Man Pages

ipmiseld(8) - phpMan ipmiseld(8) - phpMan

Command: man perldoc info search(apropos)  


ipmiseld(8)                        ipmiseld                        ipmiseld(8)



NAME
       ipmiseld - IPMI SEL logging daemon

SYNOPSIS
       ipmiseld [OPTION...]

DESCRIPTION
       The ipmiseld daemon polls the system event log (SEL) of specified hosts and stores the logs into the local sys-
       log. By default, the daemon can also make best efforts to manage the remote SEL's buffer to ensure  events  are
       never  lost.  Recent  logging data will be cached to disk to ensure that SEL events are not missed in the event
       the client or server is rebooted.

       Many of the options for this daemon are very similar to the ipmi-sel(8) tool. It can be configured to  log  the
       local  host,  a remote host, or a range of hosts to the local syslog. It can be configured via the command line
       arguments listed below or via the /etc//ipmiseld.conf configuration file.

       Listed below are general IPMI options, tool specific options, trouble shooting information, workaround informa-
       tion, examples, and known issues. For a general introduction to FreeIPMI please see freeipmi(7).

GENERAL OPTIONS
       The  following  options  are general options for configuring IPMI communication and executing general tool com-
       mands.

       -D IPMIDRIVER, --driver-type=IPMIDRIVER
              Specify the driver type to use instead of doing an auto selection.  The  currently  available  outofband
              drivers  are  LAN and LAN_2_0, which perform IPMI 1.5 and IPMI 2.0 respectively. The currently available
              inband drivers are KCS, SSIF, OPENIPMI, and SUNBMC.

       --disable-auto-probe
              Do not probe in-band IPMI devices for default settings.

       --driver-address=DRIVER-ADDRESS
              Specify the in-band driver address to be used instead of the probed value. DRIVER-ADDRESS should be pre-
              fixed with "0x" for a hex value and '0' for an octal value.

       --driver-device=DEVICE
              Specify the in-band driver device path to be used instead of the probed path.

       --register-spacing=REGISTER-SPACING
              Specify  the  in-band  driver  register  spacing instead of the probed value. Argument is in bytes (i.e.
              32bit register spacing = 4)

       --target-channel-number=CHANNEL-NUMBER
              Specify the in-band driver target channel number to send IPMI requests to.

       --target-slave-address=SLAVE-ADDRESS
              Specify the in-band driver target slave number to send IPMI requests to.

       -h IPMIHOST1,IPMIHOST2,..., --hostname=IPMIHOST1[:PORT],IPMIHOST2[:PORT],...
              Specify the remote host(s) to communicate with. Multiple hostnames may be separated by comma or  may  be
              specified  in  a range format; see HOSTRANGED SUPPORT below. An optional port can be specified with each
              host, which may be useful in port forwarding or similar situations.

       -u USERNAME, --username=USERNAME
              Specify the username to use when authenticating with the remote host.  If not specified,  a  null  (i.e.
              anonymous)  username  is  assumed.  The user must have atleast USER privileges in order for this tool to
              operate fully.

       -p PASSWORD, --password=PASSWORD
              Specify the password to use when authenticationg with the remote host.  If not specified, a  null  pass-
              word is assumed. Maximum password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.

       -P, --password-prompt
              Prompt for password to avoid possibility of listing it in process lists.

       -k K_G, --k-g=K_G
              Specify  the K_g BMC key to use when authenticating with the remote host for IPMI 2.0. If not specified,
              a null key is assumed. To input the key in hexadecimal form, prefix the string with '0x'. E.g., the  key
              'abc' can be entered with the either the string 'abc' or the string '0x616263'

       -K, --k-g-prompt
              Prompt for k-g to avoid possibility of listing it in process lists.

       --session-timeout=MILLISECONDS
              Specify  the  session timeout in milliseconds. Defaults to 20000 milliseconds (20 seconds) if not speci-
              fied.

       --retransmission-timeout=MILLISECONDS
              Specify the packet retransmission timeout in milliseconds. Defaults to 1000 milliseconds (1  second)  if
              not specified. The retransmission timeout cannot be larger than the session timeout.

       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
              Specify  the IPMI 1.5 authentication type to use. The currently available authentication types are NONE,
              STRAIGHT_PASSWORD_KEY, MD2, and MD5. Defaults to MD5 if not specified.

       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
              Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID identifies  a  set  of  authentication,
              integrity,  and  confidentiality  algorithms to use for IPMI 2.0 communication. The authentication algo-
              rithm identifies the algorithm to use for session setup, the integrity algorithm  identifies  the  algo-
              rithm  to  use for session packet signatures, and the confidentiality algorithm identifies the algorithm
              to use for payload encryption. Defaults to cipher suite ID 3 if  not  specified.  The  following  cipher
              suite ids are currently supported:

              0 - Authentication Algorithm = None; Integrity Algorithm = None; Confidentiality Algorithm = None

              1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm = None; Confidentiality Algorithm = None

              2  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm = HMAC-SHA1-96; Confidentiality Algorithm
              = None

              3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm = HMAC-SHA1-96; Confidentiality  Algorithm
              = AES-CBC-128

              6 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = None; Confidentiality Algorithm = None

              7 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = HMAC-MD5-128; Confidentiality Algorithm =
              None

              8 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = HMAC-MD5-128; Confidentiality Algorithm =
              AES-CBC-128

              11  -  Authentication  Algorithm  = HMAC-MD5; Integrity Algorithm = MD5-128; Confidentiality Algorithm =
              None

              12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =  MD5-128;  Confidentiality  Algorithm  =
              AES-CBC-128

              15  -  Authentication  Algorithm  = HMAC-SHA256; Integrity Algorithm = None; Confidentiality Algorithm =
              None

              16 - Authentication Algorithm = HMAC-SHA256;  Integrity  Algorithm  =  HMAC_SHA256_128;  Confidentiality
              Algorithm = None

              17  -  Authentication  Algorithm  =  HMAC-SHA256; Integrity Algorithm = HMAC_SHA256_128; Confidentiality
              Algorithm = AES-CBC-128

       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
              Specify the privilege level to be used. The currently available privilege levels are USER, OPERATOR, and
              ADMIN. Defaults to OPERATOR if not specified.

       --config-file=FILE
              Specify an alternate configuration file.

       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
              Specify workarounds to vendor compliance issues. Multiple workarounds can be specified separated by com-
              mas. A special command line flag of "none", will indicate no workarounds (may be useful  for  overriding
              configured defaults). See WORKAROUNDS below for a list of available workarounds.

       --debug
              Turn on debugging.

       -?, --help
              Output a help list and exit.

       --usage
              Output a usage message and exit.

       -V, --version
              Output the program version and exit.

IPMISELD OPTIONS
       The following options are specific to Ipmiseld.

       -v     Log verbose information. This option will log additional information.  Most notably it will output addi-
              tional hex codes to given information on ambiguous SEL entries or SEL records. For example, it will out-
              put  Generator ID hex codes for sensors without names. Additional non-critical SEL errors or issues will
              also be logged. Somewhat common errors,  such  as  timeouts  or  invalid  hostnames,  will  output  with
              increased verbosity.

       -t SENSOR-TYPE-LIST, --sensor-types=SENSOR-TYPE-LIST
              Specify  sensor  types  of SEL events to log. By default, all sensor types are logged. A special command
              line type of "all", will indicate all types should be shown (may be  useful  for  overriding  configured
              defaults).  Multiple  types  can  be  separated  by commas or spaces.  Users may specify sensor types by
              string (see --list-sensor-types in ipmi-sel(8)) or by number (decimal or hex).

       -T SENSOR-TYPE-LIST, --exclude-sensor-types=SENSOR-TYPE-LIST
              Specify sensor types of SEL events to not log. By default, no sensor types are filtered. A special  com-
              mand  line  type of "none", will indicate no types should be excluded (may be useful for overriding con-
              figured defaults). Multiple types can be separated by commas or spaces. Users may specify  sensor  types
              by string (see --list-sensor-types in ipmi-sel(8)) or by number (decimal or hex).

       --system-event-only
              Log only system event records (i.e. don't log OEM records).

       --oem-event-only
              Log only OEM event records (i.e. don't log system event records).

       --event-state-config-file=FILE
              Specify an alternate event state configuration file.

       --interpret-oem-data
              Attempt  to  interpret  OEM data, such as event data, sensor readings, or general extra info, etc. If an
              OEM interpretation is not available, the default output will be generated. Correctness of OEM  interpre-
              tations  cannot  be guaranteed due to potential changes OEM vendors may make in products, firmware, etc.
              See OEM INTERPRETATION below for confirmed supported motherboard interpretations.

       --entity-sensor-names
              Output sensor names prefixed with their entity id and instance number when appropriate. This may be nec-
              essary  on  some  motherboards to help identify what sensors are referencing. For example, a motherboard
              may have multiple sensors named 'TEMP'. The entity id and instance number may help clarify which  sensor
              refers to "Processor 1" vs. "Processor 2".

       --non-abbreviated-units
              Output  non-abbreviated units (e.g. 'Amps' instead of 'A'). May aid in disambiguation of units (e.g. 'C'
              for Celsius or Coulombs).

       --event-state-filter=FILTERSTRING
              Specify event states to be filtered out and not logged. Possible inputs are NOMINAL, WARNING,  CRITICAL,
              and NA. Multiple states can be listed separted by comma. The special case string of "none" will indicate
              no event states should be excluded (may be useful for overriding configured defaults).

       --warning-threshold=PERCENTINT
              Specify SEL fullness warning threshold as an integer percentage. When the SEL is  past  this  percentage
              full,  a  warning  will be output indicating that SEL is nearly full. Specify 0 to disable warning logs.
              Defaults to 80.

       --clear-threshold=PERCENTINT
              Specify SEL fullness clear threshold as an integer percentage. When the  SEL  is  past  this  percentage
              full,  ipmiseld  will  attempt to clear the SEL. Specify 0 to disable clearing. When the SEL is full, it
              will be the responsibility of the user to clear the SEL manually if clearing is disabled. Defaults to 0.
              If  specified  to  a non-zero value, be careful that the clearing of the SEL could affect other applica-
              tions that monitor the SEL, such as monitoring applications  that  use  ipmi-sel(8)  or  libipmimonitor-
              ing(3).

       --system-event-format=FORMATSTRING
              Specify  the  format  of  the log output when a SEL system event is encountered. Defaults to "SEL System
              Event: %d, %t, %s, %I, %E" if logging locally, "SEL System Event(%h): %d, %t, %s,  %I,  %E"  if  logging
              outofband or with hostranges. See SEL LOG FORMAT STRING below for formatting details.

       --oem-timestamped-event-format=FORMATSTRING
              Specify  the  format of the log output when a SEL OEM timestamped event is encountered. Defaults to "SEL
              OEM Event: %d, %t, %I, %o" if logging locally, "SEL OEM Event(%h): %d, %t, %I, %o" if logging  outofband
              or with hostranges.. See SEL LOG FORMAT STRING below for formatting details.

       --oem-non-timestamped-event-format=FORMATSTRING
              Specify  the  format  of the log output when a SEL OEM non-timestamped event is encountered. Defaults to
              "SEL OEM Event: %I, %o" if logging locally, "SEL OEM Event(%h): %I, %o" if  logging  outofband  or  with
              hostranges.. See SEL LOG FORMAT STRING below for formatting details.

       --poll-interval=SECONDS
              Specify the poll interval to check the SEL for new events. Defaults to 300 seconds (i.e. 5 minutes).

       --log-facility=STRING
              Specify  the  log  facility  to  use.  Defaults  to  LOG_DAEMON.  Legal inputs are LOG_DAEMON, LOG_USER,
              LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7.

       --log-priority=STRING
              Specify the log priority to use. Defaults to LOG_ERR. Legal inputs are LOG_EMERG,  LOG_ALERT,  LOG_CRIT,
              LOG_ERR, LOG_WARNING, LOG_NOTICE, LOG_INFO, LOG_DEBUG.

       --cache-directory=DIRECTORY
              Specify  an  alternate cache directory location for ipmiseld to use. The cache directory will be used to
              cache a wide variety of data, including the SDR and recent logging information to ensure log entries are
              not missed on reboots and other system failures.

       --ignore-sdr
              Ignore  SDR  related processing. May lead to incomplete or less useful information being output, however
              it will allow functionality for systems without SDRs or when the correct SDR cannot be loaded.

       --re-download-sdr
              Re-download the SDR on start even if it is not out of date. This may help work around  systems  that  do
              not properly timestamp SDR modification times.

       --clear-sel
              On  startup, clear any SEL being monitored. May be useful the first time running ipmiseld to avoid warn-
              ing messages or SEL clears until a long time in the future.

       --threadpool-count=NUM
              Specify the number of threads for parallel SEL polling. This option is  very  similar  to  the  --fanout
              option  in  ipmi-sel(8)  but  the threads are created only once on initialization for faster processing.
              Defaults to 8, however the threadpool count will always be decreased if the number of nodes specified is
              less than the number of threads.

       --test-run
              Do  not daemonize, output the current SEL of configured hosts as a test of current settings and configu-
              ration.

       --foreground
              Run daemon in the foreground.

SEL LOG FORMAT STRING
       The output format of log messages can be adjusted via the --system-event-format, --oem-timestamped-event-format
       and  --oem-non-timestamped-event-format  options.  Options such as --interpret-oem-data, --entity-sensor-names,
       and --non-abbreviated-units can further adjust the output format.  The  following  conversion  directives  will
       allow the user to output specifics of each SEL event that occurs.

       For System, OEM timestamped, and OEM non-timestamped events

       %h - target host, useful if logging from multiple hosts

       %i - record ID in decimal

       %I - event state interpretation (NOMINAL, WARNING, or CRITICAL)

       For System and OEM timestamped events

       %t - time in format H:M:S using 24 hour clock

       %d - date in format D-M-YEAR

       For System events

       %T - sensor type

       %s - sensor name

       %e - event data 1 string

       %f - event data 2 string [2]

       %h - event data 3 string

       %c - combined event data 2 and event data 3 string

       %p - event data 2 previous state string

       %S - event data 2 severity string

       %E - combined event data 1, 2, and 3 string

       %k - event direction

       For OEM timestamped events

       %m - manufacturer id

       For OEM timestamped and OEM non-timestamped events

       %o - oem data in hex

       %O - OEM supplied string describing the event (depends on manufacturer)

HOSTRANGED SUPPORT
       Multiple hosts can be input either as an explicit comma separated lists of hosts or a range of hostnames in the
       general form: prefix[n-m,l-k,...], where n < m and l < k, etc. The later form should not be confused with regu-
       lar  expression  character  classes (also denoted by []). For example, foo[19] does not represent foo1 or foo9,
       but rather represents a degenerate range: foo19.

       This range syntax is meant only as a convenience on clusters with a prefixNN naming convention  and  specifica-
       tion  of  ranges should not be considered necessary -- the list foo1,foo9 could be specified as such, or by the
       range foo[1,9].

       Some examples of range usage follow:
           foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
           foo[7,9-10] instead of foo7,foo9,foo10
           foo[0-3] instead of foo0,foo1,foo2,foo3

       As a reminder to the reader, some shells will interpret brackets ([ and ]) for pattern matching.  Depending  on
       your shell, it may be necessary to enclose ranged lists within quotes.

       In-band IPMI Communication will be used when the host "localhost" is specified. This allows the user to add the
       localhost into the hostranged output.

GENERAL TROUBLESHOOTING
       Most often, IPMI problems are due to configuration problems.

       IPMI over LAN problems involve a misconfiguration of the remote machine's BMC.  Double check to make  sure  the
       following  are configured properly in the remote machine's BMC: IP address, MAC address, subnet mask, username,
       user enablement, user privilege, password, LAN privilege, LAN enablement, and allowed  authentication  type(s).
       For  IPMI  2.0  connections, double check to make sure the cipher suite privilege(s) and K_g key are configured
       properly. The bmc-config(8) tool can be used to check and/or change these configuration settings.

       Inband IPMI problems are typically caused by improperly configured drivers or non-standard BMCs.

       In addition to the troubleshooting tips below, please see WORKAROUNDS below to also if  there  are  any  vendor
       specific bugs that have been discovered and worked around.

       Listed  below  are  many  of  the  common issues for error messages.  For additional support, please e-mail the
       <freeipmi-usersATgnu.org> mailing list.

       "username invalid" - The username entered (or a NULL username if none was entered)  is  not  available  on  the
       remote machine. It may also be possible the remote BMC's username configuration is incorrect.

       "password  invalid" - The password entered (or a NULL password if none was entered) is not correct. It may also
       be possible the password for the user is not correctly configured on the remote BMC.

       "password verification timeout" - Password verification has timed out.  A "password invalid"  error  (described
       above)  or a generic "session timeout" (described below) occurred.  During this point in the protocol it cannot
       be differentiated which occurred.

       "k_g invalid" - The K_g key entered (or a NULL K_g key if none was entered) is not correct. It may also be pos-
       sible the K_g key is not correctly configured on the remote BMC.

       "privilege  level  insufficient"  - An IPMI command requires a higher user privilege than the one authenticated
       with. Please try to authenticate with a higher privilege. This may require authenticating to a  different  user
       which has a higher maximum privilege.

       "privilege  level  cannot  be  obtained for this user" - The privilege level you are attempting to authenticate
       with is higher than the maximum allowed for this user. Please try again with a lower privilege. It may also  be
       possible the maximum privilege level allowed for a user is not configured properly on the remote BMC.

       "authentication type unavailable for attempted privilege level" - The authentication type you wish to authenti-
       cate with is not available for this privilege level. Please try again with an alternate authentication type  or
       alternate privilege level. It may also be possible the available authentication types you can authenticate with
       are not correctly configured on the remote BMC.

       "cipher suite id unavailable" - The cipher suite id you wish to authenticate  with  is  not  available  on  the
       remote  BMC.  Please  try again with an alternate cipher suite id. It may also be possible the available cipher
       suite ids are not correctly configured on the remote BMC.

       "ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote machine. Please try to use IPMI 1.5 instead.

       "connection  timeout" - Initial IPMI communication failed. A number of potential errors are possible, including
       an invalid hostname specified, an IPMI IP address cannot be resolved, IPMI is not enabled on the remote server,
       the network connection is bad, etc. Please verify configuration and connectivity.

       "session timeout" - The IPMI session has timed out. Please reconnect.  If this error occurs often, you may wish
       to increase the retransmission timeout. Some remote BMCs are considerably slower than others.

       "device not found" - The specified device could not be found. Please check  configuration  or  inputs  and  try
       again.

       "driver timeout" - Communication with the driver or device has timed out. Please try again.

       "message timeout" - Communication with the driver or device has timed out. Please try again.

       "BMC busy" - The BMC is currently busy. It may be processing information or have too many simultaneous sessions
       to manage. Please wait and try again.

       "could not find inband device" - An inband device could not be found.  Please check  configuration  or  specify
       specific device or driver on the command line.

       "driver timeout" - The inband driver has timed out communicating to the local BMC or service processor. The BMC
       or service processor may be busy or (worst case) possibly non-functioning.

IPMISELD TROUBLESHOOTING
       Some timestamps in the SEL may report a date of 1-Jan-1970, the epoch for SEL timestamps. This timestamp is not
       necessarily  incorrect.  It usually indicates a hardware event that occurred before a timestamp in firmware has
       been initialized. For example, certain hardware components will have their internal clocks reset during a power
       cycle.

       However,  if the internal clock of the SEL appears to be regularly incorrect, you may need to set the SEL time.
       This can be done using bmc-device(8).

       The following are common SEL related messages.

       "sel config file parse error" - A parse error was found in the sel  event  interpretation  configuration  file.
       Please see freeipmi_interpret_sel.conf(5).

WORKAROUNDS
       With  so  many  different  vendors implementing their own IPMI solutions, different vendors may implement their
       IPMI protocols incorrectly. The following describes a number of workarounds currently available to handle  dis-
       covered  compliance issues. When possible, workarounds have been implemented so they will be transparent to the
       user. However, some will require the user to specify a workaround be used via the -W option.

       The hardware listed below may only indicate the hardware that a problem was discovered on.  Newer  versions  of
       hardware  may  fix  the problems indicated below. Similar machines from vendors may or may not exhibit the same
       problems. Different vendors may license their firmware from the same IPMI firmware  developer,  so  it  may  be
       worthwhile to try workarounds listed below even if your motherboard is not listed.

       If  you  believe  your  hardware  has an additional compliance issue that needs a workaround to be implemented,
       please contact the FreeIPMI maintainers on <freeipmi-usersATgnu.org> or <freeipmi-develATgnu.org>.

       assumeio - This workaround flag will assume inband interfaces communicate with system  I/O  rather  than  being
       memory-mapped.  This  will work around systems that report invalid base addresses. Those hitting this issue may
       see "device not supported" or "could not find inband device" errors.  Issue observed on HP ProLiant DL145 G1.

       spinpoll - This workaround flag will inform some inband drivers (most notably the KCS  driver)  to  spin  while
       polling rather than putting the process to sleep. This may significantly improve the wall clock running time of
       tools because an operating system scheduler's granularity may be much larger than the time it takes to  perform
       a  single IPMI message transaction. However, by spinning, your system may be performing less useful work by not
       contexting out the tool for a more useful task.

       authcap - This workaround flag will skip early checks for username capabilities,  authentication  capabilities,
       and  K_g  support and allow IPMI authentication to succeed. It works around multiple issues in which the remote
       system does not properly report username capabilities, authentication capabilities, or K_g status.  Those  hit-
       ting this issue may see "username invalid", "authentication type unavailable for attempted privilege level", or
       "k_g invalid" errors.  Issue observed on Asus P5M2/P5MT-R/RS162-E4/RX4,  Intel  SR1520ML/X38ML,  and  Sun  Fire
       2200/4150/4450 with ELOM.

       idzero  -  This workaround flag will allow empty session IDs to be accepted by the client. It works around IPMI
       sessions that report empty session IDs to the client. Those  hitting  this  issue  may  see  "session  timeout"
       errors. Issue observed on Tyan S2882 with M3289 BMC.

       unexpectedauth  -  This  workaround  flag will allow unexpected non-null authcodes to be checked as though they
       were expected. It works around an issue when packets contain non-null authentication data when they  should  be
       null  due  to  disabled  per-message authentication. Those hitting this issue may see "session timeout" errors.
       Issue observed on Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.

       forcepermsg - This workaround flag will force per-message authentication to be used no matter  what  is  adver-
       tised  by the remote system. It works around an issue when per-message authentication is advertised as disabled
       on the remote system, but it is actually required for the protocol. Those hitting this issue may  see  "session
       timeout" errors.  Issue observed on IBM eServer 325.

       endianseq  -  This workaround flag will flip the endian of the session sequence numbers to allow the session to
       continue properly. It works around IPMI 1.5 session sequence numbers that are the wrong endian.  Those  hitting
       this  issue  may see "session timeout" errors. Issue observed on some Sun ILOM 1.0/2.0 (depends on service pro-
       cessor endian).

       noauthcodecheck - This workaround flag will tell FreeIPMI to not check the authentication codes  returned  from
       IPMI  1.5  command  responses. It works around systems to return invalid authentication codes due to hashing or
       implementation errors. Users are cautioned on the use of this option, as it  removes  an  authentication  check
       verifying  the  validity  of a packet. However, in most organizations, this is unlikely to be a security issue.
       Those hitting this issue may see "connection timeout", "session timeout", or  "password  verification  timeout"
       errors.  Issue observed on Xyratex FB-H8-SRAY.

       intel20  -  This workaround flag will work around several Intel IPMI 2.0 authentication issues. The issues cov-
       ered include padding of usernames, and password truncation if the  authentication  algorithm  is  HMAC-MD5-128.
       Those  hitting  this  issue  may  see  "username  invalid",  "password invalid", or "k_g invalid" errors. Issue
       observed on Intel SE7520AF2 with Intel Server Management Module (Professional Edition).

       supermicro20 - This workaround flag will work around several Supermicro IPMI 2.0 authentication issues on moth-
       erboards  w/  Peppercon IPMI firmware. The issues covered include handling invalid length authentication codes.
       Those hitting this issue may see "password invalid" errors.  Issue observed  on  Supermicro  H8QME  with  SIMSO
       daughter card. Confirmed fixed on newerver firmware.

       sun20  - This workaround flag will work work around several Sun IPMI 2.0 authentication issues. The issues cov-
       ered include invalid lengthed hash keys, improperly hashed keys, and invalid cipher suite records.  Those  hit-
       ting  this  issue  may see "password invalid" or "bmc error" errors.  Issue observed on Sun Fire 4100/4200/4500
       with ILOM.  This workaround automatically includes the "opensesspriv" workaround.

       opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI 2.0 connection protocol  to  workaround
       an  invalid hashing algorithm used by the remote system. The privilege level sent during the Open Session stage
       of an IPMI 2.0 connection is used for hashing keys instead of the privilege level sent during the RAKP1 connec-
       tion  stage.  Those hitting this issue may see "password invalid", "k_g invalid", or "bad rmcpplus status code"
       errors.  Issue observed on Sun Fire 4100/4200/4500 with ILOM, Inventec 5441/Dell Xanadu II,  Supermicro  X8DTH,
       Supermicro  X8DTG,  Intel  S5500WBV/Penguin  Relion  700,  Intel S2600JF/Appro 512X, and Quanta QSSC-S4R//Appro
       GB812X-CN. This workaround is automatically triggered with the "sun20" workaround.

       integritycheckvalue - This workaround flag will work around an invalid integrity check value during an IPMI 2.0
       session  establishment  when using Cipher Suite ID 0. The integrity check value should be 0 length, however the
       remote motherboard responds with a non-empty field. Those hitting this issue  may  see  "k_g  invalid"  errors.
       Issue  observed  on  Supermicro  X8DTG,  Supermicro  X8DTU,  and  Intel  S5500WBV/Penguin Relion 700, and Intel
       S2600JF/Appro 512X.

       assumesystemevent - This workaround option will assume invalid SEL  record  types  are  system  event  records.
       Records  may  be formatted correctly but report invalid record types. Those hitting this issue may see "Unknown
       SEL Record Type" errors. Output may be unknown, pray for the best. This option is confirmed to work around com-
       pliances issues on HP DL 380 G5 motherboards.

       No  IPMI  1.5  Support - Some motherboards that support IPMI 2.0 have been found to not support IPMI 1.5. Those
       hitting this issue may see "ipmi 2.0 unavailable" or "connection timeout" errors.  This  issue  can  be  worked
       around  by using IPMI 2.0 instead of IPMI 1.5 by specifying --driver-address=LAN_2_0. Issue observed on HP Pro-
       liant DL 145.

OEM INTERPRETATION
       The following motherboards are confirmed to have atleast some support by the --interpret-oem-data option. While
       highly  probable  the  OEM  data interpretations would work across other motherboards by the same manufacturer,
       there are no guarantees. Some of the motherboards below may be rebranded by vendors/distributors.

       Dell Poweredge 2900, Dell Poweredge 2950, Dell Poweredge R610, Dell Poweredge R710, Fujitsu iRMC S1 and iRMC S2
       systems,  Intel  S5500WB/Penguin  Computing  Relion  700,  Intel  S2600JF/Appro  512X, Intel S5000PAL, Inventec
       5441/Dell Xanadu II, Inventec 5442/Dell Xanadu III, Quanta S99Q/Dell FS12-TY, Quanta QSSC-S4R/Approp GB812X-CN,
       Sun  X4140  Supermicro  X7DBR-3,  Supermicro  X7DB8,  Supermicro X8DTN, Supermicro X7SBI-LN4, Supermicro X8DTH,
       Supermicro X8DTG, Supermicro X8DTU, Supermicro X8DT3-LN4F, Supermicro X8DTU-6+,  Supermicro  X8DTL,  Supermicro
       X8DTL-3F, Supermicro X8SIL-F, Supermicro X9SCL, Supermicro X9SCM, Supermicro X8DTN+-F, Supermicro X8SIE, Super-
       micro X9SCA-F-O, Supermicro H8DGU-F, Supermicro X9DRi-F.

KNOWN ISSUES
       On older operating systems, if you input your username,  password,  and  other  potentially  security  relevant
       information  on  the  command line, this information may be discovered by other users when using tools like the
       ps(1) command or looking in the /proc file system. It is generally more secure to  input  password  information
       with options like the -P or -K options. Configuring security relevant information in the FreeIPMI configuration
       file would also be an appropriate way to hide this information.

       In order to prevent brute force attacks, some BMCs will temporarily "lock up" after a number of remote  authen-
       tication  errors.  You  may  need  to  wait  awhile in order to this temporary "lock up" to pass before you may
       authenticate again.

FILES
       /etc//ipmiseld.conf /var/cache/ipmiseld/

REPORTING BUGS
       Report bugs to <freeipmi-usersATgnu.org> or <freeipmi-develATgnu.org>.

COPYRIGHT
       Copyright (C) 2012 Lawrence Livermore National Security, LLC.

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Pub-
       lic  License as published by the Free Software Foundation; either version 3 of the License, or (at your option)
       any later version.

SEE ALSO
       freeipmi(7), ipmi-sel(8), ipmiseld.conf(5), bmc-config(8), bmc-device(8), freeipmi_interpret_sel.conf(5)

       http://www.gnu.org/software/freeipmi/



ipmiseld 1.2.1                    2017-03-22                       ipmiseld(8)