Network Working Group Glenn Mansfield Keeni INTERNET-DRAFT Cyber Solutions Inc. Expires: December 25, 2003 B. Pape Enterasys Networks June 25, 2003 Syslog MIB Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 25, 2003. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo provides a MIB module that can be used to monitor and manage syslog processes. It defines objects that allow the collection of information related to syslog processes, it also defines objects that can be used to monitor and/or control syslog processes. Expires: December 25, 2003 [Page 1] Internet Draft June 25, 2003 Table of Contents 1. The SNMP Management Framework .................. 3 2. Background ..................................... 3 3. The MIB Design ................................. 4 4. The Syslog MIB ................................. 6 5. Intellectual Property Notice ...................46 6 Acknowledgments ................................46 7. Security Considerations ........................46 8. References .....................................49 9. Full Copyright Statement .......................51 10. Authors Address ................................52 11. Appendix .......................................53 Expires: December 25, 2003 [Page 2] Internet Draft June 25, 2003 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. This document defines a portion of the Management Information Base (MIB) for use with management protocols in the Internet community. In particular, this document describes managed objects used for configuring and monitoring syslog processes that handle syslog messages. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 2. Background Operating systems, processes and applications generate messages indicating their own status or the occurance of events. These messages are useful for managing and/or debugging the network and its services. The BSD Syslog protocol is a widely adopted protocol that is used for transmission and processing of the messages. Essentially, a syslog process receives messages (from the kernel, processes, applications or other syslog processes) and processes those. The processing involves logging to a local file, displaying on console, user terminal, and/or relaying to syslog processes on other machines. The processing is determined by the "facility" that originated the message and the "severity" assigned to the message by the facility. This document defines a generic MIB that may be used to monitor and control one or more syslog processes running on a system. Expires: December 25, 2003 [Page 3] Internet Draft June 25, 2003 / +------+ / | SP-1 |------> SP-R1 /+------+ \ Facility-1-->| / -->| / +------+ / Facility-N-->|+---| SP-2 |------> SP-R2 -->| \ +------+ \ SyslogHost-N-->| \ \+------+ / | SP-N |------> SP-RN +------+ \ \ Facility: Facility originating the message (locally) SyslogHost: Remote SyslogHost relaying a message SP: Syslog Process Fig.1 Syslog Process Model The syslog process modelled by the MIB is shown in Fig.1. One or more syslog processes running on a system receive syslog messages from the local facilities and from other syslog processes on other hosts. The syslog process receives the message and processes it depending on the processing mandated for the facility and severity of the message in its local message-process configuration table. 3. The MIB Design. The purpose of the SyslogMIB is to allow the monitoring and control of the syslog process(es) on a system. This requires MOs representing o Statistics on messages, received, processed locally, relayed, o Syslog system wide parameters that are available to all syslog processes. o Syslog run time parameters for each syslog process e.g. - maximum message size, - sockets and/or type of transport, port numbers on which the process will listen for messages, etc. - etc. o Rules for selecting messages and applying the corresponding specified actions for each syslog process The MIB comprises of four groups o The syslogSystem group handles the system wide parameters that applies to all the syslog processes served by the Expires: December 25, 2003 [Page 4] Internet Draft June 25, 2003 SNMP agent. o The syslog process group consisting of the - syslogStatsTable which deals with statistical information about the syslog processes. - syslogParamsTable for monitoring and controlling syslog processes. It contains MOs representing the run-time parameters of the syslog processes. o The syslog control group which handles the definition of the rules for message selection and action(s) that will be carried out on the selected message. The tables in this group represent the rules that would generally be present in the syslog.conf file of traditional syslogd process. The control group consists of - a syslogCtlSelectionTable which defines the message selection rule. - several action tables viz. + syslogCtlLogActionTable defining the logging actions + syslogCtlUserActionTable defining the users on whose console the message will need to be displayed. + syslogCtlFwdActionTable defining destinations to which a message will be forwarded o The conformance group that defines the compliance statements. Expires: December 25, 2003 [Page 5] Internet Draft June 25, 2003 4. The Syslog MIB SYSLOG-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, mib-2 FROM SNMPv2-SMI RowStatus, TEXTUAL-CONVENTION, TimeStamp, TruthValue, StorageType FROM SNMPv2-TC InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; syslogMIB MODULE-IDENTITY LAST-UPDATED "200306250000Z" -- Wed June 25 00:00 GMT 2003 ORGANIZATION "IETF Syslog Working Group" CONTACT-INFO " Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com " DESCRIPTION "The MIB module pertaining to the reception and processing of Syslog compatible messages." REVISION "200306250000Z" -- Wed June 25 00:00 GMT 2003 DESCRIPTION "The initial version of this MIB module." ::= { mib-2 999999 } -- Will be assigned by IANA -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- Expires: December 25, 2003 [Page 6] Internet Draft June 25, 2003 SyslogFacility ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the facilities that originate syslog messages. The value noMap(99) indicates that the appropriate facility will be provided by the application on the managed entity. If this option is not available on a particular entity, attempts to set the facillity to this value will fail with an error-status of wrongValue. " REFERENCE "The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 1). " SYNTAX INTEGER { kernel (0), -- kernel messages user (1), -- user-level messages mail (2), -- mail system daemon (3), -- system daemons auth (4), -- authorization messages syslog (5), -- messages generated by syslogd lpr (6), -- line printer subsystem news (7), -- network news subsystem uucp (8), -- UUCP subsystem cron (9), -- clock daemon authPriv (10),-- authorization messages -- (private) ftp (11),-- ftp daemon ntp (12),-- NTP subsystem security (13),-- security subsystems -- (firewalling, etc.) console (14),-- /dev/console output local0 (16), local1 (17), local2 (18), local3 (19), local4 (20), local5 (21), local6 (22), local7 (23), noMap (99) } Expires: December 25, 2003 [Page 7] Internet Draft June 25, 2003 SyslogSeverity ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the severity levels of syslog messages. The syslog protocol uses the values 0 (emergency), to 7 (debug)." REFERENCE "The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 2) " SYNTAX INTEGER { emergency (0), -- system is unusable alert (1), -- action must be taken -- immediately critical (2), -- critical conditions error (3), -- error conditions warning (4), -- warning conditions notice (5), -- normal but significant -- condition info (6), -- informational debug (7), -- debug-level messages other (99) -- none of the above } SyslogSeverityCompOP ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The operator that will be applied to the severity before the selection for an action takes place. " SYNTAX INTEGER { none (1), greaterThanOrEqual (2), lessThanOrEqual (3), greaterThan (4), lessThan (5), notGreaterThanOrEqual (6), notLessThanOrEqual (7), notGreaterThan (8), notLessThan (9), equal (10), notEqual (11) } Expires: December 25, 2003 [Page 8] Internet Draft June 25, 2003 SyslogTransport ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The Transport that will be used to send and/or receive messages. " REFERENCE "The The BSD syslog Protocol RFC 3164 Sec. 2. " SYNTAX INTEGER { any (1), udp (2), tcp (3) } SyslogService ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The service name or port number that will be used to send and/or receive messages. The special name ''any'' is reserved. It denotes all ports and is applicable only in the context of message reception. In case the service name is given, and it is not ''any'', the service name must resolve to a port number on the local host. " SYNTAX OCTET STRING (SIZE (0..255)) -- ------------------------------------------------------------- -- syslogMIB - the main groups -- ------------------------------------------------------------- syslogSystem OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogProc OBJECT IDENTIFIER ::= { syslogMIB 2 } syslogControl OBJECT IDENTIFIER ::= { syslogMIB 3 } Expires: December 25, 2003 [Page 9] Internet Draft June 25, 2003 -- ------------------------------------------------------------- -- syslogSystem -- ------------------------------------------------------------- -- The system wide parameters syslogDefaultTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-write STATUS current DESCRIPTION "The default transport that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " DEFVAL {udp} ::= { syslogSystem 1 } syslogDefaultService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-write STATUS current DESCRIPTION "The default service name or port number that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " DEFVAL { "514" } ::= { syslogSystem 2 } syslogDefaultFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog facility that will be added to syslog messages when the message needs to be relayed and does not have priority specified. " ::= { syslogSystem 3 } Expires: December 25, 2003 [Page 10] Internet Draft June 25, 2003 syslogDefaultSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog severity that will be added to syslog messages when the message needs to be relayed and does not have priority specified. " ::= { syslogSystem 4 } syslogMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum size of the syslog messages in bytes. " DEFVAL { 1024 } ::= { syslogSystem 5 } -- ------------------------------------------------------------- -- syslogProc -- ------------------------------------------------------------- syslogProcTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the syslog processes serviced by an SNMP agent. " ::= { syslogProc 1 } syslogProcEntry OBJECT-TYPE SYNTAX SyslogProcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information pertaining to a syslog process. " INDEX { syslogProcIndex } ::= { syslogProcTable 1 } Expires: December 25, 2003 [Page 11] Internet Draft June 25, 2003 SyslogProcEntry ::= SEQUENCE { syslogProcIndex Unsigned32, syslogProcMsgsReceived Counter32, syslogProcMsgsRelayed Counter32, syslogProcMsgsDropped Counter32, syslogProcMsgsIllFormed Counter32, syslogProcMsgsIgnored Counter32, syslogProcMsgsRejected Counter32, syslogProcLastMsgRecdTime TimeStamp, syslogProcLastMsgDeliveredTime TimeStamp, syslogProcStartTime TimeStamp, syslogProcLastError SnmpAdminString, syslogProcLastErrorTime TimeStamp } -- option for allowed peers needs to be added syslogProcIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog process in the syslogProcess table. " ::= { syslogProcEntry 1 } Expires: December 25, 2003 [Page 12] Internet Draft June 25, 2003 syslogProcMsgsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog process. This includes messages that were ignored. " ::= { syslogProcEntry 2 } syslogProcMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog process to other syslog processes. " ::= { syslogProcEntry 3 } syslogProcMsgsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that could not be relayed (could not be queued for transmitting)." ::= { syslogProcEntry 4 } syslogProcMsgsIllFormed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were rejected by the syslog process because these were not well-formed. " ::= { syslogProcEntry 5 } Expires: December 25, 2003 [Page 13] Internet Draft June 25, 2003 syslogProcMsgsIgnored OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were not processed by the syslog process because the message did not meet the specification of 'allowed specifications' ( either the program name or the priority level of the message or both did not match any selection specified for this process in the syslogCtlSelectionTable). " ::= { syslogProcEntry 6 } syslogProcMsgsRejected OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were rejected by the syslog process because the messsage was from a host/service that did not match any selection specified for this process in the syslogCtlSelectionTable and was not on the allowed host/services list. " ::= { syslogProcEntry 7 } syslogProcLastMsgRecdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was received by the syslog process locally or from a remote syslog process. " ::= { syslogProcEntry 8 } syslogProcLastMsgDeliveredTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was delivered by the syslog process. " ::= { syslogProcEntry 9 } Expires: December 25, 2003 [Page 14] Internet Draft June 25, 2003 syslogProcStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when this process was started. " ::= { syslogProcEntry 10 } syslogProcLastError OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A description of the last error that was encountered by this process. " ::= { syslogProcEntry 11 } syslogProcLastErrorTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last error was encountered. " ::= { syslogProcEntry 12 } syslogParamsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the parameters that control the syslog processes. " ::= { syslogProc 2 } syslogParamsEntry OBJECT-TYPE SYNTAX SyslogParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The parameters pertaining to a syslog process." INDEX { syslogProcIndex } ::= { syslogParamsTable 1 } Expires: December 25, 2003 [Page 15] Internet Draft June 25, 2003 SyslogParamsEntry ::= SEQUENCE { syslogParamsProcDescr SnmpAdminString, syslogParamsBindAddrType InetAddressType, syslogParamsBindAddr InetAddress, syslogParamsSendToAllAddresses TruthValue, syslogParamsCompression INTEGER, syslogParamsConfFileName SnmpAdminString, syslogParamsFacilityTranslation INTEGER, syslogParamsPIDFileName SnmpAdminString, syslogParamsDNSLookup INTEGER, syslogParamsSeverityCompOP SyslogSeverityCompOP, syslogParamsSecuritySpecs INTEGER, syslogParamsProcessStatus INTEGER, syslogParamsStorageType StorageType, syslogParamsRowStatus RowStatus } syslogParamsProcDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A user definable description of the syslog process. " ::= { syslogParamsEntry 1 } Expires: December 25, 2003 [Page 16] Internet Draft June 25, 2003 syslogParamsBindAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogParamsBindAddr. " ::= { syslogParamsEntry 2 } syslogParamsBindAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The specific IP address or hostname the syslog process will bind to. If a hostname is specified, the IPv4 or IPv6 address corresponding to the hostname will be used. " ::= { syslogParamsEntry 3 } syslogParamsSendToAllAddresses OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If the destination host, for a message to be forwarded, has more than one A or AAAA record process, Send the message to all the addresses (true) else send to only one of the addresses. " DEFVAL { false } ::= { syslogParamsEntry 4 } Expires: December 25, 2003 [Page 17] Internet Draft June 25, 2003 syslogParamsCompression OBJECT-TYPE SYNTAX INTEGER { off (1), offIfPipe (2), on (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If 'off', disable the compression of repeated instances of the same line into a single line of the form ``last message repeated N times''. If 'offIfPipe' disable the compression when the output is a pipe to another program. Otherwise the compression is enabled. " DEFVAL { on } ::= { syslogParamsEntry 5 } syslogParamsConfFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the configuration file where the syslog process's message selection and corresponding action rules will be read from. Data is loaded from this file into the syslogCtlSelectionTable and the syslogCtlLogActionTable. If the objects loaded from the file specified by this object have an access level of read-create this file MUST be be writable so that modifications to the corresponding objects, if any, will be effected in this file. If the system does not support the specification of a configuration file this field will not be accessible. " DEFVAL { "/etc/syslog.conf" } ::= { syslogParamsEntry 6 } Expires: December 25, 2003 [Page 18] Internet Draft June 25, 2003 syslogParamsFacilityTranslation OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If false(2), disable the translation of messages received with facility ``kern'' to facility ``user''. Usually the ``kern'' facility is reserved for messages read directly from /dev/klog. " DEFVAL { true } ::= { syslogParamsEntry 7 } syslogParamsPIDFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the file where the syslog process ID will be recorded. In case the system does not support the feature of recording syslog's process ID - this object will not be accessible. " DEFVAL { "/etc/syslog.pid" } ::= { syslogParamsEntry 8 } syslogParamsDNSLookup OBJECT-TYPE SYNTAX INTEGER { useLocalCache (1), doNotUseLocalCache (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If doNotUseLocalCache is on, fresh DNS lookups will be carried out everytime a hostname is encountered. Else, DNS lookups will be carried out only once for each hostname. " DEFVAL { useLocalCache } ::= { syslogParamsEntry 9 } Expires: December 25, 2003 [Page 19] Internet Draft June 25, 2003 syslogParamsSeverityCompOP OBJECT-TYPE SYNTAX SyslogSeverityCompOP MAX-ACCESS read-create STATUS current DESCRIPTION "The default value of the operator that should be applied to the syslogCtlSelectionSeverity before the selection takes place. " DEFVAL { greaterThanOrEqual } ::= { syslogParamsEntry 10 } syslogParamsSecuritySpecs OBJECT-TYPE SYNTAX INTEGER { none (1), doNotRecvFromRemoteHosts (2), doNotOpenNetworkSockets (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "If doNotRecvFromRemoteHosts is selected then the corresponding syslog process will not receive messages from remote hosts. If doNotOpenNetworkSockets is selected then the syslog process will not receive from or forward to remote hosts. " DEFVAL { none } ::= { syslogParamsEntry 11 } syslogParamsProcessStatus OBJECT-TYPE SYNTAX INTEGER { unknown (1), started (2), suspended(3), stopped (4) } MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the process. The status of the process can be controlled by setting this object to the appropriate value. ''started'' indicates that the process should be started if it is not already running. ''suspended'' indicates that the process should be suspended if it is running. ''stopped'' indicates that the process should be stopped Expires: December 25, 2003 [Page 20] Internet Draft June 25, 2003 if it is running. The following are the allowed state changes started -> suspended started -> stopped suspended -> started suspended -> stopped Attempts to carry out any other state changes will result in in an error. The status can be set to ''started'' only when the rowStatus of the corresponding conceptual row is ''active''. " DEFVAL { unknown } ::= { syslogParamsEntry 12 } syslogParamsStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile (permanent) storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogParamsEntry 13 } syslogParamsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create, modify and delete rows in the syslogParamsTable. Objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', b. change the values of the row c. change the row status to ''active'' The syslogParamsRowStatus may be changed to ''active'' iff all the MOs in the conceptual row have been assigned valid values. " ::= { syslogParamsEntry 14 } Expires: December 25, 2003 [Page 21] Internet Draft June 25, 2003 syslogAllowedHostsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogAllowedHostsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the Hosts from which messages will be accepted. " ::= { syslogProc 3 } syslogAllowedHostsEntry OBJECT-TYPE SYNTAX SyslogAllowedHostsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The host information." INDEX { syslogProcIndex } ::= { syslogAllowedHostsTable 1 } SyslogAllowedHostsEntry ::= SEQUENCE { syslogAllowedHostsAddressType InetAddressType, syslogAllowedHostsAddress InetAddress, syslogAllowedHostsMaskLen InetAddressPrefixLength, syslogAllowedHostsTransport SyslogTransport, syslogAllowedHostsPort SyslogService, syslogAllowedHostsStorageType StorageType, syslogAllowedHostsRowStatus RowStatus } syslogAllowedHostsAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogAllowedHostsAddress. " ::= { syslogAllowedHostsEntry 1 } Expires: December 25, 2003 [Page 22] Internet Draft June 25, 2003 syslogAllowedHostsAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address or hostname specification of the host from which the syslog process will accept messages. " ::= { syslogAllowedHostsEntry 2 } syslogAllowedHostsMaskLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "If the syslogAllowedHostsAddressType is ipv4(1), ipv6(2) this object represents the number of bits that will be taken into account when the address of the originating is being compared with syslogAllowedHostsAddress. The default value of this MO will be the length of the corresponding syslogAllowedHostsAddress. If the syslogAllowedHostsAddressType is not ipv4(1) or ipv6(2) this object is not used. A value of 0 indicates that the prefix is not used or is not applicable. " DEFVAL { 0 } ::= { syslogAllowedHostsEntry 3 } syslogAllowedHostsTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-create STATUS current DESCRIPTION "The Transport specification that will be used to decide whether the messsage will be accepted from a host or not. " DEFVAL { udp } ::= { syslogAllowedHostsEntry 4 } Expires: December 25, 2003 [Page 23] Internet Draft June 25, 2003 syslogAllowedHostsPort OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-create STATUS current DESCRIPTION "The port specification that will be used to decide whether the messsage will be accepted from a host or not. " DEFVAL { "any" } ::= { syslogAllowedHostsEntry 5 } syslogAllowedHostsStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile (permanent) storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogAllowedHostsEntry 6 } syslogAllowedHostsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogAllowedHostsTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogAllowedHostsEntry 7 } Expires: December 25, 2003 [Page 24] Internet Draft June 25, 2003 -- ------------------------------------------------------------- -- syslogControl -- ------------------------------------------------------------- -- This group defines the rules for message selection and the -- action that will be carried out on the selected messages. -- The tables in this group represent the rules that would -- generally be present in the syslog.conf -- syslogCtlSelectionTable: -- This table defines the message selection rules for an action -- Each row maps a part of the "selector" field in the syslogd.conf -- that is traditionally input to the syslogd process syslogCtlSelectionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlSelectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which defines the rules for selection of syslog messages for some specified actions. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets. " ::= { syslogControl 1 } syslogCtlSelectionEntry OBJECT-TYPE SYNTAX SyslogCtlSelectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information to generate syslog messages to an aggregating agent or collector. " INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlSelectionIndex } ::= { syslogCtlSelectionTable 1 } Expires: December 25, 2003 [Page 25] Internet Draft June 25, 2003 SyslogCtlSelectionEntry ::= SEQUENCE { syslogCtlActionIndex Unsigned32, syslogCtlSelectionIndex Unsigned32, syslogCtlSelectionDescr SnmpAdminString, syslogCtlSelectionHostNameIncl INTEGER, syslogCtlSelectionHostName SnmpAdminString, syslogCtlSelectionProgNameIncl INTEGER, syslogCtlSelectionProgName SnmpAdminString, syslogCtlSelectionPriorityIncl INTEGER, syslogCtlSelectionFacility SyslogFacility, syslogCtlSelectionSeverity SyslogSeverity, syslogCtlSelectionSeverityCompOP SyslogSeverityCompOP, syslogCtlSelectionStorageType StorageType, syslogCtlSelectionRowStatus RowStatus } syslogCtlActionIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies an action group in the Table. " ::= { syslogCtlSelectionEntry 1 } Expires: December 25, 2003 [Page 26] Internet Draft June 25, 2003 syslogCtlSelectionIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index that uniquely identifies the row within the set of rows belonging to the same action group. " ::= { syslogCtlSelectionEntry 2 } syslogCtlSelectionDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A description of the Selection " DEFVAL { "None" } ::= { syslogCtlSelectionEntry 3 } syslogCtlSelectionHostNameIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the hostname defined in the corresponding instance of syslogCtlSelectionHostName must be included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 4 } syslogCtlSelectionHostName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The hostname of the host that must be included or excluded from the selection depending on the value of the corresponding syslogCtlSelectionHostNameIncl. An asterisk indicates all hosts. " DEFVAL { "*" } ::= { syslogCtlSelectionEntry 5 } Expires: December 25, 2003 [Page 27] Internet Draft June 25, 2003 syslogCtlSelectionProgNameIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the program name defined in the corresponding instance of syslogCtlSelectionProgName must be included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 6 } syslogCtlSelectionProgName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the program that must be included or excluded from the selection depending on the value of the corresponding syslogCtlSelectionProgNameIncl. An asterisk indicates all programs. " DEFVAL { "*" } ::= { syslogCtlSelectionEntry 7 } syslogCtlSelectionPriorityIncl OBJECT-TYPE SYNTAX INTEGER { included (1), excluded (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates whether the priority specified in the corresponding instances of syslogCtlSelectionFacility and syslogCtlSelectionSeverity must be included or excluded from the selection for the action. " DEFVAL { included } ::= { syslogCtlSelectionEntry 8 } Expires: December 25, 2003 [Page 28] Internet Draft June 25, 2003 syslogCtlSelectionFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-create STATUS current DESCRIPTION "The facility. The value of the facility together with the value of the syslogCtlSelectionSeverityCompOP and the syslogCtlSelectionSeverity, of the same row, will be used to decide whether the priority must be included or excluded from the selection for the action. " ::= { syslogCtlSelectionEntry 9 } syslogCtlSelectionSeverityCompOP OBJECT-TYPE SYNTAX SyslogSeverityCompOP MAX-ACCESS read-create STATUS current DESCRIPTION "Represents the operator that be applied to the value of the syslogCtlSelectionSeverity MO to decide whether the corresponding priority must be included or excluded from the selection for the action. " DEFVAL { greaterThanOrEqual } ::= { syslogCtlSelectionEntry 10 } syslogCtlSelectionSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-create STATUS current DESCRIPTION "The severity. The syslogCtlSelectionSeverityCompOP will be applied to the severity to decide whether the priority must be included or excluded from the selection for the action. " ::= { syslogCtlSelectionEntry 11 } Expires: December 25, 2003 [Page 29] Internet Draft June 25, 2003 syslogCtlSelectionStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the type of storage in which the parameters defined in this conceptual row stored. Note that the values in this conceptual row MUST be stored in non-volatile storage. Thus, the possible values are nonVolatile(3), permanent(4) and readOnly(5). Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogCtlSelectionEntry 12 } syslogCtlSelectionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlSelectionTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogCtlSelectionEntry 13 } -- ------------------------------------------------------------- -- syslogCtlActionTable -- ------------------------------------------------------------- -- This table defines the Logging action for a selection from -- syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). syslogCtlLogActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlLogActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing Syslog LogAction Entries. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets. " ::= { syslogControl 2 } Expires: December 25, 2003 [Page 30] Internet Draft June 25, 2003 syslogCtlLogActionEntry OBJECT-TYPE SYNTAX SyslogCtlLogActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information to generate syslog messages to an aggregating agent or collector. " INDEX { syslogProcIndex, syslogCtlActionIndex} ::= { syslogCtlLogActionTable 1 } SyslogCtlLogActionEntry ::= SEQUENCE { syslogCtlLogActionFileName SnmpAdminString, syslogCtlLogActionStorageType StorageType, syslogCtlLogActionRowStatus RowStatus } syslogCtlLogActionFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the file in which the message will be logged. This file should be existing before the syslog process attempts to append messages to it. " ::= { syslogCtlLogActionEntry 1 } Expires: December 25, 2003 [Page 31] Internet Draft June 25, 2003 syslogCtlLogActionStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the type of storage in which the parameters defined in this conceptual row stored. Note that the values in this conceptual row MUST be stored in non-volatile storage. Thus, the possible values are nonVolatile(3), permanent(4) and readOnly(5). Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogCtlLogActionEntry 2 } syslogCtlLogActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlLogTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogCtlLogActionEntry 3 } -- ------------------------------------------------------------- -- syslogUserActionTable -- ------------------------------------------------------------- -- This table defines the user notification action for a selection -- from syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). syslogCtlUserActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlUserActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing list of users to whom a notification will be sent (by displaying the message on the users' console, if the user is logged in. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets. " ::= { syslogControl 3 } Expires: December 25, 2003 [Page 32] Internet Draft June 25, 2003 syslogCtlUserActionEntry OBJECT-TYPE SYNTAX SyslogCtlUserActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry corresponding to the user(s) to whom the message should be notified. " INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlUserActionIndex} ::= { syslogCtlUserActionTable 1 } SyslogCtlUserActionEntry ::= SEQUENCE { syslogCtlUserActionIndex Unsigned32, syslogCtlUserActionUserID SnmpAdminString, syslogCtlUserActionStorageType StorageType, syslogCtlUserActionRowStatus RowStatus } syslogCtlUserActionIndex OBJECT-TYPE SYNTAX Unsigned32(1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index to uniquely identify the userID among the group of userIDs. " ::= { syslogCtlUserActionEntry 1 } syslogCtlUserActionUserID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The userid of the user to whom the message will be displayed on the console if, the user is logged in. Note: the userid ''*'' denotes all users. " ::= { syslogCtlUserActionEntry 2 } Expires: December 25, 2003 [Page 33] Internet Draft June 25, 2003 syslogCtlUserActionStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the type of storage in which the parameters defined in this conceptual row stored. Note that the values in this conceptual row MUST be stored in non-volatile storage. Thus, the possible values are nonVolatile(3), permanent(4) and readOnly(5). Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogCtlUserActionEntry 3 } syslogCtlUserActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlUserActionTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogCtlUserActionEntry 4 } -- ------------------------------------------------------------- -- syslogCtlFwdAction Table -- ------------------------------------------------------------- -- Each row in this table defines a destination to which the -- message will be forwarded syslogCtlFwdActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlFwdActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing Syslog collector information. Entries within this table with an access level of read- create MUST be considered non-volatile and MUST be maintained across entity resets. " ::= { syslogControl 4 } Expires: December 25, 2003 [Page 34] Internet Draft June 25, 2003 syslogCtlFwdActionEntry OBJECT-TYPE SYNTAX SyslogCtlFwdActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines the information pertaining to a syslog collector to which a syslog messages will be relayed. " INDEX { syslogProcIndex, syslogCtlActionIndex, syslogCtlFwdActionIndex } ::= { syslogCtlFwdActionTable 1 } SyslogCtlFwdActionEntry ::= SEQUENCE { syslogCtlFwdActionIndex Unsigned32, syslogCtlFwdActionDescr SnmpAdminString, syslogCtlFwdActionSrcAddrType InetAddressType, syslogCtlFwdActionSrcAddr InetAddress, syslogCtlFwdActionDstAddrType InetAddressType, syslogCtlFwdActionDstAddr InetAddress, syslogCtlFwdActionTransport SyslogTransport, syslogCtlFwdActionPort SyslogService, syslogCtlFwdActionFacility SyslogFacility, syslogCtlFwdActionSeverity SyslogSeverity, syslogCtlFwdActionStorageType StorageType, syslogCtlFwdActionRowStatus RowStatus } syslogCtlFwdActionIndex OBJECT-TYPE SYNTAX Unsigned32(1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique identifier for this syslogForwardAction entry." ::= { syslogCtlFwdActionEntry 1 } Expires: December 25, 2003 [Page 35] Internet Draft June 25, 2003 syslogCtlFwdActionDescr OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Administratively assigned textual description of this syslogForwardAction." ::= { syslogCtlFwdActionEntry 2 } syslogCtlFwdActionSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogCtlFwdActionSrcAddr. " ::= { syslogCtlFwdActionEntry 3 } syslogCtlFwdActionSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet address that will be used as the source address in the message to the collector. The type of the address is specified in the preceeding syslogCtlFwdActionSrcAddrType object. The use of DNS domain names is discouraged, and agent support for them is optional. Deciding when, and how often, to resolve them is an issue. Not resolving them often enough could lead to loss synchronization with the associated entry in the DNS server, and resolving them too often might lead to significant overhead during critical network events. " ::= { syslogCtlFwdActionEntry 4 } syslogCtlFwdActionDstAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogCtlFwdActionDstAddr. " ::= { syslogCtlFwdActionEntry 5 } Expires: December 25, 2003 [Page 36] Internet Draft June 25, 2003 syslogCtlFwdActionDstAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The Internet address for the Syslog message collector. The type of the address is specified in the preceeding syslogCtlFwdActionAddrDstType object. The use of DNS domain names is discouraged, and agent support for them is optional. Deciding when, and how often, to resolve them is an issue. Not resolving them often enough could lead to loss synchronization with the associated entry in the DNS server, and resolving them too often might lead to significant overhead during critical network events. " ::= { syslogCtlFwdActionEntry 6 } syslogCtlFwdActionTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-create STATUS current DESCRIPTION "The Transport that will be used to forward the message. " DEFVAL { udp } ::= { syslogCtlFwdActionEntry 7 } syslogCtlFwdActionPort OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-create STATUS current DESCRIPTION "The port number on the destination to which the syslog message will be forwarded over the transport specified by syslogCtlFwdActionTransport. " DEFVAL { "514" } ::= { syslogCtlFwdActionEntry 8 } Expires: December 25, 2003 [Page 37] Internet Draft June 25, 2003 syslogCtlFwdActionFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-create STATUS current DESCRIPTION "The syslog facility code that will be added to messages forwarded to this collector, if, a priority level is not defined in the received message. " ::= { syslogCtlFwdActionEntry 9 } syslogCtlFwdActionSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-create STATUS current DESCRIPTION "The syslog severity code that will added to messages forwarded to this collector, if, a priority level is not defined in the received message. " ::= { syslogCtlFwdActionEntry 10 } syslogCtlFwdActionStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the type of storage in which the parameters defined in this conceptual row stored. Note that the values in this conceptual row MUST be stored in non-volatile storage. Thus, the possible values are nonVolatile(3), permanent(4) and readOnly(5). Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogCtlFwdActionEntry 11 } syslogCtlFwdActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlFwdActionTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogCtlFwdActionEntry 12 } Expires: December 25, 2003 [Page 38] Internet Draft June 25, 2003 -- ------------------------------------------------------------- -- syslogPipeActionTable -- ------------------------------------------------------------- -- This table defines the 'pipe' action for a selection -- from syslogCtlSelectionTable (group of rows having the same -- syslogCtlActionIndex). -- The selected message is piped to the command given in -- the corresponding syslogCtlPipeActionCmd syslogCtlPipeActionTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogCtlPipeActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing commands to which selected messages will be piped. " ::= { syslogControl 5 } syslogCtlPipeActionEntry OBJECT-TYPE SYNTAX SyslogCtlPipeActionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A user to whom the message should be notified. " INDEX { syslogProcIndex, syslogCtlActionIndex} ::= { syslogCtlPipeActionTable 1 } SyslogCtlPipeActionEntry ::= SEQUENCE { syslogCtlPipeActionCmd SnmpAdminString, syslogCtlPipeActionStorageType StorageType, syslogCtlPipeActionRowStatus RowStatus } Expires: December 25, 2003 [Page 39] Internet Draft June 25, 2003 syslogCtlPipeActionCmd OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The command to which the selected message will be piped. " ::= { syslogCtlPipeActionEntry 1 } syslogCtlPipeActionStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the type of storage in which the parameters defined in this conceptual row stored. Note that the values in this conceptual row MUST be stored in non-volatile storage. Thus, the possible values are nonVolatile(3), permanent(4) and readOnly(5). Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslogCtlPipeActionEntry 2 } syslogCtlPipeActionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create and delete rows in the syslogCtlPipeActionTable. All the columns in this conceptual row MUST have valid values before this column can be assigned the value ''active''. " ::= { syslogCtlPipeActionEntry 3 } Expires: December 25, 2003 [Page 40] Internet Draft June 25, 2003 -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- syslogConformance OBJECT IDENTIFIER ::= { syslogMIB 4 } syslogGroups OBJECT IDENTIFIER ::= { syslogConformance 1 } syslogCompliances OBJECT IDENTIFIER ::= { syslogConformance 2 } -- ------------------------------------------------------------- -- units of conformance -- ------------------------------------------------------------- syslogSystemGroup OBJECT-GROUP OBJECTS { syslogDefaultTransport, syslogDefaultService, syslogDefaultFacility, syslogDefaultSeverity, syslogMaxMessageSize } STATUS current DESCRIPTION "A collection of objects providing system-wide parameters for syslog processes. " ::= { syslogGroups 1} Expires: December 25, 2003 [Page 41] Internet Draft June 25, 2003 syslogStatsGroup OBJECT-GROUP OBJECTS { -- syslogProcIndex, syslogProcMsgsReceived, syslogProcMsgsRelayed, syslogProcMsgsDropped, syslogProcMsgsIllFormed, syslogProcMsgsIgnored, syslogProcMsgsRejected, syslogProcLastMsgRecdTime, syslogProcLastMsgDeliveredTime, syslogProcStartTime, syslogProcLastError, syslogProcLastErrorTime } STATUS current DESCRIPTION "A collection of objects providing message related statistics." ::= { syslogGroups 2} Expires: December 25, 2003 [Page 42] Internet Draft June 25, 2003 syslogParamsGroup OBJECT-GROUP OBJECTS { syslogParamsProcDescr, syslogParamsBindAddrType, syslogParamsBindAddr, syslogParamsSendToAllAddresses, syslogParamsCompression, syslogParamsConfFileName, syslogParamsFacilityTranslation, syslogParamsPIDFileName, syslogParamsDNSLookup, syslogParamsSeverityCompOP, syslogParamsSecuritySpecs, syslogParamsProcessStatus, syslogParamsStorageType, syslogParamsRowStatus, syslogAllowedHostsAddressType, syslogAllowedHostsAddress, syslogAllowedHostsMaskLen, syslogAllowedHostsTransport, syslogAllowedHostsPort, syslogAllowedHostsStorageType, syslogAllowedHostsRowStatus } STATUS current DESCRIPTION "A collection of objects representing the run time parameters for the syslog processes. " ::= { syslogGroups 3} Expires: December 25, 2003 [Page 43] Internet Draft June 25, 2003 syslogControlGroup OBJECT-GROUP OBJECTS { syslogCtlSelectionDescr, syslogCtlSelectionHostNameIncl, syslogCtlSelectionHostName, syslogCtlSelectionProgNameIncl, syslogCtlSelectionProgName, syslogCtlSelectionPriorityIncl, syslogCtlSelectionFacility, syslogCtlSelectionSeverity, syslogCtlSelectionSeverityCompOP, syslogCtlSelectionStorageType, syslogCtlSelectionRowStatus, syslogCtlLogActionFileName, syslogCtlLogActionStorageType, syslogCtlLogActionRowStatus, syslogCtlUserActionUserID, syslogCtlUserActionStorageType, syslogCtlUserActionRowStatus, syslogCtlFwdActionDescr, syslogCtlFwdActionSrcAddrType, syslogCtlFwdActionSrcAddr, syslogCtlFwdActionDstAddrType, syslogCtlFwdActionDstAddr, syslogCtlFwdActionTransport, syslogCtlFwdActionPort, syslogCtlFwdActionFacility, syslogCtlFwdActionSeverity, syslogCtlFwdActionStorageType, syslogCtlFwdActionRowStatus, syslogCtlPipeActionCmd, syslogCtlPipeActionStorageType, syslogCtlPipeActionRowStatus } STATUS current DESCRIPTION "A collection of objects that represent the rules that describe how a message will be selected, and the action(s) that will be carried out on the selected message. " ::= { syslogGroups 4} Expires: December 25, 2003 [Page 44] Internet Draft June 25, 2003 -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- syslogCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for an agent implememting the syslog MIB. " MODULE -- this module MANDATORY-GROUPS { syslogStatsGroup } GROUP syslogSystemGroup DESCRIPTION "The syslogSystemGroup group is mandatory only for agents which support monitoring and control of the syslog system wide parameters. If only monitoring is supported then the corresponding objects must have access read-only. " GROUP syslogParamsGroup DESCRIPTION "The syslogParamsGroup group is mandatory only for agents which support monitoring and/or control of syslog processes. If only monitoring is supported then the corresponding objects must have access read-only. " GROUP syslogControlGroup DESCRIPTION "The syslogControlGroup group is mandatory only for agents which support monitoring and/or control of the rules that describe how a message will be selected and, the action(s) that will be carried out on the selected message. If only monitoring is supported then the corresponding objects must have access read-only. " ::= { syslogCompliances 1 } END Expires: December 25, 2003 [Page 45] Internet Draft June 25, 2003 5. Intellectual Property Notice The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 6. Acknowledgments The authors would like to thank David Harrington, Mark Ellison, Mike MacFaden, Dave T Perkins and members of the WIDE-netman group for their comments and suggestions. 7. Security Considerations Syslog plays a very important role in the computer and network security of an organization. SyslogMIB defines several managed objects that may be used to monitor configure and control syslog processes. As such improper manipulation of the objects represented by this MIB may lead to an attack on an important component of the computer and network security infrastructure. The objects in syslogParamsTable, syslogAllowedHostsTable, syslogCtlSelectionTable, syslogCtlLogActionTable, syslogCtlUserActionTable syslogCtlFwdActionTable, syslogCtlPipeActionTable may be misconfigured to cause syslog messages to be diverted or lost. A misconfiguration may also result in a DoS attack on a user or service. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their Expires: December 25, 2003 [Page 46] Internet Draft June 25, 2003 sensitivity/vulnerability: o syslogParamsTable: the objects in this table describe the configuration of the syslog processes. The syslogParamsProcessStatus may be used to start stop or suspend the syslog process itself. o syslogAllowedHostsTable: the objects in this table describe the hosts from which syslog messages will be accepted. Improper configuration may lead to loss of messages from an important source or a flood of messages from a, potentially rogue, source. o syslogCtlSelectionTable: the objects in this table describe selection rules for messages. Improper configuration may lead to loss of relevant messages or the collection of useless, potentially ill-intentioned, messages. o syslogCtlLogActionTable: the objects in this table describe the actions that will be carried on a received syslog message. Misconfiguration may lead to loss of important messages or misdirection of messages. o syslogCtlUserActionTable: Objects in this table describe the users that will be notified. It may be misconfigured to prevent a user from receiving an important message or to spam a user's console. o syslogCtlFwdActionTable: Objects in this table describe the forwarding action that will carried out on messages. It may be misconfigured to prevent important messages from reaching their destinations or to direct a DoS attack on a specific destination. It may also be misconfigured to send syslog messages to an improper destination - resulting in a breach of user's privacy. o syslogCtlPipeActionTable: objects in this table describe the commands that will be invoked to process a log message. This may be misconfigured to cause arbitrary programs to be invoked on the syslog receiver. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o syslogProcTable: objects in this table carry sensitive information. The counters may reveal information about the deployment and effectiveness of the relevant security systems. The counters may be analyzed to tell whether the security systems are able to detect an event or not. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Expires: December 25, 2003 [Page 47] Internet Draft June 25, 2003 It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Expires: December 25, 2003 [Page 48] Internet Draft June 25, 2003 8. References: [Normative References] [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999 [Informative References] [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999 Expires: December 25, 2003 [Page 49] Internet Draft June 25, 2003 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for the Internet-Standard Management Framework", RFC 3410, December 2002. [RFC3164] C. Lonvick, "The BSD Syslog Protocol", RFC 3164, August 2001. Expires: December 25, 2003 [Page 50] Internet Draft June 25, 2003 9. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires: December 25, 2003 [Page 51] Internet Draft June 25, 2003 10. Authors Address Glenn Mansfield Keeni Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 EMail: glenn@cysols.com Bruno Pape Enterasys Networks, Inc. 35 Industrial Way Rochester, NH 03867 USA Email: bpape@enterasys.com" Tel: +1 603 337 0446 Expires: December 25, 2003 [Page 52] Internet Draft June 25, 2003 APPENDIX This section documents the development of the draft. It will be deleted when the draft bvecomes an RFC. Revision History: REVISION "200306250000Z" -- Wed June 25 00:00 GMT 2003 DESCRIPTION "Changed the type of syslogProcLastError SnmpAdminString, from Integer32. DEFVAL { 0 ] is added to syslogAllowedHostsMaskLen MO name changed from syslogCtlSelectionHostname to syslogCtlSelectionHostName Updated the description clauses. Fixed nits pointed out in Bert's mails of YYYYMMDD and revised the document wrt the guidelines in draft-ietf-ops-mib-review-guidelines-01.txt Editorial nits fixed. " REVISION "200303030000Z" -- Mon March 03 00:00 GMT 2003 DESCRIPTION "Fixing of nits in descriptions, addition of references, addition of the following MOs syslogProcMsgsIllFormed Counter32, syslogProcStartTime TimeStamp, syslogProcLastError Integer32, syslogProcLastErrorTime TimeStamp, syslogParamsStorageType StorageType, syslogCtlFwdActionSrcAddrType InetAddressType, syslogCtlFwdActionSrcAddr InetAddress, added enumeration ''suspended(2)'' to syslogParamsProcessStatus. " REVISION "200212252343Z" -- Wed December 25 23:43 GMT 2002 DESCRIPTION "Radical revision of the MIB structure and design." Expires: December 25, 2003 [Page 53] Internet Draft June 25, 2003 REVISION "200206061841Z" -- Thu Jun 6 18:41 GMT 2002 DESCRIPTION "The initial version of this MIB module." Expires: December 25, 2003 [Page 54]