idnits 2.17.1 draft-ietf-disman-notif-log-mib-10.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 28 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 25 instances of too long lines in the document, the longest one being 3 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1064 has weird spacing: '...for the purpo...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (24 June 1999) is 9066 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) Summary: 20 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Notification Log MIB 3 24 June 1999 5 draft-ietf-disman-notif-log-mib-10.txt 7 Bob Stewart 8 Cisco Systems, Inc. 9 bstewart@cisco.com 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other groups 18 may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet- Drafts as reference material 23 or to cite them other than as ``work in progress.'' 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 Distribution of this document is unlimited. Please send comments to the 32 Distributed Management Working Group, . 34 Copyright Notice 36 Copyright (C) The Internet Society (1999). All Rights Reserved. 38 1. Abstract 40 This memo defines an experimental portion of the Management Information 41 Base (MIB) for use with network management protocols in the Internet 42 community. In particular, it describes managed objects used for logging 43 SNMP Notifications. 45 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 46 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 47 document are to be interpreted as described in RFC 2119. 49 2. The SNMP Management Framework 51 The SNMP Management Framework presently consists of five major 52 components: 54 o An overall architecture, described in RFC 2571 [RFC2571]. 56 o Mechanisms for describing and naming objects and events for the 57 purpose of management. The first version of this Structure of 58 Management Information (SMI) is called SMIv1 and described in 59 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 60 1215 [RFC1215]. The second version, called SMIv2, is described 61 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 62 [RFC2580]. 64 o Message protocols for transferring management information. The 65 first version of the SNMP message protocol is called SNMPv1 and 66 described in STD 15, RFC 1157 [RFC1157]. A second version of the 67 SNMP message protocol, which is not an Internet standards track 68 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 69 and RFC 1906 [RFC1906]. The third version of the message 70 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 71 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 73 o Protocol operations for accessing management information. The 74 first set of protocol operations and associated PDU formats is 75 described in STD 15, RFC 1157 [RFC1157]. A second set of 76 protocol operations and associated PDU formats is described in 77 RFC 1905 [RFC1905]. 79 o A set of fundamental applications described in RFC 2573 80 [RFC2573] and the view-based access control mechanism described 81 in RFC 2575 [RFC2575]. 83 A more detailed introduction to the current SNMP Management Framework 84 can be found in RFC 2570 [RFC2570]. 86 Managed objects are accessed via a virtual information store, termed 87 the Management Information Base or MIB. Objects in the MIB are 88 defined using the mechanisms defined in the SMI. 90 This memo specifies a MIB module that is compliant to the SMIv2. A 91 MIB conforming to the SMIv1 can be produced through the appropriate 92 translations. The resulting translated MIB must be semantically 93 equivalent, except where objects or events are omitted because no 94 translation is possible (use of Counter64). Some machine readable 95 information in SMIv2 will be converted into textual descriptions in 96 SMIv1 during the translation process. However, this loss of machine 97 readable information is not considered to change the semantics of the 98 MIB. 100 3. Overview 102 Systems that support SNMP often need a mechanism for recording 103 Notification information as a hedge against lost Notifications, whether 104 those are Traps or Informs [RFC1905] that exceed retransmission limits 105 (to consider SNMPv1, see [RFC1903]). This MIB therefore provides common 106 infrastructure for other MIBs in the form of a local logging function. 107 It is intended primarily for senders of Notifications but could be used 108 also by receivers. 110 Given the Notification Log MIB, individual MIBs bear less responsibility 111 to record the transient information associated with an event against the 112 possibility that the Notification message is lost, and applications can 113 poll the log to know that they have not missed important Notifications 114 or to suspect that they might have. 116 3.1. Environment 118 The overall environmental concerns for the MIB are: 120 o SNMP Engines and Contexts 122 o Security 124 3.1.1. SNMP Engines and Contexts 126 As described in the SNMP architecture [RFC2571], a given system may 127 support multiple SNMP engines operating independently of one another, 128 each with its own SNMP engine identification. Furthermore, within the 129 purview of a given engine there may be multiple named management 130 contexts supporting overlapping or disjoint sets of MIB objects and 131 Notifications. Thus, understanding a particular Notification requires 132 knowing the SNMP engine and management context from whence it came. 134 The simplest system may have only one SNMP engine, and the simplest 135 engine may support only one context. In these cases, knowledge of the 136 engine ID and context name can be assumed and need not be explicit. 138 In a given implementation, an instance of the Notification Log MIB may 139 be confined to a single engine or context or may combine information 140 from multiple engines or contexts, allowing for the full range of 141 exclusive or inclusive contents. 143 To provide the necessary source information for a logged Notification, 144 the MIB includes objects to record that Notification's source SNMP 145 engine ID and management context name. In the case where such 146 information can be assumed, the related object need not be instantiated, 147 thus allowing the simplest implementation for the simplest system. 149 3.1.2. Security 151 Security for Notifications is awkward since access control for the 152 objects in the Notification can be checked only where the Notification 153 is created. Thus such checking is possible only for locally-generated 154 Notifications, and even then only when security credentials are 155 available. 157 For the purpose of this discussion, "security credentials" means the 158 input values for the abstract service interface function isAccessAllowed 159 [RFC2571] and using those credentials means conceptually using that 160 function to see that those credentials allow access to the MIB objects 161 in question, operating as for a Notification Originator in [RFC2573]. 163 The Notification Log MIB has the notion of a "named log." By using 164 hierarchically structured log names and view-based access control 165 [RFC2575] a network administrator can provide different access for 166 different users. When an application creates a named log the security 167 credentials of the creator stay associated with that log. 169 Hierarchically structured names encode groupings of names within the 170 name string, starting from the left so that they work well with 171 instance-level, view-based access control [RFC2575], for example: 173 ops ops-admin ops-oper ops-oper-senior 174 ops-oper-junior 176 Network security managers designing such a naming policy should use 177 punctuation (as in the example) to avoid the problem of a lower level 178 name inadvertently running together with the next higher level name. 180 A managed system with fewer resources may not allow the creation of 181 named logs, providing only the default, null-named log. Such a log has 182 no implicit security credentials for Notification object access control 183 and Notifications are put into it with no further checking. 185 When putting locally-generated Notifications into a named log, the 186 managed system uses the security credentials associated with that log 187 and applies the same access control rules as described for a 188 Notification Originator in [RFC2573]. 190 When putting remotely-generated Notifications into a named log or any 191 Notifications into the default, null-named log, the managed system does 192 not apply access control to the Notifications. In those cases the 193 security of the information in the log is left to the normal, overall 194 access control for the log itself. 196 3.2. Structure 198 The MIB has the following sections: 200 o Configuration -- control over how much the log can hold and what 201 Notifications are to be logged. 203 o Statistics -- indications of logging activity. 205 o Log -- the Notifications themselves. 207 3.2.1. Configuration 209 The configuration section contains objects to manage resource use by the 210 MIB. 212 This section also contains a table to specify what logs exist and how 213 they operate. Deciding which Notifications are to be logged depends on 214 filters defined in the the snmpNotifyFilterTable in the standard SNMP 215 Notification MIB [RFC2573] identified by the initial index 216 (snmpNotifyFilterName) from that table. 218 3.2.2. Statistics 220 The statistics section contains counters for Notifications logged and 221 discarded, supplying a means to understand the results of log capacity 222 configuration and resource problems. 224 3.2.3. Log 226 The log contains the Notifications and the objects that came in their 227 variable binding list, indexed by an integer that reflects when the 228 entry was made. An application that wants to collect all logged 229 Notifications or to know if it may have missed any can keep track of the 230 highest index it has retrieved and start from there on its next poll, 231 checking sysUpTime for a discontinuity that would have reset the index 232 and perhaps have lost entries. 234 Variables are in a table indexed by Notification index and variable 235 index within that Notification. The values are kept as a "discriminated 236 union," with one value object per variable. Exactly which value object 237 is instantiated depends on the SNMP data type of the variable, with a 238 separate object of appropriate type for each distinct SNMP data type. 240 An application can thus reconstruct the information from the 241 Notification PDU from what is recorded in the log. 243 3.3. Example 245 Following is an example configuration of a named log for logging only 246 linkUp and linkDown Notifications. 248 In nlmConfigLogTable: 250 nlmConfigLogFilterName.5."links" = "link-status" 251 nlmConfigLogEntryLimit.5."links" = 0 252 nlmConfigLogAdminStatus.5."links" = enabled 253 nlmConfigLogOperStatus.5."links" = operational 254 nlmConfigLogStorageType.5."links" = nonVolatile 255 nlmConfigLogEntryStatus.5."links" = active 257 Note that snmpTraps is: 259 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 261 Or numerically: 263 1.3.6.1.6.3.1.1.5 265 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 267 So to allow the two Notifications in snmpNotifyFilterTable: 269 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 270 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 271 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 272 = nonVolatile 273 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 274 = active 276 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 277 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 278 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 279 = nonVolatile 280 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 281 = active 283 4. Definitions 285 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 287 IMPORTS 288 MODULE-IDENTITY, OBJECT-TYPE, 289 experimental, Integer32, Unsigned32, 290 TimeTicks, Counter32, Counter64, 291 IpAddress, Opaque FROM SNMPv2-SMI 292 TimeStamp, DateAndTime, 293 StorageType, RowStatus FROM SNMPv2-TC 294 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 295 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 297 notificationLogMIB MODULE-IDENTITY 298 LAST-UPDATED "9906241700Z" 299 ORGANIZATION "IETF Distributed Management Working Group" 300 CONTACT-INFO "Bob Stewart 301 Cisco Systems, Inc. 302 170 West Tasman Drive, 303 San Jose CA 95134-1706. 304 Phone: +1 408 526 4527 305 Email: bstewart@cisco.com" 306 DESCRIPTION 307 "The MIB module for logging SNMP Notifications, that is, Traps 308 and Informs." 309 ::= { experimental xx } 311 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 313 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 314 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 315 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 317 -- 318 -- Configuration Section 319 -- 321 nlmConfigGlobalEntryLimit OBJECT-TYPE 322 SYNTAX Unsigned32 323 MAX-ACCESS read-write 324 STATUS current 325 DESCRIPTION 326 "The maximum number of notification entries that can be held 327 in nlmLogTable for all nlmLogNames added together. A particular 328 setting does not guarantee that much data can be held. 330 If an application changes the limit while there are Notifications 331 in the log, the oldest Notifications are discarded to bring the log 332 down to the new limit. 334 A value of 0 means no limit." 335 DEFVAL { 0 } 336 ::= { nlmConfig 1 } 338 nlmConfigGlobalAgeOut OBJECT-TYPE 339 SYNTAX Unsigned32 340 UNITS "minutes" 341 MAX-ACCESS read-write 342 STATUS current 343 DESCRIPTION 344 "The number of minutes a Notification may rest in a log before it 345 is automatically removed. 347 If an application changes the time Notifications older than the new 348 time are discarded to meet the new time. 350 A value of 0 means no age out." 351 DEFVAL { 1440 } -- 24 hours 352 ::= { nlmConfig 2 } 354 -- 355 -- Basic Log Configuration Table 356 -- 358 nlmConfigLogTable OBJECT-TYPE 359 SYNTAX SEQUENCE OF NlmConfigLogEntry 360 MAX-ACCESS not-accessible 361 STATUS current 362 DESCRIPTION 363 "A table of logging control entries." 364 ::= { nlmConfig 3 } 366 nlmConfigLogEntry OBJECT-TYPE 367 SYNTAX NlmConfigLogEntry 368 MAX-ACCESS not-accessible 369 STATUS current 370 DESCRIPTION 371 "A logging control entry. Depending on the entry's storage type 372 entries may be supplied by the system or created and deleted by 373 applications using nlmConfigLogEntryStatus." 374 INDEX { nlmLogName } 375 ::= { nlmConfigLogTable 1 } 377 NlmConfigLogEntry ::= SEQUENCE { 378 nlmLogName SnmpAdminString, 379 nlmConfigLogFilterName SnmpAdminString, 380 nlmConfigLogEntryLimit Unsigned32, 381 nlmConfigLogAdminStatus INTEGER, 382 nlmConfigLogOperStatus INTEGER, 383 nlmConfigLogStorageType StorageType, 384 nlmConfigLogEntryStatus RowStatus 385 } 387 nlmLogName OBJECT-TYPE 388 SYNTAX SnmpAdminString (SIZE(0..32)) 389 MAX-ACCESS not-accessible 390 STATUS current 391 DESCRIPTION 392 "The name of the log. 394 An implementation may allow multiple named logs, up to some 395 implementation-specific limit (which may be none). A 396 zero-length log name is reserved for creation and deletion by 397 the managed system, and is used as the default log name by 398 systems that do not support named logs." 399 ::= { nlmConfigLogEntry 1 } 401 nlmConfigLogFilterName OBJECT-TYPE 402 SYNTAX SnmpAdminString (SIZE(0..32)) 403 MAX-ACCESS read-create 404 STATUS current 405 DESCRIPTION 406 "A value of snmpNotifyFilterProfileName as used as an index into 407 the snmpNotifyFilterTable in the SNMP Notification MIB, specifying 408 the locally or remotely originated Notifications to be filtered out 409 and not logged in this log. 411 A zero-length value or a name that does not identify an existing 412 entry in snmpNotifyFilterTable indicate no Notifications are to be 413 logged in this log." 414 DEFVAL { ''H } 415 ::= { nlmConfigLogEntry 2 } 417 nlmConfigLogEntryLimit OBJECT-TYPE 418 SYNTAX Unsigned32 419 MAX-ACCESS read-create 420 STATUS current 421 DESCRIPTION 422 "The maximum number of notification entries that can be held in 423 nlmLogTable for this named log. A particular setting does not 424 guarantee that much data can be held. 426 If an application changes the limit while there are Notifications 427 in the log, the oldest Notifications are discarded to bring the log 428 down to the new limit. 430 A value of 0 indicates no limit." 431 DEFVAL { 0 } 432 ::= { nlmConfigLogEntry 3 } 434 nlmConfigLogAdminStatus OBJECT-TYPE 435 SYNTAX INTEGER { enabled(1), disabled(2) } 436 MAX-ACCESS read-create 437 STATUS current 438 DESCRIPTION 439 "Control to enable or disable the log without otherwise disturbing 440 the log's entry." 441 DEFVAL { enabled } 442 ::= { nlmConfigLogEntry 4 } 444 nlmConfigLogOperStatus OBJECT-TYPE 445 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 446 MAX-ACCESS read-only 447 STATUS current 448 DESCRIPTION 449 "The operational status of this log: 451 disabled administratively disabled 453 operational administratively enabled and working 455 noFilter administratively enabled but either 456 nlmConfigLogFilterName is zero length 457 or does not name an existing entry in 458 snmpNotifyFilterTable" 459 ::= { nlmConfigLogEntry 5 } 461 nlmConfigLogStorageType OBJECT-TYPE 462 SYNTAX StorageType 463 MAX-ACCESS read-create 464 STATUS current 465 DESCRIPTION 466 "The storage type of this conceptual row." 467 ::= { nlmConfigLogEntry 6 } 469 nlmConfigLogEntryStatus OBJECT-TYPE 470 SYNTAX RowStatus 471 MAX-ACCESS read-create 472 STATUS current 473 DESCRIPTION 474 "Control for creating and deleting entries. Entries may be 475 modified while active. 477 For non-null-named logs, the managed system records the security 478 credentials from the request that sets nlmConfigLogStatus 479 to 'active' and uses that identity to apply access control to 480 the objects in the Notification to decide if that Notification 481 may be logged." 482 ::= { nlmConfigLogEntry 7 } 484 -- 485 -- Statistics Section 486 -- 488 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 489 SYNTAX Counter32 490 UNITS "notifications" 491 MAX-ACCESS read-only 492 STATUS current 493 DESCRIPTION 494 "The number of Notifications put in the nlmLogTable. This counts 495 a Notification once for each log entry, so a Notification put into 496 multiple logs is counted multiple times." 497 ::= { nlmStats 1 } 499 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 500 SYNTAX Counter32 501 UNITS "notifications" 502 MAX-ACCESS read-only 503 STATUS current 504 DESCRIPTION 505 "The number of log entries discarded to make room for a new entry 506 due to lack of resources or the value of nlmConfigGlobalEntryLimit 507 or nlmConfigLogEntryLimit. This does not include entries discarded 508 due to the value of nlmConfigGlobalAgeOut." 509 ::= { nlmStats 2 } 511 -- 512 -- Log Statistics Table 513 -- 515 nlmStatsLogTable OBJECT-TYPE 516 SYNTAX SEQUENCE OF NlmStatsLogEntry 517 MAX-ACCESS not-accessible 518 STATUS current 519 DESCRIPTION 520 "A table of Notification log statistics entries." 521 ::= { nlmStats 3 } 523 nlmStatsLogEntry OBJECT-TYPE 524 SYNTAX NlmStatsLogEntry 525 MAX-ACCESS not-accessible 526 STATUS current 527 DESCRIPTION 528 "A Notification log statistics entry." 529 AUGMENTS { nlmConfigLogEntry } 530 ::= { nlmStatsLogTable 1 } 532 NlmStatsLogEntry ::= SEQUENCE { 533 nlmStatsLogNotificationsLogged Counter32, 534 nlmStatsLogNotificationsBumped Counter32 535 } 537 nlmStatsLogNotificationsLogged OBJECT-TYPE 538 SYNTAX Counter32 539 UNITS "notifications" 540 MAX-ACCESS read-only 541 STATUS current 542 DESCRIPTION 543 "The number of Notifications put in this named log." 544 ::= { nlmStatsLogEntry 1 } 546 nlmStatsLogNotificationsBumped OBJECT-TYPE 547 SYNTAX Counter32 548 UNITS "notifications" 549 MAX-ACCESS read-only 550 STATUS current 551 DESCRIPTION 552 "The number of log entries discarded from this named log to make 553 room for a new entry due to lack of resources or the value of 554 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 555 include entries discarded due to the value of 556 nlmConfigGlobalAgeOut." 557 ::= { nlmStatsLogEntry 2 } 559 -- 560 -- Log Section 561 -- 563 -- 564 -- Log Table 565 -- 567 nlmLogTable OBJECT-TYPE 568 SYNTAX SEQUENCE OF NlmLogEntry 569 MAX-ACCESS not-accessible 570 STATUS current 571 DESCRIPTION 572 "A table of Notification log entries. 574 It is an implementation-specific matter whether entries in this 575 table are preserved across initializations of the management 576 system. In general one would expect that they are not. 578 Note that keeping entries across initializations of the 579 management system leads to some confusion with counters and 580 TimeStamps, since both of those are based on sysUpTime, which 581 resets on management initialization. In this situation, 582 counters apply only after the reset and nlmLogTime for entries 583 made before the reset is set to 0." 584 ::= { nlmLog 1 } 586 nlmLogEntry OBJECT-TYPE 587 SYNTAX NlmLogEntry 588 MAX-ACCESS not-accessible 589 STATUS current 590 DESCRIPTION 591 "A Notification log entry. 593 Entries appear in this table when Notifications occur and pass 594 filtering by nlmConfigLogFilterName and access control. They are 595 removed to make way for new entries due to lack of resources or 596 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 597 nlmConfigLogEntryLimit. 599 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 600 resources in general, the oldest entry in any log is removed to 601 make room for the new one. 603 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 604 entry in that log is removed to make room for the new one. 606 Before the managed system puts a locally-generated Notification 607 into a non-null-named log it assures that the creator of the log 608 has access to the information in the Notification. If not it 609 does not log that Notification in that log." 610 INDEX { nlmLogName, nlmLogIndex } 611 ::= { nlmLogTable 1 } 613 NlmLogEntry ::= SEQUENCE { 614 nlmLogIndex Unsigned32, 615 nlmLogTime TimeStamp, 616 nlmLogDateAndTime DateAndTime, 617 nlmLogEngineID SnmpEngineID, 618 nlmLogContextName SnmpAdminString, 619 nlmLogVariables Unsigned32, 620 nlmLogNotificationID OBJECT IDENTIFIER 621 } 623 nlmLogIndex OBJECT-TYPE 624 SYNTAX Unsigned32 (1..4294967295) 625 MAX-ACCESS not-accessible 626 STATUS current 627 DESCRIPTION 628 "A monotonically increasing integer for the sole purpose of 629 indexing entries within the named log. When it reaches the 630 maximum value, an extremely unlikely event, the agent wraps the 631 value back to 1 and may flush existing entries." 632 ::= { nlmLogEntry 1 } 634 nlmLogTime OBJECT-TYPE 635 SYNTAX TimeStamp 636 MAX-ACCESS read-only 637 STATUS current 638 DESCRIPTION 639 "The value of sysUpTime when the entry occurred. If the entry 640 occurred before the most recent management system initialization 641 this object value is zero." 642 ::= { nlmLogEntry 2 } 644 nlmLogDateAndTime OBJECT-TYPE 645 SYNTAX DateAndTime 646 MAX-ACCESS read-only 647 STATUS current 648 DESCRIPTION 649 "The local date and time when the entry was logged, instantiated 650 only by systems that have date and time capability." 651 ::= { nlmLogEntry 3 } 653 nlmLogEngineID OBJECT-TYPE 654 SYNTAX SnmpEngineID 655 MAX-ACCESS read-only 656 STATUS current 657 DESCRIPTION 658 "The identification of the SNMP engine at which the Notification 659 originated. 661 If the log can contain Notifications from only one engine 662 or the Trap is from an SNMPv1 system, this object is not 663 instantiated." 664 ::= { nlmLogEntry 4 } 666 nlmLogContextName OBJECT-TYPE 667 SYNTAX SnmpAdminString 668 MAX-ACCESS read-only 669 STATUS current 670 DESCRIPTION 671 "The name of the SNMP MIB context from which the Notification came. 672 For SNMPv1 Traps this is the community string from the Trap. 674 If the Notification's source SNMP engine is known not to support 675 multiple contexts, this object is not instantiated." 676 ::= { nlmLogEntry 5 } 678 nlmLogVariables OBJECT-TYPE 679 SYNTAX Unsigned32 680 MAX-ACCESS read-only 681 STATUS current 682 DESCRIPTION 683 "The number of variables in nlmLogVariableTable for this 684 Notification." 685 ::= { nlmLogEntry 6 } 687 nlmLogNotificationID OBJECT-TYPE 688 SYNTAX OBJECT IDENTIFIER 689 MAX-ACCESS read-only 690 STATUS current 691 DESCRIPTION 692 "The NOTIFICATION-TYPE object identifer of the Notification that 693 occurred." 694 ::= { nlmLogEntry 7 } 696 -- 697 -- Log Variable Table 698 -- 700 nlmLogVariableTable OBJECT-TYPE 701 SYNTAX SEQUENCE OF NlmLogVariableEntry 702 MAX-ACCESS not-accessible 703 STATUS current 704 DESCRIPTION 705 "A table of variables to go with Notification log entries." 706 ::= { nlmLog 2 } 708 nlmLogVariableEntry OBJECT-TYPE 709 SYNTAX NlmLogVariableEntry 710 MAX-ACCESS not-accessible 711 STATUS current 712 DESCRIPTION 713 "A Notification log entry variable. 715 Entries appear in this table when there are variables in 716 the varbind list of a Notification in nlmLogTable." 717 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 718 ::= { nlmLogVariableTable 1 } 720 NlmLogVariableEntry ::= SEQUENCE { 721 nlmLogVariableIndex Unsigned32, 722 nlmLogVariableID OBJECT IDENTIFIER, 723 nlmLogVariableValueType INTEGER, 724 nlmLogVariableCounter32Val Counter32, 725 nlmLogVariableUnsigned32Val Unsigned32, 726 nlmLogVariableTimeTicksVal TimeTicks, 727 nlmLogVariableInteger32Val Integer32, 728 nlmLogVariableOctetStringVal OCTET STRING, 729 nlmLogVariableIpAddressVal IpAddress, 730 nlmLogVariableOidVal OBJECT IDENTIFIER, 731 nlmLogVariableCounter64Val Counter64, 732 nlmLogVariableOpaqueVal Opaque 733 } 735 nlmLogVariableIndex OBJECT-TYPE 736 SYNTAX Unsigned32 (1..4294967295) 737 MAX-ACCESS not-accessible 738 STATUS current 739 DESCRIPTION 740 "A monotonically increasing integer, starting at 1 for a given 741 nlmLogIndex, for indexing variables within the logged 742 Notification." 743 ::= { nlmLogVariableEntry 1 } 745 nlmLogVariableID OBJECT-TYPE 746 SYNTAX OBJECT IDENTIFIER 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "The variable's object identifier." 751 ::= { nlmLogVariableEntry 2 } 753 nlmLogVariableValueType OBJECT-TYPE 754 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 755 integer32(4), ipAddress(5), octetString(6), 756 objectId(7), counter64(8), opaque(9) } 757 MAX-ACCESS read-only 758 STATUS current 759 DESCRIPTION 760 "The type of the value. One and only one of the value 761 objects that follow is instantiated, based on this type." 762 ::= { nlmLogVariableEntry 3 } 764 nlmLogVariableCounter32Val OBJECT-TYPE 765 SYNTAX Counter32 766 MAX-ACCESS read-only 767 STATUS current 768 DESCRIPTION 769 "The value when nlmLogVariableType is 'counter32'." 770 ::= { nlmLogVariableEntry 4 } 772 nlmLogVariableUnsigned32Val OBJECT-TYPE 773 SYNTAX Unsigned32 774 MAX-ACCESS read-only 775 STATUS current 776 DESCRIPTION 777 "The value when nlmLogVariableType is 'unsigned32'." 778 ::= { nlmLogVariableEntry 5 } 780 nlmLogVariableTimeTicksVal OBJECT-TYPE 781 SYNTAX TimeTicks 782 MAX-ACCESS read-only 783 STATUS current 784 DESCRIPTION 785 "The value when nlmLogVariableType is 'timeTicks'." 786 ::= { nlmLogVariableEntry 6 } 788 nlmLogVariableInteger32Val OBJECT-TYPE 789 SYNTAX Integer32 790 MAX-ACCESS read-only 791 STATUS current 792 DESCRIPTION 793 "The value when nlmLogVariableType is 'integer32'." 794 ::= { nlmLogVariableEntry 7 } 796 nlmLogVariableOctetStringVal OBJECT-TYPE 797 SYNTAX OCTET STRING 798 MAX-ACCESS read-only 799 STATUS current 800 DESCRIPTION 801 "The value when nlmLogVariableType is 'octetString'." 802 ::= { nlmLogVariableEntry 8 } 804 nlmLogVariableIpAddressVal OBJECT-TYPE 805 SYNTAX IpAddress 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "The value when nlmLogVariableType is 'ipAddress'." 810 ::= { nlmLogVariableEntry 9 } 812 nlmLogVariableOidVal OBJECT-TYPE 813 SYNTAX OBJECT IDENTIFIER 814 MAX-ACCESS read-only 815 STATUS current 816 DESCRIPTION 817 "The value when nlmLogVariableType is 'objectId'." 818 ::= { nlmLogVariableEntry 10 } 820 nlmLogVariableCounter64Val OBJECT-TYPE 821 SYNTAX Counter64 822 MAX-ACCESS read-only 823 STATUS current 824 DESCRIPTION 825 "The value when nlmLogVariableType is 'counter64'." 826 ::= { nlmLogVariableEntry 11 } 828 nlmLogVariableOpaqueVal OBJECT-TYPE 829 SYNTAX Opaque 830 MAX-ACCESS read-only 831 STATUS current 832 DESCRIPTION 833 "The value when nlmLogVariableType is 'opaque'." 834 ::= { nlmLogVariableEntry 12 } 836 -- 837 -- Conformance 838 -- 840 notificationLogMIBConformance OBJECT IDENTIFIER ::= 841 { notificationLogMIB 3 } 842 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 843 { notificationLogMIBConformance 1 } 844 notificationLogMIBGroups OBJECT IDENTIFIER ::= 845 { notificationLogMIBConformance 2 } 847 -- Compliance 849 notificationLogMIBCompliance MODULE-COMPLIANCE 850 STATUS current 851 DESCRIPTION 852 "The compliance statement for entities which implement 853 the Notification Log MIB." 854 MODULE -- this module 855 MANDATORY-GROUPS { 856 notificationLogConfigGroup, 857 notificationLogStatsGroup, 858 notificationLogLogGroup 859 } 861 OBJECT nlmConfigGlobalEntryLimit 862 SYNTAX Unsigned32 (0..4294967295) 863 MIN-ACCESS read-only 864 DESCRIPTION 865 "Implementations may choose a limit and not allow it to be 866 changed or may enforce an upper or lower bound on the 867 limit." 869 OBJECT nlmConfigLogEntryLimit 870 SYNTAX Unsigned32 (0..4294967295) 871 MIN-ACCESS read-only 872 DESCRIPTION 873 "Implementations may choose a limit and not allow it to be 874 changed or may enforce an upper or lower bound on the 875 limit." 877 OBJECT nlmConfigLogEntryStatus 878 MIN-ACCESS read-only 879 DESCRIPTION 880 "Implementations may not allow the creation of named logs." 882 GROUP notificationLogDateGroup 883 DESCRIPTION 884 "This group is mandatory on systems that keep wall clock 885 date and time and not implemented on systems that do not." 887 ::= { notificationLogMIBCompliances 1 } 889 -- Units of Conformance 891 notificationLogConfigGroup OBJECT-GROUP 892 OBJECTS { 893 nlmConfigGlobalEntryLimit, 894 nlmConfigGlobalAgeOut, 895 nlmConfigLogFilterName, 896 nlmConfigLogEntryLimit, 897 nlmConfigLogAdminStatus, 898 nlmConfigLogOperStatus, 899 nlmConfigLogStorageType, 900 nlmConfigLogEntryStatus 901 } 902 STATUS current 903 DESCRIPTION 904 "Notification log configuration management." 905 ::= { notificationLogMIBGroups 1 } 907 notificationLogStatsGroup OBJECT-GROUP 908 OBJECTS { 909 nlmStatsGlobalNotificationsLogged, 910 nlmStatsGlobalNotificationsBumped, 911 nlmStatsLogNotificationsLogged, 912 nlmStatsLogNotificationsBumped 913 } 914 STATUS current 915 DESCRIPTION 916 "Notification log statistics." 917 ::= { notificationLogMIBGroups 2 } 919 notificationLogLogGroup OBJECT-GROUP 920 OBJECTS { 921 nlmLogTime, 922 nlmLogEngineID, 923 nlmLogContextName, 924 nlmLogVariables, 925 nlmLogNotificationID, 927 nlmLogVariableID, 928 nlmLogVariableValueType, 929 nlmLogVariableCounter32Val, 930 nlmLogVariableUnsigned32Val, 931 nlmLogVariableTimeTicksVal, 932 nlmLogVariableInteger32Val, 933 nlmLogVariableOctetStringVal, 934 nlmLogVariableIpAddressVal, 935 nlmLogVariableOidVal, 936 nlmLogVariableCounter64Val, 937 nlmLogVariableOpaqueVal 938 } 939 STATUS current 940 DESCRIPTION 941 "Notification log data." 942 ::= { notificationLogMIBGroups 3 } 944 notificationLogDateGroup OBJECT-GROUP 945 OBJECTS { 946 nlmLogDateAndTime 947 } 948 STATUS current 949 DESCRIPTION 950 "Conditionally mandatory notification log data." 951 ::= { notificationLogMIBGroups 4 } 953 END 954 5. Intellectual Property 956 The IETF takes no position regarding the validity or scope of any 957 intellectual property or other rights that might be claimed to pertain 958 to the implementation or use of the technology described in this 959 document or the extent to which any license under such rights might or 960 might not be available; neither does it represent that it has made any 961 effort to identify any such rights. Information on the IETF's 962 procedures with respect to rights in standards-track and standards- 963 related documentation can be found in BCP-11. Copies of claims of 964 rights made available for publication and any assurances of licenses to 965 be made available, or the result of an attempt made to obtain a general 966 license or permission for the use of such proprietary rights by 967 implementors or users of this specification can be obtained from the 968 IETF Secretariat. 970 6. References 972 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 973 for Describing SNMP Management Frameworks", RFC 2571, April 974 1999 976 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 977 of Management Information for TCP/IP-based Internets", STD 978 16, RFC 1155, May 1990 980 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 981 16, RFC 1212, March 1991 983 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 984 SNMP", RFC 1215, March 1991 986 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 987 Rose, M., and S. Waldbusser, "Structure of Management 988 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 990 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 991 Rose, M., and S. Waldbusser, "Textual Conventions for 992 SMIv2", STD 58, RFC 2579, April 1999 994 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 995 Rose, M., and S. Waldbusser, "Conformance Statements for 996 SMIv2", STD 58, RFC 2580, April 1999 998 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 999 Network Management Protocol", STD 15, RFC 1157, May 1990. 1001 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1002 "Introduction to Community-based SNMPv2", RFC 1901, January 1003 1996. 1005 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1006 "Transport Mappings for Version 2 of the Simple Network 1007 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1009 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1010 Processing and Dispatching for the Simple Network Management 1011 Protocol (SNMP)", RFC 2572, April 1999 1013 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1014 (USM) for version 3 of the Simple Network Management 1015 Protocol (SNMPv3)", RFC 2574, April 1999 1017 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1018 "Protocol Operations for Version 2 of the Simple Network 1019 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1021 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1022 RFC 2573, April 1999 1024 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1025 Access Control Model (VACM) for the Simple Network 1026 Management Protocol (SNMP)", RFC 2575, April 1999 1028 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1029 "Introduction to Version 3 of the Internet-standard Network 1030 Management Framework", RFC 2570, April 1999 1032 [RFC1903] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 1033 "Coexistence between Version 1 and version 2 of the 1034 Internet-standard Network Management Framework", RFC 1903, 1035 January 1996. 1037 7. Security Considerations 1039 Security issues are discussed in the overview. 1041 8. Author's Address 1043 Bob Stewart 1044 Cisco Systems, Inc. 1045 170 West Tasman Drive 1046 San Jose, CA 95134-1706 1047 U.S.A. 1049 Phone: +1 408 526 4527 1050 Email: bstewart@cisco.com 1052 9. Full Copyright Statement 1054 Copyright (C) The Internet Society (1999). All Rights Reserved. 1056 This document and translations of it may be copied and furnished to 1057 others, and derivative works that comment on or otherwise explain it or 1058 assist in its implementation may be prepared, copied, published and 1059 distributed, in whole or in part, without restriction of any kind, 1060 provided that the above copyright notice and this paragraph are included 1061 on all such copies and derivative works. However, this document itself 1062 may not be modified in any way, such as by removing the copyright notice 1063 or references to the Internet Society or other Internet organizations, 1064 except as needed for the purpose of developing Internet standards in 1065 which case the procedures for copyrights defined in the Internet 1066 Standards process must be followed, or as required to translate it into 1067 languages other than English. 1069 The limited permissions granted above are perpetual and will not be 1070 revoked by the Internet Society or its successors or assigns. 1072 This document and the information contained herein is provided on an "AS 1073 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1074 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1075 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1076 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1077 FITNESS FOR A PARTICULAR PURPOSE. 1079 Table of Contents 1081 1 Abstract ........................................................ 2 1082 2 The SNMP Management Framework ................................... 2 1083 3 Overview ........................................................ 3 1084 3.1 Environment ................................................... 3 1085 3.1.1 SNMP Engines and Contexts ................................... 4 1086 3.1.2 Security .................................................... 4 1087 3.2 Structure ..................................................... 5 1088 3.2.1 Configuration ............................................... 5 1089 3.2.2 Statistics .................................................. 6 1090 3.2.3 Log ......................................................... 6 1091 3.3 Example ....................................................... 6 1092 4 Definitions ..................................................... 8 1093 5 Intellectual Property ........................................... 23 1094 6 References ...................................................... 24 1095 7 Security Considerations ......................................... 26 1096 8 Author's Address ................................................ 26 1097 9 Full Copyright Statement ........................................ 27