need to connect each
appliance’s IPMI port to your network. All of the IPMI capabilities outlined in the following pages are onlysupported via the IPMI port. McAfee SIEM appliances do not support Remote Management via the traditional
MGMT1 or MGMT2 ports.
The Figure 15 highlights the IPMI port location on each style (1U or 2U ) of SIEM appliance. A standard CAT5
or CAT6 cable can be used and there is no need to use a cross-over cable, as a standard Ethernet cable will
work.
Once you have cabled the appliance(s) use the steps on the following pages to set the IP address for each
appliance to enable remote management. To perform these tasks, launch a flash capable browser and log
into the ESM’s browser-based interface using the NGCP account.
Figure 15
8/20/2019 SIEM IPMI Configuration and Setup
16/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
16
If for some reason your BIOS update did not complete successfully, the Enable IPMI Settings section
will not appear.
Enabling IPMI
Once logged into the ESM, navigate to one of these locations depending on which appliance you need to
enable Remote Management on. Each appliance type sets the IP address differently. Please make sure youfollow the instructions for the appropriate appliance.
Setting IP address for ESM or All-in-One Appliances:
Select System Properties and then Network Settings. Next, select the Advanced tab
and the dialog in Figure 16 will appear.
Setting IP address for a Receiver, ACE, ELM, ADM, or DEM:
Select Device Properties and then Device Configuration. Next, select the Interface button and then the Advanced tab and a dialog similar to Figure 16 will appear.
Figure 16 is specific for an ESM, but each device (ERC, ACE, ELM, etc.,.) will have a
similar dialog with the exact same IPMI values.
Figure 16
8/20/2019 SIEM IPMI Configuration and Setup
17/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
17
Enabling IPMI
Regardless of which appliance you are configuring, the steps outlined here will be the same for all
appliances.
Check the Enable IPMI Settings check box and then fill in the appropriate network settings. Figure 17
provides an example of how these may appear. The VLAN setting is the only optional setting and everything
else will be required.
Once you have completed entering the network settings, click Apply or OK . In the background, the appliance
will have its IPMI IP address set. Then, depending on the appliance you made the settings on, you will see a
similar version of Figure 18 indicating the progress of the action. This may take a few seconds to complete
depending on the activity of the appliance.
When it has completed successfully, both the Apply and OK buttons may be grayed out temporarily.
If something in the preceding steps is different than what was outlined, see the next page for caveats to the
process.
Figure 17
Figure 18
8/20/2019 SIEM IPMI Configuration and Setup
18/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
18
Enabling IPMI
Caveats to setting the IPMI Network Settings
Wrong Version
If you have an ESM on version 9.4 but a new or existing ERC, ELM, ACE or other appliance has not been
upgraded, you may still see the IPMI setting for that appliance. However, because IPMI support requires
SIEM operating environment v9.4 and above, the process for setting an IP address may not complete
successfully. If you see a message similar to Figure 19, check the version of your appliance before
proceeding.
Re-keying Notice
For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, to change the IPMI root password you will need to
perform a re-key operation. On Receiver class devices, the dialog in Figure 20 will appear after you check
Enable IPMI Settings. Page 19 will provide the details on changing the password.
Stray VLAN Characters
For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, you may see a character in the VLAN field and it
will not be possible to remove it. This is currently a known issue and will be resolve, but it will not affect
your ability to set enter the network settings.
Figure 19
Figure 20
8/20/2019 SIEM IPMI Configuration and Setup
19/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
19
Enabling IPMI
Setting IPMI password
Once the network settings have been set, you will receive a prompt (Figure 21) to change the password for
the IPMI root account. Each appliance may have a slightly different dialog depending on appliance model and
operating environment version. Also, there is only one account defined for IPMI and that is root.
To set IPMI root password for ESM or All-in-One Appliance:
Option #1
Click NGCP in the upper right corner of the ESM browser-based interface. It will then
display a password change dialog. Following the password criteria, enter the existing
password followed by the new password. Once complete, click OK and assuming you
met the password criteria, the password will be modified for the IPMI root account as
well as NGCP.
Option #2
Select the System Properties icon in the Quick Connect icon bar. Then select Users
and Groups from the System Properties dialog. Enter the NGCP password when
prompted. Next select the NGCP account from the User list and click Edit . Within the
Edit user dialog, click the Set Password button and follow the password criteria for
the new password. Click OK and assuming you met the password criteria, the
password will be modified for the IPMI root account as well as NGCP.
To set IPMI root password for an ERC, ERCELM, ACE, ELM, ADM, or DBM:
Select the Device Properties. Next, select Key Management . Then click the Key
Device button. This will display the Key Device Wizard dialog and prompt you to
enter a new password. Once you have entered the password twice, click the Next
button. This will then re-key the appliance with the ESM and then set the IPMI root
password for this appliance. Because this password dialog does not have the same
password restrictions as the ESM, if you want to retain the password on the appliance,
simply enter the password you have used in the past.
Figure 21
8/20/2019 SIEM IPMI Configuration and Setup
20/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
20
It should be noted that remote use of IPMItool requires port 623. This cannot be changed. Ifthere is a firewall or other device between the IPMItool client and the McAfee SIEM appliance,
you will need to ensure that this port is open for traffic to pass.
IPMItool
As mentioned in the introduction of this document, the Intelligent Platform Management Interface (IPMI)
is an interface used by administrators for out-of-band management of computer systems and monitoring oftheir operation. In this section, we highlight the IPMItool application syntax and use case examples will be
highlighted.
IPMItool provides a simple, command-line interface to IPMI-enabled devices through an IPMIv1.5 or
IPMIv2.0 LAN interface. It is offered on a wide variety of platforms including Windows, UNIX, Linux and Mac.
Because of the variety of platforms that IPMItool can exist on, this document uses the Sourceforge syntax
and parameters. Your platform implementation may vary slightly and you are encouraged to review the
documentation for your variant.
IPMItool can be used in two basic forms. Locally on the SIEM appliance that you are managing or remotely
from a workstation or server running IPMItool to the SIEM appliance you need to manage.
The syntax for local access is:
McAfee-ETM-6000 ~ # ipmitool
The syntax for remote access is (See Appendix A for additional arguments):
C: \ i pmi t ool –H –U
– or –
[user@linux ~]# ipmitool –H –U
IPMItool Examples
The examples on the following pages all use remote techniques. However, simply removing the –H and –U
parameters and their associated values from the command string will allow for the same results if executed
on the local appliance or via SSH to the local appliance. Also, these examples do not include the password
parameter and you will be prompted for the password before the command can execute.
In the following examples, we only highlight the command arguments and not the common items for each
command. In the example below, the syntax in grey is common to all examples and the arguments in blue
are what we are highlighting. The username (-U) is always root and the password was set in the previous
Enabling IPMI section.
ipmitool -U root -H 10.1.1.13 chassis status
Because of the extensive command set of IPMItool, we are only highlighting the commands that would be the
most valuable for the wider McAfee SIEM customer base. At the end of this section there are some links you
can reference to learn more about additional IPMItool commands. In addition, the appendices have a
complete list of commands, arguments and parameters.
8/20/2019 SIEM IPMI Configuration and Setup
21/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
21
Syst emPower : onPower Over l oad : f al sePower I nt er l ock : i nacti veMai n Power Faul t : f al sePower Cont r ol Faul t : f al sePower Rest ore Pol i cy : al ways- onLast Power Event :Chassi s I nt rusi on : i nacti veFront - Panel Lockout : i nact i veDri ve Faul t : f al seCool i ng/ Fan Faul t : f al seSl eep But t on Di sabl e : not al l owedDi ag But t on Di sabl e : al l owedReset Butt on Di sabl e : al l owed
Power Butt on Di sabl e : al l owedSl eep But t on Di sabl ed: f al seDi ag But t on Di sabl ed : f al seReset But t on Di sabl ed: f al sePower But t on Di sabl ed: f al se
IPMItool not only can query a sensor, it has the ability to make changes to the system at the BIOSlevel as well as the ability to control power up and power down states. Any use or misuse of a
command that changes the operation of the McAfee SIEM appliance could result in data lost.
IPMItool
Query the chassis status
Chassis status is used for managing/monitoring an IPMI chassis, such as chassis power,
identification (i.e. LED control), and status of the appliance chassis.
ipmitool -U root -H 10.1.1.13 chassis status
8/20/2019 SIEM IPMI Configuration and Setup
22/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
22
FRU Devi ce Descr i pt i on : Bui l t i n FRU Devi ce (I D 0)Chassi s Type : Rack Mount Chassi sChassi s Par t Number : R2312GZ4
Chassi s Ser i al : A070220066Chassi s Ext r a : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Chassi s Ext r a : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Board Mf g Dat e : Sat Aug 11 01: 22: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : S2600GZBoard Seri al : QSGR21701237Board Par t Number : G11481- 352Product Manufacturer : McAf ee I nc.Product Name : ELM4600
Pr oduct Par t Number : 610- 1905- 00Product Versi on : ELM- 4600Product Ser i al : A070220066Product Asset Tag : 060f ddbf9708
FRU Device Description : Pwr Supply 1 FRU (ID 2)Device not present (Unknown (0x81))
FRU Devi ce Descr i pt i on : Pwr Suppl y 2 FRU ( I D 3)Product Manuf act urer : DELTAPr oduct Name : DPS- 750XB APr oduct Par t Number : E98791- 006Product Versi on : 01Pr oduct Ser i al : E98791D1214020872
FRU Devi ce Descr i pt i on : Front Panel ( I D 4)Board Mf g Dat e : Mon J un 11 11: 34: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : F2USTOPANELBoar d Ser i al : . . . . . . . . . . . .
Board Par t Number : G28538- 250
FRU Devi ce Descr i pt i on : HS Backpl ane 1 ( I D 5)Board Mf g Dat e : Fr i Mar 30 10: 31: 00 2012Boar d Mf g : I nt el Cor porat i onBoard Pr oduct : F2U12X35HSBPBoard Seri al : QSRU21300568Board Par t Number : G43212- 250
IPMItool
Query the Field Replaceable Unit (fru) Inventory
Print built-in FRU (Field Replaceable Unit) inventory and scan SDR (Sensor Data Record) for FRU locators
and their values. The example below shows a number of interesting items. First, highlighted in blue is the
product name. This is what was entered at the time of manufacture. Next, the area highlighted in red is a
power supply. In this example, the power supply was slid out of the machine used in testing and as you can
see from the example below, it is shown as not present.
ipmitool -U root -H 10.1.1.13 fru
8/20/2019 SIEM IPMI Configuration and Setup
23/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
23
Pwr Uni t St atus | 0x00 | okPwr Uni t Redund | 0x0a | okI PMI Wat chdog | 0x00 | okPhysi cal Scr t y | 0x00 | okFP NMI Di ag I nt | 0x00 | okBB +12. 0V | 11. 94 Vol t s | okBB +5. 0V | 4. 96 Vol t s | okBB +3. 3V | 3. 25 Vol t s | okBB P1 VR Temp | 28 degrees C | okFr ont Panel Temp | 22 degrees C | okSSB Temp | 43 degrees C | okBB P2 VR Temp | 28 degrees C | okBB Vt t 2 Temp | 32 degr ees C | okBB Vt t 1 Temp | 27 degr ees C | ok
HSBP 1 Temp | 28 degrees C | okSyst em Fan 1 | 11956 RPM | okSyst em Fan 2 | 12152 RPM | okSyst em Fan 3 | 12054 RPM | okNM Capabi l i t i es | Not Readabl e | nsMTT CPU1 | di sabl ed | nsMTT CPU2 | di sabl ed | ns
IPMItool
Query the Sensor Data Record (sdr)
Sensor Data Records (SDR) contains information about the type and number of sensors present on a given
appliance. An individual sensor record describes a specific sensor and its state or status. The sensor records
are stored in a central, non-volatile storage area, which is managed by the BMC. This storage area is called
the Sensor Data Record Repository. Using IPMItool, we can query that repository for the sensors and their
status. An example is below.
For a complete list of the BMC Core Sensors and possible return codes (offset triggers) please
see Table 61 in the Intel Server Board S2600GZ / GL Technical Product Specification Guide.
http://www.intel.com/support/motherboards/server/sb/CS-033134.htm
ipmitool -U root -H 10.1.1.13 sdr list
NOTE: The full sdr command results are truncated in the example above to preserve page space.
The column format from the sdr list output above is:
Sensor Type or ID
This is the type of sensor. There can be multiple entries of the same type. For
example, there could be one VCORE sensor for each processor. This has a 16character max length.
Sensor ReadingThis is the current reading of the sensor. Where available, the reading istranslated into the appropriate units (for example, degrees, volts or RPM).
Sensor Status
This indicates the sensor status. Possible values are:
ok – The sensor is present and operating correctlyns – No sensor (corresponding reading will say disabled or Not Readable)
nc – non-critical error regarding the sensor
cr – critical error regarding the sensor
nr – non-recoverable error regarding the sensor
8/20/2019 SIEM IPMI Configuration and Setup
24/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
24
BB P1 VR Temp | 20h | ok | 7.1 | 28 degrees C
Front Panel Temp | 21h | ok | 12.1 | 22 degrees C
SSB Temp | 22h | ok | 7.1 | 43 degrees C
BB P2 VR Temp | 23h | ok | 7.1 | 28 degrees C
BB Vtt 2 Temp | 24h | ok | 7.1 | 32 degrees C
BB Vtt 1 Temp | 25h | ok | 7.1 | 27 degrees C
HSBP 1 Temp | 29h | ok | 7.1 | 28 degrees C
Exit Air Temp | 2Eh | ok | 7.1 | 33 degrees C
LAN NIC Temp | 2Fh | ok | 7.1 | 42 degrees C
System Fan 1 | 30h | ok | 29.1 | 11956 RPM
System Fan 2 | 32h | ok | 29.2 | 12152 RPM
System Fan 3 | 34h | ok | 29.3 | 12054 RPMSystem Fan 4 | 36h | ok | 29.4 | 12054 RPM
System Fan 5 | 38h | ok | 29.5 | 12152 RPM
IPMItool
If the elist parameter is used, it will add the entity ID and the asserted discrete states.
ipmitool -U root -H 10.1.1.13 sdr elist
The column format from the sdr elist output above is:
Sensor Type or ID
This is the type of sensor. There can be multiple entries of the same type.
For example, there could be one VCORE sensor for each processor. This
has a 16 character max length
Sensor Number
The numeric value of the sensor. Once known, it can be used as a
parameter to query the sensor directly. Examples of this are on thefollowing page.
Sensor Status
This indicates the sensor status. Possible values are:
ok – The sensor is present and operating correctly
ns – No sensor (corresponding reading will say disabled or Not Readable)
nc – non-critical error regarding the sensor
cr – critical error regarding the sensor
nr – non-recoverable error regarding the sensor
Entity ID and
Instance
This is the entity value for the type of sensor being displayed. If there is
multiple of the same exact entity, then the instance will increment. See
Appendix C for a complete list of Entity ID’s.
Sensor Reading
This is the current reading of the sensor. Where appropriate, the reading
is translated into the appropriate units (for example, degrees for
temperature sensor).
Using the elist parameter provides additional values. These are Sensor Number (orange) and Entity
(green). These new values can provide additional capabilities when added to the command syntax. Notice
that some sensors can have the same entity (green) parent, 29 for system fan or 7 for internal temperature.
These values can be used with the entity parameter to display values for just those sensors. Sensor Number
(orange) is the unique ID for a given sensor and can be used with the sel parameter to obtain log and
sensor information.
Example of using specific Sensor Names, Numbers or Entity values to query specific sensors or groups of
sensors are on the following pages.
8/20/2019 SIEM IPMI Configuration and Setup
25/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
25
Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant
System Fan 1 | 30h | ok | 29.1 | 11956 RPM
System Fan 2 | 32h | ok | 29.2 | 12054 RPM
Fan 1 Present | 40h | ok | 29.1 | Device Present
Fan 2 Present | 41h | ok | 29.2 | Device Present
PS1 Status | 50h | ok | 10.1 |
PS2 Status | 51h | ok | 10.2 | Presence detectedPS1 Input Power | 54h | ns | 10.1 | No Reading
PS2 Input Power | 55h | ok | 10.2 | 220 Watts
PS1 Curr Out % | 58h | ns | 10.1 | No Reading
PS2 Curr Out % | 59h | ok | 10.2 | 25 unspecified
PS1 Temperature | 5Ch | ns | 10.1 | No Reading
PS2 Temperature | 5Dh | ok | 10.2 | 28 degrees C
HDD 0 Status | F0h | ok | 15.1 | Drive Present
HDD 1 Status | F1h | ok | 15.1 | Drive Present
HDD 2 Status | F4h | ok | 15.1 |
HDD 3 Status | F5h | ok | 15.1 | HS Backplane 1 | 00h | ns | 15.1 | Logical FRU @05h
Fan Redundancy | 0Ch | ok | 29.1 | Fully Redundant
System Fan 1 | 30h | ok | 29.1 | 12054 RPM
Fan 1 Present | 40h | ok | 29.1 | Device Present
IPMItool
Query the SDR for Fan Device state
Ex #1: ipmitool -U root -H 10.1.1.13 sdr entity 29
The example above queries all Fan Devices in the system.
Ex #2: ipmitool -U root -H 10.1.1.13 sdr entity 29.1
The example above queries the entity 29 and instance 1 for a specific fan.
Query the SDR for Power Supply state
ipmitool -U root -H 10.1.1.13 sdr entity 10
The example above queries the entity for the appliance power supplies. In this example, you
can see that the Power Supply unit 1 has been removed from the appliance.
Query the SDR for Hard Drive state
ipmitool -U root -H 10.1.1.13 sdr entity 15
The example above queries the entity for the hard drives. In this example, you can see that
HDD 2 and HDD 3 are not present.
8/20/2019 SIEM IPMI Configuration and Setup
26/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
26
IPMItool
Lastly, a couple variants for a sdr query.
To view only the Temperature, Voltage, and Fan Sensors
ipmitool -U root -H 10.1.1.13 sdr elist full
To view ALL Temperature Sensors regardless of entity
ipmitool -U root -H 10.1.1.13 sdr type temperature
NOTE: See Appendix D for a complete list of type values.
To view status of Power Units
ipmitool -U root -H 10.1.1.13 sdr type ‘Power Unit’
NOTE: Multi-word type require single quotes. See Appendix D for a complete list of type values.
To view all sensor data in wide table format
This format will include thresholds for each value where present.
ipmitool -U root -H 10.1.1.13 sdr sensor
Or verbose mode which will even more labeling for the thresholds
ipmitool -U root -H 10.1.1.13 sdr sensor -v
8/20/2019 SIEM IPMI Configuration and Setup
27/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
27
Pwr Unit Status | 0x0 | discrete | 0x0000| na | na | na | na | na | naPwr Unit Redund | 0x0 | discrete | 0x0a00| na | na | na | na | na | na
BB P1 VR Temp | 27.000 | degrees C | ok | na | 0.000 | 5.000 | 110.000 | 115.000 | naFront Panel Temp | 21.000 | degrees C | ok | na | 0.000 | 5.000 | 50.000 | 55.000 | naSystem Fan 1 | 12054.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | na
System Fan 2 | 12348.000 | RPM | ok | na | 1715.000 | 1960.000 | na | na | naBB +12.0V | 11.935 | Volts | ok | na | 10.635 | 10.947 | 13.027 | 13.391 | naBB +5.0V | 4.959 | Volts | ok | na | 4.416 | 4.546 | 5.415 | 5.566 | na
IPMItool
Query the Sensor information (sensor)
The sdr parameter is useful for current state. However, to view the complete sensor list
including thresholds, you will need to use the sensor parameter. Below are some common
example of how to use the parameter.
To query the complete sensor list.
ipmitool -U root -H 10.1.1.13 sensor list
NOTE: The full sensor command results are truncated in the example above to preserve page space.
The column format from the sensor output above is:
Sensor Type (name)This is the type or name of sensor. There can be multiple entries of the same
type. For example, there could be one VCORE sensor for each processor.
Reading This is the current reading of the sensor.
UnitThis is the units of the sensor reading (e.g., degrees for temperature sensor).Discrete is a binary sensor; other values are generally self explanatory.
Status
This indicates the status of the sensor. Possible values:
ok – okay
na – not available
a hex value
LNR This is the lower non-recoverable threshold value for this sensor.
LCR This is the lower critical threshold value for this sensor.
LNC This is the lower non-critical threshold value for this sensor.
UNC This is the upper non-critical threshold value for this sensor.
UCR This is the upper critical threshold value for this sensor.
UNR This is the upper non-recoverable threshold value for this sensor.
On the following pages are a few examples of how to use the sensor parameter. Also see
Appendix B for a syntax reference on sensor.
8/20/2019 SIEM IPMI Configuration and Setup
28/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
28
Locating sensor record...
Sensor ID : HDD 0 Status (0xf0)Entity ID : 15.1
Sensor Type (Discrete): Drive Slot / BayStates Asserted : Drive Slot
[Drive Present]
Locating sensor record...
Sensor ID : PS1 Status (0x50)Entity ID : 10.1Sensor Type (Discrete): Power Supply
Locating sensor record...
Sensor ID : PS2 Status (0x51)Entity ID : 10.2
Sensor Type (Discrete): Power SupplyStates Asserted : Power Supply
[Presence detected]
IPMItool
Query the status of a particular hard drive.
ipmitool -U root -H 10.1.1.13 sensor get 'HDD 0 Status'
The value within the single quotes is the sensor type (name) in column 1 from the
previous page example.
Query the status of the Power Supplies.
Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Status'
Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Status'
Notice that the presence detected value exists in Power Supply 2 and not on Power
Supply 1. This means that the PS1 unit may not plugged into the appliance.
8/20/2019 SIEM IPMI Configuration and Setup
29/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
29
Locating sensor record...
Sensor ID : PS1 Input Power (0x54)Entity ID : 10.1
Sensor Type (Analog) : OtherSensor Reading : Unable to read sensor: Device Not Present
Event Status : Unavailable Assertions Enabled : unc+ ucr+Deassertions Enabled : unc+ ucr+
Locating sensor record...
Sensor ID : PS2 Input Power (0x55)
Entity ID : 10.2
Sensor Type (Analog) : OtherSensor Reading : 228 (+/- 0) WattsStatus : ok
Lower Non-Recoverable : naLower Critical : na
Lower Non-Critical : naUpper Non-Critical : 868.000
Upper Critical : 920.000
Upper Non-Recoverable : na Assertion Events :
Assertions Enabled : unc+ ucr+Deassertions Enabled : unc+ ucr+
IPMItool
Query the input power of the Power Supplies.
Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Input Power'
Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Input Power'
Again notice that the Power Supply 2 values are consistent with a supply that is functioning
where as Power Supply 1 clearly shows it is not present.
8/20/2019 SIEM IPMI Configuration and Setup
30/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
30
2 | 06 13 2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted3 | 06/13/2014 | 19:19:43 | System Event #0x83 | Timestamp Clock Sync | Asserted4 | 06/13/2014 | 19:19:43 | Power Unit #0x01 | Power off/down | Asserted5 | 06/16/2014 | 15:33:03 | Power Unit #0x01 | Power off/down | Deasserted
6 | 06/16/2014 | 15:33:03 | Button #0x09 | Power Button pressed | Asserted7 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Redundancy Lost8 | 06/16/2014 | 15:33:06 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant9 | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Redundancy Losta | 06/16/2014 | 15:33:08 | Power Unit #0x02 | Non-Redundant: Sufficient from Redundant
b | 06/16/2014 | 15:33:16 | System Event #0x83 | Timestamp Clock Sync | Asserted
c | 06/16/2014 | 15:33:25 | System Event #0x83 | Timestamp Clock Sync | Assertedd | 06/16/2014 | 15:34:36 | System Event #0x83 | OEM System boot event | Asserted
e | 06/16/2014 | 15:34:36 | System Event #0x08 | PEF Action | Asserted
2 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted3 | 06/13/2014 | 19:19:43 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted4 | 06/13/2014 | 19:19:43 | Power Unit Pwr Unit Status | Power off/down | Asserted5 | 06/16/2014 | 15:33:03 | Power Unit Pwr Unit Status | Power off/down | Deasserted6 | 06/16/2014 | 15:33:03 | Button Button | Power Button pressed | Asserted7 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Redundancy Lost8 | 06/16/2014 | 15:33:06 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundan9 | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Redundancy Lost
a | 06/16/2014 | 15:33:08 | Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundan b | 06/16/2014 | 15:33:16 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Assertedc | 06/16/2014 | 15:33:25 | System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted
d | 06/16/2014 | 15:34:36 | System Event BIOS Evt Sensor | OEM System boot event | Assertede | 06/16/2014 | 15:34:36 | System Event System Event | PEF Action | Asserted
IPMItool
Query the System Event Log
The System Event Log (SEL) provides storage of all system events. You can view the contents of
the event log with IPMItool. The SEL keeps the last 12 events.
Query the SEL
ipmitool -U root -H 10.1.1.13 sel list
Query the SEL in a more human readable form
ipmitool -U root -H 10.1.1.13 sel elist
8/20/2019 SIEM IPMI Configuration and Setup
31/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
31
SEL Record ID : 0002Record Type : 02Timestamp : 06/16/2014 15:33:06
Generator ID : 0020EvM Revision : 04Sensor Type : Power UnitSensor Number : 02
Event Type : Generic DiscreteEvent Direction : Deassertion EventEvent Data (RAW) : 01ffffDescription : Redundancy Lost
Sensor ID : Pwr Unit Redund (0x2)
Entity ID : 21.1Sensor Type (Discrete): Power UnitStates Asserted : Redundancy State
[Redundancy Lost][Non-Redundant: Sufficient from Redundant]
IPMItool
Query the SEL to get more data for a specific event
ipmitool -U root -H 10.1.1.13 sel get 0x02
The value 0x02 is the example is the record ID and you can see this in the first sel example
on the previous page.
8/20/2019 SIEM IPMI Configuration and Setup
32/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
32
BMC Web Console
As mentioned in the preface of this document, the Intelligent Platform Management Interface (IPMI) is an
interface used by administrators for out-of-band management of computer systems and monitoring of theiroperation. In the previous section, we demonstrated how to use the command line IPMItool to access the
IPMI sensors. In this section, we’ll cover the Integrated BMC Web Console.
The Embedded Web Console is available without the requirements for any agents or remote IPMItools and is
always accessible regardless of the state of the operating system. The web console is able to:
• View the sensors, event log, and asset inventory of the system.
• Retrieve and download the diagnostics log, containing important information about system crashes.
• Launch KVM and media redirection Intel® Remote Management Module (Intel® RMM) required.
• Configure e-mail or SNMP alerting as well as other settings.
This section will give you a description of a number of areas within the Integrated BMC Web Console thathave value relative to the McAfee SIEM appliances. However, there are some areas that could cause loss of
contact or service interruptions should you make modification. We strong encourage you limit your activity
to the sections we have outlined.
The console is divided into four tabs in a horizontal menu. Within each tab, a menu is provided on the left
side. Each tab and each menu option within each tab has a short description on its function. Figure 22 is a
legend of each Tab and its associated Menu options.
Figure 22
8/20/2019 SIEM IPMI Configuration and Setup
33/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
33
If for some reason you do not see the dialog above, check with your networking team to ensure
that your desktop has access to the IPMI IP address. For security reason, the IPMI IP address may
be on a different subnet. In addition, you should ensure that the IPMI NIC has been cabled to your
switched environment. See page 15 for the location of the IPMI NIC.
BMC Web Console
To access the web console, launch your favorite browser and enter the IP address you used to configure the
IPMI interface on page 16. Your browser should support HTTPS. In addition, if you wish to use RemoteConsole, your browser will need to be Java enabled. Using JRE version 6 Update 22 and above.
Figure 23 display the login screen you should see.
Once the dialog above appears, enter the user root and the password you used to set the IPMI root password
on page 17. When successful, you will see Figure 15 ( following page), the System Information page of the
BMC Web Console.
Figure 23
8/20/2019 SIEM IPMI Configuration and Setup
34/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
34
BMC Web Console
As you navigate through the menu options, the browser will fetch information to populate the section you
navigated to. Sometimes, it may take several seconds or more for the display to fully populate. During this
time you will see a progress bar on the right side of the page, just beneath the blue horizontal line that
separates the header of the section and its content. The progress bar will look similar to the image below.
At this point, feel free to navigate through the options using the legend on page 36 to get acquainted with theinterface and the return time performance of certain pages.
Figure 24
8/20/2019 SIEM IPMI Configuration and Setup
35/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
35
BMC Web Console
Server Health Tab – Sensor Readings
The Server Health tab, Figure 25, shows you data related to the server's health, such as sensor readings, the
event log, and power statistics as explained in the following sub sections. When you click on the Server
Health tab, by default you will open the Sensor Readings page.
The Sensor Readings displays system sensor information including status, health, and reading value every
60 seconds by default. A list of option for the Sensor Readings page is below.
Option Task
Sensor Selection dropdown boxSelect the type of sensor readings to display in
the list. The default is to display all sensors.
Sensor Readings listSelected sensors shown with their name,
status, health, and readings.
Refresh button Click to refresh the selected sensor readings.
Show Thresholds button
Click to expand the list, showing low and high
threshold Assignments. Shows the critical
(CT) and noncritical (NC) thresholds for theselected sensors. Use scroll bar at the bottom
to move the display left and right.
Hide Thresholds buttonClick to return to the original display, hiding
the threshold values.
Set auto - refresh in seconds (0 to disable) selection
Enter the time (in seconds) to wait between
updates of the Sensor Readings and then clickthe Set button.
Figure 25
8/20/2019 SIEM IPMI Configuration and Setup
36/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
36
BMC Web Console
Server Health Tab – Event Log
The Event Log page, Figure 26, displays the systems server management events. Events are
logged as various tasks (booting), status changes (power supple removal) or other events occur.
The following table lists the options available for Server Health.
Option Task
Event Log Dropdown box Select the type of events to display in the list.
Event Log List
Selected sensors are shown with their name, status,and readings. This includes a list of the events with
their ID, time stamp, sensor name, sensor type, and
description.
Clear Event Log button Click to clear Event Logs.
Figure 26
8/20/2019 SIEM IPMI Configuration and Setup
37/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
37
BMC Web Console
Server Health Tab – Power Statistics
The Power Statistics page, Figure 27, displays the systems power statistics in watts and over
what duration.
NOTE: The time value, at the top of the dialog, will be reset when the appliance is powered off.
Figure 27
8/20/2019 SIEM IPMI Configuration and Setup
38/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
38
McAfee advises customers to use the sections within the Configuration Tab as view only options
except where indicated in this guide. Any modification may result in inaccessibility or possible
data lost on the SIEM appliance.
While this document refers to the IPMI channel, the actual name for that channel is the Intel(R)
RMM channel.
Do not make any changes within this dialog. Any change to the IPMI IP address should always
be done via the ESM browser-based interface. The two additional LAN channels, Baseboard
MGMT and MGMT 2 are the same as the SIEM MGMT1 and MGMT2 ports but should be left at
their default values. Any modification here will cause the appliance to become unreachable by the
SIEM environment.
BMC Web Console
Configuration Tab
The Configuration Tab contains a large number of options such as Network, Remote Session and
Alerts. Users have the option to view or modify a number of these settings. This section will
cover only the items McAfee believes are needed to remote manage the SIEM appliances
Configuration Tab – IPv4 Network
The IPv4 Network Settings page, Figure 28, is used to configure the IPv4 network settings for the Server
Management LAN interface (IPMI) to the BMC controller. The settings you see below will match the ones
used on page 18 to configure the IPMI interface from the ESM browser-based interface. If you need to
change the IPMI IP Address, please do so via the ESM browser-based interface.
Figure 28
8/20/2019 SIEM IPMI Configuration and Setup
39/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
39
BMC Web Console
Configuration Tab – IPv4 Network
While McAfee does not recommend changing the network settings here, the following table lists the options
available for IPv4 Networking.
Option Task
Enable LAN Failover
Used to enable LAN Failover (only available on EPSD
Platforms Based on Intel Xeon Processor E5 -4600/2600/2400/1600/1400
Product Families)
LAN Channel dropdown box
Used to select the channel on which you want to configure
the network settings. Lists the LAN Channels available forserver management. The LAN channels describe the
physical NIC connection on the server.
• Intel RMM (BMC LAN Channel 3) is the add-in RMM4Dedicated Management NIC.
• Baseboard Mgmt (BMC LAN Channel 1) is the on-board, shared NIC configured for management and
shared with the operating system.
• Baseboard Mgmt 2 (BMC LAN Channel 2) is the secondon-board, shared NIC configured for management and
shared with the operating system.
MAC Address The MAC address of the device (read only)
IP address radio buttons
Select one of the three options for configuring the IP
address:
• Obtain an IP address automatically (use DHCP) - UsesDHCP to obtain the IP address.
• Use the following IP address – Manually configure theIP address.
• Disable LAN Channel – Sets the IP address, SubnetMask, and Default Gateway to 0.0.0.0.
IP Address Subnet Mask Gateway
If configuring a static IP, enter the requested address,
subnet mask, and gateway in the given fields.
The IP Address is made of four numbers separated by dotsas in
"xxx.xxx.xxx.xxx". 'xxx' ranges from 0 to 255.
First 'xxx' must not be 0.
Primary DNS Server
Secondary DNS Server If configuring a dynamic IP, enter the Primary andSecondary DNS servers.
Save button Click to save any changes made.
8/20/2019 SIEM IPMI Configuration and Setup
40/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
40
By default, root is the only user enabled and is the user account whose password is set when
changing the NGCP account password in the ESM browser-based interface. Do not change the
password here. Also, while other users can be enabled, McAfee strongly recommends leaving the
configuration as shown in figure 29.
BMC Web Console
Configuration Tab – Users
The User List page, Figure 29, lists the configured users, along with their status and network
privilege. It also provides the capability to add, modify, and delete users.
This page allows the operator to configure the IPMI users and privileges for this server:
• UserID 1 (anonymous) may not be renamed or deleted.
• UserID 2 (root) may not be renamed or deleted, nor can the network privileges of UserID 2be changed.
• User Names cannot be changed. To rename a user you must first delete the existing user,and then add the user with the new name.
To delete a user, select the user in the list and click Delete User.
To add a user, select an empty slot in the list and click Add User.
Figure 29
8/20/2019 SIEM IPMI Configuration and Setup
41/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
41
BMC Web Console
Configuration Tab – Alerts
The Alerts page, Figure 30, is used to configure which system events an alert can be generated
for and the destination for these alerts. Up to two destinations can be selected for each LAN
channel. Each destination will receive an alert, based on its protocol (SNMP or SMTP), when one
of the selected trigger events occurs.
NOTE: Only configure Alerts for the Intel(R) RMM channel.
Globally Enable Platform Event Filtering:
This can be used to prevent sending alerts until you have fully specified your desired alerting
policies.
Log Event on Filter Action:
This can be used to enable or disable the logging of an event into the System Event Log when a
Filter Action is taken.
Figure 30
8/20/2019 SIEM IPMI Configuration and Setup
42/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
42
BMC Web Console
Configuration Tab – Alerts
The following table lists the options allowing you to select which events that alerts should be sent on and
selection of where the alerts are to be sent to.
Option Task
Select the events that will trigger alerts. Select one or more system events that will trigger an alert.
Check / Clear All buttons Click to select or clear all events.
LAN Channel to ConfigureSelect either the BMC or RMM4 to configure the
destination
Alert Destination #1 / #2
Select either SNMP along with the IP address or email
address that the alert will be sent to. Up to twodestinations can be elected for each LAN channel
Save button Click to use selected setup.
Send Test Alerts button After configuring select this to send a test alert.
8/20/2019 SIEM IPMI Configuration and Setup
43/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
43
BMC Web Console
Remote Control Tab
The Remote Control tab helps you perform the following remote operations on the server.
These are Console Redirection, Server Power Control and Virtual Front Panel. Below is an
explanation of each.
Remote Control Tab – Console Redirection
By default, the Remote Control tab opens the Console Redirection page as shown in Figure 31.
To launch the console redirect, click the Launch Console button. Once done, two dialogs will
appear. See examples below. Figure 32 prompt you to that a Java package will be downloaded.
Figure 33 asks you to open the package.
Fi ure 31
Figure 32
Figure 33
8/20/2019 SIEM IPMI Configuration and Setup
44/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
44
Figure 34
BMC Web Console
Remote Control Tab – Console Redirection
What is a JNLP file? JNLP is an acronym for Java Network Launching Protocol. The JNLP file
format is used by Java to launch and manage various Java applications over a network or on the
Internet. The JNLP files are saved in the XML file format. The files are actually comprised of a
group of protocols that define the specific requirements of a JAVA launching mechanism.
NOTE: Java will have to be installed in order to take advantage of this capability. Java Run time
Environment (JRE) Version 6 Update 22 or higher is required.
Once Java has been installed, click OK on the opening of the JNLP file, Figure 24 ( previous page).
This will then launch the Java Run Time Environment. You may briefly see a Java splash screen.
At this point, one of two scenarios will occur.
Scenario #1
Once Java is loaded, a Security Warning
popup, Figure 34, will ask you to confirm that
this application should be run. Check Accept
and then click Run.
To continue, simply click the
check box to accept and then
the Run button. Once done,
the JNLP will complete
execution and the JViewer will
load displaying the console as
it is at that time. See Figure
35.
Figure 35
8/20/2019 SIEM IPMI Configuration and Setup
45/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
45
BMC Web Console
Scenario #2
If you are running Java 7, Update 51 or later, a blocked application dialog will appear. See Figure 36.
Previous to update 51, the pop-up similar to the ones in Scenario #1 would have appeared. However,
starting with Java 7 Update 51, a new Security Exception list has been added and you will need to provide
an exception in order to proceed.
To do this, go to Control Panel, then select Java. Next, select the Security tab. The Security dialog will look
similar to the example in Figure 37.
Next, click the Edit Site List button and enter the full path of the appliances IPMI NIC. The example in Figure
37 displays the completed exception list. Once this entry is saved, the Java app will allow access to the
Remote Control app and scenario #1 should occur.
NOTE: You also may need to make additional security adjustments on your desktop. Applications such as
Windows Firewall or McAfee End-Point products may also prevent access this application.
Figure 36
Figure 37
8/20/2019 SIEM IPMI Configuration and Setup
46/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
46
Figure 38
Figure 39
BMC Web Console
Remote Control Tab – Console Redirection
Using the console
Once the Web Console has started and you see the Appliance Menu (White LCD display in upper
left corner ) you are ready to use the console as if you were directly attached via a monitor and
keyboard. However, there are a few navigation techniques you will need to know. Like most
Windows apps, JViewer has a number of menu options that will come in handy as you use the
console.
Refresh the display
During the testing of the IPMI interface for this
document, it was noticed that on a rareoccasion, the interface seemed to either stall or
stop completely. This could be due to network
congestion or the failure / error within JRE
itself. Fortunately, there is an easy remedy.
Located in the Video menu is a Refresh Video
option. Simply selecting this and allowing the
connection to be rebuilt should solve the
problem. Figure 38 shows the location of
Refresh Video.
Using an ALT key
Like most Linux-based products, the McAfee
SIEM appliances allow for multiple TTY sessions
at the command-line. The standard keystroke to
enter these is to use the ALT key followed by F2,
F3, etc. However, in the Web Console, the ALT
key is not transmitted, so a helper option is
provided. Located in the Keyboard menu, Figure
39, there are a number of check boxes that you
can select to allow for multi-key commands.
As an example, to perform an ALT-F2, select
Keyboard, and then check Hold Left Alt Key.
Next press F2 and this will take you to tty2. Using
F3, F4, etc, will access addition tty session.
However, you will have to re-select Keyboard
and then uncheck Hold Left Alt Key to turn off
this capability as this is an on/off toggle function.
8/20/2019 SIEM IPMI Configuration and Setup
47/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
47
While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,
McAfee recommends that resetting or powering down the appliance should always be done via the
ESM browser-based interface.
While the McAfee SIEM appliances are ACPI aware, it is possible for the Graceful OS Shutdown to
not function properly or timeout if the appliance is performing other tasks. After a Graceful
Shutdown has been requested, if the system does not shut down as requested, the command
cannot be executed again for five minutes. However, McAfee recommends that powering down theappliance(s) should always be done via the ESM browser-based interface.
BMC Web Console
Remote Control Tab – Server Power Control
The Server Power Control page, Figure 40, shows the current power status and allows power/reset control
of the appliance.
Figure 40
8/20/2019 SIEM IPMI Configuration and Setup
48/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
48
BMC Web Console
Remote Control Tab – Server Power Control
The following table lists the options for power control.
Option Task
Reset Server Select option to hard reset the host without powering off.
Force-Enter BIOS SetupCheck this option to enter into the BIOS setup after resetting theserver.
Power OFF Server Select option to immediately power off the host.
Graceful Shutdown Select option to soft power off the host.
Power ON Server Select option to power on the host
Power Cycle ServerSelect option to immediately power off the host, and then power itback on after one second.
Perform Action button Click to execute the selected remote power command.
Note: All power control actions are done through the BMC and are immediate actions. It is stronglysuggested to gracefully shut through the ESM browser-based interface.
8/20/2019 SIEM IPMI Configuration and Setup
49/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
49
While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,
McAfee recommends that resetting or powering down the appliance should always be done via the
ESM browser-based interface.
BMC Web Console
Remote Control Tab – Virtual Front Panel
The Virtual Front Panel page, Figure 41, allows users to control the appliance in the same
manner as if they we next to the physical appliance.
Figure 41
8/20/2019 SIEM IPMI Configuration and Setup
50/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
50
BMC Web Console
Remote Control Tab – Virtual Front Panel
The following table lists the options for Virtual Front Panel.
Option Task
Power Button The Power button is used to power on or power off.
Reset Button The Reset button is used to reset the server while system is ON.
Chassis ID ButtonWhen the Chassis ID button is pressed, the chassis ID LED changes to solid
on. If the button is pressed again, the chassis ID LED turns off.
Graceful Shutdown Select option to soft power off the host.
Power LEDThe Power LED shows the system power status. If the Power LED is green,
the system is ON. If the Power LED is grey, the system is OFF.
Status LEDThe Status LED reflects the system status LED status and it is automatically
in sync with the BMC every 60 seconds. This reflects the System Status LED.
Chassis ID LED
The Chassis ID LED shows the current system chassis ID status. If the
Chassis ID LED is blue, the Chassis ID is indefinite ON. Ifthe Chassis ID LED is grey, the Chassis ID is OFF
8/20/2019 SIEM IPMI Configuration and Setup
51/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
51
Appendix A – Command Line Arguments for IPMItool
-a Prompt for the Remote IPMI server password.
-A Specify an authentication type to use during IPMIv1.5 lan session
activation. Supported types are NONE, PASSWORD, MD2, MD5, or OEM.
-cPresent output in CSV (comma separated variable) format. This is not
available with all commands.
-e Use supplied character for SOL session escape character. The default isto use ~ but this can conflict with ssh sessions.
-k Use supplied Kg key for IPMIv2 authentication. The default is not to
use any Kg key.
-y
Use supplied Kg key for IPMIv2 authentication. The key is expected in
hexadecimal format and can be used to specify keys with non-printable
characters. For example, "-k PASSWORD" and "-y 50415353574F5244"are equivalent. The default is not to use any Kg key.
-C
The Remote IPMI server authentication, integrity, and encryption
algorithms to use for IPMIv2 lanplus connections. See table 22-19 inthe IPMIv2 specification. The default is 3 which specifies RAKP-HMAC-
SHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128
encryption algorithms.
-EThe Remote IPMI server password is specified by the environment
variable IPMI_PASSWORD.
-f Specifies a file containing the Remote IPMI server password. If this
option is absent, or if password file is empty, the password will default
to NULL.
-h Get basic usage help from the command line.
-H Remote IPMI server address can be IP address or hostname. NOTE:
This is not the appliance’s main IP. The IPMI controller will have its own
unique IP address.
-I
Selects IPMI interface to use. Supported interfaces that are compiled inare visible in the usage help output. Options are lan or open. If lan it
tells IPMItool to use the network to send commands instead ofinterfacing with the local IPMI controller.
-L Force session privilege level. Can be CALLBACK, USER, OPERATOR, and
ADMINISTRATOR. Default is ADMINISTRATOR.
-m Set the local IPMB address. The default is 0x20 and there should be no
need to change it for normal operation.
-o Select OEM type to support. This usually involves minor hacks in place
in the code to work around quirks in various BMCs from various
manufacturers. Use -o list to see a list of current supported OEM types.
-O Open selected file and read OEM SEL vent descriptions to be used
during SEL listings. See examples in contrib dir for file format.
-p Remote IPMI server UDP port to connect to. Default is 623.
8/20/2019 SIEM IPMI Configuration and Setup
52/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
52
-P
Remote IPMI server password is specified on the command line. If
supported, it will be obscured in the process list. However this
password is store the password in your history file and may be visible
to other users (through “ps” or similar).
Note: Specifying the password as a command line option is not
recommended.
-S
Use local file for remote SDR cache. Using a local SDR cache can
drastically increase performance for commands that require
knowledge of the entire SDR to perform their function. Local SDR cache
from a remote system can be created with the sdr dump command.
-t Bridge IPMI requests to the remote target address.
-U Remote IPMI server username. For McAfee SIEM appliances this will
always be root.
-v
Increase verbose output level. This option may be specified multiple
times to increase the level of debug output. If given three times youwill get hex dumps of all incoming and outgoing packets.
-V Display version information.
8/20/2019 SIEM IPMI Configuration and Setup
53/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
53
Appendix B – Command Syntax Guide for IPMItool
NOTE: Columns / commands which are grayed out either do not return values on McAfee SIEM Appliances or are not
intended for general use without support or development assistance and could result in data loss on the appliance. Thisalso hold true for certain commands within supported commands.
raw
This will allow you to execute raw IPMI commands.
Usage:raw [data]
Example:ipmitool raw 0x0 0xf
For example to query the POH counter with a raw command.
Network Function Codes (netfn):
VAL HEX STRING==============================================
0 0x00 Chassis
2 0x02 Bridge
4 0x04 SensorEvent
6 0x06 Application
8 0x08 Firmware
10 0x0a Storage
12 0x0c Transport
i2cSend an I2C Master Write-Read command and print response
spd Print SPD info from remote I2C device
lan Configure LAN Channels
chassis
Get chassis status and set power state of the appliance.
Usage:chassis
Example:
ipmitool chassis poh
ipmitool chassis power status
Arguments:
status
Displays information regarding the high-level status of the system chassis and
main power subsystem.
Power (see power section below)
identify
Control the front panel identify light. Default is 15. Use 0 to turn off.
Policy
8/20/2019 SIEM IPMI Configuration and Setup
54/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
54
Set the chassis power policy in the event power failure.
list
Return supported policies.
always-on
Turn on when power is restored.
previous
Returned to previous state when power is restored.
always-off
Stay off after power is restored.
restart_cause
Query the chassis for the cause of the last system restart.
poh
This command will return the Power-On Hours counter.
bootdev [clear-cmos=yes|no]
bootdev [options=help,]
Request the system to boot from an alternate boot device on next reboot. The
clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the next
reboot.
Currently supported values for are:
none
Do not change boot device
pxe
Force PXE boot
disk
Force boot from BIOS default boot device
safe
Force boot from BIOS default boot device, request Safe Mode
diag
Force boot from diagnostic partition
cdrom
Force boot from CD/DVD
bios
Force boot into BIOS setup
bootparam get
bootparam set bootflag
Request the system to force a boot from an alternate boot device on next reboot.
The clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the
next reboot.
Currently supported values for are:
force_pxe
Force PXE boot
force_disk
8/20/2019 SIEM IPMI Configuration and Setup
55/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
55
Force boot from BIOS default boot device
force_safe
Force boot from BIOS default boot device, request Safe Mode
force_diag
Force boot from diagnostic partition
force_cdrom
Force boot from CD/DVD
force_bios
Force boot into BIOS setup
selftest
Will display a pass or fail of the chassis components.
power
Shortcut to chassis power commands and performs a chassis control command to
view and change the power state.
Usage: power
Example:
ipmitool power status
Arguments:
status
Show current chassis power status.
on
Power up chassis.
off
Power down chassis into soft off (S4/S5 state). WARNING: This command does
not initiate a clean shutdown of the operating system prior to powering down the
system.
cycle
Provides a power off interval of at least 1 second. No action should occur if
chassis power is in S4/S5 state, but it is recommended to check power statefirst and only issue a power cycle command if the system power is on or in
lower sleep state than S4/S5.
resetThis command will perform a hard reset.
diag
Pulse a diagnostic interrupt (NMI) directly to the processor(s).
soft
Initiate a soft-shutdown of OS via ACPI. This can be done in a number of ways,
commonly by simulating an over temperature or by simulating a power button
press. It is necessary for there to be Operating System support for ACPI and some
sort of daemon watching for events for this soft power to work.
event Send pre-defined events to MC
mc Management Controller status and global enables
8/20/2019 SIEM IPMI Configuration and Setup
56/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
56
sdr
Print Sensor Data Repository entries and readings. Each command will display a
slightly different output but the main elements will be Sensor Name, Sensor
Number, Status and Entity ID. See Appendix C for an explanation Entity values.
Note: Depending on which IPMI command you use the sensor number that is
displayed for an event might appear in slightly different formats. A sensor number
can be displayed as either 1Fh or 0x1F.
Usage:sdr
Example:ipmitool sdr elist
Parameter:-v
Verbose output.
Arguments:
list | elist []
This command will read the Sensor Data Records (SDR) and extract sensor
information of a given type, then query each sensor and print its name, reading,and status. If invoked as elist then it will also print sensor number, entity id
and instance, and asserted discrete states.
The default output will only display full and compact sensor types, to see all
sensors use the all type with this command.
Valid types are:
all
All SDR records (Sensor and Locator)
full
Full Sensor Record
compact
Compact Sensor Record
event
Event-Only Sensor Record
mcloc
Management Controller Locator Record
fruFRU Locator Record
generic
Generic SDR records
type
This command will display all records from the SDR of a specific type. Run withtype list to see the list of available types. Also see Appendix D for the list. Note
that you can leave List and Get off and still get the same information. For exampleto query for all Temperature sensors:
ipmitool sdr type temperature
Baseboard Temp | 30h | ok | 7.1 | 28 degrees C
8/20/2019 SIEM IPMI Configuration and Setup
57/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
57
FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees C
Processor1 Temp | 98h | ok | 3.1 | 57 degrees C
Processor2 Temp | 99h | ok | 3.2 | 53 degrees C
info
This command will query the BMC for SDR information.
entity [.]
Displays all sensors associated with an entity. Get a list of valid entity ids on the
target system by issuing the sdr elist command. A list of all entity ids can be
found in the IPMI specifications.
dump
Dumps raw SDR data to a file. This data file can then be used as a local SDR cache
of the remote managed system with the -S option on the ipmitool
command line.
This can greatly improve performance over system interface or remote LAN.
fill sensors
fill
Creates the SDR repository for the current configuration or dumps raw SDR data
to a file.
sensor
Print detailed sensor information
Usage:sensor -v
Example:ipmitool sensor list
Parameter:-v
Verbose output.
Arguments:
list
Lists sensors and thresholds in a wide table format. Leaving this argument off will
produce the same wide format table.
get ... []
Prints information for sensors specified by name.
thresh
This allows you to set a particular sensor threshold value. The sensor is specifiedby name. Valid thresholds are:
unr Upper Non-Recoverable
ucr Upper Critical
unc Upper Non-Critical
lnc Lower Non-Critical
lcr Lower Critical
lnr Lower Non-Recoverable
thresh lower
This allows you to set all lower thresholds for a sensor at the same time. The
sensor is specified by name and the thresholds are listed in order of Lower Non-
Recoverable, Lower Critical, and Lower Non-Critical.
8/20/2019 SIEM IPMI Configuration and Setup
58/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
58
thresh upper
This allows you to set all upper thresholds for a sensor at the same time. The
sensor is specified by name and the thresholds are listed in order of Upper Non-
Critical, Upper Critical, and Upper Non-Recoverable.
reading
Similar to a get.
fru
This command will read all Field Replaceable Unit (FRU) inventory data and
extract such information as serial number, part number, asset tags, and short
strings describing the chassis, board, or product.
Usage:fru print
Example:ipmitool fru print
gendevRead/Write Device associated with Generic Device locators sdr
sel
View the System Event Log (SEL).
Usage:sel
Example:ipmitool sel elist
Arguments:
info
This command will query the BMC for information about the System Event Log(SEL) and its contents.
clear
This command will clear the contents of the SEL. It cannot be undone so be
careful.
list | elist
When this command is invoked without arguments, the entire contents of the
System Event Log are displayed. If invoked as elist it will also use the Sensor
Data Record entries to display the sensor ID for the sensor that caused each event.
Note this can take a long time over the system interface.
|first Displays the first count (least-recent) entries in the SEL. If count is zero, all
entries are displayed.
last
Displays the last count (most-recent) entries in the SEL. If count is zero, all
entries are displayed.
delete
Delete a single event.
save
Save SEL records to text file that can be fed back into the event file ipmitool
command. This can be useful for testing Event generation by building an
appropriate Platform Event Message file based on existing events. Please see the
8/20/2019 SIEM IPMI Configuration and Setup
59/61
IPMI and RMM Setup and Configuration Guide McAfee SIEM
59
help for that command to view the format of this file.
writeraw
Save SEL records to a file in raw, binary format. This file can be fed back to the
sel readraw ipmitool command for viewing.
readraw
Read and display SEL records from a binary file. Such a file can be created using
the sel writera