Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ipmiseld(8)			   ipmiseld			   ipmiseld(8)

NAME
       ipmiseld	- IPMI SEL logging daemon

SYNOPSIS
       ipmiseld	[OPTION...]

DESCRIPTION
       The ipmiseld daemon polls the system event log (SEL) of specified hosts
       and stores the logs into	the local syslog. By default, the  daemon  can
       also  make  best	 efforts  to  manage the remote	SEL's buffer to	ensure
       events are never	lost. Recent logging data will be cached  to  disk  to
       ensure that SEL events are not missed in	the event the client or	server
       is rebooted.

       Many of the options for this daemon are very similar to the ipmi-sel(8)
       tool.  It  can be configured to log the local host, a remote host, or a
       range of	hosts to the local syslog. It can be configured	via  the  com-
       mand line arguments listed below	or via the /usr/local/etc/freeipmi/ip-
       miseld.conf configuration file.

       Listed below are	general	IPMI options, tool specific  options,  trouble
       shooting	 information,  workaround information, examples, and known is-
       sues. For a general introduction	to FreeIPMI please see freeipmi(7).

GENERAL	OPTIONS
       The following options are general options for configuring IPMI communi-
       cation and executing general tool commands.

       -D IPMIDRIVER, --driver-type=IPMIDRIVER
	      Specify  the  driver type	to use instead of doing	an auto	selec-
	      tion.  The currently available outofband	drivers	 are  LAN  and
	      LAN_2_0,	which  perform IPMI 1.5	and IPMI 2.0 respectively. The
	      currently	available inband  drivers  are	KCS,  SSIF,  OPENIPMI,
	      SUNBMC, and INTELDCMI.

       --disable-auto-probe
	      Do not probe in-band IPMI	devices	for default settings.

       --driver-address=DRIVER-ADDRESS
	      Specify  the  in-band  driver  address to	be used	instead	of the
	      probed value. DRIVER-ADDRESS should be prefixed with "0x"	for  a
	      hex value	and '0'	for an octal value.

       --driver-device=DEVICE
	      Specify the in-band driver device	path to	be used	instead	of the
	      probed path.

       --register-spacing=REGISTER-SPACING
	      Specify the in-band  driver  register  spacing  instead  of  the
	      probed  value. Argument is in bytes (i.e.	32bit register spacing
	      =	4)

       --target-channel-number=CHANNEL-NUMBER
	      Specify the in-band driver target	channel	number	to  send  IPMI
	      requests to.

       --target-slave-address=SLAVE-ADDRESS
	      Specify  the in-band driver target slave number to send IPMI re-
	      quests to.

       -h      IPMIHOST1,IPMIHOST2,...,	     --hostname=IPMIHOST1[:PORT],IPMI-
       HOST2[:PORT],...
	      Specify  the  remote host(s) to communicate with.	Multiple host-
	      names may	be separated by	comma or may be	specified in  a	 range
	      format;  see  HOSTRANGED	SUPPORT	below. An optional port	can be
	      specified	with each host,	which may be useful in port forwarding
	      or  similar situations.  If specifying an	IPv6 address and port,
	      use the format [ADDRESS]:PORT.

       -u USERNAME, --username=USERNAME
	      Specify the username to use when authenticating with the	remote
	      host.  If	not specified, a null (i.e. anonymous) username	is as-
	      sumed. The user must have	atleast	USER privileges	in  order  for
	      this tool	to operate fully.

       -p PASSWORD, --password=PASSWORD
	      Specify the password to use when authenticationg with the	remote
	      host.  If	not specified, a null  password	 is  assumed.  Maximum
	      password length is 16 for	IPMI 1.5 and 20	for IPMI 2.0.

       -P, --password-prompt
	      Prompt  for  password  to	 avoid	possibility  of	 listing it in
	      process lists.

       -k K_G, --k-g=K_G
	      Specify the K_g BMC key to use when authenticating with the  re-
	      mote host	for IPMI 2.0. If not specified,	a null key is assumed.
	      To input the key in hexadecimal form,  prefix  the  string  with
	      '0x'.  E.g.,  the	 key  'abc' can	be entered with	the either the
	      string 'abc' or the string '0x616263'

       -K, --k-g-prompt
	      Prompt for k-g to	avoid possibility of  listing  it  in  process
	      lists.

       --session-timeout=MILLISECONDS
	      Specify  the  session timeout in milliseconds. Defaults to 20000
	      milliseconds (20 seconds)	if not specified.

       --retransmission-timeout=MILLISECONDS
	      Specify the packet retransmission	timeout	in  milliseconds.  De-
	      faults to	1000 milliseconds (1 second) if	not specified. The re-
	      transmission timeout cannot be larger than the session timeout.

       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
	      Specify the IPMI 1.5 authentication type to use.	The  currently
	      available	 authentication	types are NONE,	STRAIGHT_PASSWORD_KEY,
	      MD2, and MD5. Defaults to	MD5 if not specified.

       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
	      Specify the IPMI 2.0 cipher suite	ID to use. The Cipher Suite ID
	      identifies a set of authentication, integrity, and confidential-
	      ity algorithms to	use for	IPMI 2.0 communication.	The  authenti-
	      cation  algorithm	 identifies  the  algorithm to use for session
	      setup, the integrity algorithm identifies	the algorithm  to  use
	      for session packet signatures, and the confidentiality algorithm
	      identifies the algorithm to use for payload encryption. Defaults
	      to  cipher  suite	 ID  3	if not specified. The following	cipher
	      suite ids	are currently supported:

	      0	- Authentication Algorithm = None; Integrity Algorithm = None;
	      Confidentiality Algorithm	= None

	      1	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      None; Confidentiality Algorithm =	None

	      2	- Authentication Algorithm = HMAC-SHA1;	Integrity Algorithm  =
	      HMAC-SHA1-96; Confidentiality Algorithm =	None

	      3	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      HMAC-SHA1-96; Confidentiality Algorithm =	AES-CBC-128

	      6	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      None; Confidentiality Algorithm =	None

	      7	 -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      HMAC-MD5-128; Confidentiality Algorithm =	None

	      8	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      HMAC-MD5-128; Confidentiality Algorithm =	AES-CBC-128

	      11  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      MD5-128; Confidentiality Algorithm = None

	      12 - Authentication Algorithm = HMAC-MD5;	Integrity Algorithm  =
	      MD5-128; Confidentiality Algorithm = AES-CBC-128

	      15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	None; Confidentiality Algorithm	= None

	      16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = None

	      17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128

       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
	      Specify the privilege level to be	used. The currently  available
	      privilege	 levels	are USER, OPERATOR, and	ADMIN. Defaults	to OP-
	      ERATOR if	not specified.

       --config-file=FILE
	      Specify an alternate configuration file.

       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
	      Specify workarounds to vendor compliance issues. Multiple	 work-
	      arounds  can be specified	separated by commas. A special command
	      line flag	of "none", will	indicate no workarounds	(may be	useful
	      for overriding configured	defaults). See WORKAROUNDS below for a
	      list of available	workarounds.

       --debug
	      Turn on debugging.

       -?, --help
	      Output a help list and exit.

       --usage
	      Output a usage message and exit.

       -V, --version
	      Output the program version and exit.

IPMISELD OPTIONS
       The following options are specific to ipmiseld.

       -v     Log verbose information. This option will	log additional	infor-
	      mation.	Most  notably  it  will	output additional hex codes to
	      given information	on ambiguous SEL entries or SEL	 records.  For
	      example, it will output Generator	ID hex codes for sensors with-
	      out names. Additional non-critical SEL  errors  or  issues  will
	      also  be logged. Somewhat	common errors, such as timeouts	or in-
	      valid hostnames, will output with	increased verbosity.

       -t SENSOR-TYPE-LIST, --sensor-types=SENSOR-TYPE-LIST
	      Specify sensor types of SEL events to log. By default, all  sen-
	      sor types	are logged. A special command line type	of "all", will
	      indicate all types should	be shown (may be useful	for overriding
	      configured  defaults). Multiple types can	be separated by	commas
	      or spaces.  Users	 may  specify  sensor  types  by  string  (see
	      --list-sensor-types  in  ipmi-sel(8))  or	 by number (decimal or
	      hex).

       -T SENSOR-TYPE-LIST, --exclude-sensor-types=SENSOR-TYPE-LIST
	      Specify sensor types of SEL events to not	log.  By  default,  no
	      sensor  types  are  filtered.  A	special	 command  line type of
	      "none", will indicate no types should be excluded	(may be	useful
	      for overriding configured	defaults). Multiple types can be sepa-
	      rated by commas or spaces. Users may  specify  sensor  types  by
	      string  (see  --list-sensor-types	 in  ipmi-sel(8)) or by	number
	      (decimal or hex).

       --system-event-only
	      Log only system event records (i.e. don't	log OEM	records).

       --oem-event-only
	      Log  only	 OEM  event  records  (i.e.  don't  log	 system	 event
	      records).

       --event-state-config-file=FILE
	      Specify an alternate event state configuration file.

       --interpret-oem-data
	      Attempt  to interpret OEM	data, such as event data, sensor read-
	      ings, or general extra info, etc.	If an  OEM  interpretation  is
	      not available, the default output	will be	generated. Correctness
	      of OEM interpretations cannot be	guaranteed  due	 to  potential
	      changes OEM vendors may make in products,	firmware, etc. See OEM
	      INTERPRETATION below for confirmed supported motherboard	inter-
	      pretations.

       --entity-sensor-names
	      Output  sensor  names prefixed with their	entity id and instance
	      number when appropriate. This may	be necessary on	 some  mother-
	      boards  to help identify what sensors are	referencing. For exam-
	      ple, a motherboard may have multiple sensors named  'TEMP'.  The
	      entity  id  and  instance	 number	 may help clarify which	sensor
	      refers to	"Processor 1" vs. "Processor 2".

       --non-abbreviated-units
	      Output non-abbreviated units (e.g. 'Amps'	instead	of  'A').  May
	      aid  in  disambiguation  of  units  (e.g.	 'C'  for  Celsius  or
	      Coulombs).

       --event-state-filter=FILTERSTRING
	      Specify event states to be filtered out and not logged. Possible
	      inputs  are  NOMINAL, WARNING, CRITICAL, and NA. Multiple	states
	      can be listed separted by	comma.	The  special  case  string  of
	      "none"  will indicate no event states should be excluded (may be
	      useful for overriding configured defaults).

       --warning-threshold=PERCENTINT
	      Specify SEL fullness warning threshold as	an integer percentage.
	      When  the	 SEL  is  past this percentage full, a warning will be
	      output indicating	that SEL is nearly full. Specify 0 to  disable
	      warning logs. Defaults to	80.

       --clear-threshold=PERCENTINT
	      Specify  SEL  fullness clear threshold as	an integer percentage.
	      When the SEL is past this	percentage full, ipmiseld will attempt
	      to clear the SEL.	Specify	0 to disable clearing. When the	SEL is
	      full, it will be the responsibility of the user to clear the SEL
	      manually if clearing is disabled.	Defaults to 0. If specified to
	      a	non-zero value,	be careful that	the clearing of	the SEL	 could
	      affect other applications	that monitor the SEL, such as monitor-
	      ing applications that use	ipmi-sel(8) or libipmimonitoring(3).

       --system-event-format=FORMATSTRING
	      Specify the format of the	log output when	a SEL system event  is
	      encountered.  Defaults to	"SEL System Event: %d, %t, %s, %I, %E"
	      if logging locally, "SEL System Event(%h): %d, %t, %s,  %I,  %E"
	      if  logging  outofband  or  with	hostranges. See	SEL LOG	FORMAT
	      STRING below for formatting details.

       --oem-timestamped-event-format=FORMATSTRING
	      Specify the format of the	log output when	a SEL OEM  timestamped
	      event  is	 encountered.  Defaults	to "SEL	OEM Event: %d, %t, %I,
	      %o" if logging locally, "SEL OEM Event(%h): %d, %t, %I,  %o"  if
	      logging outofband	or with	hostranges.. See SEL LOG FORMAT	STRING
	      below for	formatting details.

       --oem-non-timestamped-event-format=FORMATSTRING
	      Specify the format of the	log output when	a SEL  OEM  non-times-
	      tamped event is encountered. Defaults to "SEL OEM	Event: %I, %o"
	      if logging locally, "SEL OEM Event(%h): %I, %o" if logging  out-
	      ofband  or with hostranges.. See SEL LOG FORMAT STRING below for
	      formatting details.

       --poll-interval=SECONDS
	      Specify the poll interval	to check the SEL for new  events.  De-
	      faults to	300 seconds (i.e. 5 minutes).

       --log-facility=STRING
	      Specify  the  log	facility to use. Defaults to LOG_DAEMON. Legal
	      inputs are LOG_DAEMON, LOG_USER, LOG_LOCAL0, LOG_LOCAL1, LOG_LO-
	      CAL2,  LOG_LOCAL3,  LOG_LOCAL4,  LOG_LOCAL5, LOG_LOCAL6, LOG_LO-
	      CAL7.

       --log-priority=STRING
	      Specify the log priority to use. Defaults	to LOG_ERR. Legal  in-
	      puts  are	 LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, LOG_WARNING,
	      LOG_NOTICE, LOG_INFO, LOG_DEBUG.

       --cache-directory=DIRECTORY
	      Specify an alternate cache directory location  for  ipmiseld  to
	      use. The cache directory will be used to cache a wide variety of
	      data, including the SDR and recent logging information to	ensure
	      log entries are not missed on reboots and	other system failures.

       --ignore-sdr
	      Ignore  SDR  related  processing.	May lead to incomplete or less
	      useful information being output, however it will allow function-
	      ality for	systems	without	SDRs or	when the correct SDR cannot be
	      loaded.

       --re-download-sdr
	      Re-download the SDR on start even	if it is not out of date. This
	      may  help	work around systems that do not	properly timestamp SDR
	      modification times.

       --clear-sel
	      On startup, clear	any SEL	being monitored.  May  be  useful  the
	      first  time  running  ipmiseld  to avoid warning messages	or SEL
	      clears until a long time in the future.

       --threadpool-count=NUM
	      Specify the number of threads for	parallel SEL polling. This op-
	      tion  is	very similar to	the --fanout option in ipmi-sel(8) but
	      the threads are created only once	on initialization  for	faster
	      processing. Defaults to 8, however the threadpool	count will al-
	      ways be decreased	if the number of nodes specified is less  than
	      the number of threads.

       --test-run
	      Do  not daemonize, output	the current SEL	of configured hosts as
	      a	test of	current	settings and configuration. SEL	 entries  will
	      be output	to stdout instead of syslog.

       --foreground
	      Run daemon in the	foreground. SEL	entries	will be	output to std-
	      out instead of syslog.

SEL LOG	FORMAT STRING
       The output format of log	 messages  can	be  adjusted  via  the	--sys-
       tem-event-format,  --oem-timestamped-event-format  and --oem-non-times-
       tamped-event-format  options.  Options  such  as	 --interpret-oem-data,
       --entity-sensor-names,  and  --non-abbreviated-units can	further	adjust
       the output format. The following	conversion directives will  allow  the
       user to output specifics	of each	SEL event that occurs.

       For System, OEM timestamped, and	OEM non-timestamped events

       %h - target host, useful	if logging from	multiple hosts

       %i - record ID in decimal

       %I - event state	interpretation (NOMINAL, WARNING, or CRITICAL)

       For System and OEM timestamped events

       %t - time in format H:M:S using 24 hour clock

       %d - date in format D-M-YEAR

       For System events

       %T - sensor type

       %s - sensor name

       %e - event data 1 string

       %f - event data 2 string	[2]

       %h - event data 3 string

       %c - combined event data	2 and event data 3 string

       %p - event data 2 previous state	string

       %S - event data 2 severity string

       %E - combined event data	1, 2, and 3 string

       %k - event direction

       For OEM timestamped events

       %m - manufacturer id

       For OEM timestamped and OEM non-timestamped events

       %o - oem	data in	hex

       %O - OEM	supplied string	describing the event (depends on manufacturer)

HOSTRANGED SUPPORT
       Multiple	hosts can be input either as an	explicit comma separated lists
       of hosts	or a range of hostnames	in  the	 general  form:	 prefix[n-m,l-
       k,...],	where  n < m and l < k,	etc. The later form should not be con-
       fused with regular expression character classes (also denoted  by  []).
       For example, foo[19] does not represent foo1 or foo9, but rather	repre-
       sents a degenerate range: foo19.

       This range syntax is meant only as a convenience	 on  clusters  with  a
       prefixNN	 naming	 convention  and specification of ranges should	not be
       considered necessary -- the list	foo1,foo9 could	be specified as	 such,
       or by the range foo[1,9].

       Some examples of	range usage follow:
	   foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
	   foo[7,9-10] instead of foo7,foo9,foo10
	   foo[0-3] instead of foo0,foo1,foo2,foo3

       As a reminder to	the reader, some shells	will interpret brackets	([ and
       ]) for pattern matching.	Depending on your shell, it may	 be  necessary
       to enclose ranged lists within quotes.

       In-band	IPMI  Communication  will be used when the host	"localhost" is
       specified. This allows the user to add  the  localhost  into  the  hos-
       tranged output.

GENERAL	TROUBLESHOOTING
       Most often, IPMI	problems are due to configuration problems.

       IPMI  over  LAN	problems  involve a misconfiguration of	the remote ma-
       chine's BMC.  Double check to make sure the  following  are  configured
       properly	 in  the remote	machine's BMC: IP address, MAC address,	subnet
       mask, username, user enablement,	user privilege,	password,  LAN	privi-
       lege,  LAN enablement, and allowed authentication type(s). For IPMI 2.0
       connections, double check to make sure the  cipher  suite  privilege(s)
       and  K_g	 key  are  configured properly.	The ipmi-config(8) tool	can be
       used to check and/or change these configuration settings.

       Inband IPMI problems are	 typically  caused  by	improperly  configured
       drivers or non-standard BMCs.

       In  addition  to	the troubleshooting tips below,	please see WORKAROUNDS
       below to	also if	there are any vendor specific bugs that	have been dis-
       covered and worked around.

       Listed below are	many of	the common issues for error messages.  For ad-
       ditional	support, please	e-mail	the  <freeipmi-users@gnu.org>  mailing
       list.

       "username  invalid"  - The username entered (or a NULL username if none
       was entered) is not available on	the remote machine.  It	 may  also  be
       possible	the remote BMC's username configuration	is incorrect.

       "password  invalid"  - The password entered (or a NULL password if none
       was entered) is not correct. It may also	be possible the	 password  for
       the user	is not correctly configured on the remote BMC.

       "password  verification timeout"	- Password verification	has timed out.
       A "password invalid" error (described  above)  or  a  generic  "session
       timeout"	(described below) occurred.  During this point in the protocol
       it cannot be differentiated which occurred.

       "k_g invalid" - The K_g key entered (or a NULL K_g key if none was  en-
       tered)  is not correct. It may also be possible the K_g key is not cor-
       rectly configured on the	remote BMC.

       "privilege level	insufficient" -	An IPMI	command	requires a higher user
       privilege  than	the one	authenticated with. Please try to authenticate
       with a higher privilege.	This may require authenticating	to a different
       user which has a	higher maximum privilege.

       "privilege  level  cannot  be  obtained	for this user" - The privilege
       level you are attempting	to authenticate	with is	higher than the	 maxi-
       mum  allowed for	this user. Please try again with a lower privilege. It
       may also	be possible the	maximum	privilege level	allowed	for a user  is
       not configured properly on the remote BMC.

       "authentication	type  unavailable for attempted	privilege level" - The
       authentication type you wish to authenticate with is not	available  for
       this privilege level. Please try	again with an alternate	authentication
       type or alternate privilege level. It may also be possible  the	avail-
       able  authentication  types you can authenticate	with are not correctly
       configured on the remote	BMC.

       "cipher suite id	unavailable" - The cipher suite	id you wish to authen-
       ticate  with  is	not available on the remote BMC. Please	try again with
       an alternate cipher suite id. It	may also be possible the available ci-
       pher suite ids are not correctly	configured on the remote BMC.

       "ipmi  2.0 unavailable" - IPMI 2.0 was not discovered on	the remote ma-
       chine. Please try to use	IPMI 1.5 instead.

       "connection timeout" - Initial IPMI communication failed. A  number  of
       potential errors	are possible, including	an invalid hostname specified,
       an IPMI IP address cannot be resolved, IPMI is not enabled on  the  re-
       mote server, the	network	connection is bad, etc.	Please verify configu-
       ration and connectivity.

       "session	timeout" - The IPMI session has	timed out.  Please  reconnect.
       If this error occurs often, you may wish	to increase the	retransmission
       timeout.	Some remote BMCs are considerably slower than others.

       "device not found" - The	specified device could not  be	found.	Please
       check configuration or inputs and try again.

       "driver	timeout"  -  Communication with	the driver or device has timed
       out. Please try again.

       "message	timeout" - Communication with the driver or device  has	 timed
       out. Please try again.

       "BMC  busy"  - The BMC is currently busy. It may	be processing informa-
       tion or have too	many simultaneous sessions to manage. Please wait  and
       try again.

       "could  not  find inband	device"	- An inband device could not be	found.
       Please check configuration or specify specific device or	driver on  the
       command line.

       "driver timeout"	- The inband driver has	timed out communicating	to the
       local BMC or service processor. The BMC or  service  processor  may  be
       busy or (worst case) possibly non-functioning.

       "internal  IPMI	error" - An IPMI error has occurred that FreeIPMI does
       not know	how to handle. Please e-mail <freeipmi-users@gnu.org>  to  re-
       port the	issue.

IPMISELD TROUBLESHOOTING
       Some  timestamps	 in the	SEL may	report a date of 1-Jan-1970, the epoch
       for SEL timestamps. This	timestamp is  not  necessarily	incorrect.  It
       usually	indicates a hardware event that	occurred before	a timestamp in
       firmware	has been initialized. For example, certain hardware components
       will have their internal	clocks reset during a power cycle.

       However,	 if  the internal clock	of the SEL appears to be regularly in-
       correct,	you may	need to	set the	SEL time. This can be done using  bmc-
       device(8).

       The following are common	SEL related messages.

       "sel  config  file  parse  error"  - A parse error was found in the sel
       event interpretation configuration  file.  Please  see  freeipmi_inter-
       pret_sel.conf(5).

WORKAROUNDS
       With  so	 many different	vendors	implementing their own IPMI solutions,
       different vendors may implement their IPMI protocols  incorrectly.  The
       following describes a number of workarounds currently available to han-
       dle discovered compliance issues. When possible,	workarounds have  been
       implemented so they will	be transparent to the user. However, some will
       require the user	to specify a workaround	be used	via the	-W option.

       The hardware listed below may only indicate the hardware	that a problem
       was  discovered on. Newer versions of hardware may fix the problems in-
       dicated below. Similar machines from vendors may	or may not exhibit the
       same  problems.	Different  vendors may license their firmware from the
       same IPMI firmware developer, so	it may	be  worthwhile	to  try	 work-
       arounds listed below even if your motherboard is	not listed.

       If  you	believe	 your hardware has an additional compliance issue that
       needs a workaround to be	implemented, please contact the	FreeIPMI main-
       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

       assumeio	 - This	workaround flag	will assume inband interfaces communi-
       cate with system	I/O rather than	being memory-mapped.  This  will  work
       around  systems	that report invalid base addresses. Those hitting this
       issue may see "device not supported" or "could not find inband  device"
       errors.	Issue observed on HP ProLiant DL145 G1.

       spinpoll	 -  This workaround flag will inform some inband drivers (most
       notably the KCS driver) to spin while polling rather than  putting  the
       process to sleep. This may significantly	improve	the wall clock running
       time of tools because an	operating system scheduler's  granularity  may
       be  much	larger than the	time it	takes to perform a single IPMI message
       transaction. However, by	spinning, your system may be  performing  less
       useful work by not contexting out the tool for a	more useful task.

       authcap	- This workaround flag will skip early checks for username ca-
       pabilities, authentication capabilities,	and K_g	support	and allow IPMI
       authentication to succeed. It works around multiple issues in which the
       remote system does not properly report username capabilities, authenti-
       cation  capabilities,  or  K_g status. Those hitting this issue may see
       "username invalid",  "authentication  type  unavailable	for  attempted
       privilege  level",  or  "k_g  invalid"  errors.	Issue observed on Asus
       P5M2/P5MT-R/RS162-E4/RX4,   Intel   SR1520ML/X38ML,   and   Sun	  Fire
       2200/4150/4450 with ELOM.

       nochecksumcheck	- This workaround flag will tell FreeIPMI to not check
       the checksums returned from IPMI	command	 responses.  It	 works	around
       systems that return invalid checksums due to implementation errors, but
       the packet is otherwise valid. Users are	cautioned on the use  of  this
       option,	as  it	removes	 validation of packet integrity	in a number of
       circumstances. However, it is unlikely to be an issue  in  most	situa-
       tions.  Those hitting this issue	may see	"connection timeout", "session
       timeout", or "password verification timeout" errors. On IPMI  1.5  con-
       nections,  the  "noauthcodecheck" workaround may	also needed too. Issue
       observed	on Supermicro X9SCM-iiF, Supermicro  X9DRi-F,  and  Supermicro
       X9DRFR.

       idzero  -  This	workaround flag	will allow empty session IDs to	be ac-
       cepted by the client. It	works around IPMI sessions that	 report	 empty
       session	IDs  to	 the client. Those hitting this	issue may see "session
       timeout"	errors.	Issue observed on Tyan S2882 with M3289	BMC.

       unexpectedauth -	This workaround	flag will  allow  unexpected  non-null
       authcodes  to  be checked as though they	were expected. It works	around
       an issue	when packets contain non-null authentication  data  when  they
       should  be  null	due to disabled	per-message authentication. Those hit-
       ting this issue may see "session	timeout"  errors.  Issue  observed  on
       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.

       forcepermsg  -  This workaround flag will force per-message authentica-
       tion to be used no matter what is advertised by the remote  system.  It
       works  around an	issue when per-message authentication is advertised as
       disabled	on the remote system, but it is	actually required for the pro-
       tocol.  Those hitting this issue	may see	"session timeout" errors.  Is-
       sue observed on IBM eServer 325.

       endianseq - This	workaround flag	will flip the endian  of  the  session
       sequence	 numbers  to  allow the	session	to continue properly. It works
       around IPMI 1.5 session sequence	numbers	that  are  the	wrong  endian.
       Those  hitting  this  issue may see "session timeout" errors. Issue ob-
       served on some Sun ILOM 1.0/2.0 (depends	on service processor endian).

       noauthcodecheck - This workaround flag will tell	FreeIPMI to not	 check
       the  authentication  codes returned from	IPMI 1.5 command responses. It
       works around systems that return	invalid	authentication	codes  due  to
       hashing	or  implementation  errors.  Users are cautioned on the	use of
       this option, as it removes an authentication check verifying the	valid-
       ity of a	packet.	However, in most organizations,	this is	unlikely to be
       a security issue. Those hitting this issue may  see  "connection	 time-
       out",  "session	timeout",  or  "password verification timeout" errors.
       Issue observed on Xyratex FB-H8-SRAY, Intel  Windmill,  Quanta  Winter-
       fell, and Wiwynn	Windmill.

       intel20	- This workaround flag will work around	several	Intel IPMI 2.0
       authentication issues. The issues covered include padding of usernames,
       and  password  truncation  if  the  authentication  algorithm  is HMAC-
       MD5-128.	Those hitting this issue may see "username invalid", "password
       invalid",  or  "k_g  invalid" errors. Issue observed on Intel SE7520AF2
       with Intel Server Management Module (Professional Edition).

       supermicro20 - This workaround flag will	work around several Supermicro
       IPMI  2.0  authentication  issues  on  motherboards  w/	Peppercon IPMI
       firmware. The issues covered include handling invalid length  authenti-
       cation  codes.  Those hitting this issue	may see	"password invalid" er-
       rors.  Issue observed on	Supermicro H8QME  with	SIMSO  daughter	 card.
       Confirmed fixed on newerver firmware.

       sun20 - This workaround flag will work work around several Sun IPMI 2.0
       authentication issues. The issues covered include invalid lengthed hash
       keys,  improperly  hashed keys, and invalid cipher suite	records. Those
       hitting this issue may see "password invalid" or	 "bmc  error"  errors.
       Issue  observed	on Sun Fire 4100/4200/4500 with	ILOM.  This workaround
       automatically includes the "opensesspriv" workaround.

       opensesspriv - This workaround flag will	slightly alter FreeIPMI's IPMI
       2.0 connection protocol to workaround an	invalid	hashing	algorithm used
       by the remote system. The privilege level sent during the Open  Session
       stage of	an IPMI	2.0 connection is used for hashing keys	instead	of the
       privilege level sent during the RAKP1 connection	stage.	Those  hitting
       this  issue may see "password invalid", "k_g invalid", or "bad rmcpplus
       status code" errors.  Issue observed on Sun  Fire  4100/4200/4500  with
       ILOM, Inventec 5441/Dell	Xanadu II, Supermicro X8DTH, Supermicro	X8DTG,
       Intel S5500WBV/Penguin Relion 700,  Intel  S2600JF/Appro	 512X,	Quanta
       QSSC-S4R/Appro  GB812X-CN, and Dell C5220. This workaround is automati-
       cally triggered with the	"sun20"	workaround.

       integritycheckvalue - This workaround flag will work around an  invalid
       integrity check value during an IPMI 2.0	session	establishment when us-
       ing Cipher Suite	ID 0. The integrity check value	should	be  0  length,
       however	the  remote motherboard	responds with a	non-empty field. Those
       hitting this issue may see "k_g invalid"	errors.	Issue observed on  Su-
       permicro	 X8DTG,	 Supermicro  X8DTU,  and Intel S5500WBV/Penguin	Relion
       700, and	Intel S2600JF/Appro 512X.

       assumesystemevent - This	workaround  option  will  assume  invalid  SEL
       record  types  are  system event	records. Records may be	formatted cor-
       rectly but report invalid record	types. Those hitting  this  issue  may
       see  "Unknown  SEL Record Type" errors. Output may be unknown, pray for
       the best. This option is	confirmed to work around compliances issues on
       HP DL 380 G5 motherboards.

       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
       found to	not support IPMI 1.5. Those hitting this issue may  see	 "ipmi
       2.0  unavailable"  or  "connection  timeout"  errors. This issue	can be
       worked around by	using IPMI 2.0	instead	 of  IPMI  1.5	by  specifying
       --driver-type=LAN_2_0. Issue observed on	HP Proliant DL 145.

OEM INTERPRETATION
       The  following  motherboards are	confirmed to have atleast some support
       by the --interpret-oem-data option. While highly	probable the OEM  data
       interpretations	would work across other	motherboards by	the same manu-
       facturer, there are no guarantees. Some of the motherboards  below  may
       be rebranded by vendors/distributors.

       Dell  Poweredge	2900,  Dell  Poweredge 2950, Dell Poweredge R610, Dell
       Poweredge R710, Fujitsu iRMC S1 and iRMC	S2 systems, Intel S5500WB/Pen-
       guin  Computing	Relion	700, Intel S2600JF/Appro 512X, Intel S5000PAL,
       Inventec	5441/Dell Xanadu II, Inventec  5442/Dell  Xanadu  III,	Quanta
       S99Q/Dell  FS12-TY, Quanta QSSC-S4R/Appro GB812X-CN, Sun	X4140 Supermi-
       cro X7DBR-3, Supermicro X7DB8, Supermicro X8DTN,	Supermicro  X7SBI-LN4,
       Supermicro   X8DTH,  Supermicro	X8DTG,	Supermicro  X8DTU,  Supermicro
       X8DT3-LN4F, Supermicro X8DTU-6+,	Supermicro X8DTL, Supermicro X8DTL-3F,
       Supermicro  X8SIL-F,  Supermicro	 X9SCL,	 Supermicro  X9SCM, Supermicro
       X8DTN+-F, Supermicro X8SIE, Supermicro X9SCA-F-O,  Supermicro  H8DGU-F,
       Supermicro  X9DRi-F,  Supermicro	X9DRI-LN4F+, Supermicro	X9SPU-F-O, Su-
       permicro	X9SCM-iiF, Wistron/Dell	Poweredge C6220.

KNOWN ISSUES
       On older	operating systems, if you input	your username,	password,  and
       other  potentially  security  relevant information on the command line,
       this information	may be discovered by other users when using tools like
       the  ps(1) command or looking in	the /proc file system. It is generally
       more secure to input password information with options like the	-P  or
       -K  options.  Configuring security relevant information in the FreeIPMI
       configuration file would	also be	an appropriate way to hide this	infor-
       mation.

       In  order  to  prevent  brute force attacks, some BMCs will temporarily
       "lock up" after a number	of remote authentication errors. You may  need
       to  wait	awhile in order	to this	temporary "lock	up" to pass before you
       may authenticate	again.

FILES
       /usr/local/etc/freeipmi/ipmiseld.conf /var/db/freeipmi/ipmiseld

REPORTING BUGS
       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

COPYRIGHT
       Copyright (C) 2012-2015 Lawrence	Livermore National Security, LLC.

       This program is free software; you can redistribute it and/or modify it
       under  the  terms of the	GNU General Public License as published	by the
       Free Software Foundation; either	version	3 of the License, or (at  your
       option) any later version.

SEE ALSO
       freeipmi(7),  ipmi-sel(8),  ipmiseld.conf(5),  bmc-device(8), ipmi-con-
       fig(8), freeipmi_interpret_sel.conf(5)

       http://www.gnu.org/software/freeipmi/

ipmiseld 1.6.5			  2020-05-21			   ipmiseld(8)

NAME | SYNOPSIS | DESCRIPTION | GENERAL OPTIONS | IPMISELD OPTIONS | SEL LOG FORMAT STRING | HOSTRANGED SUPPORT | GENERAL TROUBLESHOOTING | IPMISELD TROUBLESHOOTING | WORKAROUNDS | OEM INTERPRETATION | KNOWN ISSUES | FILES | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipmiseld&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help