< draft-schoenw-syslog-msg-mib-01.txt   draft-schoenw-syslog-msg-mib-02.txt >
Network Working Group J. Schoenwaelder Network Working Group J. Schoenwaelder
Internet-Draft Jacobs University Bremen Internet-Draft Jacobs University Bremen
Intended status: Standards Track A. Clemm Intended status: Standards Track A. Clemm
Expires: May 7, 2009 A. Karmakar Expires: August 11, 2009 A. Karmakar
Cisco Systems Cisco Systems
November 3, 2008 February 7, 2009
Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Definitions of Managed Objects for Mapping SYSLOG Messages to Simple
Network Management Protocol (SNMP) Notifications Network Management Protocol (SNMP) Notifications
draft-schoenw-syslog-msg-mib-01.txt ($Rev: 2846 $) draft-schoenw-syslog-msg-mib-02.txt ($Rev: 3063 $)
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79.
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 7, 2009. This Internet-Draft will expire on August 11, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it defines a mapping of SYSLOG messages to Simple In particular, it defines a mapping of SYSLOG messages to Simple
Network Management Protocol (SNMP) notifications. Network Management Protocol (SNMP) notifications.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3
3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 5
6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 7. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 17
8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
9.1. Normative References . . . . . . . . . . . . . . . . . . . 16 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19
9.2. Informative References . . . . . . . . . . . . . . . . . . 16 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 11.1. Normative References . . . . . . . . . . . . . . . . . . 19
Intellectual Property and Copyright Statements . . . . . . . . . . 18 11.2. Informative References . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
SNMP [RFC3410] [RFC3411] and SYSLOG [I-D.ietf-syslog-protocol] are SNMP [RFC3410] [RFC3411] and SYSLOG [I-D.ietf-syslog-protocol] are
two widely used protocols to communicate event notifications. two widely used protocols to communicate event notifications.
Although co-existence of several management protocols in one Although co-existence of several management protocols in one
operational environment is possible, certain environments require operational environment is possible, certain environments require
that all event notifications are collected by a single system daemon that all event notifications are collected by a single system daemon
such as a SYSLOG collector or an SNMP notification receiver via a such as a SYSLOG collector or an SNMP notification receiver via a
single management protocol. In such environments, it is necessary to single management protocol. In such environments, it is necessary to
skipping to change at page 3, line 46 skipping to change at page 3, line 46
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
4. Overview 4. Overview
SYSLOG messages are converted by a SYSLOG to SNMP converter. Such a SYSLOG messages are converted by a SYSLOG to SNMP converter. Such a
converter acts as a SYSLOG receiver [I-D.ietf-syslog-protocol] and converter acts as a SYSLOG receiver [I-D.ietf-syslog-protocol] and
implements a MIB module according to the SNMP architecture [RFC3411]. implements a MIB module according to the SNMP architecture [RFC3411].
The converter might be tighly coupled to an SNMP agent or it might The converter might be tightly coupled to an SNMP agent or it might
interface with an SNMP agent via a subagent protocol. interface with an SNMP agent via a subagent protocol.
After initialization, the converter will listen for SYSLOG messages. After initialization, the converter will listen for SYSLOG messages.
On receiving a message, the message will be parsed to extract On receiving a message, the message will be parsed to extract
information as described in the MIB module. A conceptual table is information as described in the MIB module. A conceptual table is
populated with information extracted from the SYSLOG message and populated with information extracted from the SYSLOG message and
finally a notification may be generated. finally a notification may be generated.
The MIB module is organized into a group of scalars and two tables.
The syslogMsgControl group contains two scalars controlling the
maximum size of SYSLOG messages recorded in the tables and whether
SNMP notifications are generated for SYSLOG messages.
--syslogMsgObjects(1)
|
+--syslogMsgControl(1)
|
+-- Unsigned32 syslogMsgTableMaxSize(1)
+-- TruthValue syslogMsgEnableNotifications(2)
The syslogMsgTable contains one entry for each recorded SYSLOG
message. The basic fields of SYSLOG messages are represented in
different columns of the conceptual table.
--syslogMsgObjects(1)
|
+--syslogMsgTable(2)
|
+--syslogMsgEntry(1) [syslogMsgIndex]
|
+-- Unsigned32 syslogMsgIndex(1)
+-- SyslogFacility syslogMsgFacility(2)
+-- SyslogSeverity syslogMsgSeverity(3)
+-- Unsigned32 syslogMsgVersion(4)
+-- DateAndTimeMicroSeconds syslogMsgTimeStamp(5)
+-- DisplayString syslogMsgHostName(6)
+-- DisplayString syslogMsgAppName(7)
+-- DisplayString syslogMsgProcID(8)
+-- DisplayString syslogMsgMsgID(9)
+-- OctetString syslogMsgMsg(10)
+-- Bits syslogMsgFlags(11)
The syslogMsgSDTable contains one entry for each structured data
element parameter contained in a SYSLOG message. Since structured
data elements are optional, the relationship between the
syslogMsgTable and the syslogMsgSDTable is 1:0..*.
--syslogMsgObjects(1)
|
+--syslogMsgSDTable(3)
|
+--syslogMsgSDEntry(1) [syslogMsgIndex,
| syslogMsgSDElementName,
| syslogMsgSDParamName,
| syslogMsgSDParamIndex]
|
+-- DisplayString syslogMsgSDElementName(1)
+-- DisplayString syslogMsgSDParamName(2)
+-- Unsigned32 syslogMsgSDParamIndex(3)
+-- SnmpAdminString syslogMsgSDParamValue(4)
5. Relationship to Other MIB Modules 5. Relationship to Other MIB Modules
The NOTIFICATION-LOG-MIB [RFC3014] provides a generic mechanism for The NOTIFICATION-LOG-MIB [RFC3014] provides a generic mechanism for
logging SNMP notifications in order to deal with lost SNMP logging SNMP notifications in order to deal with lost SNMP
notifications, e.g., due to transient communication problems. notifications, e.g., due to transient communication problems.
Applications can poll the notification log to verify that they have Applications can poll the notification log to verify that they have
not missed important SNMP notifications. not missed important SNMP notifications.
The MIB module defined in this memo provides a mechanism for logging The MIB module defined in this memo provides a mechanism for logging
SYSLOG notifications. This additional SYSLOG notification log is SYSLOG notifications. This additional SYSLOG notification log is
needed because (a) SYSLOG messages might not lead to SNMP provided because (a) SYSLOG messages might not lead to SNMP
notification (this is configurable) and (b) SNMP notifications might notification (this is configurable) and (b) SNMP notifications might
not carry all information associated with a SYSLOG notification. not carry all information associated with a SYSLOG notification.
The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578],
SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580], SNMP-FRAMEWORK-MIB SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580], SNMP-FRAMEWORK-MIB
[RFC3411], and SYSLOG-TC-MIB [I-D.ietf-syslog-tc-mib]. [RFC3411], and SYSLOG-TC-MIB [I-D.ietf-syslog-tc-mib].
6. Definitions 6. Definitions
SYSLOG-MSG-MIB DEFINITIONS ::= BEGIN SYSLOG-MSG-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, mib-2 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, mib-2
FROM SNMPv2-SMI FROM SNMPv2-SMI
DisplayString, DateAndTime, TruthValue TEXTUAL-CONVENTION, DisplayString, TruthValue
FROM SNMPv2-TC FROM SNMPv2-TC
OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF FROM SNMPv2-CONF
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
SyslogFacility, SyslogSeverity SyslogFacility, SyslogSeverity
FROM SYSLOG-TC-MIB; FROM SYSLOG-TC-MIB;
syslogMsgMib MODULE-IDENTITY syslogMsgMib MODULE-IDENTITY
LAST-UPDATED "200811030800Z" LAST-UPDATED "200902010800Z"
ORGANIZATION "IETF XXX Working Group" ORGANIZATION "IETF XXX Working Group"
CONTACT-INFO CONTACT-INFO
"Juergen Schoenwaelder "Juergen Schoenwaelder
<j.schoenwaelder@jacobs-university.de> <j.schoenwaelder@jacobs-university.de>
Jacobs University Bremen Jacobs University Bremen
Campus Ring 1 Campus Ring 1
28757 Bremen 28757 Bremen
Germany Germany
Alexander Clemm Alexander Clemm
<alex@cisco.com> <alex@cisco.com>
Cisco Systems Cisco Systems
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
USA USA
Anirban Karmakar Anirban Karmakar
<akarmaka@cisco.com> <akarmaka@cisco.com>
Cisco Systems Cisco Systems
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
USA" USA"
DESCRIPTION DESCRIPTION
"This MIB module represent SYSLOG messages as SNMP objects. "This MIB module represent SYSLOG messages as SNMP objects.
Copyright (C) The IETF Trust (2008). This version of this MIB Copyright (c) 2009 IETF Trust and the persons identified as
module is part of RFC XXXX; see the RFC itself for full legal the document authors. All rights reserved. This version of
notices." this MIB module is part of RFC XXXX; see the RFC itself for
REVISION "200804110800Z" full legal notices."
DESCRIPTION REVISION "200902010800Z"
"Initial version issued as part of RFC XXXX." DESCRIPTION
-- RFC Ed.: replace XXXX with actual RFC number & remove this note "Initial version issued as part of RFC XXXX."
::= { mib-2 XXX } -- RFC Ed.: replace XXXX with actual RFC number & remove this note
-- RFC Ed.: replace XXX with IANA-assigned number & remove this note ::= { mib-2 XXX }
-- RFC Ed.: replace XXX with IANA-assigned number & remove this note
- RFC Ed.: replace XXX with IANA-assigned number &amp; remove this note -- textual convention definitions
syslogMsgNotifications OBJECT IDENTIFIER ::= { syslogMsgMib 0 }
syslogMsgObjects OBJECT IDENTIFIER ::= { syslogMsgMib 1 }
syslogMsgConformance OBJECT IDENTIFIER ::= { syslogMsgMib 2 }
-- object definitions DateAndTimeMicroSeconds ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2d-1d-1d,1d:1d:1d.3d,1a1d:1d"
STATUS current
DESCRIPTION
"A date-time specification. This type is similar to the
DateAndTime type defined in the SNMPv2-TC except that
the subsecond granulation is microseconds instead of
deciseconds.
syslogMsgControl OBJECT IDENTIFIER ::= { syslogMsgObjects 1 } field octets contents range
----- ------ -------- -----
1 1-2 year* 0..65536
2 3 month 1..12
3 4 day 1..31
4 5 hour 0..23
5 6 minutes 0..59
6 7 seconds 0..60
(use 60 for leap-second)
7 8-10 microseconds 0..999999
8 11 direction from UTC '+' / '-'
9 12 hours from UTC* 0..13
10 13 minutes from UTC 0..59
syslogMsgTableMaxSize OBJECT-TYPE * Notes:
SYNTAX Unsigned32 - the value of year is in network-byte order
MAX-ACCESS read-write - the value of microseconds is in network-byte order
STATUS current - daylight saving time in New Zealand is +13
DESCRIPTION
"The maximum number of syslog messages that may be held in
syslogMsgTable. A particular setting does not guarantee that
much data can be held. A value of 0 means no limit.
If an application changes the limit while there are syslog For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be
messages in the syslogMsgTable, the oldest syslog messages displayed as:
MUST be discarded to bring the table down to the new limit.
The value of this object should be kept in nonvolatile 1992-5-26,13:30:15.0,-4:0
memory."
DEFVAL { 0 }
::= { syslogMsgControl 1 }
syslogMsgEnableNotifications OBJECT-TYPE Note that if only local time is known, then timezone
SYNTAX TruthValue information (fields 11-13) is not present."
MAX-ACCESS read-write SYNTAX OCTET STRING (SIZE (10 | 13))
STATUS current
DESCRIPTION
"Indicates whether syslogMsgNotification notifications are
generated.
The value of this object should be kept in nonvolatile -- object definitions
memory."
DEFVAL { false }
::= { syslogMsgControl 2 }
syslogMsgTable OBJECT-TYPE syslogMsgNotifications OBJECT IDENTIFIER ::= { syslogMsgMib 0 }
SYNTAX SEQUENCE OF SyslogMsgEntry syslogMsgObjects OBJECT IDENTIFIER ::= { syslogMsgMib 1 }
MAX-ACCESS not-accessible syslogMsgConformance OBJECT IDENTIFIER ::= { syslogMsgMib 2 }
STATUS current
DESCRIPTION
"A table containing recent syslog messages. The size of the
table is controlled by the syslogMsgTableMaxSize object."
::= { syslogMsgObjects 2 }
syslogMsgEntry OBJECT-TYPE syslogMsgControl OBJECT IDENTIFIER ::= { syslogMsgObjects 1 }
SYNTAX SyslogMsgEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of the syslogMsgTable."
INDEX { syslogMsgIndex }
::= { syslogMsgTable 1 }
SyslogMsgEntry ::= SEQUENCE { syslogMsgTableMaxSize OBJECT-TYPE
syslogMsgIndex Unsigned32, SYNTAX Unsigned32
syslogMsgFacility SyslogFacility, MAX-ACCESS read-write
syslogMsgSeverity SyslogSeverity, STATUS current
syslogMsgVersion Unsigned32, DESCRIPTION
syslogMsgTimeStamp DateAndTime, "The maximum number of syslog messages that may be held in
syslogMsgHostName DisplayString, syslogMsgTable. A particular setting does not guarantee that
syslogMsgAppName DisplayString, there is sufficient memory available for the maximum number
syslogMsgProcID DisplayString, of table entries indicated by this object. A value of 0 means
syslogMsgMsgID DisplayString, no limit.
syslogMsgMsg OCTET STRING,
syslogMsgFlags BITS
}
syslogMsgIndex OBJECT-TYPE If an application reduces the limit while there are syslog
SYNTAX Unsigned32 (1..4294967295) messages in the syslogMsgTable, the syslog messages that are
MAX-ACCESS not-accessible in the syslogMsgTable for the longest time MUST be discarded
STATUS current to bring the table down to the new limit.
DESCRIPTION
"A monotonically increasing number used to identify entries in
the syslogMsgTable. When syslogMsgIndex reaches the maximum
value the value wraps back to 1."
::= { syslogMsgEntry 1 }
syslogMsgFacility OBJECT-TYPE The value of this object should be kept in nonvolatile
SYNTAX SyslogFacility memory."
MAX-ACCESS read-only DEFVAL { 0 }
STATUS current ::= { syslogMsgControl 1 }
DESCRIPTION
"The facility of the syslog message."
::= { syslogMsgEntry 2 }
syslogMsgSeverity OBJECT-TYPE syslogMsgEnableNotifications OBJECT-TYPE
SYNTAX SyslogSeverity SYNTAX TruthValue
MAX-ACCESS read-only MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The severity of the syslog message" "Indicates whether syslogMsgNotification notifications are
::= { syslogMsgEntry 3 } generated.
syslogMsgVersion OBJECT-TYPE The value of this object should be kept in nonvolatile
SYNTAX Unsigned32 (0..999) memory."
MAX-ACCESS read-only DEFVAL { false }
STATUS current ::= { syslogMsgControl 2 }
DESCRIPTION
"The version of the syslog message. A value of 0 indicates
that the version is unknown."
::= { syslogMsgEntry 4 }
syslogMsgTimeStamp OBJECT-TYPE syslogMsgTable OBJECT-TYPE
SYNTAX DateAndTime SYNTAX SEQUENCE OF SyslogMsgEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The timestamp of the syslog message." "A table containing recent syslog messages. The size of the
::= { syslogMsgEntry 5 } table is controlled by the syslogMsgTableMaxSize object."
::= { syslogMsgObjects 2 }
-- [TODO] Need to define a DateAndTime TC which has larger precision syslogMsgEntry OBJECT-TYPE
-- to match the precision of the SYSLOG protocol. SYNTAX SyslogMsgEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of the syslogMsgTable."
INDEX { syslogMsgIndex }
::= { syslogMsgTable 1 }
syslogMsgHostName OBJECT-TYPE SyslogMsgEntry ::= SEQUENCE {
SYNTAX DisplayString (SIZE (0..255)) syslogMsgIndex Unsigned32,
MAX-ACCESS read-only syslogMsgFacility SyslogFacility,
STATUS current syslogMsgSeverity SyslogSeverity,
DESCRIPTION syslogMsgVersion Unsigned32,
"The host name of the syslog message. A zero-length string syslogMsgTimeStamp DateAndTimeMicroSeconds,
indicates an unknown host name." syslogMsgHostName DisplayString,
::= { syslogMsgEntry 6 } syslogMsgAppName DisplayString,
syslogMsgProcID DisplayString,
syslogMsgMsgID DisplayString,
syslogMsgMsg OCTET STRING,
syslogMsgFlags BITS
}
syslogMsgAppName OBJECT-TYPE syslogMsgIndex OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..48)) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The app-name of the syslog message. A zero-length string "A monotonically increasing number used to identify entries in
indicates an unknown app-name." the syslogMsgTable. When syslogMsgIndex reaches the maximum
::= { syslogMsgEntry 7 } value the value wraps back to 1."
::= { syslogMsgEntry 1 }
syslogMsgProcID OBJECT-TYPE syslogMsgFacility OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..128)) SYNTAX SyslogFacility
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The procid of the syslog message. A zero-length string "The facility of the syslog message."
indicates an unknown procid." REFERENCE
::= { syslogMsgEntry 8 } "RFCYYYY: The syslog Protocol (section 6.2.1)
RFCZZZZ: Textual Conventions for Syslog Management"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
-- RFC Ed.: replace ZZZZ with SYSLOG TC RFC number, remove this note
::= { syslogMsgEntry 2 }
syslogMsgMsgID OBJECT-TYPE syslogMsgSeverity OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32)) SYNTAX SyslogSeverity
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The msgid of the syslog message. A zero-length string "The severity of the syslog message"
indicates an unknown msgid." REFERENCE
::= { syslogMsgEntry 9 } "RFCYYYY: The syslog Protocol (section 6.2.1)
RFCZZZZ: Textual Conventions for Syslog Management"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
-- RFC Ed.: replace ZZZZ with SYSLOG TC RFC number, remove this note
::= { syslogMsgEntry 3 }
syslogMsgMsg OBJECT-TYPE syslogMsgVersion OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX Unsigned32 (0..999)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The message part of the syslog message. The syntax does not "The version of the syslog message. A value of 0 indicates
impose a size restriction. Implementations may truncate the that the version is unknown."
message part of the syslog message such that it fits into REFERENCE
the size constraints imposed by the implementation environment "RFCYYYY: The syslog Protocol (section 6.2.2)"
and the notification message size constraints. If the message -- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
has been truncated, the truncated bit in the syslogMsgFlags ::= { syslogMsgEntry 4 }
must be set to 1.
If the first octets contain the value 'EFBBBF'h, then the rest syslogMsgTimeStamp OBJECT-TYPE
of the message is a UTF-8 string. Since syslog messages may be SYNTAX DateAndTimeMicroSeconds
truncated at arbitrary octet boundaries during forwarding, the MAX-ACCESS read-only
message may contain invalid UTF-8 encodings at the end." STATUS current
::= { syslogMsgEntry 10 } DESCRIPTION
"The timestamp of the syslog message. The special value
'00000000000000000000'H is returned if the timestamp
is unknown."
REFERENCE
"RFCYYYY: The syslog Protocol (section 6.2.3)"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
::= { syslogMsgEntry 5 }
syslogMsgFlags OBJECT-TYPE syslogMsgHostName OBJECT-TYPE
SYNTAX BITS { truncated(0), sdparams(1) } SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The bits contained in this object convey meta information "The host name of the syslog message. A zero-length string
about the syslog message. The meaning of the bits is as indicates an unknown host name."
follows: REFERENCE
"RFCYYYY: The syslog Protocol (section 6.2.4)"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
::= { syslogMsgEntry 6 }
truncated - This bit is set if the converter had to syslogMsgAppName OBJECT-TYPE
truncate the syslogMsgMsg to comply with SYNTAX DisplayString (SIZE (0..48))
implementation and/or SNMP message size MAX-ACCESS read-only
constraints. STATUS current
DESCRIPTION
"The app-name of the syslog message. A zero-length string
indicates an unknown app-name."
REFERENCE
"RFCYYYY: The syslog Protocol (section 6.2.5)"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
::= { syslogMsgEntry 7 }
sdparams - This bit is set if the syslog messages syslogMsgProcID OBJECT-TYPE
contained structured data element parameters SYNTAX DisplayString (SIZE (0..128))
and serves as an indicator whether there is MAX-ACCESS read-only
data in the syslogMsgSDTable for this syslog STATUS current
message. DESCRIPTION
"The procid of the syslog message. A zero-length string
indicates an unknown procid."
REFERENCE
"RFCYYYY: The syslog Protocol (section 6.2.6)"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
::= { syslogMsgEntry 8 }
For syslog messages without structured data element parameters syslogMsgMsgID OBJECT-TYPE
that were not truncted by the converter, none of the bits is SYNTAX DisplayString (SIZE (0..32))
set." MAX-ACCESS read-only
::= { syslogMsgEntry 11 } STATUS current
DESCRIPTION
"The msgid of the syslog message. A zero-length string
indicates an unknown msgid."
REFERENCE
"RFCYYYY: The syslog Protocol (section 6.2.7)"
-- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
::= { syslogMsgEntry 9 }
syslogMsgSDTable OBJECT-TYPE syslogMsgMsg OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogMsgSDEntry SYNTAX OCTET STRING
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing structured data elements of syslog "The message part of the syslog message. The syntax does not
messages." impose a size restriction. Implementations of this MIB module
::= { syslogMsgObjects 3 } may truncate the message part of the syslog message such that
it fits into the size constraints imposed by the
implementation environment. If the message has been truncated
by the SYSLOG to SNMP converter, the truncated bit in the
syslogMsgFlags must be set to 1.
syslogMsgSDEntry OBJECT-TYPE If the first octets contain the value 'EFBBBF'h, then the rest
SYNTAX SyslogMsgSDEntry of the message is a UTF-8 string. Since syslog messages may be
MAX-ACCESS not-accessible truncated at arbitrary octet boundaries during forwarding, the
STATUS current message may contain invalid UTF-8 encodings at the end."
DESCRIPTION REFERENCE
"An entry of the syslogMsgSDTable." "RFCYYYY: The syslog Protocol (section 6.4)"
INDEX { syslogMsgIndex, syslogMsgSDElementName, -- RFC Ed.: replace YYYY with SYSLOG RFC number & remove this note
syslogMsgSDParamName, syslogMsgSDParamIndex } ::= { syslogMsgEntry 10 }
::= { syslogMsgSDTable 1 }
SyslogMsgSDEntry ::= SEQUENCE { syslogMsgFlags OBJECT-TYPE
syslogMsgSDElementName DisplayString, SYNTAX BITS { truncated(0), sdparams(1) }
syslogMsgSDParamName DisplayString, MAX-ACCESS read-only
syslogMsgSDParamIndex Unsigned32, STATUS current
syslogMsgSDParamValue SnmpAdminString DESCRIPTION
} "The bits contained in this object convey meta information
about the syslog message. The meaning of the bits is as
follows:
syslogMsgSDElementName OBJECT-TYPE truncated - This bit is set if the converter had to
SYNTAX DisplayString (SIZE (1..32)) truncate the syslogMsgMsg to comply with
MAX-ACCESS not-accessible implementation and/or SNMP message size
STATUS current constraints.
DESCRIPTION
"The name of a structured data element."
::= { syslogMsgSDEntry 1 }
syslogMsgSDParamName OBJECT-TYPE sdparams - This bit is set if the syslog messages
SYNTAX DisplayString (SIZE (1..32)) contained structured data element parameters
MAX-ACCESS not-accessible and serves as an indicator whether there is
STATUS current data in the syslogMsgSDTable for this syslog
DESCRIPTION message.
"The name of a parameter of the structured data element."
::= { syslogMsgSDEntry 2 }
syslogMsgSDParamIndex OBJECT-TYPE For syslog messages without structured data element parameters
SYNTAX Unsigned32 (1..4294967295) that were not truncated by the converter, none of the bits is
MAX-ACCESS not-accessible set."
STATUS current ::= { syslogMsgEntry 11 }
DESCRIPTION
"This objects indexes the instance of a structured data element
that occurs multiple times in a structured data element,
starting from 1. For parameters that only occure once, the
value of this object is 1."
::= { syslogMsgSDEntry 3 }
syslogMsgSDParamValue OBJECT-TYPE syslogMsgSDTable OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SEQUENCE OF SyslogMsgSDEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of the parameter of a syslog message identified by "A table containing structured data elements of syslog
the index of this table." messages."
::= { syslogMsgSDEntry 4 } ::= { syslogMsgObjects 3 }
-- notification definitions syslogMsgSDEntry OBJECT-TYPE
SYNTAX SyslogMsgSDEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of the syslogMsgSDTable."
INDEX { syslogMsgIndex, syslogMsgSDElementName,
syslogMsgSDParamName, syslogMsgSDParamIndex }
::= { syslogMsgSDTable 1 }
syslogMsgNotification NOTIFICATION-TYPE SyslogMsgSDEntry ::= SEQUENCE {
OBJECTS { syslogMsgFacility, syslogMsgSeverity, syslogMsgSDElementName DisplayString,
syslogMsgVersion, syslogMsgTimeStamp, syslogMsgSDParamName DisplayString,
syslogMsgHostName, syslogMsgAppName, syslogMsgSDParamIndex Unsigned32,
syslogMsgProcID, syslogMsgMsgID, syslogMsgSDParamValue SnmpAdminString
syslogMsgMsg, syslogMsgFlags } }
STATUS current
DESCRIPTION
"The syslogMsgNotification is generated when a new syslog
message is generated and the value of
syslogMsgGenerateNotifications is true. Implementations may
add syslogMsgSDParamValue objects as long as the resulting
notification fits into the notification message size
constraints."
::= { syslogMsgNotifications 1 }
-- conformance statements syslogMsgSDElementName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a structured data element."
::= { syslogMsgSDEntry 1 }
syslogMsgGroups OBJECT IDENTIFIER ::= { syslogMsgConformance 1 } syslogMsgSDParamName OBJECT-TYPE
syslogMsgCompliances OBJECT IDENTIFIER ::= { syslogMsgConformance 2 } SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a parameter of the structured data element."
::= { syslogMsgSDEntry 2 }
syslogMsgFullCompliance MODULE-COMPLIANCE syslogMsgSDParamIndex OBJECT-TYPE
STATUS current SYNTAX Unsigned32 (1..4294967295)
DESCRIPTION MAX-ACCESS not-accessible
"The compliance statement for implementations of the STATUS current
SYSLOG-MSG-MIB." DESCRIPTION
MODULE -- this module "This objects indexes the instance of a structured data element
MANDATORY-GROUPS { that occurs multiple times in a structured data element,
syslogMsgGroup, starting from 1. For parameters that only occure once, the
syslogMsgSDGroup, value of this object is 1."
syslogMsgControlGroup, ::= { syslogMsgSDEntry 3 }
syslogMsgNotificationGroup
}
::= { syslogMsgCompliances 1 }
syslogMsgReadOnlyCompliance MODULE-COMPLIANCE syslogMsgSDParamValue OBJECT-TYPE
STATUS current SYNTAX SnmpAdminString
DESCRIPTION MAX-ACCESS read-only
"The compliance statement for implementations of the STATUS current
SYSLOG-MSG-MIB that do not support read-write access." DESCRIPTION
MODULE -- this module "The value of the parameter of a syslog message identified by
MANDATORY-GROUPS { the index of this table."
syslogMsgGroup, ::= { syslogMsgSDEntry 4 }
syslogMsgSDGroup,
syslogMsgControlGroup,
syslogMsgNotificationGroup
} -- notification definitions
OBJECT syslogMsgTableMaxSize
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT syslogMsgEnableNotifications
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required. To be useful, the value
or this object should be true."
::= { syslogMsgCompliances 2 }
syslogMsgNotificationCompliance MODULE-COMPLIANCE syslogMsgNotification NOTIFICATION-TYPE
STATUS current OBJECTS { syslogMsgFacility, syslogMsgSeverity,
DESCRIPTION syslogMsgVersion, syslogMsgTimeStamp,
"The compliance statement for implementations of the syslogMsgHostName, syslogMsgAppName,
SYSLOG-MSG-MIB that do only generate notifications and not syslogMsgProcID, syslogMsgMsgID,
provide a table to allow read access to syslog message syslogMsgMsg, syslogMsgFlags }
details." STATUS current
MODULE -- this module DESCRIPTION
MANDATORY-GROUPS { "The syslogMsgNotification is generated when a new syslog
syslogMsgGroup, message is generated and the value of
syslogMsgSDGroup, syslogMsgGenerateNotifications is true.
syslogMsgNotificationGroup
}
OBJECT syslogMsgFacility
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgSeverity
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgVersion
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgTimeStamp
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgHostName
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgAppName
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgProcID
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgMsgID
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgMsg
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgFlags
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgSDParamValue
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
::= { syslogMsgCompliances 3 }
syslogMsgNotificationGroup NOTIFICATION-GROUP Implementations may add syslogMsgSDParamValue objects as long
NOTIFICATIONS { as the resulting notification fits into the size constraints
syslogMsgNotification imposed by the implementation environment and the notification
} message size constraints imposed by maxMessageSize [RFC3412]
STATUS current and SNMP transport mappings."
DESCRIPTION ::= { syslogMsgNotifications 1 }
"The notifications emitted by this MIB module."
::= { syslogMsgGroups 1 }
syslogMsgGroup OBJECT-GROUP -- conformance statements
OBJECTS {
-- syslogMsgIndex,
syslogMsgFacility,
syslogMsgSeverity,
syslogMsgVersion,
syslogMsgTimeStamp,
syslogMsgHostName,
syslogMsgAppName,
syslogMsgProcID,
syslogMsgMsgID,
syslogMsgMsg,
syslogMsgFlags
}
STATUS current
DESCRIPTION
"A collection of objects representing a syslog message
excluding structured data elements."
::= { syslogMsgGroups 2 }
- <span class="insert">conformance statements</span> syslogMsgGroups OBJECT IDENTIFIER ::= { syslogMsgConformance 1 }
syslogMsgSDGroup OBJECT-GROUP syslogMsgCompliances OBJECT IDENTIFIER ::= { syslogMsgConformance 2 }
OBJECTS {
-- syslogMsgSDElementName,
-- syslogMsgSDParamName,
-- syslogMsgSDParamIndex,
syslogMsgSDParamValue
}
STATUS current
DESCRIPTION
"A collection of objects representing the structured data
elements of a syslog message."
::= { syslogMsgGroups 3 }
syslogMsgControlGroup OBJECT-GROUP syslogMsgFullCompliance MODULE-COMPLIANCE
OBJECTS { STATUS current
syslogMsgTableMaxSize, DESCRIPTION
syslogMsgEnableNotifications "The compliance statement for implementations of the
} SYSLOG-MSG-MIB."
STATUS current MODULE -- this module
DESCRIPTION MANDATORY-GROUPS {
"A collection of control objects to control the size of the syslogMsgGroup,
syslogMsgTable and to enable / disable notifications." syslogMsgSDGroup,
::= { syslogMsgGroups 4 } syslogMsgControlGroup,
syslogMsgNotificationGroup
}
::= { syslogMsgCompliances 1 }
END syslogMsgReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for implementations of the
SYSLOG-MSG-MIB that do not support read-write access."
MODULE -- this module
MANDATORY-GROUPS {
syslogMsgGroup,
syslogMsgSDGroup,
syslogMsgControlGroup,
syslogMsgNotificationGroup
}
OBJECT syslogMsgTableMaxSize
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT syslogMsgEnableNotifications
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { syslogMsgCompliances 2 }
7. IANA Considerations syslogMsgNotificationCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for implementations of the
SYSLOG-MSG-MIB that do only generate notifications and not
provide a table to allow read access to syslog message
details."
MODULE -- this module
MANDATORY-GROUPS {
syslogMsgGroup,
syslogMsgSDGroup,
syslogMsgNotificationGroup
}
OBJECT syslogMsgFacility
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgSeverity
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgVersion
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgTimeStamp
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgHostName
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgAppName
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgProcID
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgMsgID
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgMsg
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgFlags
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
OBJECT syslogMsgSDParamValue
MIN-ACCESS accessible-for-notify
DESCRIPTION
"Read access is not required."
::= { syslogMsgCompliances 3 }
syslogMsgNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
syslogMsgNotification
}
STATUS current
DESCRIPTION
"The notifications emitted by this MIB module."
::= { syslogMsgGroups 1 }
syslogMsgGroup OBJECT-GROUP
OBJECTS {
-- syslogMsgIndex,
syslogMsgFacility,
syslogMsgSeverity,
syslogMsgVersion,
syslogMsgTimeStamp,
syslogMsgHostName,
syslogMsgAppName,
syslogMsgProcID,
syslogMsgMsgID,
syslogMsgMsg,
syslogMsgFlags
}
STATUS current
DESCRIPTION
"A collection of objects representing a syslog message
excluding structured data elements."
::= { syslogMsgGroups 2 }
syslogMsgSDGroup OBJECT-GROUP
OBJECTS {
-- syslogMsgSDElementName,
-- syslogMsgSDParamName,
-- syslogMsgSDParamIndex,
syslogMsgSDParamValue
}
STATUS current
DESCRIPTION
"A collection of objects representing the structured data
elements of a syslog message."
::= { syslogMsgGroups 3 }
syslogMsgControlGroup OBJECT-GROUP
OBJECTS {
syslogMsgTableMaxSize,
syslogMsgEnableNotifications
}
STATUS current
DESCRIPTION
"A collection of control objects to control the size of the
syslogMsgTable and to enable / disable notifications."
::= { syslogMsgGroups 4 }
END
7. Usage Example
The following example shows a valid syslog message including
structured data. The otherwise-unprintable Unicode BOM is
represented as "BOM" in the example.
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com
evntslog - ID47 [exampleSDID@0 iut="3" eventSource="Application"
eventID="1011"] BOMAn application event log entry...
This syslog message leads to the following entries in the
syslogMsgTable and the syslogMsgSDTable (note that string indexes are
written as strings for readability reasons):
syslogMsgIndex.1 = 1
syslogMsgFacility.1 = 20
syslogMsgSeverity.1 = 5
syslogMsgVersion.1 = 1
syslogMsgTimeStamp.1 = 2003-10-11 22:14:15.003+00:00
syslogMsgHostName.1 = "mymachine.example.com"
syslogMsgAppName.1 = "evntslog"
syslogMsgProcID.1 = "-"
syslogMsgMsgID.1 = "ID47"
syslogMsgMsg.1 = "BOMAn application event log entry..."
syslogMsgSDParamValue.1."exampleSDID@0"."iut".1
= "3"
syslogMsgSDParamValue.1."exampleSDID@0"."eventSource".1
= "Application"
syslogMsgSDParamValue.1."exampleSDID@0"."eventID".1
= "1011"
8. IANA Considerations
The IANA is requested to assign a value for "XXX" under the 'mib-2' The IANA is requested to assign a value for "XXX" under the 'mib-2'
subtree and to record the assignment in the SMI Numbers registry. subtree and to record the assignment in the SMI Numbers registry.
When the assignment has been made, the RFC Editor is asked to replace When the assignment has been made, the RFC Editor is asked to replace
"XXX" (here and in the MIB module) with the assigned value. "XXX" (here and in the MIB module) with the assigned value.
8. Security Considerations 9. Security Considerations
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their network operations. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
syslogMsgTableMaxSize # explain sensitivity o syslogMsgTableMaxSize: This object controls how many entries are
syslogMsgEnableNotifications # explain sensitivity kept in the syslogMsgTable. Unauthorized modifications may either
cause increased memory consumption or turn off the capability to
retrieve notifications using GET class operations. This be used
to hide traces of an attack.
o syslogMsgEnableNotifications: This object enables notifications.
Unauthorized modifications to disable notification generation can
be used to hide an attack. Unauthorized modifications to enable
notification generation may be used as part of a denial of service
attack against a network management system if for exampe the
syslog server accepts unauthorized syslog messages.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
syslogMsgTableMaxSize # explain sensitivity o syslogMsgTableMaxSize, syslogMsgEnableNotifications: These objects
syslogMsgEnableNotifications # explain sensitivity provide information whether SYSLOG messages are forwarded as SNMP
syslogMsgFacility # explain sensitivity notifications and how many messages will be maintained in the
syslogMsgSeverity # explain sensitivity syslogMsgTable. This information might be exploited by an
syslogMsgVersion # explain sensitivity attacker in order to plan actions with the goal of hiding attack
syslogMsgTimeStamp # explain sensitivity activities.
syslogMsgHostName # explain sensitivity
syslogMsgAppName # explain sensitivity o syslogMsgFacility, syslogMsgSeverity, syslogMsgVersion,
syslogMsgProcID # explain sensitivity syslogMsgTimeStamp, syslogMsgHostName, syslogMsgAppName,
syslogMsgMsgID # explain sensitivity syslogMsgProcID, syslogMsgMsgID, syslogMsgMsg, syslogMsgFlags,
syslogMsgMsg # explain sensitivity syslogMsgSDParamValue: These objects carry the content of syslog
syslogMsgFlags # explain sensitivity messags and the syslog message oriented security considerations of
syslogMsgSDParamValue # explain sensitivity [I-D.ietf-syslog-protocol] apply. In particular, an attacker who
gains access to SYSLOG messages via SNMP may use the knowledge
gained from SYSLOG messages to compromise a machine or do other
damage.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. in this MIB module.
It is RECOMMENDED that implementers consider the security features as It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8), provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy). authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
9. References 10. Acknowledgments
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate The authors wish to thank Rainer Gerhards, Wes Hardacker, David
Requirement Levels", BCP 14, RFC 2119, March 1997. Harrington, Juergen Quittek, and all other people who commented on
various versions of this proposal.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 11. References
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 11.1. Normative References
December 2002.
[I-D.ietf-syslog-protocol] [I-D.ietf-syslog-protocol]
Gerhards, R., "The syslog Protocol", Internet Draft (work Gerhards, R., "The syslog Protocol", Internet Draft (work
in progress), September 2007. in progress), September 2007.
[I-D.ietf-syslog-tc-mib] [I-D.ietf-syslog-tc-mib]
Keeni, G., "Textual Conventions for Syslog Management", Keeni, G., "Textual Conventions for Syslog Management",
Internet Draft (work in progress), May 2008. Internet Draft (work in progress), May 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)", "Structure of Management Information Version 2 (SMIv2)",
RFC 2578, STD 58, April 1999. RFC 2578, STD 58, April 1999.
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Textual Conventions for SMIv2", RFC 2579, STD 58, "Textual Conventions for SMIv2", RFC 2579, STD 58,
April 1999. April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", RFC 2580, STD 58, "Conformance Statements for SMIv2", RFC 2580, STD 58,
April 1999. April 1999.
9.2. Informative References [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 11.2. Informative References
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[RFC3014] Kavasseri, R., Ed., "Notification Log MIB", RFC 3014, [RFC3014] Kavasseri, R., Ed., "Notification Log MIB", RFC 3014,
November 2002. November 2002.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
Authors' Addresses Authors' Addresses
Juergen Schoenwaelder Juergen Schoenwaelder
Jacobs University Bremen Jacobs University Bremen
Campus Ring 1 Campus Ring 1
28725 Bremen 28725 Bremen
Germany Germany
Email: j.schoenwaelder@jacobs-university.de Email: j.schoenwaelder@jacobs-university.de
Alexander Clemm Alexander Clemm
Cisco Systems Cisco Systems
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
USA USA
Email: alex@cisco.com Email: alex@cisco.com
Anirban Karmakar Anirban Karmakar
Cisco Systems Cisco Systems
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134-1706 San Jose, CA 95134-1706
USA USA
Email: akarmaka@cisco.com Email: akarmaka@cisco.com
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 75 change blocks. 
483 lines changed or deleted 668 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/