Dell iDRAC¶
About¶
Dell iDRAC is Dell's embedded server management controller that provides remote administration and monitoring capabilities independent of the host operating system. Supported logs include authentication events, user activity, configuration changes, hardware alerts, system health events, and administrative actions performed through the iDRAC interface.
Product Details¶
Vendor URL: Dell iDRAC
Product Type: Server Management Platform
Product Tier: Tier III
Integration Method: Bindplane
Log Guide: N/A
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: Near 100%
Data Label: IDRAC
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| Category | security_result.category_details |
| MessageID | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| login | USER_LOGIN |
| logout | USER_LOGOUT |
| all | GENERIC_EVENT |
Log Sample¶
<174>1 2026-06-02T03:16:41.476248-05:00 idrac-server01.example.local worker_process_7 3456 - - Informational, Category: Audit, MessageID: USR0030, Message: Successfully logged in using root, from 192.0.2.100 and REDFISH.
Sample Parsing¶
metadata.event_timetsamp = "2026-06-02T03:16:41.476248Z"
metadata.event_type = "USER_LOGIN"
principal.user.userid = "root"
principal.ip = "192.0.2.100"
target.resource.name = "REDFISH"
observer.hostname = "idrac-server01.example.local"
additional.fields["message_id"] = "USR0030"
security_result.category_detail = "Audit"
security_result.action = "ALLOW"
security.result.severity = "LOW"