Network Working Group Glenn Mansfield Keeni INTERNET-DRAFT Cyber Solutions Inc. Expires: July 2, 2003 B. Pape Enterasys Networks January 3, 2003 Syslog MIB Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on July 2, 2003. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo provides a MIB module that can be used to monitor and manage syslog processes. In addition it defines objects that allow the collection of statistics related to the generation of syslog messages. And finally it provides a means for controlling the messages that individual applications on a device will generate. Expires: July 2, 2003 [Page 1] Internet Draft January 3, 2003 Table of Contents 1. The SNMP Management Framework .................. 3 2. Background ..................................... 3 3. The MIB Design ................................. 4 4. The Syslog MIB ................................. 5 5. Intellectual Property Notice ...................39 6 Acknowledgments ................................39 7. Security Considerations ........................39 8. References .....................................40 9. Full Copyright Statement .......................42 10. Authors Address ................................43 Expires: July 2, 2003 [Page 2] Internet Draft January 3, 2003 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. This document defines a portion of the Management Information Base (MIB) for use with management protocols in the Internet community. In particular, this document describes managed objects used for configuring and monitoring syslog processes that handle syslog messages. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 2. Background Operating systems, processes and applications generate messages indicating their own status or the occurance of events. These messages are useful for managing and/or debugging the network and its services. The BSD Syslog protocol is a widely adopted protocol that is used for transmission and processing of the messages. Essentially, a syslog process receive messages (from the kernel, processes, applications or other syslog processes) and processes those. The processing involves logging to a local file, displaying on console, user terminal, and/or relaying to syslog processes on other machines. The processing is determined by the "facility" that originated the message and the "severity" assigned to the message by the facility. This document defines a generic MIB that may be used to monitor and control one or more syslog processes running on a system. Expires: July 2, 2003 [Page 3] Internet Draft January 3, 2003 / +------+ / | SP-1 |------> SP-R1 /+------+ \ Facility-1-->| / -->| / +------+ / Facility-N-->|+---| SP-2 |------> SP-R2 -->| \ +------+ \ SyslogHost-N-->| \ \+------+ / | SP-N |------> SP-RN +------+ \ \ Facility: Facility originating the message (locally) SyslogHost: Remote SyslogHost relaying a message SP: Syslog Process Fig.1 Syslog Process Model The syslog process modelled by the MIB is shown in Fig.1. One or more syslog processes running on a system receive syslog messages from the local facilities and from other syslog processes on other hosts. The syslog process receives the message and processes it depending on the processing mandated for the facility and severity of the message in its local message-process configuration table. 3. The MIB Design. The purpose of the SyslogMIB is to allow the monitoring and control of the syslog process(es) on a system. This requires MOs representing o Statistics on messages, received, processed locally, relayed, o Syslog system wide parameters that are available to all syslog processes. o Syslog run time parameters for each syslog process e.g. - maximum message size, - sockets and/or type of transport, port numbers on which the process will listen for messages, etc. - etc. o Rules for selecting messages and applying the corresponding specified actions for each syslog process The MIB comprises of four groups o The syslogSystem group handles the system wide parameters Expires: July 2, 2003 [Page 4] Internet Draft January 3, 2003 that applies to all the syslog processes served by the SNMP agent. o The syslog process group consisting of the - syslogStatsTable which deals with statistical information about the syslog processes. - syslogParamsTable for monitoring and controlling syslog processes. It contains MOs representing the run-time parameters of the syslog processes. o The syslog control group which handles the definition of the rules for message selection and action(s) that will be carried out on the selected message. The tables in this group represent the rules that would generally be present in the syslog.conf file of traditional syslogd process. The control group consists of - a syslogCtlSelectionTable which defines the message selection rule. - several action tables viz. + syslogCtlLogActionTable defining the logging actions + syslogCtlUserActionTable defining the users on whose console the message will need to be displayed. + syslogCtlForwardActionTable defining destinations to which a message will be forwarded o The conformance group that defines the compliance statements. Expires: July 2, 2003 [Page 5] Internet Draft January 3, 2003 4. The Syslog MIB DRAFT-IETF-SYSLOG-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, Integer32, mib-2 FROM SNMPv2-SMI RowStatus, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; syslogMIB MODULE-IDENTITY LAST-UPDATED "200212252343Z" -- Wed December 25 23:43 GMT 2002 ORGANIZATION "IETF Syslog Working Group" CONTACT-INFO " Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com Bruno Pape Postal: Enterasys Networks, Inc. 35 Industrial Way Rochester, NH 03867 Tel: +1 603 337 0446 Email: bpape@enterasys.com" DESCRIPTION "The MIB module pertaining to the reception and processing of Syslog compatible messages." REVISION "200212252343Z" -- Wed December 25 23:43 GMT 2002 DESCRIPTION "Radical revision of the MIB structure and design." REVISION "200206061841Z" -- Thu Jun 6 18:41 GMT 2002 DESCRIPTION "The initial version of this MIB module." ::= { mib-2 999999 } -- Will be assigned by IANA Expires: July 2, 2003 [Page 6] Internet Draft January 3, 2003 -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- SyslogFacility ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the facilities that originate syslog messages. The value noMap(24) indicates that the appropriate facility will be provided by the individual applications on the managed entity. If this option is not available on a particular entity attempt set the facillity to this value will fail with an error-status of wrongValue." SYNTAX INTEGER { kernel (0), -- kernel messages user (1), -- user-level messages mail (2), -- mail system daemon (3), -- system daemons auth (4), -- authorization messages syslog (5), -- messages generated by syslogd lpr (6), -- line printer subsystem news (7), -- network news subsystem uucp (8), -- UUCP subsystem cron (9), -- clock daemon authPriv (10),-- authorization messages -- (private) ftp (11),-- ftp daemon ntp (12),-- NTP subsystem security (13),-- security subsystems -- (firewalling, etc.) console (14),-- /dev/console output local0 (16), local1 (17), local2 (18), local3 (19), local4 (20), local5 (21), local6 (22), local7 (23), noMap (99) } Expires: July 2, 2003 [Page 7] Internet Draft January 3, 2003 SyslogSeverity ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the severity levels of syslog messages. The syslog protocol uses the values 0 (emergency), to 7 (debug)." SYNTAX INTEGER { emergency (0), -- system is unusable alert (1), -- action must be taken -- immediately critical (2), -- critical conditions error (3), -- error conditions warning (4), -- warning conditions notice (5), -- normal but significant -- condition info (6), -- informational debug (7), -- debug-level messages other (99) -- None of the above } SyslogSeverityCompOP ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The operator that will be applied to the severity in before the selection for an action takes place. " SYNTAX INTEGER { none (1), greaterThanOrEqual (2), lessThanOrEqual (3), greaterThan (4), lessThan (5), notGreaterThanOrEqual (6), notLessThanOrEqual (7), notGreaterThan (8), notLessThan (9), equal (10), notEqual (11) } Expires: July 2, 2003 [Page 8] Internet Draft January 3, 2003 SyslogTransport ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Transport that will be used to send and/or receive messages. " SYNTAX INTEGER { other (1), udp (2), tcp (3) } SyslogService ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The service name or port number that will be used to send and/or receive messages. The special name ''any'' is reserved. It denotes all ports and is applicable only in the context of message reception. In case the service name is given, and it not ''any'', the service name must resolve to a port number on the local host. " SYNTAX OCTET STRING (SIZE (0..255)) -- ------------------------------------------------------------- -- syslogMIB - the main groups -- ------------------------------------------------------------- syslogSystem OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogProc OBJECT IDENTIFIER ::= { syslogMIB 2 } syslogControl OBJECT IDENTIFIER ::= { syslogMIB 3 } Expires: July 2, 2003 [Page 9] Internet Draft January 3, 2003 -- ------------------------------------------------------------- -- syslogSystem -- ------------------------------------------------------------- -- The system wide parameters syslogDefaultTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-write STATUS current DESCRIPTION "The default transport that a syslog process will use to send syslog messages. " DEFVAL {udp} ::= { syslogSystem 1 } syslogDefaultService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-write STATUS current DESCRIPTION "The default service name or port number that a syslog process will use to send syslog messages. " DEFVAL { "514" } ::= { syslogSystem 2 } syslogDefaultFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog facility that will be added to syslog messages when the message needs to be relayed and does not have priority specified. " ::= { syslogSystem 3 } Expires: July 2, 2003 [Page 10] Internet Draft January 3, 2003 syslogDefaultSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog severity that will be added to syslog messages when the message needs to be relayed and does not have priority specified. " ::= { syslogSystem 4 } syslogMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The the maximum size of the syslog messages in bytes. " DEFVAL { 1024 } ::= { syslogSystem 5 } -- ------------------------------------------------------------- -- syslogProc -- ------------------------------------------------------------- syslogProcTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the syslog processes serviced by an SNMP agent. " ::= { syslogProc 1 } syslogProcEntry OBJECT-TYPE SYNTAX SyslogProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information pertaining to a syslog process. " INDEX { syslogProcIndex } ::= { syslogProcTable 1 } Expires: July 2, 2003 [Page 11] Internet Draft January 3, 2003 SyslogProcEntry ::= SEQUENCE { syslogProcIndex Integer32, syslogProcMsgsReceived Counter32, syslogProcMsgsRelayed Counter32, syslogProcMsgsDropped Counter32, syslogProcMsgsIgnored Counter32, syslogProcMsgsRejected Counter32, syslogProcLastMsgRecdTime TimeStamp, syslogProcLastMsgDeliveredTime TimeStamp } -- option for allowed peers needs to be added syslogProcIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog process in the syslogProcess table. " ::= { syslogProcEntry 1 } syslogProcMsgsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog process. This includes messages that were ignored. " ::= { syslogProcEntry 2 } Expires: July 2, 2003 [Page 12] Internet Draft January 3, 2003 syslogProcMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog process to other syslog processes. " ::= { syslogProcEntry 3 } syslogProcMsgsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that could not be relayed (could not be queued for transmitting)." ::= { syslogProcEntry 4 } syslogProcMsgsIgnored OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were not processed by the syslog process because the message did not meet the specification of 'allowed specifications' ( either the program name or the priority level of the message or both did not match any selection specified for this process in the syslogCtlSelectionTable). " ::= { syslogProcEntry 5 } syslogProcMsgsRejected OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were rejected by the syslog process because the messsage was from a host/service that did not match any selection specified for this process in the syslogCtlSelectionTable and was not on the allowed host/services list. " ::= { syslogProcEntry 6 } Expires: July 2, 2003 [Page 13] Internet Draft January 3, 2003 syslogProcLastMsgRecdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was received by the syslog process locally or from a remote syslog process. " ::= { syslogProcEntry 7 } syslogProcLastMsgDeliveredTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was delivered by the syslog process. " ::= { syslogProcEntry 8 } syslogParamsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the parameters that control the syslog processes. " ::= { syslogProc 2 } syslogParamsEntry OBJECT-TYPE SYNTAX SyslogParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The parameters pertaining to a syslog process." INDEX { syslogProcIndex } ::= { syslogParamsTable 1 } Expires: July 2, 2003 [Page 14] Internet Draft January 3, 2003 SyslogParamsEntry ::= SEQUENCE { syslogParamsProcDescr SnmpAdminString, syslogParamsBindAddrType InetAddressType, syslogParamsBindAddr InetAddress, syslogParamsSendToAllAddresses INTEGER, syslogParamsCompression INTEGER, syslogParamsConfFileName SnmpAdminString, syslogParamsFacilityTranslation INTEGER, syslogParamsPIDFileName SnmpAdminString, syslogParamsDNSLookup INTEGER, syslogParamsSeverityCompOP SyslogSeverityCompOP, syslogParamsSecuritySpecs INTEGER, syslogParamsProcessStatus INTEGER, syslogParamsRowStatus RowStatus } syslogParamsProcDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A description of the syslog process. " ::= { syslogParamsEntry 1 } Expires: July 2, 2003 [Page 15] Internet Draft January 3, 2003 syslogParamsBindAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogParamsBindAddr. " ::= { syslogParamsEntry 2 } syslogParamsBindAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The specific IP address or hostname the syslog process will bind to. If a hostname is specified, the IPv4 or IPv6 address which corresponds to will be used. " ::= { syslogParamsEntry 3 } syslogParamsSendToAllAddresses OBJECT-TYPE SYNTAX INTEGER { false (0), true (1) } MAX-ACCESS read-create STATUS current DESCRIPTION "If the destination host, for a message to be forwarded, has more than one A or AAAA record process, Send the message to all the addresses (true) else send to only one of the addresses. " DEFVAL { false } ::= { syslogParamsEntry 4 } Expires: July 2, 2003 [Page 16] Internet Draft January 3, 2003 syslogParamsCompression OBJECT-TYPE SYNTAX INTEGER { off (1), offIfPipe (2), on (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If 'off', disable the compression of repeated instances of the same line into a single line of the form ``last message repeated N times''. If 'offIfPipe' disable the compression when the output is a pipe to another program. Otherwise the compression is enabled. " DEFVAL { on } ::= { syslogParamsEntry 5 } syslogParamsConfFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the configuration file where the syslog process's message selection and corresponding action rules will be read from and stored. " DEFVAL { "/etc/syslog.conf" } ::= { syslogParamsEntry 6 } syslogParamsFacilityTranslation OBJECT-TYPE SYNTAX INTEGER { off (1), on (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If off, disable Disable the translation of messages received with facility ``kern'' to facility ``user''. Usually the ``kern'' facility is reserved for messages read directly from /dev/klog. " DEFVAL { on } ::= { syslogParamsEntry 7 } Expires: July 2, 2003 [Page 17] Internet Draft January 3, 2003 syslogParamsPIDFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the file where the syslog process ID will be recorded. " DEFVAL { "/etc/syslog.conf" } ::= { syslogParamsEntry 8 } syslogParamsDNSLookup OBJECT-TYPE SYNTAX INTEGER { useLocalCache (1), doNotUseLocalCache (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If doNotUseLocalCache is on, fresh DNS lookups will be carried out everytime a hostname is encountered. Else, DNS lookups will be carried it only once for each hostname. " DEFVAL { useLocalCache } ::= { syslogParamsEntry 9 } syslogParamsSeverityCompOP OBJECT-TYPE SYNTAX SyslogSeverityCompOP MAX-ACCESS read-create STATUS current DESCRIPTION "The default value of the operator that should apply to the syslogCtlSelectionSeverity in before the selection takes place. " DEFVAL { greaterThanOrEqual } ::= { syslogParamsEntry 10 } Expires: July 2, 2003 [Page 18] Internet Draft January 3, 2003 syslogParamsSecuritySpecs OBJECT-TYPE SYNTAX INTEGER { none (0), doNotRecvFromRemoteHosts (1), doNotOpenNetworkSockets (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "If doNotRecvFromRemoteHosts is selected then the corresponding syslog process will receive messages from remote hosts. If doNotOpenNetworkSockets is selected then the syslog process will not receive from or forward to remote hosts. " DEFVAL { none } ::= { syslogParamsEntry 11 } syslogParamsProcessStatus OBJECT-TYPE SYNTAX INTEGER { unknown (0), started (1), stopped (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "''started'' indicates that the process should be started if it is not already running. ''stopped'' indicates that the process should be stopped if it is running. " DEFVAL { unknown } ::= { syslogParamsEntry 12 } syslogParamsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogParamsTable. " ::= { syslogParamsEntry 13 } Expires: July 2, 2003 [Page 19] Internet Draft January 3, 2003 syslogAllowedHostsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the Hosts from which messages will be accepted (rejected). " ::= { syslogProc 3 } syslogAllowedHostsEntry OBJECT-TYPE SYNTAX SyslogAllowedHostsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The host information." INDEX { syslogProcIndex } ::= { syslogAllowedHostsTable 1 } SyslogAllowedHostsEntry ::= SEQUENCE { syslogAllowedHostsAddressType InetAddressType, syslogAllowedHostsAddress InetAddress, syslogAllowedHostsMaskLen Integer32, syslogAllowedHostsTransport SyslogTransport, syslogAllowedHostsPort SyslogService, syslogAllowedHostsRowStatus RowStatus } syslogAllowedHostsAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogAllowedHostsAddress. " ::= { syslogAllowedHostsEntry 1 } Expires: July 2, 2003 [Page 20] Internet Draft January 3, 2003 syslogAllowedHostsAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address or hostname specification of the host from which the syslog process will accept messages. " ::= { syslogAllowedHostsEntry 2 } syslogAllowedHostsMaskLen OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "If the syslogAllowedHostsAddressType is ipv4(1), ipv6(2) this object represents the number of bits that will be taken into account when the address of the originating is being compared with syslogAllowedHostsAddress. The default value of this MO will be the length of the corresponding syslogAllowedHostsAddress. If the syslogAllowedHostsAddressType is not ipv4(1) or ipv6(2) this object is not used. " ::= { syslogAllowedHostsEntry 3 } syslogAllowedHostsTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-create STATUS current DESCRIPTION "The Transport specification that will be used to decide whether the messsage will be accepted from a host or not. " DEFVAL { udp } ::= { syslogAllowedHostsEntry 4 } Expires: July 2, 2003 [Page 21] Internet Draft January 3, 2003 syslogAllowedHostsPort OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-create STATUS current DESCRIPTION "The Port specification that will be used to decide whether the messsage will be accepted from a host or not. " DEFVAL { "any" } ::= { syslogAllowedHostsEntry 5 } syslogAllowedHostsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogAllowedHostsTable. " ::= { syslogAllowedHostsEntry 6 } -- ------------------------------------------------------------- -- syslogControl -- ------------------------------------------------------------- -- This group defines the rules for message selection and the -- action that will be carried out on the selected messages. -- The tables in this group represent the rules that would -- generally be present in the syslog.conf -- syslogCtlSelectionTable: -- This table defines the message selection rules for an action -- Each row maps a part of the "selector" field in the syslogd.conf -- that is traditionally input to the syslogd process syslogCtlSelectionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlSelectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which defines the rules for selection of syslog messages for some specified actions. " ::= { syslogControl 1 } Expires: July 2, 2003 [Page 22] Internet Draft January 3, 2003 syslogCtlSelectionEntry OBJECT-TYPE SYNTAX SyslogCtlSelectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information to generate syslog messages to an aggregating agent or collector. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlSelectionIndex } ::= { syslogCtlSelectionTable 1 } SyslogCtlSelectionEntry ::= SEQUENCE { syslogCtlActionIndex Integer32, syslogCtlSelectionIndex Integer32, syslogCtlSelectionDescr SnmpAdminString, syslogCtlSelectionHostNameIncl INTEGER, syslogCtlSelectionHostname SnmpAdminString, syslogCtlSelectionProgNameIncl INTEGER, syslogCtlSelectionProgName SnmpAdminString, syslogCtlSelectionPriorityIncl INTEGER, syslogCtlSelectionFacility SyslogFacility, syslogCtlSelectionSeverity SyslogSeverity, syslogCtlSelectionSeverityCompOP SyslogSeverityCompOP, syslogCtlSelectionRowStatus RowStatus } Expires: July 2, 2003 [Page 23] Internet Draft January 3, 2003 syslogCtlActionIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies an action group in the Table. " ::= { syslogCtlSelectionEntry 1 } syslogCtlSelectionIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies the row within the set of rows belonging to the same action group. " ::= { syslogCtlSelectionEntry 2 } syslogCtlSelectionDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A description of the Selection " ::= { syslogCtlSelectionEntry 3 } syslogCtlSelectionHostNameIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the corresponding instance of syslogCtlSelectionHostName define a hostname which is included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 4 } Expires: July 2, 2003 [Page 24] Internet Draft January 3, 2003 syslogCtlSelectionHostname OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The hostname represented by the row. An asterisk indicates all hosts. " DEFVAL { "*" } ::= { syslogCtlSelectionEntry 5 } syslogCtlSelectionProgNameIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the corresponding instance of syslogCtlSelectionProgName define a program name which is included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 6 } syslogCtlSelectionProgName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The program name represented by the row. An asterisk indicates all hosts. " DEFVAL { "*" } ::= { syslogCtlSelectionEntry 7 } Expires: July 2, 2003 [Page 25] Internet Draft January 3, 2003 syslogCtlSelectionPriorityIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the corresponding instances of syslogCtlSelectionFacility and syslogCtlSelectionSeverity define a priority which is included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 8 } syslogCtlSelectionFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-create STATUS current DESCRIPTION "The facility represented by the row. " ::= { syslogCtlSelectionEntry 9 } syslogCtlSelectionSeverityCompOP OBJECT-TYPE SYNTAX SyslogSeverityCompOP MAX-ACCESS read-create STATUS current DESCRIPTION "Represents the operator that should apply to the syslogCtlSelectionSeverity MO before the selection takes place. " DEFVAL { greaterThanOrEqual } ::= { syslogCtlSelectionEntry 10 } syslogCtlSelectionSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-create STATUS current DESCRIPTION "The severity represented by the row. " ::= { syslogCtlSelectionEntry 11 } Expires: July 2, 2003 [Page 26] Internet Draft January 3, 2003 syslogCtlSelectionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlSelectionTable. " ::= { syslogCtlSelectionEntry 12 } -- ------------------------------------------------------------- -- syslogCtlActionTable -- ------------------------------------------------------------- -- This table defines the Logging action for a selection from -- syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). syslogCtlLogActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlLogActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing Syslog LogAction Entries." ::= { syslogControl 2 } syslogCtlLogActionEntry OBJECT-TYPE SYNTAX SyslogCtlLogActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information to generate syslog messages to an aggregating agent or collector. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { syslogProcIndex, syslogCtlActionIndex} ::= { syslogCtlLogActionTable 1 } SyslogCtlLogActionEntry ::= SEQUENCE { syslogCtlLogActionFileName SnmpAdminString, syslogCtlLogActionRowStatus RowStatus } Expires: July 2, 2003 [Page 27] Internet Draft January 3, 2003 syslogCtlLogActionFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the file in which the message will be logged. This file should be existing before the syslog process attempts to append messages to it. " ::= { syslogCtlLogActionEntry 1 } syslogCtlLogActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlLogTable." ::= { syslogCtlLogActionEntry 2 } -- ------------------------------------------------------------- -- syslogUserActionTable -- ------------------------------------------------------------- -- This table defines the user notification action for a selection -- from syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). syslogCtlUserActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlUserActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing list of users to whom a notification will be sent (by displaying the message on the users' console, if the user is logged in. " ::= { syslogControl 3 } Expires: July 2, 2003 [Page 28] Internet Draft January 3, 2003 syslogCtlUserActionEntry OBJECT-TYPE SYNTAX SyslogCtlUserActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A user to whom the message should be notified. " INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlUserActionIndex} ::= { syslogCtlUserActionTable 1 } SyslogCtlUserActionEntry ::= SEQUENCE { syslogCtlUserActionIndex Unsigned32, syslogCtlUserActionUserID SnmpAdminString, syslogCtlUserActionRowStatus RowStatus } syslogCtlUserActionIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index to uniquely identify the userID among the group of userIDs. " ::= { syslogCtlUserActionEntry 1 } syslogCtlUserActionUserID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The userid of the user to whom the message will be displayed on the console if, the user is logged in. Note: the userid ''*'' denotes all users. " ::= { syslogCtlUserActionEntry 2 } Expires: July 2, 2003 [Page 29] Internet Draft January 3, 2003 syslogCtlUserActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlUserActionTable. " ::= { syslogCtlUserActionEntry 3 } -- ------------------------------------------------------------- -- syslogCtlForwardAction Table -- ------------------------------------------------------------- -- Each row in this table defines a destination to which the -- message will be forwarded syslogCtlForwardActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlForwardActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing Syslog collector information." ::= { syslogControl 4 } syslogCtlForwardActionEntry OBJECT-TYPE SYNTAX SyslogCtlForwardActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information pertaining to a syslog collector to which a syslog messages will be relayed. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlForwardActionIndex } ::= { syslogCtlForwardActionTable 1 } Expires: July 2, 2003 [Page 30] Internet Draft January 3, 2003 SyslogCtlForwardActionEntry ::= SEQUENCE { syslogCtlForwardActionIndex Unsigned32, syslogCtlForwardActionDescr SnmpAdminString, syslogCtlForwardActionAddrType InetAddressType, syslogCtlForwardActionAddr InetAddress, syslogCtlForwardActionTransport SyslogTransport, syslogCtlForwardActionPort SyslogService, syslogCtlForwardActionFacility SyslogFacility, syslogCtlForwardActionSeverity SyslogSeverity, syslogCtlForwardActionRowStatus RowStatus } syslogCtlForwardActionIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique identifier for this syslogForwardAction entry." ::= { syslogCtlForwardActionEntry 1 } syslogCtlForwardActionDescr OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Administratively assigned textual description of this syslogForwardAction." ::= { syslogCtlForwardActionEntry 2 } syslogCtlForwardActionAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogCtlForwardActionAddr. " ::= { syslogCtlForwardActionEntry 3 } Expires: July 2, 2003 [Page 31] Internet Draft January 3, 2003 syslogCtlForwardActionAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet address for the Syslog message collector. The type of the address is specified in the preceeding syslogCtlForwardActionAddrType object. The use of DNS domain names is discouraged, and agent support for them is optional. Deciding when, and how often, to resolve them is an issue. Not resolving them often enough could lead to loss synchronization with the associated entry in the DNS server, and resolving them too often might lead to significant overhead during critical network events. " ::= { syslogCtlForwardActionEntry 4 } syslogCtlForwardActionTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-create STATUS current DESCRIPTION "The Transport that will be used to forward the message. " DEFVAL { udp } ::= { syslogCtlForwardActionEntry 5 } syslogCtlForwardActionPort OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-create STATUS current DESCRIPTION "The port number on the destination to which the syslog message will be forwarded over the transport specified by syslogCtlForwardActionTransport. " DEFVAL { "514" } ::= { syslogCtlForwardActionEntry 6 } Expires: July 2, 2003 [Page 32] Internet Draft January 3, 2003 syslogCtlForwardActionFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-create STATUS current DESCRIPTION "The syslog facility code that will added to messages forwarded to this collector, if, a priority level is not defined in the received message. " ::= { syslogCtlForwardActionEntry 7 } syslogCtlForwardActionSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-create STATUS current DESCRIPTION "The syslog severity code that will added to messages forwarded to this collector, if, a priority level is not defined in the received message. " ::= { syslogCtlForwardActionEntry 8 } syslogCtlForwardActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlForwardActionTable. " ::= { syslogCtlForwardActionEntry 9 } -- ------------------------------------------------------------- -- syslogPipeActionTable -- ------------------------------------------------------------- -- This table defines the 'pipe' action for a selection -- from syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). -- The selected message is piped to the command given in -- the corresponding syslogCtlPipeActionCmd Expires: July 2, 2003 [Page 33] Internet Draft January 3, 2003 syslogCtlPipeActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlPipeActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing commands to which selected messages will be piped. " ::= { syslogControl 5 } syslogCtlPipeActionEntry OBJECT-TYPE SYNTAX SyslogCtlPipeActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A user to whom the message should be notified. " INDEX { syslogProcIndex, syslogCtlActionIndex} ::= { syslogCtlPipeActionTable 1 } SyslogCtlPipeActionEntry ::= SEQUENCE { syslogCtlPipeActionCmd SnmpAdminString, syslogCtlPipeActionRowStatus RowStatus } syslogCtlPipeActionCmd OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The command to which the selected message will be piped. " ::= { syslogCtlPipeActionEntry 1 } syslogCtlPipeActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlPipeActionTable. " ::= { syslogCtlPipeActionEntry 2 } Expires: July 2, 2003 [Page 34] Internet Draft January 3, 2003 -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- syslogConformance OBJECT IDENTIFIER ::= { syslogMIB 4 } syslogGroups OBJECT IDENTIFIER ::= { syslogConformance 1 } syslogCompliances OBJECT IDENTIFIER ::= { syslogConformance 2 } -- ------------------------------------------------------------- -- units of conformance -- ------------------------------------------------------------- syslogSystemGroup OBJECT-GROUP OBJECTS { syslogDefaultTransport, syslogDefaultService, syslogDefaultFacility, syslogDefaultSeverity, syslogMaxMessageSize } STATUS current DESCRIPTION "A collection of objects providing system-wide parameters for syslog processes. " ::= { syslogGroups 1} Expires: July 2, 2003 [Page 35] Internet Draft January 3, 2003 syslogStatsGroup OBJECT-GROUP OBJECTS { -- syslogProcIndex, syslogProcMsgsReceived, syslogProcMsgsRelayed, syslogProcMsgsDropped, syslogProcMsgsIgnored, syslogProcMsgsRejected, syslogProcLastMsgRecdTime, syslogProcLastMsgDeliveredTime } STATUS current DESCRIPTION "A collection of objects providing message related statistics." ::= { syslogGroups 2} syslogParamsGroup OBJECT-GROUP OBJECTS { syslogParamsProcDescr, syslogParamsBindAddrType, syslogParamsBindAddr, syslogParamsSendToAllAddresses, syslogParamsCompression, syslogParamsConfFileName, syslogParamsFacilityTranslation, syslogParamsPIDFileName, syslogParamsDNSLookup, syslogParamsSeverityCompOP, syslogParamsSecuritySpecs, syslogParamsProcessStatus, syslogParamsRowStatus, syslogAllowedHostsAddressType, syslogAllowedHostsAddress, syslogAllowedHostsMaskLen, syslogAllowedHostsTransport, syslogAllowedHostsPort, syslogAllowedHostsRowStatus } STATUS current DESCRIPTION "A collection of objects representing the run time parameters for the syslog processes. " ::= { syslogGroups 3} Expires: July 2, 2003 [Page 36] Internet Draft January 3, 2003 syslogControlGroup OBJECT-GROUP OBJECTS { syslogCtlSelectionDescr, syslogCtlSelectionHostNameIncl, syslogCtlSelectionHostname, syslogCtlSelectionProgNameIncl, syslogCtlSelectionProgName, syslogCtlSelectionPriorityIncl, syslogCtlSelectionFacility, syslogCtlSelectionSeverity, syslogCtlSelectionSeverityCompOP, syslogCtlSelectionRowStatus, syslogCtlLogActionFileName, syslogCtlLogActionRowStatus, syslogCtlUserActionUserID, syslogCtlUserActionRowStatus, syslogCtlForwardActionDescr, syslogCtlForwardActionAddrType, syslogCtlForwardActionAddr, syslogCtlForwardActionTransport, syslogCtlForwardActionPort, syslogCtlForwardActionFacility, syslogCtlForwardActionSeverity, syslogCtlForwardActionRowStatus, syslogCtlPipeActionCmd, syslogCtlPipeActionRowStatus } STATUS current DESCRIPTION "A collection of objects that represent the rules that describe how a message will be selected, and the action(s) that will be carried out on the selected message. " ::= { syslogGroups 4} Expires: July 2, 2003 [Page 37] Internet Draft January 3, 2003 -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- syslogCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for an agent implememting the syslog MIB. " MODULE -- this module MANDATORY-GROUPS { syslogStatsGroup } GROUP syslogSystemGroup DESCRIPTION "The syslogSystemGroup group is mandatory only for agents which support monitoring and control of the syslog system wide parameters. If only monitoring is supported then the corresponding objects must have access read-only. " GROUP syslogParamsGroup DESCRIPTION "The syslogParamsGroup group is mandatory only for agents which support monitoring and/or control of syslog processes. If only monitoring is supported then the corresponding objects must have access read-only. " GROUP syslogControlGroup DESCRIPTION "The syslogControlGroup group is mandatory only for agents which support monitoring and/or control of the rules that describe how a message will be selected and, the action(s) that will be carried out on the selected message. If only monitoring is supported then the corresponding objects must have access read-only. " ::= { syslogCompliances 1 } END Expires: July 2, 2003 [Page 38] Internet Draft January 3, 2003 5. Intellectual Property Notice The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 6. Acknowledgments 7. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals Expires: July 2, 2003 [Page 39] Internet Draft January 3, 2003 (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. References: [Normative References] [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999 [Informative References] [ODC-Dft] Schoenwaelder, J. "SNMP Payload Compression", Work In Progress http://www.ietf.org/internet-drafts/internet-draft draft-irtf- nmrg-snmp-compression-01.txt, April, 2001. [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. Expires: July 2, 2003 [Page 40] Internet Draft January 3, 2003 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for the Internet-Standard Management Framework", RFC 3410, December 2002. [RFC3164] C. Lonvick, "The BSD Syslog Protocol", RFC 3164, August 2001. Expires: July 2, 2003 [Page 41] Internet Draft January 3, 2003 9. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires: July 2, 2003 [Page 42] Internet Draft January 3, 2003 10. Authors Address Glenn Mansfield Keeni Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 EMail: glenn@cysols.com Bruno Pape Enterasys Networks, Inc. 35 Industrial Way Rochester, NH 03867 USA Email: bpape@enterasys.com" Tel: +1 603 337 0446 Expires: July 2, 2003 [Page 43]