idnits 2.17.1 draft-ietf-disman-notif-log-mib-11.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 30 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 467 has weird spacing: '...isabled admin...' == Line 469 has weird spacing: '...ational adm...' == Line 471 has weird spacing: '...oFilter admin...' == Line 1113 has weird spacing: '...for the purpo...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (21 October 1999) is 8948 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) Summary: 18 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Notification Log MIB 21 October 1999 3 Notification Log MIB 5 21 October 1999 7 draft-ietf-disman-notif-log-mib-11.txt 9 Bob Stewart 10 Cisco Systems, Inc. 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with all 15 provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering Task 18 Force (IETF), its areas, and its working groups. Note that other groups 19 may also distribute working documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as ``work in progress.'' 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Distribution of this document is unlimited. Please send comments to the 33 Distributed Management Working Group, . 35 Copyright Notice 37 Copyright (C) The Internet Society (1999). All Rights Reserved. 39 1. Abstract 41 This memo defines a portion of the Management Information Base (MIB) for 42 use with network management protocols in the Internet community. In 43 particular, it describes managed objects used for logging SNMP 44 Notifications. 46 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 47 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 48 document are to be interpreted as described in RFC 2119. 50 2. The SNMP Management Framework 52 The SNMP Management Framework presently consists of five major 53 components: 55 o An overall architecture, described in RFC 2571 [RFC2571]. 57 o Mechanisms for describing and naming objects and events for the 58 purpose of management. The first version of this Structure of 59 Management Information (SMI) is called SMIv1 and described in 60 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 61 1215 [RFC1215]. The second version, called SMIv2, is described 62 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 63 [RFC2580]. 65 o Message protocols for transferring management information. The 66 first version of the SNMP message protocol is called SNMPv1 and 67 described in STD 15, RFC 1157 [RFC1157]. A second version of the 68 SNMP message protocol, which is not an Internet standards track 69 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 70 and RFC 1906 [RFC1906]. The third version of the message 71 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 72 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 74 o Protocol operations for accessing management information. The 75 first set of protocol operations and associated PDU formats is 76 described in STD 15, RFC 1157 [RFC1157]. A second set of 77 protocol operations and associated PDU formats is described in 78 RFC 1905 [RFC1905]. 80 o A set of fundamental applications described in RFC 2573 81 [RFC2573] and the view-based access control mechanism described 82 in RFC 2575 [RFC2575]. 84 A more detailed introduction to the current SNMP Management Framework 85 can be found in RFC 2570 [RFC2570]. 87 Managed objects are accessed via a virtual information store, termed 88 the Management Information Base or MIB. Objects in the MIB are 89 defined using the mechanisms defined in the SMI. 91 This memo specifies a MIB module that is compliant to the SMIv2. A 92 MIB conforming to the SMIv1 can be produced through the appropriate 93 translations. The resulting translated MIB must be semantically 94 equivalent, except where objects or events are omitted because no 95 translation is possible (use of Counter64). Some machine readable 96 information in SMIv2 will be converted into textual descriptions in 97 SMIv1 during the translation process. However, this loss of machine 98 readable information is not considered to change the semantics of the 99 MIB. 101 3. Overview 103 Systems that support SNMP often need a mechanism for recording 104 Notification information as a hedge against lost Notifications, whether 105 those are Traps or Informs [RFC1905] that exceed retransmission limits 106 (to consider SNMPv1, see [RFC1903]). This MIB therefore provides common 107 infrastructure for other MIBs in the form of a local logging function. 108 It is intended primarily for senders of Notifications but could be used 109 also by receivers. 111 Given the Notification Log MIB, individual MIBs bear less responsibility 112 to record the transient information associated with an event against the 113 possibility that the Notification message is lost, and applications can 114 poll the log to verify that they have not missed important 115 Notifications. 117 3.1. Environment 119 The overall environmental concerns for the MIB are: 121 o SNMP Engines and Contexts 123 o Security 125 3.1.1. SNMP Engines and Contexts 127 As described in the SNMP architecture [RFC2571], a given system may 128 support multiple SNMP engines operating independently of one another, 129 each with its own SNMP engine identification. Furthermore, within the 130 purview of a given engine there may be multiple named management 131 contexts supporting overlapping or disjoint sets of MIB objects and 132 Notifications. Thus, understanding a particular Notification requires 133 knowing the SNMP engine and management context from whence it came. 135 The simplest system may have only one SNMP engine, and the simplest 136 engine may support only one context. In these cases, knowledge of the 137 engine ID and context name can be assumed and need not be explicit. 139 In a given implementation, an instance of the Notification Log MIB may 140 be confined to a single engine or context or may combine information 141 from multiple engines or contexts, allowing for the full range of 142 exclusive or inclusive contents. 144 To provide the necessary source information for a logged Notification, 145 the MIB includes objects to record that Notification's source SNMP 146 engine ID and management context name. In the case where such 147 information can be assumed, the related object need not be instantiated, 148 thus allowing the simplest implementation for the simplest system. 150 3.1.2. Security 152 Security for Notifications is awkward since access control for the 153 objects in the Notification can be checked only where the Notification 154 is created. Thus such checking is possible only for locally-generated 155 Notifications, and even then only when security credentials are 156 available. 158 For the purpose of this discussion, "security credentials" means the 159 input values for the abstract service interface function isAccessAllowed 160 [RFC2571] and using those credentials means conceptually using that 161 function to see that those credentials allow access to the MIB objects 162 in question, operating as for a Notification Originator in [RFC2573]. 164 The Notification Log MIB has the notion of a "named log." By using 165 hierarchically structured log names and view-based access control 166 [RFC2575] a network administrator can provide different access for 167 different users. When an application creates a named log the security 168 credentials of the creator stay associated with that log. 170 Hierarchically structured names encode groupings of names within the 171 name string, starting from the left so that they work well with 172 instance-level, view-based access control [RFC2575], for example: 174 ops ops-admin ops-oper ops-oper-senior ops- 175 oper-junior 177 Network security managers designing such a naming policy should use 178 punctuation (as in the example) to avoid the problem of a lower level 179 name inadvertently running together with the next higher level name. 181 A managed system with fewer resources may disallow the creation of named 182 logs, providing only the default, null-named log. Such a log has no 183 implicit security credentials for Notification object access control and 184 Notifications are put into it with no further checking. 186 When putting locally-generated Notifications into a named log, the 187 managed system must use the security credentials associated with that 188 log and must apply the same access control rules as described for a 189 Notification Originator in [RFC2573]. 191 The managed system should not apply access control when adding remotely- 192 generated Notifications into either a named log or the default, null- 193 named log. In those cases the security of the information in the log 194 should be left to the normal, overall access control for the log itself. 196 The Notification Log MIB allows applications to set the maximum number 197 of Notifications that can be logged, using nlmConfigGlobalEntryLimit. 198 Similarly, an application can set the maximum age using 199 nlmConfigGlobalAgeOut, after which older Notifications may be timed out. 200 When multiple applications are monitoring this MIB, it is possible that 201 one application may change the value of either of these objects, 202 resulting in some Notifications being deleted before the other 203 applications have had a chance to see them. Synchronization between 204 multiple applications using the Notification Log MIB is beyond the scope 205 of this MIB. 207 3.2. Structure 209 The MIB has the following sections: 211 o Configuration -- control over how much the log can hold and what 212 Notifications are to be logged. 214 o Statistics -- indications of logging activity. 216 o Log -- the Notifications themselves. 218 3.2.1. Configuration 220 The configuration section contains objects to manage resource use by the 221 MIB. 223 This section also contains a table to specify what logs exist and how 224 they operate. Deciding which Notifications are to be logged depends on 225 filters defined in the the snmpNotifyFilterTable in the standard SNMP 226 Notification MIB [RFC2573] identified by the initial index 227 (snmpNotifyFilterName) from that table. 229 3.2.2. Statistics 231 The statistics section contains counters for Notifications logged and 232 discarded, supplying a means to understand the results of log capacity 233 configuration and resource problems. 235 3.2.3. Log 237 The log contains the Notifications and the objects that came in their 238 variable binding list, indexed by an integer that reflects when the 239 entry was made. An application that wants to collect all logged 240 Notifications or to know if it may have missed any can keep track of the 241 highest index it has retrieved and start from there on its next poll, 242 checking sysUpTime for a discontinuity that would have reset the index 243 and perhaps have lost entries. 245 Variables are in a table indexed by Notification index and variable 246 index within that Notification. The values are kept as a "discriminated 247 union," with one value object per variable. Exactly which value object 248 is instantiated depends on the SNMP data type of the variable, with a 249 separate object of appropriate type for each distinct SNMP data type. 251 An application can thus reconstruct the information from the 252 Notification PDU from what is recorded in the log. 254 3.3. Example 256 Following is an example configuration of a named log for logging only 257 linkUp and linkDown Notifications. 259 In nlmConfigLogTable: 261 nlmConfigLogFilterName.5."links" = "link-status" 262 nlmConfigLogEntryLimit.5."links" = 0 263 nlmConfigLogAdminStatus.5."links" = enabled 264 nlmConfigLogOperStatus.5."links" = operational 265 nlmConfigLogStorageType.5."links" = nonVolatile 266 nlmConfigLogEntryStatus.5."links" = active 268 Note that snmpTraps is: 270 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 272 Or numerically: 274 1.3.6.1.6.3.1.1.5 276 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 278 So to allow the two Notifications in snmpNotifyFilterTable: 280 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 281 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 282 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 283 = nonVolatile 284 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 285 = active 287 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 288 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 289 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 290 = nonVolatile 291 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 292 = active 294 4. Definitions 296 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 298 IMPORTS 299 MODULE-IDENTITY, OBJECT-TYPE, 300 Integer32, Unsigned32, 301 TimeTicks, Counter32, Counter64, 302 IpAddress, Opaque FROM SNMPv2-SMI 303 TimeStamp, DateAndTime, 304 StorageType, RowStatus FROM SNMPv2-TC 305 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 306 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 308 notificationLogMIB MODULE-IDENTITY 309 LAST-UPDATED "9906241700Z" 310 ORGANIZATION "IETF Distributed Management Working Group" 311 CONTACT-INFO "Ramanathan Kavasseri 312 Cisco Systems, Inc. 313 170 West Tasman Drive, 314 San Jose CA 95134-1706. 315 Phone: +1 408 527 2446 316 Email: ramk@cisco.com" 317 DESCRIPTION 318 "The MIB module for logging SNMP Notifications, that is, Traps 319 and Informs." 320 -- Revision History 322 REVISION "9910210000Z" -- 21 October 1999 323 DESCRIPTION "Updated editors' addresses, fixed typos." 324 ::= { mib-2 xx } -- final assignment by IANA at publication time 326 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 328 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 329 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 330 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 332 -- 333 -- Configuration Section 334 -- 336 nlmConfigGlobalEntryLimit OBJECT-TYPE 337 SYNTAX Unsigned32 338 MAX-ACCESS read-write 339 STATUS current 340 DESCRIPTION 341 "The maximum number of notification entries that can be held 342 in nlmLogTable for all nlmLogNames added together. A particular 343 setting does not guarantee that much data can be held. 345 If an application changes the limit while there are 346 Notifications in the log, the oldest Notifications should be 347 discarded to bring the log down to the new limit. 349 A value of 0 means no limit." 350 DEFVAL { 0 } 351 ::= { nlmConfig 1 } 353 nlmConfigGlobalAgeOut OBJECT-TYPE 354 SYNTAX Unsigned32 355 UNITS "minutes" 356 MAX-ACCESS read-write 357 STATUS current 358 DESCRIPTION 359 "The number of minutes a Notification may rest in a log before 360 it is automatically removed. 362 If an application changes the value of nlmConfigGlobalAgeOut, 363 Notifications older than the new time are discarded to meet the 364 new time. 366 A value of 0 means no age out." 367 DEFVAL { 1440 } -- 24 hours 368 ::= { nlmConfig 2 } 370 -- 371 -- Basic Log Configuration Table 372 -- 374 nlmConfigLogTable OBJECT-TYPE 375 SYNTAX SEQUENCE OF NlmConfigLogEntry 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "A table of logging control entries." 380 ::= { nlmConfig 3 } 382 nlmConfigLogEntry OBJECT-TYPE 383 SYNTAX NlmConfigLogEntry 384 MAX-ACCESS not-accessible 385 STATUS current 386 DESCRIPTION 387 "A logging control entry. Depending on the entry's storage type 388 entries may be supplied by the system or created and deleted by 389 applications using nlmConfigLogEntryStatus." 390 INDEX { nlmLogName } 391 ::= { nlmConfigLogTable 1 } 393 NlmConfigLogEntry ::= SEQUENCE { 394 nlmLogName SnmpAdminString, 395 nlmConfigLogFilterName SnmpAdminString, 396 nlmConfigLogEntryLimit Unsigned32, 397 nlmConfigLogAdminStatus INTEGER, 398 nlmConfigLogOperStatus INTEGER, 399 nlmConfigLogStorageType StorageType, 400 nlmConfigLogEntryStatus RowStatus 401 } 403 nlmLogName OBJECT-TYPE 404 SYNTAX SnmpAdminString (SIZE(0..32)) 405 MAX-ACCESS not-accessible 406 STATUS current 407 DESCRIPTION 408 "The name of the log. 410 An implementation may allow multiple named logs, up to some 411 implementation-specific limit (which may be none). A 412 zero-length log name is reserved for creation and deletion by 413 the managed system, and is used as the default log name by 414 systems that do not support named logs." 415 ::= { nlmConfigLogEntry 1 } 417 nlmConfigLogFilterName OBJECT-TYPE 418 SYNTAX SnmpAdminString (SIZE(0..32)) 419 MAX-ACCESS read-create 420 STATUS current 421 DESCRIPTION 422 "A value of snmpNotifyFilterProfileName as used as an index 423 into the snmpNotifyFilterTable in the SNMP Notification MIB, 424 specifying the locally or remotely originated Notifications 425 to be filtered out and not logged in this log. 427 A zero-length value or a name that does not identify an 428 existing entry in snmpNotifyFilterTable indicate no 429 Notifications are to be logged in this log." 430 DEFVAL { ''H } 431 ::= { nlmConfigLogEntry 2 } 433 nlmConfigLogEntryLimit OBJECT-TYPE 434 SYNTAX Unsigned32 435 MAX-ACCESS read-create 436 STATUS current 437 DESCRIPTION 438 "The maximum number of notification entries that can be held in 439 nlmLogTable for this named log. A particular setting does not 440 guarantee that much data can be held. 442 If an application changes the limit while there are 443 Notifications in the log, the oldest Notifications are discarded 444 to bring the log down to the new limit. 446 A value of 0 indicates no limit." 447 DEFVAL { 0 } 448 ::= { nlmConfigLogEntry 3 } 450 nlmConfigLogAdminStatus OBJECT-TYPE 451 SYNTAX INTEGER { enabled(1), disabled(2) } 452 MAX-ACCESS read-create 453 STATUS current 454 DESCRIPTION 455 "Control to enable or disable the log without otherwise 456 disturbing the log's entry." 457 DEFVAL { enabled } 458 ::= { nlmConfigLogEntry 4 } 460 nlmConfigLogOperStatus OBJECT-TYPE 461 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 462 MAX-ACCESS read-only 463 STATUS current 464 DESCRIPTION 465 "The operational status of this log: 467 disabled administratively disabled 469 operational administratively enabled and working 471 noFilter administratively enabled but either 472 nlmConfigLogFilterName is zero length 473 or does not name an existing entry in 474 snmpNotifyFilterTable" 475 ::= { nlmConfigLogEntry 5 } 477 nlmConfigLogStorageType OBJECT-TYPE 478 SYNTAX StorageType 479 MAX-ACCESS read-create 480 STATUS current 481 DESCRIPTION 482 "The storage type of this conceptual row." 483 ::= { nlmConfigLogEntry 6 } 485 nlmConfigLogEntryStatus OBJECT-TYPE 486 SYNTAX RowStatus 487 MAX-ACCESS read-create 488 STATUS current 489 DESCRIPTION 490 "Control for creating and deleting entries. Entries may be 491 modified while active. 493 For non-null-named logs, the managed system records the security 494 credentials from the request that sets nlmConfigLogStatus 495 to 'active' and uses that identity to apply access control to 496 the objects in the Notification to decide if that Notification 497 may be logged." 498 ::= { nlmConfigLogEntry 7 } 500 -- 501 -- Statistics Section 502 -- 504 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 505 SYNTAX Counter32 506 UNITS "notifications" 507 MAX-ACCESS read-only 508 STATUS current 509 DESCRIPTION 510 "The number of Notifications put in the nlmLogTable. This 511 counts a Notification once for each log entry, so a Notification 512 put into multiple logs is counted multiple times." 513 ::= { nlmStats 1 } 515 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 516 SYNTAX Counter32 517 UNITS "notifications" 518 MAX-ACCESS read-only 519 STATUS current 520 DESCRIPTION 521 "The number of log entries discarded to make room for a new entry 522 due to lack of resources or the value of nlmConfigGlobalEntryLimit 523 or nlmConfigLogEntryLimit. This does not include entries discarded 524 due to the value of nlmConfigGlobalAgeOut." 525 ::= { nlmStats 2 } 527 -- 528 -- Log Statistics Table 529 -- 531 nlmStatsLogTable OBJECT-TYPE 532 SYNTAX SEQUENCE OF NlmStatsLogEntry 533 MAX-ACCESS not-accessible 534 STATUS current 535 DESCRIPTION 536 "A table of Notification log statistics entries." 537 ::= { nlmStats 3 } 539 nlmStatsLogEntry OBJECT-TYPE 540 SYNTAX NlmStatsLogEntry 541 MAX-ACCESS not-accessible 542 STATUS current 543 DESCRIPTION 544 "A Notification log statistics entry." 545 AUGMENTS { nlmConfigLogEntry } 546 ::= { nlmStatsLogTable 1 } 548 NlmStatsLogEntry ::= SEQUENCE { 549 nlmStatsLogNotificationsLogged Counter32, 550 nlmStatsLogNotificationsBumped Counter32 551 } 553 nlmStatsLogNotificationsLogged OBJECT-TYPE 554 SYNTAX Counter32 555 UNITS "notifications" 556 MAX-ACCESS read-only 557 STATUS current 558 DESCRIPTION 559 "The number of Notifications put in this named log." 560 ::= { nlmStatsLogEntry 1 } 562 nlmStatsLogNotificationsBumped OBJECT-TYPE 563 SYNTAX Counter32 564 UNITS "notifications" 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The number of log entries discarded from this named log to make 569 room for a new entry due to lack of resources or the value of 570 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 571 include entries discarded due to the value of 572 nlmConfigGlobalAgeOut." 573 ::= { nlmStatsLogEntry 2 } 575 -- 576 -- Log Section 577 -- 579 -- 580 -- Log Table 581 -- 583 nlmLogTable OBJECT-TYPE 584 SYNTAX SEQUENCE OF NlmLogEntry 585 MAX-ACCESS not-accessible 586 STATUS current 587 DESCRIPTION 588 "A table of Notification log entries. 590 It is an implementation-specific matter whether entries in this 591 table are preserved across initializations of the management 592 system. In general one would expect that they are not. 594 Note that keeping entries across initializations of the 595 management system leads to some confusion with counters and 596 TimeStamps, since both of those are based on sysUpTime, which 597 resets on management initialization. In this situation, 598 counters apply only after the reset and nlmLogTime for entries 599 made before the reset should be set to 0." 600 ::= { nlmLog 1 } 602 nlmLogEntry OBJECT-TYPE 603 SYNTAX NlmLogEntry 604 MAX-ACCESS not-accessible 605 STATUS current 606 DESCRIPTION 607 "A Notification log entry. 609 Entries appear in this table when Notifications occur and pass 610 filtering by nlmConfigLogFilterName and access control. They are 611 removed to make way for new entries due to lack of resources or 612 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 613 nlmConfigLogEntryLimit. 615 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 616 resources in general, the oldest entry in any log is removed to 617 make room for the new one. 619 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 620 entry in that log is removed to make room for the new one. 622 Before the managed system puts a locally-generated Notification 623 into a non-null-named log it assures that the creator of the log 624 has access to the information in the Notification. If not it 625 does not log that Notification in that log." 626 INDEX { nlmLogName, nlmLogIndex } 627 ::= { nlmLogTable 1 } 629 NlmLogEntry ::= SEQUENCE { 630 nlmLogIndex Unsigned32, 631 nlmLogTime TimeStamp, 632 nlmLogDateAndTime DateAndTime, 633 nlmLogEngineID SnmpEngineID, 634 nlmLogContextName SnmpAdminString, 635 nlmLogVariables Unsigned32, 636 nlmLogNotificationID OBJECT IDENTIFIER 637 } 639 nlmLogIndex OBJECT-TYPE 640 SYNTAX Unsigned32 (1..4294967295) 641 MAX-ACCESS not-accessible 642 STATUS current 643 DESCRIPTION 644 "A monotonically increasing integer for the sole purpose of 645 indexing entries within the named log. When it reaches the 646 maximum value, an extremely unlikely event, the agent wraps the 647 value back to 1 and may flush existing entries." 648 ::= { nlmLogEntry 1 } 650 nlmLogTime OBJECT-TYPE 651 SYNTAX TimeStamp 652 MAX-ACCESS read-only 653 STATUS current 654 DESCRIPTION 655 "The value of sysUpTime when the entry occurred. If the entry 656 occurred before the most recent management system initialization 657 this object value is zero." 658 ::= { nlmLogEntry 2 } 660 nlmLogDateAndTime OBJECT-TYPE 661 SYNTAX DateAndTime 662 MAX-ACCESS read-only 663 STATUS current 664 DESCRIPTION 665 "The local date and time when the entry was logged, instantiated 666 only by systems that have date and time capability." 667 ::= { nlmLogEntry 3 } 669 nlmLogEngineID OBJECT-TYPE 670 SYNTAX SnmpEngineID 671 MAX-ACCESS read-only 672 STATUS current 673 DESCRIPTION 674 "The identification of the SNMP engine at which the Notification 675 originated. 677 If the log can contain Notifications from only one engine 678 or the Trap is from an SNMPv1 system, this object is not 679 instantiated." 680 ::= { nlmLogEntry 4 } 682 nlmLogContextName OBJECT-TYPE 683 SYNTAX SnmpAdminString 684 MAX-ACCESS read-only 685 STATUS current 686 DESCRIPTION 687 "The name of the SNMP MIB context from which the Notification came. 688 For SNMPv1 Traps this is the community string from the Trap. 690 If the Notification's source SNMP engine is known not to support 691 multiple contexts, this object is not instantiated." 692 ::= { nlmLogEntry 5 } 694 nlmLogVariables OBJECT-TYPE 695 SYNTAX Unsigned32 696 MAX-ACCESS read-only 697 STATUS current 698 DESCRIPTION 699 "The number of variables in nlmLogVariableTable for this 700 Notification." 701 ::= { nlmLogEntry 6 } 703 nlmLogNotificationID OBJECT-TYPE 704 SYNTAX OBJECT IDENTIFIER 705 MAX-ACCESS read-only 706 STATUS current 707 DESCRIPTION 708 "The NOTIFICATION-TYPE object identifer of the Notification that 709 occurred." 710 ::= { nlmLogEntry 7 } 712 -- 713 -- Log Variable Table 714 -- 716 nlmLogVariableTable OBJECT-TYPE 717 SYNTAX SEQUENCE OF NlmLogVariableEntry 718 MAX-ACCESS not-accessible 719 STATUS current 720 DESCRIPTION 721 "A table of variables to go with Notification log entries." 722 ::= { nlmLog 2 } 724 nlmLogVariableEntry OBJECT-TYPE 725 SYNTAX NlmLogVariableEntry 726 MAX-ACCESS not-accessible 727 STATUS current 728 DESCRIPTION 729 "A Notification log entry variable. 731 Entries appear in this table when there are variables in 732 the varbind list of a Notification in nlmLogTable." 733 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 734 ::= { nlmLogVariableTable 1 } 736 NlmLogVariableEntry ::= SEQUENCE { 737 nlmLogVariableIndex Unsigned32, 738 nlmLogVariableID OBJECT IDENTIFIER, 739 nlmLogVariableValueType INTEGER, 740 nlmLogVariableCounter32Val Counter32, 741 nlmLogVariableUnsigned32Val Unsigned32, 742 nlmLogVariableTimeTicksVal TimeTicks, 743 nlmLogVariableInteger32Val Integer32, 744 nlmLogVariableOctetStringVal OCTET STRING, 745 nlmLogVariableIpAddressVal IpAddress, 746 nlmLogVariableOidVal OBJECT IDENTIFIER, 747 nlmLogVariableCounter64Val Counter64, 748 nlmLogVariableOpaqueVal Opaque 749 } 751 nlmLogVariableIndex OBJECT-TYPE 752 SYNTAX Unsigned32 (1..4294967295) 753 MAX-ACCESS not-accessible 754 STATUS current 755 DESCRIPTION 756 "A monotonically increasing integer, starting at 1 for a given 757 nlmLogIndex, for indexing variables within the logged 758 Notification." 759 ::= { nlmLogVariableEntry 1 } 761 nlmLogVariableID OBJECT-TYPE 762 SYNTAX OBJECT IDENTIFIER 763 MAX-ACCESS read-only 764 STATUS current 765 DESCRIPTION 766 "The variable's object identifier." 767 ::= { nlmLogVariableEntry 2 } 769 nlmLogVariableValueType OBJECT-TYPE 770 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 771 integer32(4), ipAddress(5), octetString(6), 772 objectId(7), counter64(8), opaque(9) } 773 MAX-ACCESS read-only 774 STATUS current 775 DESCRIPTION 776 "The type of the value. One and only one of the value 777 objects that follow must be instantiated, based on this type." 778 ::= { nlmLogVariableEntry 3 } 780 nlmLogVariableCounter32Val OBJECT-TYPE 781 SYNTAX Counter32 782 MAX-ACCESS read-only 783 STATUS current 784 DESCRIPTION 785 "The value when nlmLogVariableType is 'counter32'." 787 ::= { nlmLogVariableEntry 4 } 789 nlmLogVariableUnsigned32Val OBJECT-TYPE 790 SYNTAX Unsigned32 791 MAX-ACCESS read-only 792 STATUS current 793 DESCRIPTION 794 "The value when nlmLogVariableType is 'unsigned32'." 795 ::= { nlmLogVariableEntry 5 } 797 nlmLogVariableTimeTicksVal OBJECT-TYPE 798 SYNTAX TimeTicks 799 MAX-ACCESS read-only 800 STATUS current 801 DESCRIPTION 802 "The value when nlmLogVariableType is 'timeTicks'." 803 ::= { nlmLogVariableEntry 6 } 805 nlmLogVariableInteger32Val OBJECT-TYPE 806 SYNTAX Integer32 807 MAX-ACCESS read-only 808 STATUS current 809 DESCRIPTION 810 "The value when nlmLogVariableType is 'integer32'." 811 ::= { nlmLogVariableEntry 7 } 813 nlmLogVariableOctetStringVal OBJECT-TYPE 814 SYNTAX OCTET STRING 815 MAX-ACCESS read-only 816 STATUS current 817 DESCRIPTION 818 "The value when nlmLogVariableType is 'octetString'." 819 ::= { nlmLogVariableEntry 8 } 821 nlmLogVariableIpAddressVal OBJECT-TYPE 822 SYNTAX IpAddress 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 "The value when nlmLogVariableType is 'ipAddress'." 827 ::= { nlmLogVariableEntry 9 } 829 nlmLogVariableOidVal OBJECT-TYPE 830 SYNTAX OBJECT IDENTIFIER 831 MAX-ACCESS read-only 832 STATUS current 833 DESCRIPTION 834 "The value when nlmLogVariableType is 'objectId'." 835 ::= { nlmLogVariableEntry 10 } 837 nlmLogVariableCounter64Val OBJECT-TYPE 838 SYNTAX Counter64 839 MAX-ACCESS read-only 840 STATUS current 841 DESCRIPTION 842 "The value when nlmLogVariableType is 'counter64'." 843 ::= { nlmLogVariableEntry 11 } 845 nlmLogVariableOpaqueVal OBJECT-TYPE 846 SYNTAX Opaque 847 MAX-ACCESS read-only 848 STATUS current 849 DESCRIPTION 850 "The value when nlmLogVariableType is 'opaque'." 851 ::= { nlmLogVariableEntry 12 } 853 -- 854 -- Conformance 855 -- 857 notificationLogMIBConformance OBJECT IDENTIFIER ::= 858 { notificationLogMIB 3 } 859 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 860 { notificationLogMIBConformance 1 } 861 notificationLogMIBGroups OBJECT IDENTIFIER ::= 862 { notificationLogMIBConformance 2 } 864 -- Compliance 866 notificationLogMIBCompliance MODULE-COMPLIANCE 867 STATUS current 868 DESCRIPTION 869 "The compliance statement for entities which implement 870 the Notification Log MIB." 871 MODULE -- this module 872 MANDATORY-GROUPS { 873 notificationLogConfigGroup, 874 notificationLogStatsGroup, 875 notificationLogLogGroup 877 } 879 OBJECT nlmConfigGlobalEntryLimit 880 SYNTAX Unsigned32 (0..4294967295) 881 MIN-ACCESS read-only 882 DESCRIPTION 883 "Implementations may choose a limit and not allow it to be 884 changed or may enforce an upper or lower bound on the 885 limit." 887 OBJECT nlmConfigLogEntryLimit 888 SYNTAX Unsigned32 (0..4294967295) 889 MIN-ACCESS read-only 890 DESCRIPTION 891 "Implementations may choose a limit and not allow it to be 892 changed or may enforce an upper or lower bound on the 893 limit." 895 OBJECT nlmConfigLogEntryStatus 896 MIN-ACCESS read-only 897 DESCRIPTION 898 "Implementations may disallow the creation of named logs." 900 GROUP notificationLogDateGroup 901 DESCRIPTION 902 "This group is mandatory on systems that keep wall clock 903 date and time and should not be implemented on systems that 904 do not have a wall clock date." 906 ::= { notificationLogMIBCompliances 1 } 908 -- Units of Conformance 910 notificationLogConfigGroup OBJECT-GROUP 911 OBJECTS { 912 nlmConfigGlobalEntryLimit, 913 nlmConfigGlobalAgeOut, 914 nlmConfigLogFilterName, 915 nlmConfigLogEntryLimit, 916 nlmConfigLogAdminStatus, 917 nlmConfigLogOperStatus, 918 nlmConfigLogStorageType, 919 nlmConfigLogEntryStatus 920 } 921 STATUS current 922 DESCRIPTION 923 "Notification log configuration management." 924 ::= { notificationLogMIBGroups 1 } 926 notificationLogStatsGroup OBJECT-GROUP 927 OBJECTS { 928 nlmStatsGlobalNotificationsLogged, 929 nlmStatsGlobalNotificationsBumped, 930 nlmStatsLogNotificationsLogged, 931 nlmStatsLogNotificationsBumped 932 } 933 STATUS current 934 DESCRIPTION 935 "Notification log statistics." 936 ::= { notificationLogMIBGroups 2 } 938 notificationLogLogGroup OBJECT-GROUP 939 OBJECTS { 940 nlmLogTime, 941 nlmLogEngineID, 942 nlmLogContextName, 943 nlmLogVariables, 944 nlmLogNotificationID, 946 nlmLogVariableID, 947 nlmLogVariableValueType, 948 nlmLogVariableCounter32Val, 949 nlmLogVariableUnsigned32Val, 950 nlmLogVariableTimeTicksVal, 951 nlmLogVariableInteger32Val, 952 nlmLogVariableOctetStringVal, 953 nlmLogVariableIpAddressVal, 954 nlmLogVariableOidVal, 955 nlmLogVariableCounter64Val, 956 nlmLogVariableOpaqueVal 957 } 958 STATUS current 959 DESCRIPTION 960 "Notification log data." 961 ::= { notificationLogMIBGroups 3 } 963 notificationLogDateGroup OBJECT-GROUP 964 OBJECTS { 965 nlmLogDateAndTime 966 } 967 STATUS current 968 DESCRIPTION 969 "Conditionally mandatory notification log data." 970 ::= { notificationLogMIBGroups 4 } 972 END 973 5. Intellectual Property 975 The IETF takes no position regarding the validity or scope of any 976 intellectual property or other rights that might be claimed to pertain 977 to the implementation or use of the technology described in this 978 document or the extent to which any license under such rights might or 979 might not be available; neither does it represent that it has made any 980 effort to identify any such rights. Information on the IETF's 981 procedures with respect to rights in standards-track and standards- 982 related documentation can be found in BCP-11. Copies of claims of 983 rights made available for publication and any assurances of licenses to 984 be made available, or the result of an attempt made to obtain a general 985 license or permission for the use of such proprietary rights by 986 implementors or users of this specification can be obtained from the 987 IETF Secretariat. 989 6. References 991 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 992 for Describing SNMP Management Frameworks", RFC 2571, April 993 1999 995 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 996 of Management Information for TCP/IP-based Internets", STD 997 16, RFC 1155, May 1990 999 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 1000 16, RFC 1212, March 1991 1002 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 1003 SNMP", RFC 1215, March 1991 1005 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1006 Rose, M., and S. Waldbusser, "Structure of Management 1007 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 1009 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1010 Rose, M., and S. Waldbusser, "Textual Conventions for 1011 SMIv2", STD 58, RFC 2579, April 1999 1013 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1014 Rose, M., and S. Waldbusser, "Conformance Statements for 1015 SMIv2", STD 58, RFC 2580, April 1999 1017 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1018 Network Management Protocol", STD 15, RFC 1157, May 1990. 1020 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1021 "Introduction to Community-based SNMPv2", RFC 1901, January 1022 1996. 1024 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1025 "Transport Mappings for Version 2 of the Simple Network 1026 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1028 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1029 Processing and Dispatching for the Simple Network Management 1030 Protocol (SNMP)", RFC 2572, April 1999 1032 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1033 (USM) for version 3 of the Simple Network Management 1034 Protocol (SNMPv3)", RFC 2574, April 1999 1036 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1037 "Protocol Operations for Version 2 of the Simple Network 1038 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1040 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1041 RFC 2573, April 1999 1043 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1044 Access Control Model (VACM) for the Simple Network 1045 Management Protocol (SNMP)", RFC 2575, April 1999 1047 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1048 "Introduction to Version 3 of the Internet-standard Network 1049 Management Framework", RFC 2570, April 1999 1051 [RFC1903] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 1052 "Coexistence between Version 1 and version 2 of the 1053 Internet-standard Network Management Framework", RFC 1903, 1054 January 1996. 1056 7. Security Considerations 1058 Security issues are discussed in Section 3.1.2. 1060 8. Author's Address 1062 Bob Stewart 1063 Cisco Systems, Inc. 1064 170 West Tasman Drive 1065 San Jose, CA 95134-1706 1066 U.S.A. 1068 9. Editor's Address 1070 Ramanathan Kavasseri 1071 Cisco Systems, Inc. 1072 170 West Tasman Drive 1073 San Jose, CA 95134-1706 1074 U.S.A. 1076 Phone: +1 408 527 2446 1077 Email: ramk@cisco.com 1079 10. Intellectual Property 1081 The IETF takes no position regarding the validity or scope of any 1082 intellectual property or other rights that might be claimed to 1083 pertain to the implementation or use of the technology described in 1084 this document or the extent to which any license under such rights 1085 might or might not be available; neither does it represent that it 1086 has made any effort to identify any such rights. Information on the 1087 IETF's procedures with respect to rights in standards-track and 1088 standards-related documentation can be found in BCP-11. Copies of 1089 claims of rights made available for publication and any assurances of 1090 licenses to be made available, or the result of an attempt made to 1091 obtain a general license or permission for the use of such 1092 proprietary rights by implementors or users of this specification can 1093 be obtained from the IETF Secretariat. 1095 The IETF invites any interested party to bring to its attention any 1096 copyrights, patents or patent applications, or other proprietary 1097 rights which may cover technology that may be required to practice 1098 this standard. Please address the information to the IETF Executive 1099 Director. 1101 11. Full Copyright Statement 1103 Copyright (C) The Internet Society (1999). All Rights Reserved. 1105 This document and translations of it may be copied and furnished to 1106 others, and derivative works that comment on or otherwise explain it or 1107 assist in its implementation may be prepared, copied, published and 1108 distributed, in whole or in part, without restriction of any kind, 1109 provided that the above copyright notice and this paragraph are included 1110 on all such copies and derivative works. However, this document itself 1111 may not be modified in any way, such as by removing the copyright notice 1112 or references to the Internet Society or other Internet organizations, 1113 except as needed for the purpose of developing Internet standards in 1114 which case the procedures for copyrights defined in the Internet 1115 Standards process must be followed, or as required to translate it into 1116 languages other than English. 1118 The limited permissions granted above are perpetual and will not be 1119 revoked by the Internet Society or its successors or assigns. 1121 This document and the information contained herein is provided on an "AS 1122 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1123 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1124 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1125 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1126 FITNESS FOR A PARTICULAR PURPOSE. 1128 Table of Contents 1130 1 Abstract ........................................................ 2 1131 2 The SNMP Management Framework ................................... 2 1132 3 Overview ........................................................ 3 1133 3.1 Environment ................................................... 3 1134 3.1.1 SNMP Engines and Contexts ................................... 4 1135 3.1.2 Security .................................................... 4 1136 3.2 Structure ..................................................... 5 1137 3.2.1 Configuration ............................................... 6 1138 3.2.2 Statistics .................................................. 6 1139 3.2.3 Log ......................................................... 6 1140 3.3 Example ....................................................... 7 1141 4 Definitions ..................................................... 8 1142 5 Intellectual Property ........................................... 24 1143 6 References ...................................................... 25 1144 7 Security Considerations ......................................... 27 1145 8 Author's Address ................................................ 27 1146 9 Editor's Address ................................................ 27 1147 10 Intellectual Property .......................................... 28 1148 11 Full Copyright Statement ....................................... 29