What is the function of the cimserver daemon?
The cimserver daemon is simply a server daemon that allows connections using the Common Information Model. It's typically used by vendors and OEMs as a way for their management and monitoring software and/or services to connect to their servers.
HP uses it for their WBEM Services, IBM uses it (among other things) for their Performance Expert DB2 monitoring software, Cisco uses it for SAN management, VMware uses it for hardware monitoring, Dell uses it for their OpenManage remote management and server monitoring packages (though I can't find a link for that which isn't a .pdf), and other vendors and OEMs use it for similar purposes.
You haven't provided enough inofrmation to determine precisely what it's being used for on your system, or diagnose the errors, except to say that it expecting to connect to something on port 49152, and can't, hence the error.
Related videos on Youtube
Matthew Salsamendi
Updated on September 18, 2022Comments
-
Matthew Salsamendi over 1 year
I noticed in /var/log/messsages a process 'cimserver' was logging some interesting messages:
Nov 27 15:33:37 lb-web-standby cimserver[2250]: Failed to deliver an indication: Cannot connect to the-hostname-of-the-server-im-current-on:49152. Connection failed. Nov 27 15:33:37 lb-web-standby cimserver[2250]: Failed to deliver an indication: Invalid locator: the-hostname-of-the-server-im-current-on:49152
I did a little digging and I was able to find a command reference for cimserver online, but no details as to what task it specifically performs. I know that CIM stands for the Common Information Model in computing, but I don't understand why there is a daemonized task running on our box related to this. What exactly does this process do and why is it giving connection errors in the log?
-
Andrew Schulman over 9 yearsWhat does this have to do with the question?
-
chrstphrmllr over 9 yearsMaybe the port is being attacked with the vulnerability in the SM boards through the CIM module? It was more research point as the OP is unsure of the origin of these failures. Any unknown attempts to connect to a port should be viewed as a possible* attack. I thought it was relevant. If I am mistaken could you let me know why this is not relevant so I can understand my error. Thanks you.
-
Bacon Bits almost 8 yearsThis is wholly unrelated to the question. ServerFault is not a discussion forum.