SIEM IPMI Configuration and Setup

McAfee SIEM
IPMI / RMM Setup and Configuration Guide
V1.1
November 2014
Introduction
This document is designed to provide the reader with all the steps and information on
implementing and using the Intelligent Platform Management Interface (IPMI) and Remote
Management Monitor capabilities supported in the McAfee SIEM operating environment
v9.4 and later.
The Intelligent Platform Management Interface (IPMI) is a standardized computer

system interface used by system administrators for out-of-band management of computer
systems and monitoring of their operation. It is a way to manage a computer that may be
powered off or otherwise unresponsive by using a network connection to the hardware
rather than to an operating system or login shell.
IPMI information is exchanged though Baseboard Management Controllers (BMCs), which

are located on IPMI-compliant hardware components. The BMC is a specialized
microcontroller embedded on the motherboard of a computer, generally a server. The BMC
manages the interface between system management software, in this case RMM and
platform hardware. Using low-level hardware intelligence instead of the operating system
has two main benefits: First, this configuration allows for out-of-band server management;
Second, the operating system is not burdened with transporting system status data.
IPMI functions are designed to work in any of three scenarios:
Before an OS has booted (allowing, for example, the remote monitoring or

changing of BIOS settings)
When the system is powered down (but still attach to power)
After OS or system failure the key characteristic of IPMI compared with inband system management such as by remote login to the operating system
using SSH
Remote monitoring and management (RMM) is a collection of information technology

tools that are found on workstations and servers. These tools gather information regarding
the applications and hardware operating within an environment as well as supply activity
reports allowing administrators to resolve any issues. RMM usually provides a set of IT
management tools like trouble ticket tracking, remote desktop monitoring, support, and user
information through a complete interface.
Within the McAfee SIEM appliance family, IPMI is provided through the Intel RMM4 module
installed into every McAfee GEN4 SIEM Appliance.
IPMI and RMM Setup and Configuration Guide
McAfee SIEM
Revision History
August 2014
V1.0
November 2014
V1.1
First Public Release
Added Revision History Section

Added links to motherboard SDR return codes.
Corrected page number
McAfee SIEM
Table of Contents
BIOS Update
Enabling IPMI
15
IPMItool
20
BMC Web Console
32
Appendix A
51
Appendix B
53
Appendix C
60
Appendix D
61
Updating your appliance(s) to enable IPMI and RMM
Turning on IPMI via ESM Management Interface
Command line IPMI syntax and examples
Using the web console interface
Command line arguments for IPMItool
Command syntax for IPMItool
SDR Entity Values
SDR Type Values
McAfee SIEM
BIOS Update
IPMI and RMM capabilities are only supported on the Generation 4 (GEN4) SIEM appliances. Before
proceeding with this document, make sure you have GEN4 appliances. The two images below highlight the
stark differences between Generation 3 and Generation 4 SIEM appliances. While the examples below
display the 2U Gen4 appliance and the 3U Gen3 appliance, the orange bezel is always indicative of a Gen3
appliance.
GEN4 Appliance
GEN3 Appliance
Within the Gen4 SIEM appliance family, there are some exceptions on which platforms support IPMI
capabilities. Below is a table of what is and is not supported.
IPMI Supported
IPMI NOT Supported
All Standalone ESM Models
Any DAS Models

(These devices do not have an IPMI port)
All Combination ESM Models
Any Receiver (ERC) in HA mode regardless of Model

(All available ports are used to configure HA)
All Non-HA Receivers (ERC)

All ACE Appliances
All ADM Appliances
All DEM Appliances
McAfee SIEM
BIOS Update
Before IPMI and Remote Management can be supported within the McAfee SIEM environment, the BIOS for
each appliance must be at a specific release to enable capabilities within the SIEM Management interface and
SIEM operating environment. As outlined in the previous section, remote management is only available on
Generation 4 and later appliances as well as operating environment v9.4 and later. See previous section for a
description of the appliances to ensure you have a GEN4 appliance.
Check current appliance version
IPMI and RMM capabilities are only supported in the SIEM operating environment v9.4 and above. To check
which McAfee SIEM Operating Environment version your appliance(s) are currently at, log into your ESM
using any flash capable browser. Once the login screen appears, check the lower left corner of the browser
for the version number. It should be version 9.4.0 or greater. See Figure 1 for an example. If your appliance
does not have this version, access the McAfee download page to obtain the latest release. Once it has been
upgraded, continue with the steps following this topic.
The download link is: http://www.mcafee.com/us/downloads/downloads.aspx
Figure 1
While all McAfee SIEM appliances should be on the same operating environment release, it is possible that
this may not be the case in your environment. We recommend checking each appliances SIEM Operating
Environment version. To do this, select the appliance and click the Properties icon (White Square in icon bar
above device tree display) and the resulting dialog will display the version. An example of this is in Figure 2.
Figure 2
Check current appliance BIOS version

Once you have identified your appliance as GEN4 hardware and that you are on the proper SIEM operating
environment version, you should check your BIOS version to ensure that it requires a BIOS update.
Depending on when you received your appliance(s), its BIOS may have already been updated.
McAfee SIEM
BIOS Update
To check the BIOS version, SSH into the appliance and issue the following command:
McAfee-ETM-6000 ~ # dmidecode t 0
Figure 3 displays an example of the output the command will generate.

McAfee-ETM-6000 ~ # dmidecode -t 0
# dmidecode 2.10
SMBIOS 2.6 present.
172 structures occupying 10014 bytes.
Table at 0x000EB570.
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: Intel Corp.
Version: SE5C600.86B.02.02.0002.122320131210
Release Date: 12/23/2013
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 8192 kB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Targeted content distribution is supported
BIOS Revision: 4.6
McAfee-ETM-6000 ~ #
Figure 3
The correct BIOS version release date should be at or later than the example highlighted (yellow) above.
If yours is not, continue with the steps on the following pages. If your BIOS version is at or later than this
release date, continue onto the ESM Setup section on page 16.
McAfee SIEM
BIOS Update
Obtaining the BIOS update package
To upgrade the appliance BIOS you will need extract the proper Intel Security BIOS update package to a USB
flash drive. These compressed packages are located on the ESM appliance in the following directory:
/etc/areca/system_bios_update/
The BIOS packages located here are specific Intel Security (McAfee) SIEM Appliances. Do not
attempt to use any other BIOS packages other than what is located here.
The directory will contain files similar, but not exactly, as the ones below:
850-1773-03_032514.zip
850-1904-00_012714.zip
Contents-README.txt
Because BIOS packages may change between SIEM operating environment releases, please refer to
the Contents-README.txt file for the correct package that is to be used for the appliance you
are upgrading.
After you have identified which ZIP package is appropriate for the appliance you are upgrading, use an
application like SCP or WinSCP to download the ZIP package. If your environment requires both zip
packages, please extract each zip to its own properly labeled USB flash drive. Mixing the packages could
render an appliance un-bootable.
Once you have downloaded the zip package, unzip it to the root of your USB flash drive. The drive you use
should be empty, should be a 4GB drive or less and can be formatted using Windows or Linux file systems. It
also does not have to be bootable. The directory on the USB flash drive will look similar to Figure 4 below.
Figure 4
8
McAfee SIEM
BIOS Update
Next, insert the USB flash drive into an unused USB port on the back of the appliance being upgraded. The
rear of both appliances (1U and 2U), and their respective USB ports, are highlighted in Figure 5.
Figure 5
Once the USB flash drive has been attached, re-boot the appliance. To ensure a proper shutdown, use either
the SIEM Administrative interface (browser-based GUI) or a monitor and keyboard attached to the system to
access the LCD emulator in the upper left corner of the console. The shutdown process may take several
minutes so that it can safely complete any outstanding task. Please be patient.
Once the system boots normally, it will display the McAfee Boot Splash screen as shown in Figure 6.
Do not make a selection. Let the system boot as normal. It will auto recognize that the USB drive is
attached and boot from it. The McAfee Splash screen may take up to 60 seconds before proceeding.
Figure 6
9
McAfee SIEM
BIOS Update
After the McAfee boot splash clears, the system will
recognize the USB and will start to boot. However,
depending on when you received your SIEM appliance,
there may have been a BIOS password set and it will
need to be entered in order for the automated BIOS
update process to start. If this is the case in your
environment, the example in Figure 7 will appear. The
password you enter will depend on the type of appliance
you are updating.
For 1U Appliances use:
For 2U Appliances use:
Figure 7
appl1an
@ppl1@nc3
Once you have successfully entered the BIOS password, you should see a screen similar to Figure 8.
Figure 8
At this point it should start updating the system automatically and you will see messages scroll across the
screen. The entire process can take as much as 15 to 20 minutes to complete. There are multiple phases of
the update process as the various subsystems of the motherboard are updated. You may notice that the
appliance cooling system power cycle a number of times, this is normal. You may also notice messages
indicating password failures, this also is normal.
Do not interrupt or reset the update process, remove power to the system, or use the keyboard
(unless prompted) while the update is taking place. Doing so could result in an unbootable
system.
10
McAfee SIEM
BIOS Update
The update process should end successfully with a message similar to Figure 9. It will indicate that the USB
flash drive should be removed and the system rebooted using the front-panel reset button.
Update file configuration: Revision S2600GZ.112
FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL
Copyright (c) 2013 Intel Corporation.
Auto-detecting chassis model and attached hardware.
This may take up to 1 minute to complete.
FRUSDR update completed.
Setting BIOS Admin and User Password
Successfully Completed
Successfully Completed
BIOS Admin and User Password Set
Updates Completed. Please remove the USB key and reboot using the front panel bu
tton
Fs0:\>
Figure 9
Troubleshooting
You may not always get the display in Figure 9 on your first attempt at updating the BIOS. This could be due
to issues where the FRU flags a few messages or recoverable errors have occurred. The following page(s)
will provide guidance on how to handle some of these issues should they arise.
11
McAfee SIEM
BIOS Update
Chassis Selection
In some instances, after the BIOS appears to have successfully updated, an FRU message indicating an
issue detecting the backplane has occurred (figure 10) and it asks you to determine which chassis is in
use.
ME firmware update completed.
FRUSDR 1.12 is being installed.
Update file Configuration: Revision S2600GZ_112
FRU & SDR Update Package for Intel(R) Server Board S2600GZ/GL
Copyright (c) 2013 Intel Corporation
Hot-swap HDD backplane detected but its FRU details either corrupted or blank.
Falling back to User chassis selection as auto detection is not possible.!
Select the Chassis
1
Intel(R) Server Chassis R1000
2
3
Other Chassis
Figure 10
For all McAfee SIEM Appliances, choose option 2 Intel(R) Server Chassis R2000.
Once that is selected, an R2000 Chassis type message (Figure 11) will appear.
Hot-swap HDD backplane detected but its FRU details either corrupted or blank.
Falling back to User chassis selection as auto detection is not possible.!
Select the Chassis
1
2
3
Other Chassis
Select the R2000 chassis type
1
R2208/R2216/R2308 chassis
2
R2224 chassis
3
R2312 chassis
4
Intel(R) Server Chassis R2000 with Aux PCIe
Figure 11
Choose option 3 R2312 Chassis
Once youve made the selections, the process should continue. However, the process may also stall. If the
process stalls, we recommend rebooting the appliance and perform the BIOS upgrade again. This second
BIOS upgrade should complete successfully and will end with the display similar to page 11.
12
McAfee SIEM
BIOS Update
Password Set Failure
In some instances, after the BIOS appears to have successfully updated, one or more errors indicating
that a Password mismatch has occurred. It may appear like the example in Figure 12.
Update file configuration: Revision S2600GZ.112
FRU & SDR Update Package for Intel (R) Server Board S2600GZ/GL
Copyright (c) 2013 Intel Corporation.
FRUSDR update completed.
Setting BIOS Admin and User Password
Error: Password Mismatch:entered password doesnt match with current password
Error: Password Mismatch:entered password doesnt match with current password
BIOS Admin and User Password Set
Figure 12
This error(s) should not affect the process and the admin and user passwords will ultimately get set
properly.
BMC Firmware is not Transitioning
In some instances, after the firmware has successfully updated, a message similar to Figure 13 will
appear.
BMC Firmware update Successful
BMC Firmware is not transitioning to operating mode
Could not exit FW transfer mode
An Error occurred
To save the error to a file
Y,N,ESC
Figure 13
If this occurs, press Y. Shortly after, you should receive an Updates Completed
message similar to Figure 9. However, it has been reported that once the USB
drive has been removed and the power switch pressed, the appliance does not
reboot. At this point you have two options. First, press and hold the reset button
(Figure 14) for 20 seconds. If the appliance still does not reboot, it is
recommended that power be removed from the appliance.
In either situation, it is recommended that the BIOS update be performed a second

time. On this second attempt the update should complete without error.
Figure 14
13
McAfee SIEM
BIOS Update
If you run into issues not previously highlighted, the update process stalls or prompts you for an entry of
some nature which you do not have the answer for.
DO NOT SHUT OFF THE APPLIANCE
Contact McAfee support at http://mysupport.mcafee.com; or at 800-937-2237; or your McAfee Platinum

Support representative.
14
McAfee SIEM
Enabling IPMI
Now that the appliance(s) have been updated to the proper BIOS level, you will need to connect each
appliances IPMI port to your network. All of the IPMI capabilities outlined in the following pages are only
supported via the IPMI port. McAfee SIEM appliances do not support Remote Management via the traditional
MGMT1 or MGMT2 ports.
The Figure 15 highlights the IPMI port location on each style (1U or 2U) of SIEM appliance. A standard CAT5
or CAT6 cable can be used and there is no need to use a cross-over cable, as a standard Ethernet cable will
work.
Figure 15
There are several security issues to be considered before enabling the IPMI LAN interface. A
remote station has the ability to control a systems power state as well as being able to gather or
modify certain platform information. To reduce vulnerability it is strongly advised that the IPMI
LAN interface only be enabled in 'trusted' environments where system security is not an issue or
where there is a dedicated secure 'management network'.
Once you have cabled the appliance(s) use the steps on the following pages to set the IP address for each
appliance to enable remote management. To perform these tasks, launch a flash capable browser and log
into the ESMs browser-based interface using the NGCP account.
15
McAfee SIEM
Enabling IPMI
Once logged into the ESM, navigate to one of these locations depending on which appliance you need to
enable Remote Management on. Each appliance type sets the IP address differently. Please make sure you
follow the instructions for the appropriate appliance.
Setting IP address for ESM or All-in-One Appliances:
Select System Properties and then Network Settings. Next, select the Advanced tab
and the dialog in Figure 16 will appear.
Setting IP address for a Receiver, ACE, ELM, ADM, or DEM:
Select Device Properties and then Device Configuration. Next, select the Interface
button and then the Advanced tab and a dialog similar to Figure 16 will appear.
Figure 16 is specific for an ESM, but each device (ERC, ACE, ELM, etc.,.) will have a
similar dialog with the exact same IPMI values.
Figure 16
If for some reason your BIOS update did not complete successfully, the Enable IPMI Settings section
will not appear.
16
McAfee SIEM
Enabling IPMI
Regardless of which appliance you are configuring, the steps outlined here will be the same for all
appliances.
Check the Enable IPMI Settings check box and then fill in the appropriate network settings. Figure 17
provides an example of how these may appear. The VLAN setting is the only optional setting and everything
else will be required.
Figure 17
Once you have completed entering the network settings, click Apply or OK. In the background, the appliance
will have its IPMI IP address set. Then, depending on the appliance you made the settings on, you will see a
similar version of Figure 18 indicating the progress of the action. This may take a few seconds to complete
depending on the activity of the appliance.
When it has completed successfully, both the Apply and OK buttons may be grayed out temporarily.
Figure 18
If something in the preceding steps is different than what was outlined, see the next page for caveats to the
process.
17
McAfee SIEM
Enabling IPMI
Caveats to setting the IPMI Network Settings
Wrong Version
If you have an ESM on version 9.4 but a new or existing ERC, ELM, ACE or other appliance has not been
upgraded, you may still see the IPMI setting for that appliance. However, because IPMI support requires
SIEM operating environment v9.4 and above, the process for setting an IP address may not complete
successfully. If you see a message similar to Figure 19, check the version of your appliance before
proceeding.
Figure 19
Re-keying Notice
For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, to change the IPMI root password you will need to
perform a re-key operation. On Receiver class devices, the dialog in Figure 20 will appear after you check
Enable IPMI Settings. Page 19 will provide the details on changing the password.
Figure 20
Stray VLAN Characters

For an ERC, ERCELM, ELM, ACE, ADM or DBM appliance, you may see a character in the VLAN field and it
will not be possible to remove it. This is currently a known issue and will be resolve, but it will not affect
your ability to set enter the network settings.
18
McAfee SIEM
Enabling IPMI
Setting IPMI password
Once the network settings have been set, you will receive a prompt (Figure 21) to change the password for
the IPMI root account. Each appliance may have a slightly different dialog depending on appliance model and
operating environment version. Also, there is only one account defined for IPMI and that is root.
Figure 21
To set IPMI root password for ESM or All-in-One Appliance:

Option #1
Click NGCP in the upper right corner of the ESM browser-based interface. It will then
display a password change dialog. Following the password criteria, enter the existing
password followed by the new password. Once complete, click OK and assuming you
met the password criteria, the password will be modified for the IPMI root account as
well as NGCP.
Option #2
Select the System Properties icon in the Quick Connect icon bar. Then select Users
and Groups from the System Properties dialog. Enter the NGCP password when
prompted. Next select the NGCP account from the User list and click Edit. Within the
Edit user dialog, click the Set Password button and follow the password criteria for
the new password. Click OK and assuming you met the password criteria, the
password will be modified for the IPMI root account as well as NGCP.
To set IPMI root password for an ERC, ERCELM, ACE, ELM, ADM, or DBM:
Select the Device Properties. Next, select Key Management. Then click the Key
Device button. This will display the Key Device Wizard dialog and prompt you to
enter a new password. Once you have entered the password twice, click the Next
button. This will then re-key the appliance with the ESM and then set the IPMI root
password for this appliance. Because this password dialog does not have the same
password restrictions as the ESM, if you want to retain the password on the appliance,
simply enter the password you have used in the past.
19
McAfee SIEM
IPMItool
As mentioned in the introduction of this document, the Intelligent Platform Management Interface (IPMI)
is an interface used by administrators for out-of-band management of computer systems and monitoring of
their operation. In this section, we highlight the IPMItool application syntax and use case examples will be
highlighted.
IPMItool provides a simple, command-line interface to IPMI-enabled devices through an IPMIv1.5 or
IPMIv2.0 LAN interface. It is offered on a wide variety of platforms including Windows, UNIX, Linux and Mac.
Because of the variety of platforms that IPMItool can exist on, this document uses the Sourceforge syntax
and parameters. Your platform implementation may vary slightly and you are encouraged to review the
documentation for your variant.
IPMItool can be used in two basic forms. Locally on the SIEM appliance that you are managing or remotely
from a workstation or server running IPMItool to the SIEM appliance you need to manage.
The syntax for local access is:
McAfee-ETM-6000 ~ # ipmitool
<command> <parameters>
The syntax for remote access is (See Appendix A for additional arguments):
C:\ ipmitool H <remote_IP> U <username> <command> <parameters>
or
[user@linux ~]# ipmitool H <remote_IP> U <username> <command> <parameters>
It should be noted that remote use of IPMItool requires port 623. This cannot be changed. If
there is a firewall or other device between the IPMItool client and the McAfee SIEM appliance,
you will need to ensure that this port is open for traffic to pass.
IPMItool Examples
The examples on the following pages all use remote techniques. However, simply removing the H and U
parameters and their associated values from the command string will allow for the same results if executed
on the local appliance or via SSH to the local appliance. Also, these examples do not include the password
parameter and you will be prompted for the password before the command can execute.
In the following examples, we only highlight the command arguments and not the common items for each
command. In the example below, the syntax in grey is common to all examples and the arguments in blue
are what we are highlighting. The username (-U) is always root and the password was set in the previous
Enabling IPMI section.
ipmitool -U root -H 10.1.1.13 chassis status
Because of the extensive command set of IPMItool, we are only highlighting the commands that would be the
most valuable for the wider McAfee SIEM customer base. At the end of this section there are some links you
can reference to learn more about additional IPMItool commands. In addition, the appendices have a
complete list of commands, arguments and parameters.
20
McAfee SIEM
IPMItool
IPMItool not only can query a sensor, it has the ability to make changes to the system at the BIOS
level as well as the ability to control power up and power down states. Any use or misuse of a
command that changes the operation of the McAfee SIEM appliance could result in data lost.
Query the chassis status

Chassis status is used for managing/monitoring an IPMI chassis, such as chassis power,
identification (i.e. LED control), and status of the appliance chassis.
ipmitool -U root -H 10.1.1.13 chassis status
System Power
:
Power Overload
:
Power Interlock
:
Main Power Fault
:
Power Control Fault :
Power Restore Policy :
Last Power Event
:
Chassis Intrusion
:
Front-Panel Lockout :
Drive Fault
:
Cooling/Fan Fault
:
Sleep Button Disable :
Diag Button Disable :
Reset Button Disable :
Power Button Disable :
Sleep Button Disabled:
Diag Button Disabled :
Reset Button Disabled:
Power Button Disabled:
on
false
inactive
false
false
always-on
inactive
inactive
false
false
not allowed
allowed
allowed
allowed
false
false
false
false
21
McAfee SIEM
IPMItool
Query the Field Replaceable Unit (fru) Inventory
Print built-in FRU (Field Replaceable Unit) inventory and scan SDR (Sensor Data Record) for FRU locators
and their values. The example below shows a number of interesting items. First, highlighted in blue is the
product name. This is what was entered at the time of manufacture. Next, the area highlighted in red is a
power supply. In this example, the power supply was slid out of the machine used in testing and as you can
see from the example below, it is shown as not present.
ipmitool -U root -H 10.1.1.13 fru
FRU Device Description
Chassis Type
Chassis Part Number
Chassis Serial
Chassis Extra
Chassis Extra
Board Mfg Date
Board Mfg
Board Product
Board Serial
Board Part Number
Product Manufacturer
Product Name
Product Part Number
Product Version
Product Serial
Product Asset Tag
: Builtin FRU Device (ID 0)

: Rack Mount Chassis
: R2312GZ4
: A070220066
: ...............................
: ...............................
: Sat Aug 11 01:22:00 2012
: Intel Corporation
: S2600GZ
: QSGR21701237
: G11481-352
: McAfee Inc.
: ELM4600
: 610-1905-00
: ELM-4600
: A070220066
: 060fddbf9708
FRU Device Description : Pwr Supply 1 FRU (ID 2)

Device not present (Unknown (0x81))
Product Manufacturer
Product Name
Product Part Number
Product Version
Product Serial
:
:
:
:
:
:
Pwr Supply 2 FRU (ID 3)

DELTA
DPS-750XB A
E98791-006
01
E98791D1214020872

Board Mfg Date
Board Mfg
Board Product
Board Serial
Board Part Number
:
:
:
:
:
:
Front Panel (ID 4)

Mon Jun 11 11:34:00 2012
Intel Corporation
F2USTOPANEL
............
G28538-250

Board Mfg Date
Board Mfg
Board Product
Board Serial
Board Part Number
:
:
:
:
:
:
HS Backplane 1 (ID 5)
Fri Mar 30 10:31:00 2012
Intel Corporation
F2U12X35HSBP
QSRU21300568
G43212-250
22
McAfee SIEM
IPMItool
Query the Sensor Data Record (sdr)
Sensor Data Records (SDR) contains information about the type and number of sensors present on a given
appliance. An individual sensor record describes a specific sensor and its state or status. The sensor records
are stored in a central, non-volatile storage area, which is managed by the BMC. This storage area is called
the Sensor Data Record Repository. Using IPMItool, we can query that repository for the sensors and their
status. An example is below.
For a complete list of the BMC Core Sensors and possible return codes (offset triggers) please
see Table 61 in the Intel Server Board S2600GZ / GL Technical Product Specification Guide.
http://www.intel.com/support/motherboards/server/sb/CS-033134.htm
ipmitool -U root -H 10.1.1.13 sdr list

Pwr Unit Status
Pwr Unit Redund
IPMI Watchdog
Physical Scrty
FP NMI Diag Int
BB +12.0V
BB +5.0V
BB +3.3V
BB P1 VR Temp
Front Panel Temp
SSB Temp
BB P2 VR Temp
BB Vtt 2 Temp
BB Vtt 1 Temp
HSBP 1 Temp
System Fan 1
System Fan 2
System Fan 3
NM Capabilities
MTT CPU1
MTT CPU2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
0x00
0x0a
0x00
0x00
0x00
11.94 Volts
4.96 Volts
3.25 Volts
28 degrees C
22 degrees C
43 degrees C
28 degrees C
32 degrees C
27 degrees C
28 degrees C
11956 RPM
12152 RPM
12054 RPM
Not Readable
disabled
disabled
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ns
ns
ns
NOTE: The full sdr command results are truncated in the example above to preserve page space.
The column format from the sdr list output above is:
Sensor Type or ID
Sensor Reading
Sensor Status
This is the type of sensor. There can be multiple entries of the same type. For
example, there could be one VCORE sensor for each processor. This has a 16
character max length.
This is the current reading of the sensor. Where available, the reading is
translated into the appropriate units (for example, degrees, volts or RPM).
This indicates the sensor status. Possible values are:
ok The sensor is present and operating correctly
ns No sensor (corresponding reading will say disabled or Not Readable)
nc non-critical error regarding the sensor
cr critical error regarding the sensor
nr non-recoverable error regarding the sensor
23
McAfee SIEM
IPMItool
If the elist parameter is used, it will add the entity ID and the asserted discrete states.
ipmitool -U root -H 10.1.1.13 sdr elist
BB P1 VR Temp
Front Panel Temp
SSB Temp
BB P2 VR Temp
BB Vtt 2 Temp
BB Vtt 1 Temp
HSBP 1 Temp
Exit Air Temp
LAN NIC Temp
System Fan 1
System Fan 2
System Fan 3
System Fan 4
System Fan 5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
20h
21h
22h
23h
24h
25h
29h
2Eh
2Fh
30h
32h
34h
36h
38h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
ok
|
|
|
|
|
|
|
|
|
|
|
|
|
|
7.1
12.1
7.1
7.1
7.1
7.1
7.1
7.1
7.1
29.1
29.2
29.3
29.4
29.5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
28 degrees
22 degrees
43 degrees
28 degrees
32 degrees
27 degrees
28 degrees
33 degrees
42 degrees
11956 RPM
12152 RPM
12054 RPM
12054 RPM
12152 RPM
C
C
C
C
C
C
C
C
C
The column format from the sdr elist output above is:
Sensor Type or ID
Sensor Number
Sensor Status
Entity ID and
Instance
Sensor Reading
This is the type of sensor. There can be multiple entries of the same type.
For example, there could be one VCORE sensor for each processor. This
has a 16 character max length
The numeric value of the sensor. Once known, it can be used as a
parameter to query the sensor directly. Examples of this are on the
following page.
This indicates the sensor status. Possible values are:

ok The sensor is present and operating correctly
ns No sensor (corresponding reading will say disabled or Not Readable)
nc non-critical error regarding the sensor
cr critical error regarding the sensor
nr non-recoverable error regarding the sensor
This is the entity value for the type of sensor being displayed. If there is
multiple of the same exact entity, then the instance will increment. See
Appendix C for a complete list of Entity IDs.
This is the current reading of the sensor. Where appropriate, the reading
is translated into the appropriate units (for example, degrees for
temperature sensor).
Using the elist parameter provides additional values. These are Sensor Number (orange) and Entity
(green). These new values can provide additional capabilities when added to the command syntax. Notice
that some sensors can have the same entity (green) parent, 29 for system fan or 7 for internal temperature.
These values can be used with the entity parameter to display values for just those sensors. Sensor Number
(orange) is the unique ID for a given sensor and can be used with the sel parameter to obtain log and
sensor information.
Example of using specific Sensor Names, Numbers or Entity values to query specific sensors or groups of
sensors are on the following pages.
24
McAfee SIEM
IPMItool
Query the SDR for Fan Device state
Ex #1: ipmitool -U root -H 10.1.1.13 sdr entity 29
Fan Redundancy
System Fan 1
System Fan 2
Fan 1 Present
Fan 2 Present
|
|
|
|
|
0Ch
30h
32h
40h
41h
|
|
|
|
|
ok
ok
ok
ok
ok
|
|
|
|
|
29.1
29.1
29.2
29.1
29.2
|
|
|
|
|
Fully Redundant
11956 RPM
12054 RPM
Device Present
Device Present
The example above queries all Fan Devices in the system.

Ex #2: ipmitool -U root -H 10.1.1.13 sdr entity 29.1
Fan Redundancy
System Fan 1
Fan 1 Present
| 0Ch | ok
| 30h | ok
| 40h | ok
| 29.1 | Fully Redundant

| 29.1 | 12054 RPM
| 29.1 | Device Present
The example above queries the entity 29 and instance 1 for a specific fan.
Query the SDR for Power Supply state
ipmitool -U root -H 10.1.1.13 sdr entity 10
PS1
PS2
PS1
PS2
PS1
PS2
PS1
PS2
Status
Status
Input Power
Input Power
Curr Out %
Curr Out %
Temperature
Temperature
|
|
|
|
|
|
|
|
50h
51h
54h
55h
58h
59h
5Ch
5Dh
|
|
|
|
|
|
|
|
ok
ok
ns
ok
ns
ok
ns
ok
|
|
|
|
|
|
|
|
10.1
10.2
10.1
10.2
10.1
10.2
10.1
10.2
|
|
|
|
|
|
|
|
Presence detected
No Reading
220 Watts
No Reading
25 unspecified
No Reading
28 degrees C
The example above queries the entity for the appliance power supplies. In this example, you
can see that the Power Supply unit 1 has been removed from the appliance.
Query the SDR for Hard Drive state
ipmitool -U root -H 10.1.1.13 sdr entity 15
HDD 0 Status
HDD 1 Status
HDD 2 Status
HDD 3 Status
HS Backplane 1
|
|
|
|
|
F0h
F1h
F4h
F5h
00h
|
|
|
|
|
ok
ok
ok
ok
ns
|
|
|
|
|
15.1
15.1
15.1
15.1
15.1
| Drive Present
| Drive Present
|
|
| Logical FRU @05h
The example above queries the entity for the hard drives. In this example, you can see that
HDD 2 and HDD 3 are not present.
25
McAfee SIEM
IPMItool
Lastly, a couple variants for a sdr query.
To view only the Temperature, Voltage, and Fan Sensors

ipmitool -U root -H 10.1.1.13 sdr elist full
To view ALL Temperature Sensors regardless of entity

ipmitool -U root -H 10.1.1.13 sdr type temperature
NOTE: See Appendix D for a complete list of type values.
To view status of Power Units

ipmitool -U root -H 10.1.1.13 sdr type Power Unit
NOTE: Multi-word type require single quotes. See Appendix D for a complete list of type values.
To view all sensor data in wide table format

This format will include thresholds for each value where present.
ipmitool -U root -H 10.1.1.13 sdr sensor
Or verbose mode which will even more labeling for the thresholds
ipmitool -U root -H 10.1.1.13 sdr sensor -v
26
McAfee SIEM
IPMItool
Query the Sensor information (sensor)
The sdr parameter is useful for current state. However, to view the complete sensor list
including thresholds, you will need to use the sensor parameter. Below are some common
example of how to use the parameter.
To query the complete sensor list.
ipmitool -U root -H 10.1.1.13 sensor list
Pwr Unit Status

Pwr Unit Redund
BB P1 VR Temp
Front Panel Temp
System Fan 1
System Fan 2
BB +12.0V
BB +5.0V
|
|
|
|
|
|
|
|
0x0
0x0
27.000
21.000
12054.000
12348.000
11.935
4.959
|
|
|
|
|
|
|
|
discrete
discrete
degrees C
degrees C
RPM
RPM
Volts
Volts
|
|
|
|
|
|
|
|
0x0000|
0x0a00|
ok
|
ok
|
ok
|
ok
|
ok
|
ok
|
na
na
na
na
na
na
na
na
|
|
|
|
|
|
|
|
na
na
0.000
0.000
1715.000
1715.000
10.635
4.416
|
|
|
|
|
|
|
|
na
na
5.000
5.000
1960.000
1960.000
10.947
4.546
|
|
|
|
|
|
|
|
na
na
110.000
50.000
na
na
13.027
5.415
|
|
|
|
|
|
|
|
na
na
115.000
55.000
na
na
13.391
5.566
|
|
|
|
|
|
|
|
na
na
na
na
na
na
na
na
NOTE: The full sensor command results are truncated in the example above to preserve page space.
The column format from the sensor output above is:

Sensor Type (name)
Reading
Unit
Status
LNR
LCR
LNC
UNC
UCR
UNR
This is the type or name of sensor. There can be multiple entries of the same
type. For example, there could be one VCORE sensor for each processor.
This is the current reading of the sensor.
This is the units of the sensor reading (e.g., degrees for temperature sensor).
Discrete is a binary sensor; other values are generally self explanatory.
This indicates the status of the sensor. Possible values:
ok okay
na not available
a hex value
This is the lower non-recoverable threshold value for this sensor.

This is the lower critical threshold value for this sensor.
This is the lower non-critical threshold value for this sensor.
This is the upper non-critical threshold value for this sensor.

This is the upper critical threshold value for this sensor.
This is the upper non-recoverable threshold value for this sensor.
On the following pages are a few examples of how to use the sensor parameter. Also see
Appendix B for a syntax reference on sensor.
27
McAfee SIEM
IPMItool
Query the status of a particular hard drive.
ipmitool -U root -H 10.1.1.13 sensor get 'HDD 0 Status'
Locating sensor record...
Sensor ID
: HDD 0 Status (0xf0)
Entity ID
: 15.1
Sensor Type (Discrete): Drive Slot / Bay
States Asserted
: Drive Slot
[Drive Present]
The value within the single quotes is the sensor type (name) in column 1 from the
previous page example.
Query the status of the Power Supplies.
Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Status'
Sensor ID
: PS1 Status (0x50)
Entity ID
: 10.1
Sensor Type (Discrete): Power Supply
Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Status'

Sensor ID
: PS2 Status (0x51)
Entity ID
: 10.2
Sensor Type (Discrete): Power Supply
States Asserted
: Power Supply
[Presence detected]
Notice that the presence detected value exists in Power Supply 2 and not on Power
Supply 1. This means that the PS1 unit may not plugged into the appliance.
28
McAfee SIEM
IPMItool
Query the input power of the Power Supplies.
Ex #1: ipmitool -U root -H 10.1.1.13 sensor get ' PS1 Input Power'

Sensor ID
: PS1 Input Power (0x54)
Entity ID
: 10.1
Sensor Type (Analog) : Other
Sensor Reading
: Unable to read sensor: Device Not Present
Event Status
Assertions Enabled
Deassertions Enabled
: Unavailable
: unc+ ucr+
: unc+ ucr+
Ex #2: ipmitool -U root -H 10.1.1.13 sensor get ' PS2 Input Power'
Sensor ID
: PS2 Input Power (0x55)
Entity ID
: 10.2
Sensor Type (Analog) : Other
Sensor Reading
: 228 (+/- 0) Watts
Status
: ok
Lower Non-Recoverable : na
Lower Critical
: na
Lower Non-Critical
: na
Upper Non-Critical
: 868.000
Upper Critical
: 920.000
Upper Non-Recoverable : na
Assertion Events
:
Assertions Enabled
: unc+ ucr+
Deassertions Enabled : unc+ ucr+
Again notice that the Power Supply 2 values are consistent with a supply that is functioning
where as Power Supply 1 clearly shows it is not present.
29
McAfee SIEM
IPMItool
Query the System Event Log
The System Event Log (SEL) provides storage of all system events. You can view the contents of
the event log with IPMItool. The SEL keeps the last 12 events.
Query the SEL
ipmitool -U root -H 10.1.1.13 sel list
2
3
4
5
6
7
8
9
a
b
c
d
e
|
|
|
|
|
|
|
|
|
|
|
|
|
06/13/2014
06/13/2014
06/13/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
|
|
|
|
|
|
|
|
|
|
|
|
|
19:19:43
19:19:43
19:19:43
15:33:03
15:33:03
15:33:06
15:33:06
15:33:08
15:33:08
15:33:16
15:33:25
15:34:36
15:34:36
|
|
|
|
|
|
|
|
|
|
|
|
|
System Event #0x83 | Timestamp Clock Sync | Asserted

Power Unit #0x01 | Power off/down | Asserted
Power Unit #0x01 | Power off/down | Deasserted
Button #0x09 | Power Button pressed | Asserted
Power Unit #0x02 | Redundancy Lost
Power Unit #0x02 | Non-Redundant: Sufficient from Redundant
Power Unit #0x02 | Redundancy Lost
Power Unit #0x02 | Non-Redundant: Sufficient from Redundant
System Event #0x83 | OEM System boot event | Asserted
System Event #0x08 | PEF Action | Asserted
Query the SEL in a more human readable form

ipmitool -U root -H 10.1.1.13 sel elist
2
3
4
5
6
7
8
9
a
b
c
d
e
|
|
|
|
|
|
|
|
|
|
|
|
|
06/13/2014
06/13/2014
06/13/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
06/16/2014
|
|
|
|
|
|
|
|
|
|
|
|
|
19:19:43
19:19:43
19:19:43
15:33:03
15:33:03
15:33:06
15:33:06
15:33:08
15:33:08
15:33:16
15:33:25
15:34:36
15:34:36
|
|
|
|
|
|
|
|
|
|
|
|
|
System Event BIOS Evt Sensor | Timestamp Clock Sync | Asserted

Power Unit Pwr Unit Status | Power off/down | Asserted
Power Unit Pwr Unit Status | Power off/down | Deasserted
Button Button | Power Button pressed | Asserted
Power Unit Pwr Unit Redund | Redundancy Lost
Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant
Power Unit Pwr Unit Redund | Redundancy Lost
Power Unit Pwr Unit Redund | Non-Redundant: Sufficient from Redundant
System Event BIOS Evt Sensor | OEM System boot event | Asserted
System Event System Event | PEF Action | Asserted
30
McAfee SIEM
IPMItool
Query the SEL to get more data for a specific event
ipmitool -U root -H 10.1.1.13 sel get 0x02
SEL Record ID
Record Type
Timestamp
Generator ID
EvM Revision
Sensor Type
Sensor Number
Event Type
Event Direction
Event Data (RAW)
Description
:
:
:
:
:
:
:
:
:
:
:
Sensor ID
:
Entity ID
:
Sensor Type (Discrete):
States Asserted
:
0002
02
06/16/2014 15:33:06
0020
04
Power Unit
02
Generic Discrete
Deassertion Event
01ffff
Redundancy Lost
Pwr Unit Redund (0x2)
21.1
Power Unit
Redundancy State
[Redundancy Lost]
[Non-Redundant: Sufficient from Redundant]
The value 0x02 is the example is the record ID and you can see this in the first sel example
on the previous page.
31
McAfee SIEM
BMC Web Console

As mentioned in the preface of this document, the Intelligent Platform Management Interface (IPMI) is an
interface used by administrators for out-of-band management of computer systems and monitoring of their
operation. In the previous section, we demonstrated how to use the command line IPMItool to access the
IPMI sensors. In this section, well cover the Integrated BMC Web Console.
The Embedded Web Console is available without the requirements for any agents or remote IPMItools and is
always accessible regardless of the state of the operating system. The web console is able to:
View the sensors, event log, and asset inventory of the system.
Retrieve and download the diagnostics log, containing important information about system crashes.
Launch KVM and media redirection Intel Remote Management Module (Intel RMM) required.
Configure e-mail or SNMP alerting as well as other settings.
This section will give you a description of a number of areas within the Integrated BMC Web Console that
have value relative to the McAfee SIEM appliances. However, there are some areas that could cause loss of
contact or service interruptions should you make modification. We strong encourage you limit your activity
to the sections we have outlined.
The console is divided into four tabs in a horizontal menu. Within each tab, a menu is provided on the left
side. Each tab and each menu option within each tab has a short description on its function. Figure 22 is a
legend of each Tab and its associated Menu options.
Figure 22
32
McAfee SIEM
BMC Web Console

To access the web console, launch your favorite browser and enter the IP address you used to configure the
IPMI interface on page 16. Your browser should support HTTPS. In addition, if you wish to use Remote
Console, your browser will need to be Java enabled. Using JRE version 6 Update 22 and above.
Figure 23 display the login screen you should see.
Figure 23
If for some reason you do not see the dialog above, check with your networking team to ensure
that your desktop has access to the IPMI IP address. For security reason, the IPMI IP address may
be on a different subnet. In addition, you should ensure that the IPMI NIC has been cabled to your
switched environment. See page 15 for the location of the IPMI NIC.
Once the dialog above appears, enter the user root and the password you used to set the IPMI root password
on page 17. When successful, you will see Figure 15 (following page), the System Information page of the
BMC Web Console.
33
McAfee SIEM
BMC Web Console
Figure 24
As you navigate through the menu options, the browser will fetch information to populate the section you
navigated to. Sometimes, it may take several seconds or more for the display to fully populate. During this
time you will see a progress bar on the right side of the page, just beneath the blue horizontal line that
separates the header of the section and its content. The progress bar will look similar to the image below.
At this point, feel free to navigate through the options using the legend on page 36 to get acquainted with the
interface and the return time performance of certain pages.
34
McAfee SIEM
BMC Web Console

Server Health Tab Sensor Readings
The Server Health tab, Figure 25, shows you data related to the server's health, such as sensor readings, the
event log, and power statistics as explained in the following sub sections. When you click on the Server
Health tab, by default you will open the Sensor Readings page.
Figure 25
The Sensor Readings displays system sensor information including status, health, and reading value every
60 seconds by default. A list of option for the Sensor Readings page is below.
Option
Task
Sensor Selection dropdown box
Select the type of sensor readings to display in

the list. The default is to display all sensors.
Refresh button
Click to refresh the selected sensor readings.
Sensor Readings list
Show Thresholds button

Hide Thresholds button
Set auto - refresh in seconds (0 to disable)

selection
Selected sensors shown with their name,

status, health, and readings.
Click to expand the list, showing low and high

threshold Assignments. Shows the critical
(CT) and noncritical (NC) thresholds for the
selected sensors. Use scroll bar at the bottom
to move the display left and right.
Click to return to the original display, hiding
the threshold values.
Enter the time (in seconds) to wait between

updates of the Sensor Readings and then click
the Set button.
35
McAfee SIEM
BMC Web Console

Server Health Tab Event Log
The Event Log page, Figure 26, displays the systems server management events. Events are
logged as various tasks (booting), status changes (power supple removal) or other events occur.
Figure 26
The following table lists the options available for Server Health.
Option
Event Log Dropdown box

Event Log List
Clear Event Log button
Task
Select the type of events to display in the list.
Selected sensors are shown with their name, status,

and readings. This includes a list of the events with
their ID, time stamp, sensor name, sensor type, and
description.
Click to clear Event Logs.
36
McAfee SIEM
BMC Web Console

Server Health Tab Power Statistics
The Power Statistics page, Figure 27, displays the systems power statistics in watts and over
what duration.
Figure 27
NOTE: The time value, at the top of the dialog, will be reset when the appliance is powered off.
37
McAfee SIEM
BMC Web Console

Configuration Tab
The Configuration Tab contains a large number of options such as Network, Remote Session and
Alerts. Users have the option to view or modify a number of these settings. This section will
cover only the items McAfee believes are needed to remote manage the SIEM appliances
McAfee advises customers to use the sections within the Configuration Tab as view only options
except where indicated in this guide. Any modification may result in inaccessibility or possible
data lost on the SIEM appliance.
Configuration Tab IPv4 Network

The IPv4 Network Settings page, Figure 28, is used to configure the IPv4 network settings for the Server
Management LAN interface (IPMI) to the BMC controller. The settings you see below will match the ones
used on page 18 to configure the IPMI interface from the ESM browser-based interface. If you need to
change the IPMI IP Address, please do so via the ESM browser-based interface.
While this document refers to the IPMI channel, the actual name for that channel is the Intel(R)
RMM channel.
Do not make any changes within this dialog. Any change to the IPMI IP address should always
be done via the ESM browser-based interface. The two additional LAN channels, Baseboard
MGMT and MGMT 2 are the same as the SIEM MGMT1 and MGMT2 ports but should be left at
their default values. Any modification here will cause the appliance to become unreachable by the
SIEM environment.
Figure 28
38
McAfee SIEM
BMC Web Console

Configuration Tab IPv4 Network
While McAfee does not recommend changing the network settings here, the following table lists the options
available for IPv4 Networking.
Option
Enable LAN Failover
LAN Channel dropdown box
MAC Address
IP address radio buttons
IP Address Subnet Mask Gateway
Primary DNS Server

Secondary DNS Server
Save button
Task
Used to enable LAN Failover (only available on EPSD
Platforms Based on Intel Xeon Processor E5 4600/2600/2400/1600/1400
Product Families)
Used to select the channel on which you want to configure

the network settings. Lists the LAN Channels available for
server management. The LAN channels describe the
physical NIC connection on the server.
Intel RMM (BMC LAN Channel 3) is the add-in RMM4

Dedicated Management NIC.
Baseboard Mgmt (BMC LAN Channel 1) is the onboard, shared NIC configured for management and
shared with the operating system.
Baseboard Mgmt 2 (BMC LAN Channel 2) is the second
on-board, shared NIC configured for management and
shared with the operating system.
The MAC address of the device (read only)
Select one of the three options for configuring the IP

address:
Obtain an IP address automatically (use DHCP) - Uses

DHCP to obtain the IP address.
Use the following IP address Manually configure the
IP address.
Disable LAN Channel Sets the IP address, Subnet
Mask, and Default Gateway to 0.0.0.0.
If configuring a static IP, enter the requested address,

subnet mask, and gateway in the given fields.
The IP Address is made of four numbers separated by dots

as in
"xxx.xxx.xxx.xxx". 'xxx' ranges from 0 to 255.
First 'xxx' must not be 0.
If configuring a dynamic IP, enter the Primary and

Secondary DNS servers.
Click to save any changes made.
39
McAfee SIEM
BMC Web Console

Configuration Tab Users
The User List page, Figure 29, lists the configured users, along with their status and network
privilege. It also provides the capability to add, modify, and delete users.
By default, root is the only user enabled and is the user account whose password is set when
changing the NGCP account password in the ESM browser-based interface. Do not change the
password here. Also, while other users can be enabled, McAfee strongly recommends leaving the
configuration as shown in figure 29.
Figure 29
This page allows the operator to configure the IPMI users and privileges for this server:
UserID 1 (anonymous) may not be renamed or deleted.

UserID 2 (root) may not be renamed or deleted, nor can the network privileges of UserID 2
be changed.
User Names cannot be changed. To rename a user you must first delete the existing user,
and then add the user with the new name.
To delete a user, select the user in the list and click Delete User.
To add a user, select an empty slot in the list and click Add User.
40
McAfee SIEM
BMC Web Console

Configuration Tab Alerts
The Alerts page, Figure 30, is used to configure which system events an alert can be generated
for and the destination for these alerts. Up to two destinations can be selected for each LAN
channel. Each destination will receive an alert, based on its protocol (SNMP or SMTP), when one
of the selected trigger events occurs.
NOTE: Only configure Alerts for the Intel(R) RMM channel.
Figure 30
Globally Enable Platform Event Filtering:

This can be used to prevent sending alerts until you have fully specified your desired alerting
policies.
Log Event on Filter Action:
This can be used to enable or disable the logging of an event into the System Event Log when a
Filter Action is taken.
41
McAfee SIEM
BMC Web Console

Configuration Tab Alerts
The following table lists the options allowing you to select which events that alerts should be sent on and
selection of where the alerts are to be sent to.
Option
Select the events that will trigger alerts.
Check / Clear All buttons
LAN Channel to Configure
Alert Destination #1 / #2
Save button
Send Test Alerts button
Task
Select one or more system events that will trigger an alert.
Click to select or clear all events.
Select either the BMC or RMM4 to configure the

destination
Select either SNMP along with the IP address or email

address that the alert will be sent to. Up to two
destinations can be elected for each LAN channel
Click to use selected setup.
After configuring select this to send a test alert.
42
McAfee SIEM
BMC Web Console

Remote Control Tab
The Remote Control tab helps you perform the following remote operations on the server.
These are Console Redirection, Server Power Control and Virtual Front Panel. Below is an
explanation of each.
Remote Control Tab Console Redirection
By default, the Remote Control tab opens the Console Redirection page as shown in Figure 31.
Figure 31
To launch the console redirect, click the Launch Console button. Once done, two dialogs will
appear. See examples below. Figure 32 prompt you to that a Java package will be downloaded.
Figure 33 asks you to open the package.
Figure 32
Figure 33
43
McAfee SIEM
BMC Web Console

What is a JNLP file? JNLP is an acronym for Java Network Launching Protocol. The JNLP file
format is used by Java to launch and manage various Java applications over a network or on the
Internet. The JNLP files are saved in the XML file format. The files are actually comprised of a
group of protocols that define the specific requirements of a JAVA launching mechanism.
NOTE: Java will have to be installed in order to take advantage of this capability. Java Run time
Environment (JRE) Version 6 Update 22 or higher is required.
Once Java has been installed, click OK on the opening of the JNLP file, Figure 24 (previous page).
This will then launch the Java Run Time Environment. You may briefly see a Java splash screen.
At this point, one of two scenarios will occur.
Scenario #1
Once Java is loaded, a Security Warning
popup, Figure 34, will ask you to confirm that
this application should be run. Check Accept
and then click Run.
Figure 34
To continue, simply click the

check box to accept and then
the Run button. Once done,
the JNLP will complete
execution and the JViewer will
load displaying the console as
it is at that time. See Figure
35.
Figure 35
44
McAfee SIEM
BMC Web Console

Scenario #2
If you are running Java 7, Update 51 or later, a blocked application dialog will appear. See Figure 36.
Figure 36
Previous to update 51, the pop-up similar to the ones in Scenario #1 would have appeared. However,
starting with Java 7 Update 51, a new Security Exception list has been added and you will need to provide
an exception in order to proceed.
To do this, go to Control Panel, then select Java. Next, select the Security tab. The Security dialog will look
similar to the example in Figure 37.
Figure 37
Next, click the Edit Site List button and enter the full path of the appliances IPMI NIC. The example in Figure
37 displays the completed exception list. Once this entry is saved, the Java app will allow access to the
Remote Control app and scenario #1 should occur.
NOTE: You also may need to make additional security adjustments on your desktop. Applications such as
Windows Firewall or McAfee End-Point products may also prevent access this application.
45
McAfee SIEM
BMC Web Console

Using the console
Once the Web Console has started and you see the Appliance Menu (White LCD display in upper
left corner) you are ready to use the console as if you were directly attached via a monitor and
keyboard. However, there are a few navigation techniques you will need to know. Like most
Windows apps, JViewer has a number of menu options that will come in handy as you use the
console.
Refresh the display
During the testing of the IPMI interface for this
document, it was noticed that on a rare
occasion, the interface seemed to either stall or
stop completely. This could be due to network
congestion or the failure / error within JRE
itself. Fortunately, there is an easy remedy.
Located in the Video menu is a Refresh Video
option. Simply selecting this and allowing the
connection to be rebuilt should solve the
problem. Figure 38 shows the location of
Refresh Video.
Figure 38
Using an ALT key

Like most Linux-based products, the McAfee
SIEM appliances allow for multiple TTY sessions
at the command-line. The standard keystroke to
enter these is to use the ALT key followed by F2,
F3, etc. However, in the Web Console, the ALT
key is not transmitted, so a helper option is
provided. Located in the Keyboard menu, Figure
39, there are a number of check boxes that you
can select to allow for multi-key commands.
As an example, to perform an ALT-F2, select

Keyboard, and then check Hold Left Alt Key.
Next press F2 and this will take you to tty2. Using
F3, F4, etc, will access addition tty session.
However, you will have to re-select Keyboard
and then uncheck Hold Left Alt Key to turn off
this capability as this is an on/off toggle function.
Figure 39
46
McAfee SIEM
BMC Web Console

Remote Control Tab Server Power Control
The Server Power Control page, Figure 40, shows the current power status and allows power/reset control
of the appliance.
While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,
McAfee recommends that resetting or powering down the appliance should always be done via the
ESM browser-based interface.
While the McAfee SIEM appliances are ACPI aware, it is possible for the Graceful OS Shutdown to
not function properly or timeout if the appliance is performing other tasks. After a Graceful
Shutdown has been requested, if the system does not shut down as requested, the command
cannot be executed again for five minutes. However, McAfee recommends that powering down the
appliance(s) should always be done via the ESM browser-based interface.
Figure 40
47
McAfee SIEM
BMC Web Console

Remote Control Tab Server Power Control
The following table lists the options for power control.
Option
Task
Reset Server
Select option to hard reset the host without powering off.
Force-Enter BIOS Setup
Check this option to enter into the BIOS setup after resetting the
server.
Power OFF Server
Select option to immediately power off the host.
Graceful Shutdown
Select option to soft power off the host.
Power ON Server
Select option to power on the host
Power Cycle Server
Select option to immediately power off the host, and then power it
back on after one second.
Perform Action button
Click to execute the selected remote power command.
Note: All power control actions are done through the BMC and are immediate actions. It is strongly
suggested to gracefully shut through the ESM browser-based interface.
48
McAfee SIEM
BMC Web Console

Remote Control Tab Virtual Front Panel
The Virtual Front Panel page, Figure 41, allows users to control the appliance in the same
manner as if they we next to the physical appliance.
While this dialog will allow administrators to perform graceful shutdowns of the SIEM appliances,
McAfee recommends that resetting or powering down the appliance should always be done via the
ESM browser-based interface.
Figure 41
49
McAfee SIEM
BMC Web Console

Remote Control Tab Virtual Front Panel
The following table lists the options for Virtual Front Panel.
Option
Task
Power Button
The Power button is used to power on or power off.
Chassis ID Button
When the Chassis ID button is pressed, the chassis ID LED changes to solid
on. If the button is pressed again, the chassis ID LED turns off.
Reset Button
Graceful Shutdown
Power LED
Status LED
Chassis ID LED
The Reset button is used to reset the server while system is ON.
Select option to soft power off the host.
The Power LED shows the system power status. If the Power LED is green,
the system is ON. If the Power LED is grey, the system is OFF.
The Status LED reflects the system status LED status and it is automatically
in sync with the BMC every 60 seconds. This reflects the System Status LED.
The Chassis ID LED shows the current system chassis ID status. If the
Chassis ID LED is blue, the Chassis ID is indefinite ON. If
the Chassis ID LED is grey, the Chassis ID is OFF
50
McAfee SIEM
Appendix A Command Line Arguments for IPMItool
-a
-A <authtype>
-c
-e <sol_escape_char>
-k <key>
-y <hex key>
-C <ciphersuite>
-E
-f <password_file>
-h
-H <address>
-I <interface>
-L <privlvl>
-m <local_address>
-o <oemtype>
-O <sel oem>
-p <port>
Prompt for the Remote IPMI server password.
Specify an authentication type to use during IPMIv1.5 lan session

activation. Supported types are NONE, PASSWORD, MD2, MD5, or OEM.
Present output in CSV (comma separated variable) format. This is not
available with all commands.
Use supplied character for SOL session escape character. The default is
to use ~ but this can conflict with ssh sessions.
Use supplied Kg key for IPMIv2 authentication. The default is not to
use any Kg key.
Use supplied Kg key for IPMIv2 authentication. The key is expected in

hexadecimal format and can be used to specify keys with non-printable
characters. For example, "-k PASSWORD" and "-y 50415353574F5244"
are equivalent. The default is not to use any Kg key.
The Remote IPMI server authentication, integrity, and encryption
algorithms to use for IPMIv2 lanplus connections. See table 22-19 in
the IPMIv2 specification. The default is 3 which specifies RAKP-HMACSHA1 authentication, HMAC-SHA1-96 integrity, and AES-CBC-128
encryption algorithms.
The Remote IPMI server password is specified by the environment
variable IPMI_PASSWORD.
Specifies a file containing the Remote IPMI server password. If this

option is absent, or if password file is empty, the password will default
to NULL.
Get basic usage help from the command line.
Remote IPMI server address can be IP address or hostname. NOTE:

This is not the appliances main IP. The IPMI controller will have its own
unique IP address.
Selects IPMI interface to use. Supported interfaces that are compiled in
are visible in the usage help output. Options are lan or open. If lan it
tells IPMItool to use the network to send commands instead of
interfacing with the local IPMI controller.
Force session privilege level. Can be CALLBACK, USER, OPERATOR, and

ADMINISTRATOR. Default is ADMINISTRATOR.
Set the local IPMB address. The default is 0x20 and there should be no
need to change it for normal operation.
Select OEM type to support. This usually involves minor hacks in place
in the code to work around quirks in various BMCs from various
manufacturers. Use -o list to see a list of current supported OEM types.
Open selected file and read OEM SEL vent descriptions to be used
during SEL listings. See examples in contrib dir for file format.
Remote IPMI server UDP port to connect to. Default is 623.
51
-P <password>
McAfee SIEM
Remote IPMI server password is specified on the command line. If

supported, it will be obscured in the process list. However this
password is store the password in your history file and may be visible
to other users (through ps or similar).
Note: Specifying the password as a command line option is not
recommended.
-S <sdr_cache_file>
-t <target_address>
-U <username>
-v
-V
Use local file for remote SDR cache. Using a local SDR cache can
drastically increase performance for commands that require
knowledge of the entire SDR to perform their function. Local SDR cache
from a remote system can be created with the sdr dump command.
Bridge IPMI requests to the remote target address.
Remote IPMI server username. For McAfee SIEM appliances this will
always be root.
Increase verbose output level. This option may be specified multiple
times to increase the level of debug output. If given three times you
will get hex dumps of all incoming and outgoing packets.
Display version information.
52
McAfee SIEM
Appendix B Command Syntax Guide for IPMItool

NOTE: Columns / commands which are grayed out either do not return values on McAfee SIEM Appliances or are not
intended for general use without support or development assistance and could result in data loss on the appliance. This
also hold true for certain commands within supported commands.
This will allow you to execute raw IPMI commands.

Usage:
raw <netfn> <cmd> [data]
Example:
ipmitool raw 0x0 0xf
raw
For example to query the POH counter with a raw command.

Network Function Codes (netfn):
VAL
HEX
STRING
==============================================
0
0x00
Chassis
2
0x02
Bridge
4
0x04
SensorEvent
6
0x06
Application
8
0x08
Firmware
10
0x0a
Storage
12
0x0c
Transport
i2c
spd
lan
Send an I2C Master Write-Read command and print response

Print SPD info from remote I2C device
Configure LAN Channels
Get chassis status and set power state of the appliance.
Usage:
chassis <status|power|identify|policy|restart_cause|
poh|bootdev|bootparam|selftest>
Example:
ipmitool chassis poh

ipmitool chassis power status
chassis
Arguments:
status
Displays information regarding the high-level status of the system chassis and
main power subsystem.
Power (see power section below)
identify <interval>
Control the front panel identify light. Default is 15. Use 0 to turn off.
Policy <state>
53
McAfee SIEM
Set the chassis power policy in the event power failure.

list
Return supported policies.
always-on
Turn on when power is restored.
previous
Returned to previous state when power is restored.
always-off
Stay off after power is restored.
restart_cause
Query the chassis for the cause of the last system restart.
poh
This command will return the Power-On Hours counter.
bootdev <device> [clear-cmos=yes|no]

bootdev <device> [options=help,]
Request the system to boot from an alternate boot device on next reboot. The
clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the next
reboot.
Currently supported values for <device> are:
none
Do not change boot device
pxe
Force PXE boot
disk
Force boot from BIOS default boot device
safe
Force boot from BIOS default boot device, request Safe Mode
diag
Force boot from diagnostic partition
cdrom
Force boot from CD/DVD
bios
Force boot into BIOS setup
bootparam get <param #>

bootparam set bootflag <flag>
Request the system to force a boot from an alternate boot device on next reboot.
The clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the
next reboot.
Currently supported values for <device> are:
force_pxe
Force PXE boot
force_disk
54
McAfee SIEM
Force boot from BIOS default boot device
force_safe
Force boot from BIOS default boot device, request Safe Mode
force_diag
Force boot from diagnostic partition
force_cdrom
Force boot from CD/DVD
force_bios
Force boot into BIOS setup
selftest
Will display a pass or fail of the chassis components.
Shortcut to chassis power commands and performs a chassis control command to
view and change the power state.
Usage:
power <status|on|off|cycle|reset|diag|soft>
Example:
ipmitool power status

Arguments:
status
Show current chassis power status.
on
Power up chassis.
power
off
Power down chassis into soft off (S4/S5 state). WARNING: This command does
not initiate a clean shutdown of the operating system prior to powering down the
system.
cycle
Provides a power off interval of at least 1 second. No action should occur if
chassis power is in S4/S5 state, but it is recommended to check power state
first and only issue a power cycle command if the system power is on or in
lower sleep state than S4/S5.
reset
This command will perform a hard reset.
diag
Pulse a diagnostic interrupt (NMI) directly to the processor(s).
event
mc
soft
Initiate a soft-shutdown of OS via ACPI. This can be done in a number of ways,
commonly by simulating an over temperature or by simulating a power button
press. It is necessary for there to be Operating System support for ACPI and some
sort of daemon watching for events for this soft power to work.
Send pre-defined events to MC
Management Controller status and global enables
55
McAfee SIEM
Print Sensor Data Repository entries and readings. Each command will display a
slightly different output but the main elements will be Sensor Name, Sensor
Number, Status and Entity ID. See Appendix C for an explanation Entity values.
Note: Depending on which IPMI command you use the sensor number that is
displayed for an event might appear in slightly different formats. A sensor number
can be displayed as either 1Fh or 0x1F.
Usage:
sdr <list|elist|type|info|entity|dump|fill>
Example:
ipmitool sdr elist
Parameter:
-v
Verbose output.
Arguments:
list | elist [<all|full|compact|event|mcloc|fru|generic>]

This command will read the Sensor Data Records (SDR) and extract sensor
information of a given type, then query each sensor and print its name, reading,
and status. If invoked as elist then it will also print sensor number, entity id
and instance, and asserted discrete states.
sdr
The default output will only display full and compact sensor types, to see all
sensors use the all type with this command.
Valid types are:
all
All SDR records (Sensor and Locator)
full
Full Sensor Record
compact
Compact Sensor Record
event
Event-Only Sensor Record
mcloc
Management Controller Locator Record
fru
FRU Locator Record
generic
Generic SDR records
type <sensor type> <list|get>

This command will display all records from the SDR of a specific type. Run with
type list to see the list of available types. Also see Appendix D for the list. Note
that you can leave List and Get off and still get the same information. For example
to query for all Temperature sensors:
ipmitool sdr type temperature
Baseboard Temp
| 30h | ok
7.1 | 28 degrees C
56
FntPnl Amb Temp

Processor1 Temp
Processor2 Temp
McAfee SIEM
| 32h | ok
| 98h | ok
| 99h | ok
| 12.1 | 24 degrees C
| 3.1 | 57 degrees C
| 3.2 | 53 degrees C
info
This command will query the BMC for SDR information.
entity <id>[.<instance>]
Displays all sensors associated with an entity. Get a list of valid entity ids on the
target system by issuing the sdr elist command. A list of all entity ids can be
found in the IPMI specifications.
dump <file>
Dumps raw SDR data to a file. This data file can then be used as a local SDR cache
of the remote managed system with the -S <file> option on the ipmitool
command line.
This can greatly improve performance over system interface or remote LAN.
fill sensors
fill <filename>
Creates the SDR repository for the current configuration or dumps raw SDR data
to a file.
Print detailed sensor information
Usage:
sensor <list|get|thresh|reading> -v
Example:
ipmitool sensor list
Parameter:
-v
Verbose output.
Arguments:
sensor
list
Lists sensors and thresholds in a wide table format. Leaving this argument off will
produce the same wide format table.
get <id> ... [<id>]
Prints information for sensors specified by name.
thresh <id> <threshold> <setting>

This allows you to set a particular sensor threshold value. The sensor is specified
by name. Valid thresholds are:
unr
ucr
unc
lnc
lcr
lnr
Upper Non-Recoverable
Upper Critical
Upper Non-Critical
Lower Non-Critical
Lower Critical
Lower Non-Recoverable
thresh <id> lower <lnr> <lcr> <lnc>

This allows you to set all lower thresholds for a sensor at the same time. The
sensor is specified by name and the thresholds are listed in order of Lower NonRecoverable, Lower Critical, and Lower Non-Critical.
57
McAfee SIEM
thresh <id> upper <unc> <ucr> <unr>

This allows you to set all upper thresholds for a sensor at the same time. The
sensor is specified by name and the thresholds are listed in order of Upper NonCritical, Upper Critical, and Upper Non-Recoverable.
reading
Similar to a get.
fru
This command will read all Field Replaceable Unit (FRU) inventory data and
extract such information as serial number, part number, asset tags, and short
strings describing the chassis, board, or product.
Usage:
fru print
Example:
ipmitool fru print
gendev
Read/Write Device associated with Generic Device locators sdr

View the System Event Log (SEL).
Usage:
sel
<info|clear|list|elist|delete|save|writeraw|readraw|time>
Example:
ipmitool sel elist
Arguments:
info
This command will query the BMC for information about the System Event Log
(SEL) and its contents.
sel
clear
This command will clear the contents of the SEL. It cannot be undone so be
careful.
list | elist
When this command is invoked without arguments, the entire contents of the
System Event Log are displayed. If invoked as elist it will also use the Sensor
Data Record entries to display the sensor ID for the sensor that caused each event.
Note this can take a long time over the system interface.
<count>|first <count>
Displays the first count (least-recent) entries in the SEL. If count is zero, all
entries are displayed.
last <count>
Displays the last count (most-recent) entries in the SEL. If count is zero, all
entries are displayed.
delete <number>
Delete a single event.
save <file>
Save SEL records to text file that can be fed back into the event file ipmitool
command. This can be useful for testing Event generation by building an
appropriate Platform Event Message file based on existing events. Please see the
58
McAfee SIEM
help for that command to view the format of this file.
writeraw <file>
Save SEL records to a file in raw, binary format. This file can be fed back to the
sel readraw ipmitool command for viewing.
readraw <file>
Read and display SEL records from a binary file. Such a file can be created using
the sel writeraw ipmitool command.
time
get
Displays the SEL clock's current time.
pef
sol
tsol
isol
user
channel
session
set <time string>

Sets the SEL clock. Future SEL entries will use the time set by this command.
<Time string> is of the form "MM/DD/YYYY HH:MM:SS". Note that hours are in
24-hour form. It is recommended that the SEL be cleared before setting the time.
Configure Platform Event Filtering (PEF)
Configure and connect IPMIv2.0 Serial-over-LAN
Configure and connect with Tyan IPMIv1.5 Serial-over-LAN

Configure IPMIv1.5 Serial-over-LAN
Configure Management Controller users
Configure Management Controller channels
Print session information. Get information about the specified session(s). You may
identify sessions by their id, by their handle number, by their active status, or by
using the keyword `all' to specify all sessions.
Usage:
info <active | all | id 0xnnnnnnnn | handle 0xnn>
Example:
ipmitool session all
sunoem
kontronoem
picmg
fwum
firewall
shell
exec
set
hpm
ekanalyzer
OEM Commands for Sun servers. Will not return values on McAfee SIEM
Appliances.
OEM Commands for Kontron devices Will not return values on McAfee SIEM
Appliances.
Run a PICMG/ATCA extended cmd
Update IPMC using Kontron OEM Firmware Update Manager
Configure Firmware Firewall
This command will launch an interactive shell which you can use to send multiple
ipmitool commands to a BMC and see the responses. This can be useful instead of
running the full ipmitool command each time. Some commands will make use of a
Sensor Data Record cache and you will see marked improvement in speed if these
commands are able to reuse the same cache in a shell session. LAN sessions will
send a periodic keep alive command to keep the IPMI session from timing out.
Run list of commands from file
Set runtime variable for shell and exec
Update HPM components using PICMG HPM.1 file

Run FRU-Ekeying analyzer using FRU files. Will not return values on McAfee SIEM
Appliances.
59
McAfee SIEM
Appendix C SDR Entities Values

NOTE: Depending on hardware version, this list may contain more or less values on your appliance. Some
entities may not return any values. To see complete list, use the following command:
ipmitool -U root -H 10.1.1.13 sdr entity
Unspecified
System Management Module
3
9
12
15
18
21
24
27
30
33
36
39
42
45
48
51
192
241
Processor
Other
System Board
Processor Module
10
Drive Backplane
16
Front Panel Board

Processor Board
Power Management
Sub-Chassis
Peripheral Bay
Cooling Unit
System Management
Software
System Bus
External Environment
Connectivity Switch
Processor/IO Module
PCI Bus
SATA/SAS Bus
PICMG Rear Transition

Module
PICMG Filtration Unit
13
19
22
25
28
31
34
37
40
43
46
49
52
193
242
Disk or Disk Bay

Power Supply
Unknown
Memory Module
11
Back Panel Board
14
Power Unit
20
Other Chassis Board
26
Cable/Interconnect
32
Group
38
Processor/Memory Module
44
System Internal Expansion

Board
Chassis Back Panel Board
Device Bay
BIOS
Battery
Management Controller
Firmware
PCI Express Bus
Processor/Front-Side Bus
PICMG Advanced MC Module
PICMG Shelf FRU Information
17
23
29
35
41
47
50
160
240
243
Peripheral Bay
Add-in Card
Power System Board

Other System Board
Power Module
System Chassis
Disk Drive Bay
Fan Device
Memory Device
Operating System
Remote Management Device

Processing Blade
I/O Module
IPMI Channel
SCSI Bus (parallel)
PICMG Front Board
PICMG Shelf Management

Controller
PICMG Alarm Panel
If there are a number of the same entities, you will get a decimal version of entity ID. For instance,
Fan Device may display as:
2a |FM5/F0/TACH | 76h | ok | 29.5 | 5300 RPM
Where 29 is the entity value and 5 is the instance of that entity.

For a complete list of the BMC Core Sensors and possible return codes (offset triggers) please see
Table 61 in the Intel Server Board S2600GZ / GL Technical Product Specification Guide.
60
McAfee SIEM
Appendix D SDR Type Values

NOTE: Not every type parameter may be used with the type argument and may return an error or no results. To
see complete list, use the following command:
ipmitool -U root -H 10.1.1.13 sdr type
Temperature
Voltage
Processor
Power Supply
Current
Physical Security
Power Unit
Other
Drive Slot / Bay
System Firmware
Watchdog
Critical Interrupt
Module / Board
Add-in Card
Chip Set
Cable / Interconnect
System Boot Initiated

OS Boot
Slot / Connector
Watchdog
Entity Presence
LAN
Battery
Version Change
Fan
Platform Security
Cooling Device
Memory
POST Memory Resize
Event Logging Disabled

System Event
Button
Microcontroller
Chassis
Other FRU
Terminator
Boot Error
OS Critical Stop
System ACPI Power State

Platform Alert
Monitor ASIC
Management Subsystem Health

Session Audit
FRU State
For a complete list of the BMC Core Sensors and possible return codes (offset triggers) please see
Table 61 in the Intel Server Board S2600GZ / GL Technical Product Specification Guide.
61

SIEM IPMI Configuration and Setup

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

SIEM IPMI Configuration and Setup

Caricato da

Copyright:

Formati disponibili

McAfee SIEM

IPMI / RMM Setup and Configuration Guide

The Intelligent Platform Management Interface (IPMI) is a standardized computer

IPMI information is exchanged though Baseboard Management Controllers (BMCs), which

Before an OS has booted (allowing, for example, the remote monitoring or

Remote monitoring and management (RMM) is a collection of information technology

IPMI and RMM Setup and Configuration Guide

First Public Release

Added Revision History Section

IPMI and RMM Setup and Configuration Guide

BMC Web Console

Updating your appliance(s) to enable IPMI and RMM

Turning on IPMI via ESM Management Interface

Command line IPMI syntax and examples

Using the web console interface

Command line arguments for IPMItool

Command syntax for IPMItool

SDR Entity Values

SDR Type Values

IPMI and RMM Setup and Configuration Guide

IPMI NOT Supported

All Standalone ESM Models

Any DAS Models

All Combination ESM Models

Any Receiver (ERC) in HA mode regardless of Model

All Non-HA Receivers (ERC)

IPMI and RMM Setup and Configuration Guide

Check current appliance BIOS version

IPMI and RMM Setup and Configuration Guide

Figure 3 displays an example of the output the command will generate.

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

Choose option 3 R2312 Chassis

IPMI and RMM Setup and Configuration Guide

In either situation, it is recommended that the BIOS update be performed a second

IPMI and RMM Setup and Configuration Guide

Contact McAfee support at http://mysupport.mcafee.com; or at 800-937-2237; or your McAfee Platinum

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

IPMI and RMM Setup and Configuration Guide

Stray VLAN Characters

IPMI and RMM Setup and Configuration Guide

To set IPMI root password for ESM or All-in-One Appliance:

IPMI and RMM Setup and Configuration Guide

C:\ ipmitool H <remote_IP> U <username> <command> <parameters>

IPMI and RMM Setup and Configuration Guide

Query the chassis status

IPMI and RMM Setup and Configuration Guide

: Builtin FRU Device (ID 0)

FRU Device Description : Pwr Supply 1 FRU (ID 2)

Pwr Supply 2 FRU (ID 3)

FRU Device Description

Front Panel (ID 4)

FRU Device Description

IPMI and RMM Setup and Configuration Guide

ipmitool -U root -H 10.1.1.13 sdr list

IPMI and RMM Setup and Configuration Guide

This indicates the sensor status. Possible values are:

IPMI and RMM Setup and Configuration Guide

The example above queries all Fan Devices in the system.