Syslog Working Group Glenn Mansfield Keeni INTERNET-DRAFT Cyber Solutions Inc. Intended Status: Proposed Standard Expires: July 25, 2007 January 26, 2007 Syslog Management Information Base Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This document is a product of the syslog Working Group. Comments should be addressed to the authors or the mailing list at syslog@ietf.org This Internet-Draft will expire on July 25, 2007. Copyright Notice Copyright (C) The IETF Trust (2007). Glenn M. Keeni. Expires: July 25, 2007 [Page 1] Internet Draft syslogMIB January 2007 Abstract This memo defines a portion of the Management Information Base (MIB), the Syslog MIB, for use with network management protocols in the Internet community. In particular, the Syslog MIB will be used to monitor and control syslog entities. Table of Contents 1. The Internet-Standard Management Framework .... 3 2. Background .................................... 3 3. The MIB Design ................................ 4 4. The Syslog MIB ................................ 6 5. Security Considerations ....................... 32 6. IANA Considerations ........................... 34 7. References .................................... 34 8 Acknowledgments ............................... 35 9. Author's Addresses ............................ 36 10. Full Copyright Statement ...................... 37 Appendix ...................................... 39 Glenn M. Keeni. Expires: July 25, 2007 [Page 2] Internet Draft syslogMIB January 2007 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 2. Background Operating systems, processes and applications, collectively termed "facilities" in the following, generate messages indicating their own status or the occurrence of events. These messages are handled by what has come to be known as the syslog application[RFCPROT]. In this document we refer to a syslog application as a syslog entity. A syslog entity sends and/or receives syslog messages. The reader is referred to [RFCPROT] for a description of the various roles of a syslog entity viz. "sender", "receiver" and "relay". The discussion in this document in general applies to a generic syslog entity. For special cases the specific role of the syslog application will be mentioned. This document defines a set of managed objects (MOs) that can be used to monitor a group of syslog entities. The SYSLOG-MIB can be used in conjunction with other MIB modules - in particular the Host Resources MIB[RFC2790]. The generic process related matters e.g. control and monitoring for status, resource usage etc. can be serviced by the corresponding entries in the Host Resources MIB. Glenn M. Keeni. Expires: July 25, 2007 [Page 3] Internet Draft syslogMIB January 2007 +------+ Syslog message ----->| Ent1 | +------+ +------+ Syslog message ----->| Ent2 |------> Syslog message +------+ +------+ | Ent3 |------> Syslog message +------+ Ent1: Syslog collector ( syslog receiver) Ent2: Syslog relay ( syslog receiver, syslog sender) Ent3: Syslog originator (syslog sender) Fig.1 Syslog entities modeled by the SYSLOG-MIB The syslog entities modeled by the SYSLOG-MIB are shown in Fig.1. A syslog receiver receives syslog messages. A syslog sender sends syslog messages to other syslog entities. A syslog relay forwards some of the received syslog messages to other syslog entities. A syslog receiver receives a syslog message and processes it. The processing will depend on the internal configuration and may involve relaying the message to another syslog entity. Note that a syslog entity may have multiple roles. Multiple syslog entities may co- exist on the same host. 3. The MIB Design. The purpose of the SYSLOG-MIB is to allow the monitoring of a group of syslog entities. This requires managed objects representing the following elements. o The default configuration parameters e.g. the default maximum message size for a syslog entity, the default port number on which a syslog receiver will listen for messages, etc. o The configuration and status related details of each syslog entity. o The statistics on syslog messages received, processed locally, relayed by each syslog entity. Glenn M. Keeni. Expires: July 25, 2007 [Page 4] Internet Draft syslogMIB January 2007 The MIB contains three subtrees. o The syslogNotifications subtree defines the set of notifications that will be used to asynchronously report the status of a syslog entity. o The syslogObjects subtree contains three subtrees. - The syslogSystem subtree services the default configuration parameters. - The syslogControlTable subtree deals with the configuration and control information for a syslog entity. - The syslogOperationsTable subtree deals with operations and statistical information about syslog messages sent and/or received by a syslog entity. o The conformance subtree defines the compliance statements. The SYSLOG-MIB module uses textual conventions defined in INET- ADDRESS-MIB[RFC4001] and SNMP-FRAMEWORK-MIB[RFC3411]. Glenn M. Keeni. Expires: July 25, 2007 [Page 5] Internet Draft syslogMIB January 2007 4. The Syslog MIB SYSLOG-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, Integer32, mib-2, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, StorageType, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; syslogMIB MODULE-IDENTITY LAST-UPDATED "200701260000Z" -- 26th January, 2007 ORGANIZATION "IETF Syslog Working Group" CONTACT-INFO " Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com Support Group E-mail: syslog@ietf.org " DESCRIPTION "The MIB module for monitoring syslog entities. In this MIB we refer to a syslog application or device as a syslog entity. A syslog entity sends and/or receives syslog messages. The reader is referred to [RFCPROT] for a description of the various roles of a syslog entity viz. ''sender'', ''receiver'' and ''relay''. The discussion in this document in general applies to a generic syslog entity. Glenn M. Keeni. Expires: July 25, 2007 [Page 6] Internet Draft syslogMIB January 2007 For special cases the specific role of the syslog application will be mentioned. Copyright (C) The IETF Trust (2007). This version of this MIB module is part of RFC XXXX; see the RFC itself for full legal notices. " -- RFC Ed.: replace XXXX with the actual RFC number & remove this -- note REVISION "200701260000Z" -- 26th January, 2007 DESCRIPTION "The initial version, published as RFC XXXX." -- RFC Ed.: replace XXXX with the actual RFC number & remove this -- note ::= { mib-2 YYYY } -- Will be assigned by IANA -- IANA Reg.: Please assign a value for "YYYY" under the -- 'mib-2' subtree and record the assignment in the SMI -- Numbers registry. -- RFC Ed.: When the above assignment has been made, please -- remove the above note -- replace "YYYY" here with the assigned value and -- remove this note. -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- Glenn M. Keeni. Expires: July 25, 2007 [Page 7] Internet Draft syslogMIB January 2007 SyslogRoles ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the roles of a syslog entity. Note that a syslog entity can have multiple roles. " REFERENCE "The Syslog Protocol [RFCPROT] sec. 3. " SYNTAX BITS { sender (0), receiver (1), relay (2) } SyslogService ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The service name or port number that this syslog receiver will bind to. The service name must resolve to a port number on the local host. " SYNTAX OCTET STRING (SIZE (0..255)) SyslogEncapsulation ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the encapsulations of the syslog message that is used between syslog application endpoints. " REFERENCE "Transmission of syslog messages over UDP [RFCUDPX], TLS Transport Mapping for Syslog [RFCTLSX], Reliable Delivery for syslog [RFCBEEP]. " SYNTAX INTEGER { other (1), none (2), -- [RFCUDPX ] (no encapsulation) tls (3), -- [RFCTLSX] beep (4) -- [RFCBEEP] Glenn M. Keeni. Expires: July 25, 2007 [Page 8] Internet Draft syslogMIB January 2007 } -- ------------------------------------------------------------- -- syslogMIB - the main groups -- ------------------------------------------------------------- syslogNotifications OBJECT IDENTIFIER ::= { syslogMIB 0 } syslogObjects OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogConformance OBJECT IDENTIFIER ::= { syslogMIB 3 } syslogSystem OBJECT IDENTIFIER ::= { syslogObjects 1 } --syslogControlTable OBJECT IDENTIFIER -- ::= { syslogObjects 2 } -- --syslogOperationsTable OBJECT IDENTIFIER -- ::= { syslogObjects 3 } -- ------------------------------------------------------------- -- syslogSystem -- ------------------------------------------------------------- -- The default parameters Glenn M. Keeni. Expires: July 25, 2007 [Page 9] Internet Draft syslogMIB January 2007 syslogDefaultService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-only STATUS current DESCRIPTION "The default service name or port number that a syslog receiver will bind to. " REFERENCE "Transmission of syslog messages over UDP [RFCUDPX] Sec. 3.3. " DEFVAL { "514" } ::= { syslogSystem 1 } syslogDefaultEncapsulation OBJECT-TYPE SYNTAX SyslogEncapsulation MAX-ACCESS read-only STATUS current DESCRIPTION "The default encapsulation used by a syslog receiver to receive syslog messages. " DEFVAL { none } ::= { syslogSystem 2 } -- ------------------------------------------------------------- -- syslog entity configuration info table -- ------------------------------------------------------------- syslogControlTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing the configuration parameters pertaining to the syslog entities serviced by an SNMP agent. " ::= { syslogObjects 2 } Glenn M. Keeni. Expires: July 25, 2007 [Page 10] Internet Draft syslogMIB January 2007 syslogControlEntry OBJECT-TYPE SYNTAX SyslogControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration parameters pertaining to a syslog entity. " INDEX { syslogControlIndex } ::= { syslogControlTable 1 } SyslogControlEntry ::= SEQUENCE { syslogControlIndex Unsigned32, syslogControlDescr SnmpAdminString, syslogControlRoles SyslogRoles, syslogControlBindAddrType InetAddressType, syslogControlBindAddr InetAddress, syslogControlService SyslogService, syslogControlEncapsulation SyslogEncapsulation, syslogControlMaxMessageSize Unsigned32, syslogControlConfFileName SnmpAdminString, syslogControlStorageType StorageType, syslogControlRowStatus RowStatus } Glenn M. Keeni. Expires: July 25, 2007 [Page 11] Internet Draft syslogMIB January 2007 syslogControlIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog entity in the syslogControlTable. The value of the index for a syslog entity may not be the same across system reboots. Users and Applications will need to determine the index of a syslog entity after system reboots. " ::= { syslogControlEntry 1 } syslogControlDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A user definable description of the syslog entity. This description could be used by syslog management applications e.g. in reports or in user interfaces. " ::= { syslogControlEntry 2 } syslogControlRoles OBJECT-TYPE SYNTAX SyslogRoles MAX-ACCESS read-create STATUS current DESCRIPTION "The roles of the syslog entity. " ::= { syslogControlEntry 3 } syslogControlBindAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogControlBindAddr. If this syslog entity is not a syslog receiver, the value of this object will be 'unknown' (0). " Glenn M. Keeni. Expires: July 25, 2007 [Page 12] Internet Draft syslogMIB January 2007 ::= { syslogControlEntry 4 } syslogControlBindAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The specific address the syslog receiver will bind to. The format of the address is specified by the corresponding syslogControlBindAddrType object. If the address is specified in the DNS domain name format [syslogControlBindAddrType = 'dns'], the corresponding IPv4 or IPv6 address obtained at the time of the binding operation by the syslog entity, will be used. If this syslog entity is not a syslog receiver, the value of this object will be a zero-length string. " ::= { syslogControlEntry 5 } syslogControlService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-create STATUS current DESCRIPTION "The service name or port number that this syslog receiver will bind to. If this syslog entity is not a syslog receiver the value of this object will be zero. If no value is specified, the syslog entity will use the service name or port number specified in syslogDefaultService. " ::= { syslogControlEntry 6 } syslogControlEncapsulation OBJECT-TYPE SYNTAX SyslogEncapsulation MAX-ACCESS read-create STATUS current DESCRIPTION "The encapsulation that will be used for syslog messages by the syslog receiver. Glenn M. Keeni. Expires: July 25, 2007 [Page 13] Internet Draft syslogMIB January 2007 If this syslog entity is not a syslog receiver the value of this object will be ''other''. If no value is specified, the syslog receiver will use the encapsulation specified in syslogDefaultEncapsulation. " ::= { syslogControlEntry 7 } syslogControlMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum size of the syslog messages in bytes for this syslog entity. A syslog receiver may reject or truncate messages larger than the specified maximum syslog message size. " REFERENCE "The Syslog Protocol [RFCPROT] sec. 6.1. " ::= { syslogControlEntry 8 } syslogControlConfFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the configuration file where the syslog entity's message selection and corresponding action rules will be read from. If the syslog entity does not support the specification of a configuration file, the value of this object will be a zero-length string. " DEFVAL { "/etc/syslog.conf" } ::= { syslogControlEntry 9 } Glenn M. Keeni. Expires: July 25, 2007 [Page 14] Internet Draft syslogMIB January 2007 syslogControlStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile or permanent storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " DEFVAL { nonVolatile } ::= { syslogControlEntry 11 } syslogControlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create, modify and delete rows in the syslogControlTable. The value of syslogControlDescr can be changed when this object is in state ''active'' or in ''notInService''. The other objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', b. change the values of the row c. change the row status to ''active'' The syslogControlRowStatus may be changed to ''active'' if all the managed objects in the conceptual row with MAX-ACCESS read-create except syslogControlService and syslogControlEncapsulation have been assigned valid values. " ::= { syslogControlEntry 12 } Glenn M. Keeni. Expires: July 25, 2007 [Page 15] Internet Draft syslogMIB January 2007 -- ------------------------------------------------------------- -- syslogOperations -- ------------------------------------------------------------- syslogOperationsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogOperationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing operations information about the syslog entities serviced by an SNMP agent. This table complements the (configuration) information in syslogControlTable . " ::= { syslogObjects 3 } syslogOperationsEntry OBJECT-TYPE SYNTAX SyslogOperationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The operations information pertaining to a syslog entity. " AUGMENTS { syslogControlEntry } ::= { syslogOperationsTable 1 } Glenn M. Keeni. Expires: July 25, 2007 [Page 16] Internet Draft syslogMIB January 2007 SyslogOperationsEntry ::= SEQUENCE { syslogOperationsMsgsReceived Counter32, syslogOperationsMsgsTransmitted Counter32, syslogOperationsMsgsRelayed Counter32, syslogOperationsMsgsDropped Counter32, syslogOperationsMsgsMalFormed Counter32, syslogOperationsMsgsDiscarded Counter32, syslogOperationsLastMsgRecdTime TimeStamp, syslogOperationsLastMsgTransmittedTime TimeStamp, syslogOperationsStartTime TimeStamp, syslogOperationsLastError SnmpAdminString, syslogOperationsLastErrorTime TimeStamp, syslogOperationsRunIndex Integer32, syslogOperationsCounterDiscontinuityTime TimeStamp, syslogOperationsStatus INTEGER } syslogOperationsMsgsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog receiver. This includes messages that were discarded. If this syslog entity is not a syslog receiver the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, Glenn M. Keeni. Expires: July 25, 2007 [Page 17] Internet Draft syslogMIB January 2007 and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 1 } syslogOperationsMsgsTransmitted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages transmitted by the syslog sender. This does not include the messages that could not be queued for transmission by the syslog sender. If this syslog entity is not a syslog sender the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 2 } syslogOperationsMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog relay to other syslog entities. If this syslog entity is not a syslog relay the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFCPROT] sec. 3. " ::= { syslogOperationsEntry 3 } Glenn M. Keeni. Expires: July 25, 2007 [Page 18] Internet Draft syslogMIB January 2007 syslogOperationsMsgsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that could not be queued for transmission by the syslog sender. If this syslog entity is not a syslog sender the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 4 } syslogOperationsMsgsMalFormed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog receiver which had malformed header. If this syslog entity is not a syslog receiver, then this object will have a zero value. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFCPROT] sec. 6.3. " ::= { syslogOperationsEntry 5 } syslogOperationsMsgsDiscarded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were discarded by the syslog receiver. This will include messages that were discarded because the message size was greater than the system's maximum message size. If this syslog entity is not a syslog receiver this Glenn M. Keeni. Expires: July 25, 2007 [Page 19] Internet Draft syslogMIB January 2007 object will have a zero value. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFCPROT] sec. 6.1. " ::= { syslogOperationsEntry 6 } syslogOperationsLastMsgRecdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last message was received by the syslog receiver. If this syslog entity is not a syslog receiver or, if no messages have been received by this syslog entity, since the last re-initialization of the local SNMP management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 7 } syslogOperationsLastMsgTransmittedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last message was transmitted by the syslog sender. If this syslog entity is not a syslog sender or, if no messages have been transmitted by this syslog entity, since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 8 } Glenn M. Keeni. Expires: July 25, 2007 [Page 20] Internet Draft syslogMIB January 2007 syslogOperationsStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this syslog entity was started. " ::= { syslogOperationsEntry 9 } syslogOperationsLastError OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A description of the last error related to sending, receiving or processing a syslog message that was encountered by this syslog entity. If no error has been encountered by this syslog entity then the value of this object will be a zero-length string. If no error has been encountered by this syslog entity since the last re-initialization of the local management subsystem then the value of this object will be a zero-length string. " ::= { syslogOperationsEntry 10 } syslogOperationsLastErrorTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last error was encountered. If no error has been encountered by this syslog entity since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 11 } Glenn M. Keeni. Expires: July 25, 2007 [Page 21] Internet Draft syslogMIB January 2007 syslogOperationsRunIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "If the Host resource MIB is instantiated on the host then this entry will have the value of the hrSWRunIndex of the corresponding entry in the hrSWRunTable. Note that the hrSWRunIndex is not persistent across system reboots or software restarts. The value of syslogOperationsRunIndex SHOULD reference the latest value of the hrSWRunIndex of the corresponding entry in the hrSWRunTable. The special value of zero indicates that the Host resource MIB is not instantiated. " ::= { syslogOperationsEntry 12 } syslogOperationsCounterDiscontinuityTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which any one or more of this syslog entity's counters, viz., counters with OID prefix 'syslogOperationsMsgsReceived' or 'syslogOperationsMsgsTransmitted' or 'syslogOperationsMsgsRelayed' or 'syslogOperationsMsgsDropped' or 'syslogOperationsMsgsMalFormed' or 'syslogOperationsMsgsDiscarded' suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 13 } Glenn M. Keeni. Expires: July 25, 2007 [Page 22] Internet Draft syslogMIB January 2007 syslogOperationsStatus OBJECT-TYPE SYNTAX INTEGER { unknown (1), started (2), suspended(3), stopped (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the syslog entity. " DEFVAL { unknown } ::= { syslogOperationsEntry 14 } syslogStatusChanged NOTIFICATION-TYPE OBJECTS { syslogControlDescr, syslogControlRoles, syslogControlBindAddrType, syslogControlBindAddr, syslogControlService, syslogControlEncapsulation, syslogControlConfFileName, syslogOperationsStatus } STATUS current DESCRIPTION "This notification is sent when a syslog entity changes state. For example when the syslog entity starts [syslogOperationsStatus is ''started'' ] or the syslog entity stops [syslogOperationsStatus is ''suspended'' or ''stopped'']. The value of syslogOperationsStatus will be the new status of the syslog entity after the change. The syslog entity corresponding to the notification will be identified by the syslogOperationsIndex instance identifier of the objects in the notification. " ::= { syslogNotifications 1 } Glenn M. Keeni. Expires: July 25, 2007 [Page 23] Internet Draft syslogMIB January 2007 -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- syslogGroups OBJECT IDENTIFIER ::= { syslogConformance 1 } syslogCompliances OBJECT IDENTIFIER ::= { syslogConformance 2 } -- ------------------------------------------------------------- -- units of conformance -- ------------------------------------------------------------- syslogDefaultGroup OBJECT-GROUP OBJECTS { syslogDefaultService, syslogDefaultEncapsulation } STATUS current DESCRIPTION "A collection of objects providing default parameters for syslog entities " ::= { syslogGroups 1} syslogOperationsGroup OBJECT-GROUP OBJECTS { -- syslogOperationsIndex, syslogOperationsMsgsReceived, syslogOperationsMsgsTransmitted, syslogOperationsMsgsRelayed, syslogOperationsMsgsDropped, syslogOperationsMsgsMalFormed, syslogOperationsMsgsDiscarded, syslogOperationsLastMsgRecdTime, syslogOperationsLastMsgTransmittedTime, syslogOperationsStartTime, syslogOperationsLastError, syslogOperationsLastErrorTime, syslogOperationsRunIndex, syslogOperationsCounterDiscontinuityTime, syslogOperationsStatus } STATUS current Glenn M. Keeni. Expires: July 25, 2007 [Page 24] Internet Draft syslogMIB January 2007 DESCRIPTION "A collection of objects providing message related statistics." ::= { syslogGroups 2} syslogControlGroup OBJECT-GROUP OBJECTS { syslogControlDescr, syslogControlRoles, syslogControlBindAddrType, syslogControlBindAddr, syslogControlEncapsulation, syslogControlService, syslogControlMaxMessageSize, syslogControlConfFileName, syslogControlStorageType, syslogControlRowStatus } STATUS current DESCRIPTION "A collection of objects representing the run time parameters for the syslog entities. " ::= { syslogGroups 3} syslogNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { syslogStatusChanged } STATUS current DESCRIPTION "A collection of notifications about the operational state of a syslog entity. " ::= { syslogGroups 4} Glenn M. Keeni. Expires: July 25, 2007 [Page 25] Internet Draft syslogMIB January 2007 -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- syslogFullCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB with support for writable objects and notifications. Such an implementation can be both monitored and configured via SNMP. It can also send notifications about change in the operational status of the syslog entity. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup, syslogDefaultGroup, syslogOperationsGroup, syslogControlGroup } ::= { syslogCompliances 1 } syslogFullCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB with support for writable objects. Such an implementation can be both monitored and configured via SNMP. " MODULE -- this module MANDATORY-GROUPS { syslogDefaultGroup, syslogOperationsGroup, syslogControlGroup } ::= { syslogCompliances 2 } Glenn M. Keeni. Expires: July 25, 2007 [Page 26] Internet Draft syslogMIB January 2007 syslogReadOnlyCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the syslog MIB without support for read-write (i.e. in read-only mode). It can also send notifications about change in the operational status of the syslog entity. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup, syslogDefaultGroup, syslogOperationsGroup, syslogControlGroup } OBJECT syslogControlDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRoles MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlService MIN-ACCESS read-only DESCRIPTION "Write access is not required. " Glenn M. Keeni. Expires: July 25, 2007 [Page 27] Internet Draft syslogMIB January 2007 OBJECT syslogControlEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlMaxMessageSize MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 3 } syslogReadOnlyCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the syslog MIB without support for read-write (i.e. in read-only mode). " MODULE -- this module MANDATORY-GROUPS { syslogDefaultGroup, syslogOperationsGroup, syslogControlGroup } Glenn M. Keeni. Expires: July 25, 2007 [Page 28] Internet Draft syslogMIB January 2007 OBJECT syslogControlDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRoles MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlService MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlMaxMessageSize MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " Glenn M. Keeni. Expires: July 25, 2007 [Page 29] Internet Draft syslogMIB January 2007 OBJECT syslogControlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 4 } syslogNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB and support only notifications about change in the operational status of a syslog entity. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup } ::= { syslogCompliances 5 } END Glenn M. Keeni. Expires: July 25, 2007 [Page 30] Internet Draft syslogMIB January 2007 5. Security Considerations Syslog plays a very important role in the computer and network security of an organization. SYSLOG-MIB defines several managed objects that may be used to monitor, configure and control syslog entities. As such improper manipulation of the objects represented by this MIB may lead to an attack on an important component of the computer and network security infrastructure. The objects in syslogControlTable may be misconfigured to cause syslog messages to be diverted or lost. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o syslogControlTable: The objects in this table describe the configuration of the syslog entities. It may be misconfigured to start up a very large number of syslog entities (processes) and deny the system of its resources. o syslogControlBindAddr: This object may be misconfigured to bind syslog entity to the wrong address. This will cause messages to be lost. o syslogControlService : This object may be misconfigured to bind syslog entity to the wrong service (port). This will cause messages to be lost. o syslogControlMaxMessageSize: This message may be misconfigured to set the wrong MaxMessageSize for the syslog entity. It may cause syslog messages to be lost. o syslogControlConfFileName: This object may be misconfigured to start the syslog entity with the wrong (rogue) configuration. o syslogControlStorageType: This object may be misconfigured to set the wrong storage type. That may cause confusion, operational errors and/or loss of information. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or Glenn M. Keeni. Expires: July 25, 2007 [Page 31] Internet Draft syslogMIB January 2007 vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o syslogOperationsTable: Objects in this table carry sensitive information. The counters may reveal information about the deployment and effectiveness of the relevant security systems. The counters may be analyzed to tell whether the security systems are able to detect an event or not. o syslogOperationsLastError: This object may contain sensitive information e.g. user-id, password etc. depending on the implementation of the syslog entity. It may reveal details about the syslog implementation itself, e.g. version, OS etc. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Glenn M. Keeni. Expires: July 25, 2007 [Page 32] Internet Draft syslogMIB January 2007 6. IANA Considerations The MIB modules in this document use the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- syslogMIB { mib-2 YYYY } IANA Reg.: Please assign a value under the 'mib-2' subtree for the 'syslogMIB' MODULE-IDENTITY and record the assignment in the SMI Numbers registry. RFC Ed.: When the above assignments have been made, please - remove the above note - replace "YYYY" here with the assigned values and - remove this note. 7. References 7.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirements Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999 [RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. Glenn M. Keeni. Expires: July 25, 2007 [Page 33] Internet Draft syslogMIB January 2007 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and Schoenwaelder, J., "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFCPROT] Gerhards, R., "The syslog Protocol", draft-ietf-syslog-protocol-17.txt, work in progress, June 2006. [RFCUDPX] Okmianski, A., "Transmission of syslog messages over UDP", draft-ietf-syslog-transport-udp-07.txt work in progress, May 2006. [RFCTLSX] Miao, F., and Yuzhi, M., "TLS Transport Mapping for Syslog", draft-ietf-syslog-transport-tls-06.txt, work in progress, December 2006. [RFCBEEP] New, D., and Rose, M., "Reliable Delivery for syslog", RFC 3195, November 2001 7.2 Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for the Internet-Standard Management Framework", RFC 3410, December 2002. [RFC2790] Waldbusser, S., and Grillo, P., "Host Resources MIB", RFC 2790, March 2000. 8. Acknowledgments The initial draft of this document was authored by Bruno Pape. The authors would like to thank Mark Ellison, David Harrington, Mike MacFaden, Dave T Perkins, Tom Petch, Juergen Schoenwaelder, Rohit M, Bert Wijnen and members of the WIDE-netman group for their comments and suggestions. Glenn M. Keeni. Expires: July 25, 2007 [Page 34] Internet Draft syslogMIB January 2007 9. Author's Addresses Glenn Mansfield Keeni Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 EMail: glenn@cysols.com Glenn M. Keeni. Expires: July 25, 2007 [Page 35] Internet Draft syslogMIB January 2007 10. Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Glenn M. Keeni. Expires: July 25, 2007 [Page 36] Internet Draft syslogMIB January 2007 Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Glenn M. Keeni. Expires: July 25, 2007 [Page 37] Internet Draft syslogMIB January 2007 APPENDIX This section documents the development of the draft. It will be deleted when the draft becomes an RFC. Revision History: Changes from draft-ietf-syslog-device-mib-13.txt to draft-ietf-syslog-device-mib-14.txt 1. Changed the object hierarchy and naming from | +--syslogObjects(1) | | | +--syslogSystem(1) | | | +--syslogEntity(2) | | | +--syslogEntityControlTable(1) | | | +--syslogEntityOperationsTable(2) to | +--syslogObjects(1) | | | +--syslogSystem(1) | | | +--syslogControlTable(2) | | | +--syslogOperationsTable(3) | 2. Removed the reference to UDP transport in section 2. 3. Put back SyslogSeverity and SyslogFacility TCs. 4. Revised the DESCRIPTION of syslogOperationsMsgsReceived 5. Added syslogOperationsMsgsTransmitted 6. Revised the DESCRIPTION of syslogOperationsLastMsgRecdTime 7. Renamed syslogOperationsReference to syslogOperationsRunIndex Changes from draft-ietf-syslog-device-mib-12.txt to draft-ietf-syslog-device-mib-13.txt Glenn M. Keeni. Expires: July 25, 2007 [Page 38] Internet Draft syslogMIB January 2007 1. Removed reference to RFC3164. 2. Added TC SyslogEncapsulation removed syslogDefaultTransportDomain, syslogEntityControlTransportDomain Added syslogDefaultEncapsulation, syslogEntityControlEncapsulation 3. Modified the DESCRIPTION clauses for syslogEntityControlMaxMessageSize, syslogEntityOperationsMsgsReceived, syslogEntityOperationsMsgsRelayed, syslogEntityOperationsMsgsIllFormed, syslogEntityOperationsMsgsIgnored, 4. Changed name from syslogEntityOperationsMsgsIllFormed to syslogEntityOperationsMsgsMalFormed from syslogEntityOperationsMsgsIgnored to syslogEntityOperationsMsgsDiscarded 5. Revised figure 1. 6. Added MO syslogEntityControlRoles 7. renamed syslogEntityControlStatus to syslogEntityOperationsStatus moved this object from syslogEntityControlEntry to syslogEntityOperationsEntry 8. Removed MOs syslogDefaultFacility syslogDefaultSeverity 9. Removed TCs SyslogFacility SyslogSeverity 10. Added the TC SyslogRoles 11. Added the MO syslogEntityControlRoles 12. Replaced references to "local time" by "value of sysUpTime" 13. Revised the DESCRIPTION syslogEntityStatusChange Glenn M. Keeni. Expires: July 25, 2007 [Page 39] Internet Draft syslogMIB January 2007 14. Revised the DESCRIPTION of the MOs to cover the exception cases. 15. Revised the text to clear ambiguities about the role of the "syslog entity". 16. Editorial nits. Changes from draft-ietf-syslog-device-mib-11.txt to draft-ietf-syslog-device-mib-12.txt 1. Added text in introduction and in the DESCRIPTION of the MIB module to explain the terminology used in the document. Ref. Comment 1.1, 1.2, 1.3, 1.4. 2. Changed "group" to "subtree" in Section 3 (The MIB Design). Ref. Comment 1.5 3. Removed enumeration "other" from the enumeration for SyslogSeverity. This case does not arise. Ref. Comment 1.6 4. Revised DESCRIPTION of syslogEntityControlStorageType Ref. comment 2.3 5. Revised DESCRIPTION of syslogEntityStatusChanged Ref. Comment 2.4 6. Updated the boilerplate for the Copyright notice. Ref. Comment 2.7 7. Changed "should" to "SHOULD" in DESCRIPTION of syslogEntityOperationsReference Ref. Comment 3.2 8. Changed RFCPROT to "[RFCPROT]" in REFERENCE of syslogDefaultTransportDomain Changes from draft-ietf-syslog-device-mib-9.txt to draft-ietf-syslog-device-mib-11.txt [Note: The changes to the mib-9.txt and mib-10.txt are consolidated below.] 1. Namings changed: Page-8. changed the duplicate instances of auth and cron to auth1, auth2, cron1, cron2 changed: SyslDevOpsEntry -> SyslogEntityOperationsEntry syslEntOpsEntry -> syslogEntityOperationsEntry SyslDevCtlEntry -> SyslogEntityControlEntry syslEntCtlEntry -> syslogEntityControlEntry syslEntOpsTable -> syslogEntityOperationsTable Glenn M. Keeni. Expires: July 25, 2007 [Page 40] Internet Draft syslogMIB January 2007 syslogDevice -> syslogDevice syslEntCtlProcDescr -> syslogEntityControlDescr syslEntOpsLastMsgDeliveredTime -> syslogEntityOperationsLastMsgTransmittedTime. syslDevOpsGroup -> syslogEntityOperationsGroup 2. Added TRANSPORT-ADDRESS-MIB[RFC3419] to the text on section 3 (and 7.1 Normative References). 3. MIB. Fixed MIB nits. 4. Added text about the expected persistency behaviour of the read-write objects in the corresponding DESCRIPTION clauses. syslogDefaultTransport syslogDefaultService syslogDefaultFacility syslogDefaultSeverity 5. Replaced syslogDefaultTransport OBJECT-TYPE SYNTAX TransportAddressType and syslEntCtlTransport OBJECT-TYPE SYNTAX TransportAddressType by syslogDefaultTransportDomain OBJECT-TYPE SYNTAX TransportDomain syslogEntityControlTransportDomain OBJECT-TYPE SYNTAX TransportDomain 6. Changed the ordering of syslEntOpsTable ::= { syslogDevice 1 } syslEntCtlTable ::= { syslogDevice 2 } to syslogEntityControlTable ::= { syslogEntity 1 } syslogEntityOperationsTable ::= { syslogEntity 2 } 7. The tree structure is changed from syslogSystem OBJECT IDENTIFIER ::= { syslogMIB 1 } Glenn M. Keeni. Expires: July 25, 2007 [Page 41] Internet Draft syslogMIB January 2007 syslogDevice OBJECT IDENTIFIER ::= { syslogMIB 2 } to, syslogObjects OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogSystem OBJECT IDENTIFIER ::= { syslogObjects 1 } syslogEntity OBJECT IDENTIFIER ::= { syslogObjects 2 } 8. syslogEntityOperationsEntry AUGMENTS { syslogEntityControlEntry } 9. Added syslogEntityOperationsCounterDiscontinuityTime OBJECT-TYPE to indicate whether 'syslogEntityOperationsMsgsReceived' or 'syslogEntityOperationsMsgsRelayed' or 'syslogEntityOperationsMsgsDropped' or 'syslogEntityOperationsMsgsIllFormed' or 'syslogEntityOperationsMsgsIgnored' suffered a discontinuity. Revised the DESCRIPTION of the above Objects. 10. Changed all references of "syslog process", "syslog device" to "syslog entity". 11. Changed syntax of syslogEntityOperationsReference from syslEntOpsReference OBJECT-TYPE SYNTAX Integer32 to syslogEntityOperationsReference OBJECT-TYPE SYNTAX Integer32 (0..2147483647) 12. Revised the DESCRIPTION clauses of syslogEntityControlTable syslogEntityOperationsReference syslogEntityControlBindAddrType syslogEntityControlBindAddr syslogEntityControlTransportDomain syslogEntityControlService syslogEntityControlConfFileName Glenn M. Keeni. Expires: July 25, 2007 [Page 42] Internet Draft syslogMIB January 2007 syslogEntityControlStatus syslogEntityControlRowStatus syslogEntityOperationsTable syslogEntityControlTable syslogEntityOperationsMsgsDropped syslogEntityOperationsReference syslogEntityControlEntry 13. Added DEFVAL { nonVolatile } to syslogEntityControlStorageType 14. Merged the NOTIFICATIONs syslEntStarted syslEntStopped into syslogEntityStatusChanged 15. Overhauled the syslogCompliance tree 16. idnits fixed. 17. IANA considerations section revised. 17. Labels and Captions in figure 1 are revised. 18. Revised DESCRIPTION clauses of SyslogSeverity syslogDefaultFacility syslogDefaultSeverity 19. syslogDefaultMaxMessageSize is deleted revised the DESCRIPTION of syslogEntityControlMaxMessageSize 20. editorial fixes The changes upto draft-ietf-syslog-device-mib-9.txt are documented below in the form of MIB Revision clauses. REVISION "200609040000Z" -- 9th September 2006 DESCRIPTION " o The draft has been aligned with the current standards track documents syslog-protocol-17.txt and syslog-transport-udp-07.txt: the REFERNCE clauses have changed. o The TEXTUAL-CONVENTION SyslogTransport has been replaced by the TransportAddressType. Glenn M. Keeni. Expires: July 25, 2007 [Page 43] Internet Draft syslogMIB January 2007 o The TEXTUAL-CONVENTION SyslogFacility and SyslogSeverity have been aligned with syslog-protocol-17.txt o A paragraph has been added to list the related MIBs from which MOS and TEXTUAL-CONVENTIONs have been imported. o The target of this MIB is now called a syslog entity. [ Earlier it was referred to as a syslog device.] The prefix syslDev has been changed to syslEnt o The DEFVALS have been aligned with the reference documents. o The REFERENCE section has been updated. o The OID for syslogConformance has been changed from 4 to 3. " REVISION "200607250000Z" -- 25th July 2006 DESCRIPTION "the internet draft's version number has been changed (7->8). " REVISION "200511250000Z" -- 25th November 2005 DESCRIPTION "A near complete overhaul of the MIB and the document. The BSD-syslog flavor has been abandoned in favor of a more generic syslog-protocol document that is under preparation. TBD. The reference clauses need to be redone once the new syslog document is ready. List of authors changed. Original draft author Bruno Pape is acknowledged in the Acknowledgments section. Editorial nits fixed. " REVISION "200406160000Z" -- Mon Feb 16 00:00 GMT 2004 DESCRIPTION "Major change. The configuration parts have been removed. Updated the description clauses. Glenn M. Keeni. Expires: July 25, 2007 [Page 44] Internet Draft syslogMIB January 2007 Editorial nits fixed. " REVISION "200306250000Z" -- Wed June 25 00:00 GMT 2003 DESCRIPTION "Changed the type of syslogProcLastError SnmpAdminString, from Integer32. DEFVAL { 0 ] is added to syslogAllowedHostsMaskLen MO name changed from syslogCtlSelectionHostname to syslogCtlSelectionHostName Updated the description clauses. Fixed nits pointed out in Bert's mails of 20030319 and revised the document wrt the guidelines in draft-ietf-ops-mib-review-guidelines-01.txt Editorial nits fixed. " REVISION "200303030000Z" -- Mon March 03 00:00 GMT 2003 DESCRIPTION "Fixing of nits in descriptions, addition of references, addition of the following MOs syslogProcMsgsIllFormed Counter32, syslogProcStartTime TimeStamp, syslogProcLastError Integer32, syslogProcLastErrorTime TimeStamp, syslDevCtlStorageType StorageType, syslogCtlFwdActionSrcAddrType InetAddressType, syslogCtlFwdActionSrcAddr InetAddress, added enumeration ''suspended(2)'' to syslDevCtlStatus. " REVISION "200212252343Z" -- Wed December 25 23:43 GMT 2002 DESCRIPTION "Radical revision of the MIB structure and design." REVISION "200206061841Z" -- Thu Jun 6 18:41 GMT 2002 DESCRIPTION "The initial version of this MIB module." Glenn M. Keeni. Expires: July 25, 2007 [Page 45] Internet Draft syslogMIB January 2007 Glenn M. Keeni. Expires: July 25, 2007 [Page 46]