idnits 2.17.1 draft-ietf-disman-notif-log-mib-08.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 25 instances of too long lines in the document, the longest one being 3 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1076 has weird spacing: '...for the purpo...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (25 January 1999) is 9216 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2271 (ref. '1') (Obsoleted by RFC 2571) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Obsolete normative reference: RFC 1902 (ref. '5') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '6') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '7') (Obsoleted by RFC 2580) ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2272 (ref. '11') (Obsoleted by RFC 2572) ** Obsolete normative reference: RFC 2274 (ref. '12') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2273 (ref. '14') (Obsoleted by RFC 2573) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) -- Duplicate reference: RFC1903, mentioned in '16', was also mentioned in '6'. ** Obsolete normative reference: RFC 1903 (ref. '16') (Obsoleted by RFC 2579) Summary: 24 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft Notification Log MIB 25 January 1999 4 Notification Log MIB 6 25 January 1999 8 draft-ietf-disman-notif-log-mib-08.txt 10 Bob Stewart 11 Cisco Systems, Inc. 12 bstewart@cisco.com 14 Status of this Memo 16 This document is an Internet-Draft. Internet-Drafts are working 17 documents of the Internet Engineering Task Force (IETF), its areas, and 18 its working groups. Note that other groups may also distribute working 19 documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as ``work in progress.'' 26 To view the entire list of current Internet-Drafts, please check the 27 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 28 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), 29 ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), 30 ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). 32 Distribution of this document is unlimited. Please send comments to the 33 Distributed Management Working Group, . 35 Copyright Notice 37 Copyright (C) The Internet Society (199). All Rights Reserved. 39 1. Abstract 41 This memo defines an experimental portion of the Management Information 42 Base (MIB) for use with network management protocols in the Internet 43 community. In particular, it describes managed objects used for logging 44 SNMP Notifications. 46 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 47 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 48 document are to be interpreted as described in RFC 2119. 50 2. The SNMP Management Framework 52 The SNMP Management Framework presently consists of five major 53 components: 55 o An overall architecture, described in RFC 2271 [1]. 57 o Mechanisms for describing and naming objects and events for the 58 purpose of management. The first version of this Structure of 59 Management Information (SMI) is called SMIv1 and described in 60 RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, 61 called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 62 1904 [7]. 64 o Message protocols for transferring management information. The 65 first version of the SNMP message protocol is called SNMPv1 and 66 described in RFC 1157 [8]. A second version of the SNMP message 67 protocol, which is not an Internet standards track protocol, is 68 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 69 The third version of the message protocol is called SNMPv3 and 70 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 72 o Protocol operations for accessing management information. The 73 first set of protocol operations and associated PDU formats is 74 described in RFC 1157 [8]. A second set of protocol operations 75 and associated PDU formats is described in RFC 1905 [13]. 77 o A set of fundamental applications described in RFC 2273 [14] and 78 the view-based access control mechanism described in RFC 2275 79 [15]. 81 Managed objects are accessed via a virtual information store, termed the 82 Management Information Base or MIB. Objects in the MIB are defined 83 using the mechanisms defined in the SMI. 85 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 86 conforming to the SMIv1 can be produced through the appropriate 87 translations. The resulting translated MIB must be semantically 88 equivalent, except where objects or events are omitted because no 89 translation is possible (use of Counter64). Some machine readable 90 information in SMIv2 will be converted into textual descriptions in 91 SMIv1 during the translation process. However, this loss of machine 92 readable information is not considered to change the semantics of the 93 MIB. 95 3. Overview 97 Systems that support SNMP often need a mechanism for recording 98 Notification information as a hedge against lost Notifications, whether 99 those are Traps or Informs [13] that exceed retransmission limits (to 100 consider SNMPv1, see [16]). This MIB therefore provides common 101 infrastructure for other MIBs in the form of a local logging function. 102 It is intended primarily for senders of Notifications but could be used 103 also by receivers. 105 Given the Notification Log MIB, individual MIBs bear less responsibility 106 to record the transient information associated with an event against the 107 possibility that the Notification message is lost, and applications can 108 poll the log to know that they have not missed important Notifications 109 or to suspect that they might have. 111 3.1. Environment 113 The overall environmental concerns for the MIB are: 115 o SNMP Engines and Contexts 117 o Security 119 3.1.1. SNMP Engines and Contexts 121 As described in the SNMP architecture [1], a given system may support 122 multiple SNMP engines operating independently of one another, each with 123 its own SNMP engine identification. Furthermore, within the purview of 124 a given engine there may be multiple named management contexts 125 supporting overlapping or disjoint sets of MIB objects and 126 Notifications. Thus, understanding a particular Notification requires 127 knowing the SNMP engine and management context from whence it came. 129 The simplest system may have only one SNMP engine, and the simplest 130 engine may support only one context. In these cases, knowledge of the 131 engine ID and context name can be assumed and need not be explicit. 133 In a given implementation, an instance of the Notification Log MIB may 134 be confined to a single engine or context or may combine information 135 from multiple engines or contexts, allowing for the full range of 136 exclusive or inclusive contents. 138 To provide the necessary source information for a logged Notification, 139 the MIB includes objects to record that Notification's source SNMP 140 engine ID and management context name. In the case where such 141 information can be assumed, the related object need not be instantiated, 142 thus allowing the simplest implemenetation for the simplest system. 144 3.1.2. Security 146 Security for Notifications is awkward since access control for the 147 objects in the Notification can be checked only where the Notification 148 is created. Thus such checking is possible only for locally-generated 149 Notifications, and even then only when security credentials are 150 available. 152 For the purpose of this discussion, "security credentials" means the 153 input values for the abstract service interface function isAccessAllowed 154 [1] and using those credentials means conceptually using that function 155 to see that those credentials allow access to the MIB objects in 156 question, operating as for a Notification Originator in [14]. 158 The Notification Log MIB has the notion of a "named log." By using 159 hierarchically structured log names and view-based access control [15] a 160 network administrator can provide different access for different users. 161 When an application creates a named log the security credentials of the 162 creator stay associated with that log. 164 Hierarchically structured names encode groupings of names within the 165 name string, starting from the left so that they work well with 166 instance-level, view-based access control [15], for example: 168 ops 169 ops-admin 170 ops-oper 171 ops-oper-senior 172 ops-oper-junior 174 Network security managers designing such a naming policy should use 175 punctuation (as in the example) to avoid the problem of a lower level 176 name inadvertently running together with the next higher level name. 178 A managed system with fewer resources may not allow the creation of 179 named logs, providing only the default, null-named log. Such a log has 180 no implicit security credentials for Notification object access control 181 and Notifications are put into it with no further checking. 183 When putting locally-generated Notifications into a named log, the 184 managed system uses the security credentials associated with that log 185 and applies the same access control rules as described for a 186 Notification Originator in [14]. 188 When putting remotely-generated Notifications into a named log or any 189 Notifications into the default, null-named log, the managed system does 190 not apply access control to the Notifications. In those cases the 191 security of the information in the log is left to the normal, overall 192 access control for the log itself. 194 3.2. Structure 196 The MIB has the following sections: 198 o Configuration -- control over how much the log can hold and what 199 Notifications are to be logged. 201 o Statistics -- indications of logging activity. 203 o Log -- the Notifications themselves. 205 3.2.1. Configuration 207 The configuration section contains objects to manage resource use by the 208 MIB. 210 This section also contains a table to specify what logs exist and how 211 they operate. Deciding which Notifications are to be logged depends on 212 filters defined in the the snmpNotifyFilterTable in the standard SNMP 213 Notification MIB [14] identified by the initial index 214 (snmpNotifyFilterName) from that table. 216 3.2.2. Statistics 218 The statistics section contains counters for Notifications logged and 219 discarded, supplying a means to understand the results of log capacity 220 configuration and resource problems. 222 3.2.3. Log 224 The log contains the Notifications and the objects that came in their 225 variable binding list, indexed by an integer that reflects when the 226 entry was made. An application that wants to collect all logged 227 Notifications or to know if it may have missed any can keep track of the 228 highest index it has retrieved and start from there on its next poll, 229 checking sysUpTime for a discontinuity that would have reset the index 230 and perhaps have lost entries. 232 Variables are in a table indexed by Notification index and variable 233 index within that Notification. The values are kept as a "discriminated 234 union," with one value object per variable. Exactly which value object 235 is instantiated depends on the SNMP data type of the variable, with a 236 separate object of appropriate type for each distinct SNMP data type. 238 An application can thus reconstruct the information from the 239 Notification PDU from what is recorded in the log. 241 3.3. Example 243 Following is an example configuration of a named log for logging only 244 linkUp and linkDown Notifications. 246 In nlmConfigLogTable: 248 nlmConfigLogFilterName."links" = "link-status" 249 nlmConfigLogEntryLimit."links" = 0 250 nlmConfigLogAdminStatus."links" = enabled 251 nlmConfigLogOperStatus."links" = operational 252 nlmConfigLogStorageType."links" = nonVolatile 253 nlmConfigLogEntryStatus."links" = active 255 Note that snmpTraps is: 257 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 259 Or numerically: 261 1.3.6.1.6.3.1.1.5 263 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 265 So to allow the two Notifications in snmpNotifyFilterTable: 267 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 268 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 269 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 270 = nonVolatile 271 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 272 = active 274 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 275 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 276 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 277 = nonVolatile 278 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 279 = active 281 4. Definitions 283 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 285 IMPORTS 286 MODULE-IDENTITY, OBJECT-TYPE, 287 experimental, Integer32, Unsigned32, 288 TimeTicks, Counter32, Counter64, 289 IpAddress, Opaque FROM SNMPv2-SMI 290 TimeStamp, DateAndTime, 291 StorageType, RowStatus FROM SNMPv2-TC 292 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 293 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 295 notificationLogMIB MODULE-IDENTITY 296 LAST-UPDATED "9901251700Z" 297 ORGANIZATION "IETF Distributed Management Working Group" 298 CONTACT-INFO "Bob Stewart 299 Cisco Systems, Inc. 300 170 West Tasman Drive, 301 San Jose CA 95134-1706. 302 Phone: +1 408 526 4527 303 Email: bstewart@cisco.com" 304 DESCRIPTION 305 "The MIB module for logging SNMP Notifications, that is, Traps 306 and Informs." 307 ::= { experimental xx } 309 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 311 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 312 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 313 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 315 -- 316 -- Configuration Section 317 -- 319 nlmConfigGlobalEntryLimit OBJECT-TYPE 320 SYNTAX Unsigned32 321 MAX-ACCESS read-write 322 STATUS current 323 DESCRIPTION 324 "The maximum number of notification entries that can be held 325 in nlmLogTable for all nlmLogNames added together. A particular 326 setting does not guarantee that much data can be held. 328 If an application changes the limit while there are Notifications 329 in the log, the oldest Notifications are discarded to bring the log 330 down to the new limit. 332 A value of 0 means no limit." 333 DEFVAL { 0 } 334 ::= { nlmConfig 1 } 336 nlmConfigGlobalAgeOut OBJECT-TYPE 337 SYNTAX Unsigned32 338 UNITS "minutes" 339 MAX-ACCESS read-write 340 STATUS current 341 DESCRIPTION 342 "The number of minutes a Notification may rest in a log before it 343 is automatically removed. 345 If an application changes the time Notifications older than the new 346 time are discarded to meet the new time. 348 A value of 0 means no age out." 349 DEFVAL { 1440 } -- 24 hours 350 ::= { nlmConfig 2 } 352 -- 353 -- Basic Log Configuration Table 354 -- 356 nlmConfigLogTable OBJECT-TYPE 357 SYNTAX SEQUENCE OF NlmConfigLogEntry 358 MAX-ACCESS not-accessible 359 STATUS current 360 DESCRIPTION 361 "A table of logging control entries." 362 ::= { nlmConfig 3 } 364 nlmConfigLogEntry OBJECT-TYPE 365 SYNTAX NlmConfigLogEntry 366 MAX-ACCESS not-accessible 367 STATUS current 368 DESCRIPTION 369 "A logging control entry. Depending on the entry's storage type 370 entries may be supplied by the system or created and deleted by 371 applications using nlmConfigLogEntryStatus." 372 INDEX { nlmLogName } 373 ::= { nlmConfigLogTable 1 } 375 NlmConfigLogEntry ::= SEQUENCE { 376 nlmLogName SnmpAdminString, 377 nlmConfigLogFilterName SnmpAdminString, 378 nlmConfigLogEntryLimit Unsigned32, 379 nlmConfigLogAdminStatus INTEGER, 380 nlmConfigLogOperStatus INTEGER, 381 nlmConfigLogStorageType StorageType, 382 nlmConfigLogEntryStatus RowStatus 383 } 385 nlmLogName OBJECT-TYPE 386 SYNTAX SnmpAdminString (SIZE(0..32)) 387 MAX-ACCESS not-accessible 388 STATUS current 389 DESCRIPTION 390 "The name of the log. 392 An implementation may allow multiple named logs, up to some 393 implementation-specific limit (which may be none). A 394 zero-length log name is reserved for creation and deletion by 395 the managed system, and is used as the default log name by 396 systems that do not support named logs." 397 ::= { nlmConfigLogEntry 1 } 399 nlmConfigLogFilterName OBJECT-TYPE 400 SYNTAX SnmpAdminString (SIZE(0..32)) 401 MAX-ACCESS read-create 402 STATUS current 403 DESCRIPTION 404 "A value of snmpNotifyFilterProfileName as used as an index into 405 the snmpNotifyFilterTable in the SNMP Notification MIB, specifying 406 the locally or remotely originated Notifications to be filtered out 407 and not logged in this log. 409 A zero-length value or a name that does not identify an existing 410 entry in snmpNotifyFilterTable indicate no Notifications are to be 411 logged in this log." 412 DEFVAL { ''H } 413 ::= { nlmConfigLogEntry 2 } 415 nlmConfigLogEntryLimit OBJECT-TYPE 416 SYNTAX Unsigned32 417 MAX-ACCESS read-create 418 STATUS current 419 DESCRIPTION 420 "The maximum number of notification entries that can be held in 421 nlmLogTable for this named log. A particular setting does not 422 guarantee that much data can be held. 424 If an application changes the limit while there are Notifications 425 in the log, the oldest Notifications are discarded to bring the log 426 down to the new limit. 428 A value of 0 indicates no limit." 429 DEFVAL { 0 } 430 ::= { nlmConfigLogEntry 3 } 432 nlmConfigLogAdminStatus OBJECT-TYPE 433 SYNTAX INTEGER { enabled(1), disabled(2) } 434 MAX-ACCESS read-create 435 STATUS current 436 DESCRIPTION 437 "Control to enable or disable the log without otherwise disturbing 438 the log's entry." 439 DEFVAL { enabled } 440 ::= { nlmConfigLogEntry 4 } 442 nlmConfigLogOperStatus OBJECT-TYPE 443 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 444 MAX-ACCESS read-only 445 STATUS current 446 DESCRIPTION 447 "The operational status of this log: 449 disabled administratively disabled 451 operational administratively enabled and working 453 noFilter administratively enabled but either 454 nlmConfigLogFilterName is zero lengh 455 or does not name an existing entry in 456 snmpNotifyFilterTable" 457 ::= { nlmConfigLogEntry 5 } 459 nlmConfigLogStorageType OBJECT-TYPE 460 SYNTAX StorageType 461 MAX-ACCESS read-create 462 STATUS current 463 DESCRIPTION 464 "The storage type of this conceptual row." 465 ::= { nlmConfigLogEntry 6 } 467 nlmConfigLogEntryStatus OBJECT-TYPE 468 SYNTAX RowStatus 469 MAX-ACCESS read-create 470 STATUS current 471 DESCRIPTION 472 "Control for creating and deleting entries. Entries may be 473 modified while active. 475 For non-null-named logs, the managed system records the security 476 credentials from the request that sets nlmConfigLogStatus 477 to 'active' and uses that identity to apply access control to 478 the objects in the Notification to decide if that Notification 479 may be logged." 480 ::= { nlmConfigLogEntry 7 } 482 -- 483 -- Statistics Section 484 -- 486 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 487 SYNTAX Counter32 488 UNITS "notifications" 489 MAX-ACCESS read-only 490 STATUS current 491 DESCRIPTION 492 "The number of Notifications put in the nlmLogTable. This counts 493 a Notification once for each log entry, so a Notification put into 494 multiple logs is counted multiple times." 495 ::= { nlmStats 1 } 497 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 498 SYNTAX Counter32 499 UNITS "notifications" 500 MAX-ACCESS read-only 501 STATUS current 502 DESCRIPTION 503 "The number of log entries discarded to make room for a new entry 504 due to lack of resources or the value of nlmConfigGlobalEntryLimit 505 or nlmConfigLogEntryLimit. This does not include entries discarded 506 due to the value of nlmConfigGlobalAgeOut." 507 ::= { nlmStats 2 } 509 -- 510 -- Log Statistics Table 511 -- 513 nlmStatsLogTable OBJECT-TYPE 514 SYNTAX SEQUENCE OF NlmStatsLogEntry 515 MAX-ACCESS not-accessible 516 STATUS current 517 DESCRIPTION 518 "A table of Notification log statistics entries." 519 ::= { nlmStats 3 } 521 nlmStatsLogEntry OBJECT-TYPE 522 SYNTAX NlmStatsLogEntry 523 MAX-ACCESS not-accessible 524 STATUS current 525 DESCRIPTION 526 "A Notification log statistics entry." 527 AUGMENTS { nlmConfigLogEntry } 528 ::= { nlmStatsLogTable 1 } 530 NlmStatsLogEntry ::= SEQUENCE { 531 nlmStatsLogNotificationsLogged Counter32, 532 nlmStatsLogNotificationsBumped Counter32 533 } 535 nlmStatsLogNotificationsLogged OBJECT-TYPE 536 SYNTAX Counter32 537 UNITS "notifications" 538 MAX-ACCESS read-only 539 STATUS current 540 DESCRIPTION 541 "The number of Notifications put in this named log." 542 ::= { nlmStatsLogEntry 1 } 544 nlmStatsLogNotificationsBumped OBJECT-TYPE 545 SYNTAX Counter32 546 UNITS "notifications" 547 MAX-ACCESS read-only 548 STATUS current 549 DESCRIPTION 550 "The number of log entries discarded from this named log to make 551 room for a new entry due to lack of resources or the value of 552 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 553 include entries discarded due to the value of 554 nlmConfigGlobalAgeOut." 555 ::= { nlmStatsLogEntry 2 } 557 -- 558 -- Log Section 559 -- 561 -- 562 -- Log Table 563 -- 565 nlmLogTable OBJECT-TYPE 566 SYNTAX SEQUENCE OF NlmLogEntry 567 MAX-ACCESS not-accessible 568 STATUS current 569 DESCRIPTION 570 "A table of Notification log entries. 572 It is an implementation-specific matter whether entries in this 573 table are preserved across initializations of the management 574 system. In general one would expect that they are not. 576 Note that keeping entries across initializations of the 577 management system leads to some confusion with counters and 578 TimeStamps, since both of those are based on sysUptime, which 579 resets on management initialization. In this situation, 580 counters apply only after the reset and nmLogTime for entries 581 made before the reset is set to 0." 582 ::= { nlmLog 1 } 584 nlmLogEntry OBJECT-TYPE 585 SYNTAX NlmLogEntry 586 MAX-ACCESS not-accessible 587 STATUS current 588 DESCRIPTION 589 "A Notification log entry. 591 Entries appear in this table when Notifications occur and pass 592 filtering by nlmConfigLogFilterName and access control. They are 593 removed to make way for new entries due to lack of resources or 594 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 595 nlmConfigLogEntryLimit. 597 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 598 resources in general, the oldest entry in any log is removed to 599 make room for the new one. 601 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 602 entry in that log is removed to make room for the new one. 604 Before the managed system puts a locally-generated Notification 605 into a non-null-named log it assures that the creator of the log 606 has access to the information in the Notification. If not it 607 does not log that Notification in that log." 608 INDEX { nlmLogName, nlmLogIndex } 609 ::= { nlmLogTable 1 } 611 NlmLogEntry ::= SEQUENCE { 612 nlmLogIndex Unsigned32, 613 nlmLogTime TimeStamp, 614 nlmLogDateAndTime DateAndTime, 615 nlmLogEngineID SnmpEngineID, 616 nlmLogContextName SnmpAdminString, 617 nlmLogVariables Unsigned32, 618 nlmLogNotificationID OBJECT IDENTIFIER 619 } 621 nlmLogIndex OBJECT-TYPE 622 SYNTAX Unsigned32 (1..4294967295) 623 MAX-ACCESS not-accessible 624 STATUS current 625 DESCRIPTION 626 "A monotonically increasing integer for the sole purpose of 627 indexing entries within the named log. When it reaches the 628 maximum value, an extremely unlikely event, the agent wraps the 629 value back to 1 and may flush existing entries." 630 ::= { nlmLogEntry 1 } 632 nlmLogTime OBJECT-TYPE 633 SYNTAX TimeStamp 634 MAX-ACCESS read-only 635 STATUS current 636 DESCRIPTION 637 "The value of sysUpTime when the entry occurred. If the entry 638 occurred before the most recent management system initialization 639 this object value is zero." 640 ::= { nlmLogEntry 2 } 642 nlmLogDateAndTime OBJECT-TYPE 643 SYNTAX DateAndTime 644 MAX-ACCESS read-only 645 STATUS current 646 DESCRIPTION 647 "The local date and time when the entry was logged, instantiated 648 only by systems that have date and time capability." 649 ::= { nlmLogEntry 3 } 651 nlmLogEngineID OBJECT-TYPE 652 SYNTAX SnmpEngineID 653 MAX-ACCESS read-only 654 STATUS current 655 DESCRIPTION 656 "The identification of the SNMP engine at which the Notification 657 originated. 659 If the log can contain Notifications from only one engine 660 or the Trap is from an SNMPv1 system, this object is not 661 instantiated." 662 ::= { nlmLogEntry 4 } 664 nlmLogContextName OBJECT-TYPE 665 SYNTAX SnmpAdminString 666 MAX-ACCESS read-only 667 STATUS current 668 DESCRIPTION 669 "The name of the SNMP MIB context from which the Notification came. 670 For SNMPv1 Traps this is the community string from the Trap. 672 If the Notification's source SNMP engine is known not to support 673 multiple contexts, this object is not instantiated." 674 ::= { nlmLogEntry 5 } 676 nlmLogVariables OBJECT-TYPE 677 SYNTAX Unsigned32 678 MAX-ACCESS read-only 679 STATUS current 680 DESCRIPTION 681 "The number of variables in nlmLogVariableTable for this 682 Notification." 683 ::= { nlmLogEntry 6 } 685 nlmLogNotificationID OBJECT-TYPE 686 SYNTAX OBJECT IDENTIFIER 687 MAX-ACCESS read-only 688 STATUS current 689 DESCRIPTION 690 "The NOTIFICATION-TYPE object identifer of the Notification that 691 occurred." 692 ::= { nlmLogEntry 7 } 694 -- 695 -- Log Variable Table 696 -- 698 nlmLogVariableTable OBJECT-TYPE 699 SYNTAX SEQUENCE OF NlmLogVariableEntry 700 MAX-ACCESS not-accessible 701 STATUS current 702 DESCRIPTION 703 "A table of variables to go with Notification log entries." 704 ::= { nlmLog 2 } 706 nlmLogVariableEntry OBJECT-TYPE 707 SYNTAX NlmLogVariableEntry 708 MAX-ACCESS not-accessible 709 STATUS current 710 DESCRIPTION 711 "A Notification log entry variable. 713 Entries appear in this table when there are variables in 714 the varbind list of a Notification in nlmLogTable." 715 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 716 ::= { nlmLogVariableTable 1 } 718 NlmLogVariableEntry ::= SEQUENCE { 719 nlmLogVariableIndex Unsigned32, 720 nlmLogVariableID OBJECT IDENTIFIER, 721 nlmLogVariableValueType INTEGER, 722 nlmLogVariableCounter32Val Counter32, 723 nlmLogVariableUnsigned32Val Unsigned32, 724 nlmLogVariableTimeTicksVal TimeTicks, 725 nlmLogVariableInteger32Val Integer32, 726 nlmLogVariableOctetStringVal OCTET STRING, 727 nlmLogVariableIpAddressVal IpAddress, 728 nlmLogVariableOidVal OBJECT IDENTIFIER, 729 nlmLogVariableCounter64Val Counter64, 730 nlmLogVariableOpaqueVal Opaque 731 } 733 nlmLogVariableIndex OBJECT-TYPE 734 SYNTAX Unsigned32 (1..4294967295) 735 MAX-ACCESS not-accessible 736 STATUS current 737 DESCRIPTION 738 "A monotonically increasing integer, starting at 1 for a given 739 nlmLogIndex, for indexing variables within the logged 740 Notification." 741 ::= { nlmLogVariableEntry 1 } 743 nlmLogVariableID OBJECT-TYPE 744 SYNTAX OBJECT IDENTIFIER 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The variable's object identifier." 749 ::= { nlmLogVariableEntry 2 } 751 nlmLogVariableValueType OBJECT-TYPE 752 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 753 integer32(4), ipAddress(5), octetString(6), 754 objectId(7), counter64(8), opaque(9) } 755 MAX-ACCESS read-only 756 STATUS current 757 DESCRIPTION 758 "The type of the value. One and only one of the value 759 objects that follow is instantiated, based on this type." 760 ::= { nlmLogVariableEntry 3 } 762 nlmLogVariableCounter32Val OBJECT-TYPE 763 SYNTAX Counter32 764 MAX-ACCESS read-only 765 STATUS current 766 DESCRIPTION 767 "The value when nlmLogVariableType is 'counter32'." 768 ::= { nlmLogVariableEntry 4 } 770 nlmLogVariableUnsigned32Val OBJECT-TYPE 771 SYNTAX Unsigned32 772 MAX-ACCESS read-only 773 STATUS current 774 DESCRIPTION 775 "The value when nlmLogVariableType is 'unsigned32'." 776 ::= { nlmLogVariableEntry 5 } 778 nlmLogVariableTimeTicksVal OBJECT-TYPE 779 SYNTAX TimeTicks 780 MAX-ACCESS read-only 781 STATUS current 782 DESCRIPTION 783 "The value when nlmLogVariableType is 'timeTicks'." 784 ::= { nlmLogVariableEntry 6 } 786 nlmLogVariableInteger32Val OBJECT-TYPE 787 SYNTAX Integer32 788 MAX-ACCESS read-only 789 STATUS current 790 DESCRIPTION 791 "The value when nlmLogVariableType is 'integer32'." 792 ::= { nlmLogVariableEntry 7 } 794 nlmLogVariableOctetStringVal OBJECT-TYPE 795 SYNTAX OCTET STRING 796 MAX-ACCESS read-only 797 STATUS current 798 DESCRIPTION 799 "The value when nlmLogVariableType is 'octetString'." 800 ::= { nlmLogVariableEntry 8 } 802 nlmLogVariableIpAddressVal OBJECT-TYPE 803 SYNTAX IpAddress 804 MAX-ACCESS read-only 805 STATUS current 806 DESCRIPTION 807 "The value when nlmLogVariableType is 'ipAddress'." 808 ::= { nlmLogVariableEntry 9 } 810 nlmLogVariableOidVal OBJECT-TYPE 811 SYNTAX OBJECT IDENTIFIER 812 MAX-ACCESS read-only 813 STATUS current 814 DESCRIPTION 815 "The value when nlmLogVariableType is 'objectId'." 816 ::= { nlmLogVariableEntry 10 } 818 nlmLogVariableCounter64Val OBJECT-TYPE 819 SYNTAX Counter64 820 MAX-ACCESS read-only 821 STATUS current 822 DESCRIPTION 823 "The value when nlmLogVariableType is 'counter64'." 824 ::= { nlmLogVariableEntry 11 } 826 nlmLogVariableOpaqueVal OBJECT-TYPE 827 SYNTAX Opaque 828 MAX-ACCESS read-only 829 STATUS current 830 DESCRIPTION 831 "The value when nlmLogVariableType is 'opaque'." 832 ::= { nlmLogVariableEntry 12 } 834 -- 835 -- Conformance 836 -- 838 notificationLogMIBConformance OBJECT IDENTIFIER ::= 839 { notificationLogMIB 3 } 840 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 841 { notificationLogMIBConformance 1 } 842 notificationLogMIBGroups OBJECT IDENTIFIER ::= 843 { notificationLogMIBConformance 2 } 845 -- Compliance 847 notificationLogMIBCompliance MODULE-COMPLIANCE 848 STATUS current 849 DESCRIPTION 850 "The compliance statement for entities which implement 851 the Notification Log MIB." 852 MODULE -- this module 853 MANDATORY-GROUPS { 854 notificationLogConfigGroup, 855 notificationLogStatsGroup, 856 notificationLogLogGroup 857 } 859 OBJECT nlmConfigGlobalEntryLimit 860 SYNTAX Unsigned32 (0..4294967295) 861 MIN-ACCESS read-only 862 DESCRIPTION 863 "Implementations may choose a limit and not allow it to be 864 changed or may enforce an upper or lower bound on the 865 limit." 867 OBJECT nlmConfigLogEntryLimit 868 SYNTAX Unsigned32 (0..4294967295) 869 MIN-ACCESS read-only 870 DESCRIPTION 871 "Implementations may choose a limit and not allow it to be 872 changed or may enforce an upper or lower bound on the 873 limit." 875 OBJECT nlmConfigLogEntryStatus 876 MIN-ACCESS read-only 877 DESCRIPTION 878 "Implementations may not allow the creation of named logs." 880 GROUP notificationLogDateGroup 881 DESCRIPTION 882 "This group is mandatory on systems that keep wall clock 883 date and time and not implemented on systems that do not." 885 ::= { notificationLogMIBCompliances 1 } 887 -- Units of Conformance 889 notificationLogConfigGroup OBJECT-GROUP 890 OBJECTS { 891 nlmConfigGlobalEntryLimit, 892 nlmConfigGlobalAgeOut, 893 nlmConfigLogFilterName, 894 nlmConfigLogEntryLimit, 895 nlmConfigLogAdminStatus, 896 nlmConfigLogOperStatus, 897 nlmConfigLogStorageType, 898 nlmConfigLogEntryStatus 899 } 900 STATUS current 901 DESCRIPTION 902 "Notification log configuration management." 903 ::= { notificationLogMIBGroups 1 } 905 notificationLogStatsGroup OBJECT-GROUP 906 OBJECTS { 907 nlmStatsGlobalNotificationsLogged, 908 nlmStatsGlobalNotificationsBumped, 909 nlmStatsLogNotificationsLogged, 910 nlmStatsLogNotificationsBumped 911 } 912 STATUS current 913 DESCRIPTION 914 "Notification log statistics." 915 ::= { notificationLogMIBGroups 2 } 917 notificationLogLogGroup OBJECT-GROUP 918 OBJECTS { 919 nlmLogTime, 920 nlmLogEngineID, 921 nlmLogContextName, 922 nlmLogVariables, 923 nlmLogNotificationID, 925 nlmLogVariableID, 926 nlmLogVariableValueType, 927 nlmLogVariableCounter32Val, 928 nlmLogVariableUnsigned32Val, 929 nlmLogVariableTimeTicksVal, 930 nlmLogVariableInteger32Val, 931 nlmLogVariableOctetStringVal, 932 nlmLogVariableIpAddressVal, 933 nlmLogVariableOidVal, 934 nlmLogVariableCounter64Val, 935 nlmLogVariableOpaqueVal 936 } 937 STATUS current 938 DESCRIPTION 939 "Notification log data." 940 ::= { notificationLogMIBGroups 3 } 942 notificationLogDateGroup OBJECT-GROUP 943 OBJECTS { 944 nlmLogDateAndTime 945 } 946 STATUS current 947 DESCRIPTION 948 "Conditionally mandatory notification log data." 949 ::= { notificationLogMIBGroups 4 } 951 END 952 5. Intellectual Property 954 The IETF takes no position regarding the validity or scope of any 955 intellectual property or other rights that might be claimed to pertain 956 to the implementation or use of the technology described in this 957 document or the extent to which any license under such rights might or 958 might not be available; neither does it represent that it has made any 959 effort to identify any such rights. Information on the IETF's 960 procedures with respect to rights in standards-track and standards- 961 related documentation can be found in BCP-11. Copies of claims of 962 rights made available for publication and any assurances of licenses to 963 be made available, or the result of an attempt made to obtain a general 964 license or permission for the use of such proprietary rights by 965 implementors or users of this specification can be obtained from the 966 IETF Secretariat. 968 6. References 970 [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for 971 Describing SNMP Management Frameworks", RFC 2271, Cabletron 972 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 973 January 1998. 975 [2] Rose, M. and K. McCloghrie, "Structure and Identification of 976 Management Information for TCP/IP-based Internets", RFC 1155, 977 Performance Systems International, Hughes LAN Systems, May 1990. 979 [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 980 Performance Systems International, Hughes LAN Systems, March 1991. 982 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", 983 RFC 1215, Performance Systems International, March 1991. 985 [5] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Structure of 986 Management Information for Version 2 of the Simple Network 987 Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco 988 Systems, Inc., Dover Beach Consulting, Inc., International Network 989 Services, January 1996. 991 [6] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Textual 992 Conventions for Version 2 of the Simple Network Management Protocol 993 (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., 994 Dover Beach Consulting, Inc., International Network Services, 995 January 1996. 997 [7] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Conformance 998 Statements for Version 2 of the Simple Network Management Protocol 999 (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., 1000 Dover Beach Consulting, Inc., International Network Services, 1001 January 1996. 1003 [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network 1004 Management Protocol", RFC 1157, SNMP Research, Performance Systems 1005 International, Performance Systems International, MIT Laboratory 1006 for Computer Science, May 1990. 1008 [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction 1009 to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco 1010 Systems, Inc., Dover Beach Consulting, Inc., International Network 1011 Services, January 1996. 1013 [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport 1014 Mappings for Version 2 of the Simple Network Management Protocol 1015 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., 1016 Dover Beach Consulting, Inc., International Network Services, 1017 January 1996. 1019 [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message 1020 Processing and Dispatching for the Simple Network Management 1021 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 1022 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 1024 [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for 1025 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 1026 2274, IBM T. J. Watson Research, January 1998. 1028 [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol 1029 Operations for Version 2 of the Simple Network Management Protocol 1030 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., 1031 Dover Beach Consulting, Inc., International Network Services, 1032 January 1996. 1034 [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 1035 2273, SNMP Research, Inc., Secure Computing Corporation, Cisco 1036 Systems, January 1998 1038 [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access 1039 Control Model (VACM) for the Simple Network Management Protocol 1040 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 1041 Cisco Systems, Inc., January 1998. 1043 [16] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Coexistence 1044 between Version 1 and version 2 of the Internet-standard Network 1045 Management Framework", RFC 1903, SNMP Research, Inc., Cisco 1046 Systems, Inc., Dover Beach Consulting, Inc., International Network 1047 Services, January 1996. 1049 7. Security Considerations 1051 Security issues are discussed in the overview. 1053 8. Author's Address 1055 Bob Stewart 1056 Cisco Systems, Inc. 1057 170 West Tasman Drive 1058 San Jose, CA 95134-1706 1059 U.S.A. 1061 Phone: +1 408 526 4527 1062 Email: bstewart@cisco.com 1064 9. Full Copyright Statement 1066 Copyright (C) The Internet Society (1998). All Rights Reserved. 1068 This document and translations of it may be copied and furnished to 1069 others, and derivative works that comment on or otherwise explain it or 1070 assist in its implementation may be prepared, copied, published and 1071 distributed, in whole or in part, without restriction of any kind, 1072 provided that the above copyright notice and this paragraph are included 1073 on all such copies and derivative works. However, this document itself 1074 may not be modified in any way, such as by removing the copyright notice 1075 or references to the Internet Society or other Internet organizations, 1076 except as needed for the purpose of developing Internet standards in 1077 which case the procedures for copyrights defined in the Internet 1078 Standards process must be followed, or as required to translate it into 1079 languages other than English. 1081 The limited permissions granted above are perpetual and will not be 1082 revoked by the Internet Society or its successors or assigns. 1084 This document and the information contained herein is provided on an "AS 1085 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1086 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1087 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1088 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1089 FITNESS FOR A PARTICULAR PURPOSE. 1091 Table of Contents 1093 1 Abstract ........................................................ 2 1094 2 The SNMP Management Framework ................................... 2 1095 3 Overview ........................................................ 3 1096 3.1 Environment ................................................... 3 1097 3.1.1 SNMP Engines and Contexts ................................... 3 1098 3.1.2 Security .................................................... 4 1099 3.2 Structure ..................................................... 5 1100 3.2.1 Configuration ............................................... 5 1101 3.2.2 Statistics .................................................. 6 1102 3.2.3 Log ......................................................... 6 1103 3.3 Example ....................................................... 6 1104 4 Definitions ..................................................... 8 1105 5 Intellectual Property ........................................... 23 1106 6 References ...................................................... 24 1107 7 Security Considerations ......................................... 26 1108 8 Author's Address ................................................ 26 1109 9 Full Copyright Statement ........................................ 27