idnits 2.17.1 draft-ietf-disman-notif-log-mib-13.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 3 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 177 has weird spacing: '...ops ops-admi...' == Line 494 has weird spacing: '...isabled admin...' == Line 496 has weird spacing: '...ational adm...' == Line 498 has weird spacing: '...oFilter admin...' == Line 1147 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (21 January 2000) is 8855 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1903' is defined on line 1109, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) Summary: 18 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Notification Log MIB 21 January 2000 3 Notification Log MIB 5 21 January 2000 7 draft-ietf-disman-notif-log-mib-13.txt 9 Bob Stewart 10 Cisco Systems, Inc. 12 Ramanathan R. Kavasseri 13 Cisco Systems, Inc. 15 Status of this Memo 17 This document is an Internet-Draft and is in full conformance with all 18 provisions of Section 10 of RFC2026. 20 Internet-Drafts are working documents of the Internet Engineering Task 21 Force (IETF), its areas, and its working groups. Note that other groups 22 may also distribute working documents as Internet-Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet- Drafts as reference material 27 or to cite them other than as ``work in progress.'' 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 Distribution of this document is unlimited. Please send comments to the 36 Distributed Management Working Group, . 38 Copyright Notice 40 Copyright (C) The Internet Society (1999). All Rights Reserved. 42 1. Abstract 44 This memo defines a portion of the Management Information Base (MIB) for 45 use with network management protocols in the Internet community. In 46 particular, it describes managed objects used for logging SNMP 47 Notifications. 49 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 50 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 51 document are to be interpreted as described in RFC 2119. 53 2. The SNMP Management Framework 55 The SNMP Management Framework presently consists of five major 56 components: 58 o An overall architecture, described in RFC 2571 [RFC2571]. 60 o Mechanisms for describing and naming objects and events for the 61 purpose of management. The first version of this Structure of 62 Management Information (SMI) is called SMIv1 and described in 63 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 64 1215 [RFC1215]. The second version, called SMIv2, is described 65 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 66 [RFC2580]. 68 o Message protocols for transferring management information. The 69 first version of the SNMP message protocol is called SNMPv1 and 70 described in STD 15, RFC 1157 [RFC1157]. A second version of the 71 SNMP message protocol, which is not an Internet standards track 72 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 73 and RFC 1906 [RFC1906]. The third version of the message 74 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 75 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 77 o Protocol operations for accessing management information. The 78 first set of protocol operations and associated PDU formats is 79 described in STD 15, RFC 1157 [RFC1157]. A second set of 80 protocol operations and associated PDU formats is described in 81 RFC 1905 [RFC1905]. 83 o A set of fundamental applications described in RFC 2573 84 [RFC2573] and the view-based access control mechanism described 85 in RFC 2575 [RFC2575]. 87 A more detailed introduction to the current SNMP Management Framework 88 can be found in RFC 2570 [RFC2570]. 90 Managed objects are accessed via a virtual information store, termed 91 the Management Information Base or MIB. Objects in the MIB are 92 defined using the mechanisms defined in the SMI. 94 This memo specifies a MIB module that is compliant to the SMIv2. A 95 MIB conforming to the SMIv1 can be produced through the appropriate 96 translations. The resulting translated MIB must be semantically 97 equivalent, except where objects or events are omitted because no 98 translation is possible (use of Counter64). Some machine readable 99 information in SMIv2 will be converted into textual descriptions in 100 SMIv1 during the translation process. However, this loss of machine 101 readable information is not considered to change the semantics of the 102 MIB. 104 3. Overview 106 Systems that support SNMP often need a mechanism for recording 107 Notification information as a hedge against lost Notifications, whether 108 those are Traps or Informs [RFC1905] that exceed retransmission limits. 109 This MIB therefore provides common infrastructure for other MIBs in the 110 form of a local logging function. It is intended primarily for senders 111 of Notifications but could be used also by receivers. 113 Given the Notification Log MIB, individual MIBs bear less responsibility 114 to record the transient information associated with an event against the 115 possibility that the Notification message is lost, and applications can 116 poll the log to verify that they have not missed important 117 Notifications. 119 3.1. Environment 121 The overall environmental concerns for the MIB are: 123 o SNMP Engines and Contexts 125 o Security 127 3.1.1. SNMP Engines and Contexts 129 There are two distinct information flows from multiple notification 130 originators that one may log. The first is the notifications that are 131 received (from one or more SNMP engines) for logging as SNMP informs and 132 traps. The other comprises notifications delivered to an SNMP engine at 133 the interface to the notification originator (using a notification 134 mechanism other than SNMP informs or traps). The latter information 135 flow (using a notification mechanism other than SNMP informs or traps) 136 MUST be modeled as the SNMP engine (which maintains the log) sending a 137 notification to itself. The remainder of this section discusses the 138 handling of the former information flow - notifications (received in the 139 form of SNMP informs or traps) from multiple SNMP engines. 141 As described in the SNMP architecture [RFC2571], a given system may 142 support multiple SNMP engines operating independently of one another, 143 each with its own SNMP engine identification. Furthermore, within the 144 purview of a given engine there may be multiple named management 145 contexts supporting overlapping or disjoint sets of MIB objects and 146 Notifications. Thus, understanding a particular Notification requires 147 knowing the SNMP engine and management context from whence it came. 149 To provide the necessary source information for a logged Notification, 150 the MIB includes objects to record that Notification's source SNMP 151 engine ID and management context name. 153 3.1.2. Security 155 Security for Notifications is awkward since access control for the 156 objects in the Notification can be checked only where the Notification 157 is created. Thus such checking is possible only for locally-generated 158 Notifications, and even then only when security credentials are 159 available. 161 For the purpose of this discussion, "security credentials" means the 162 input values for the abstract service interface function isAccessAllowed 163 [RFC2571] and using those credentials means conceptually using that 164 function to see that those credentials allow access to the MIB objects 165 in question, operating as for a Notification Originator in [RFC2573]. 167 The Notification Log MIB has the notion of a "named log." By using 168 hierarchically structured log names and view-based access control 169 [RFC2575] a network administrator can provide different access for 170 different users. When an application creates a named log the security 171 credentials of the creator stay associated with that log. 173 Hierarchically structured names encode groupings of names within the 174 name string, starting from the left so that they work well with 175 instance-level, view-based access control [RFC2575], for example: 177 ops ops-admin ops-oper ops-oper-senior ops-oper-junior 179 Network security managers designing such a naming policy SHOULD use 180 punctuation (as in the example) to avoid the problem of a lower level 181 name inadvertently running together with the next higher level name. 183 A managed system with fewer resources MAY disallow the creation of named 184 logs, providing only the default, null-named log. Such a log has no 185 implicit security credentials for Notification object access control and 186 Notifications are put into it with no further checking. 188 When putting locally-generated Notifications into a named log, the 189 managed system MUST use the security credentials associated with that 190 log and MUST apply the same access control rules as described for a 191 Notification Originator in [RFC2573]. 193 The managed system SHOULD NOT apply access control when adding remotely- 194 generated Notifications into either a named log or the default, null- 195 named log. In those cases the security of the information in the log 196 SHOULD be left to the normal, overall access control for the log itself. 198 The Notification Log MIB allows applications to set the maximum number 199 of Notifications that can be logged, using nlmConfigGlobalEntryLimit. 200 Similarly, an application can set the maximum age using 201 nlmConfigGlobalAgeOut, after which older Notifications MAY be timed out. 202 Please be aware that contention between multiple applications trying to 203 set these objects to different values MAY affect the reliability and 204 completeness of data seen by each application, i.e. it is possible that 205 one application may change the value of either of these objects, 206 resulting in some Notifications being deleted before the other 207 applications have had a chance to see them. This could be used to 208 orchestrate a denial-of-service attack. Methods for countering such an 209 attack are for further study. 211 3.2. Structure 213 The MIB has the following sections: 215 o Configuration -- control over how much the log can hold and what 216 Notifications are to be logged. 218 o Statistics -- indications of logging activity. 220 o Log -- the Notifications themselves. 222 3.2.1. Configuration 224 The configuration section contains objects to manage resource use by the 225 MIB. 227 This section also contains a table to specify what logs exist and how 228 they operate. Deciding which Notifications are to be logged depends on 229 filters defined in the the snmpNotifyFilterTable in the standard SNMP 230 Notification MIB [RFC2573] identified by the initial index 231 (snmpNotifyFilterName) from that table. 233 3.2.2. Statistics 235 The statistics section contains counters for Notifications logged and 236 discarded, supplying a means to understand the results of log capacity 237 configuration and resource problems. 239 3.2.3. Log 241 The log contains the Notifications and the objects that came in their 242 variable binding list, indexed by an integer that reflects when the 243 entry was made. An application that wants to collect all logged 244 Notifications or to know if it may have missed any can keep track of the 245 highest index it has retrieved and start from there on its next poll, 246 checking sysUpTime for a discontinuity that would have reset the index 247 and perhaps have lost entries. 249 Variables are in a table indexed by Notification index and variable 250 index within that Notification. The values are kept as a "discriminated 251 union," with one value object per variable. Exactly which value object 252 is instantiated depends on the SNMP data type of the variable, with a 253 separate object of appropriate type for each distinct SNMP data type. 255 An application can thus reconstruct the information from the 256 Notification PDU from what is recorded in the log. 258 3.3. Example 260 Following is an example configuration of a named log for logging only 261 linkUp and linkDown Notifications. 263 In nlmConfigLogTable: 265 nlmConfigLogFilterName.5."links" = "link-status" 266 nlmConfigLogEntryLimit.5."links" = 0 267 nlmConfigLogAdminStatus.5."links" = enabled 268 nlmConfigLogOperStatus.5."links" = operational 269 nlmConfigLogStorageType.5."links" = nonVolatile 270 nlmConfigLogEntryStatus.5."links" = active 272 Note that snmpTraps is: 274 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 276 Or numerically: 278 1.3.6.1.6.3.1.1.5 280 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 282 So to allow the two Notifications in snmpNotifyFilterTable: 284 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 285 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 286 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 287 = nonVolatile 288 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 289 = active 291 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 292 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 293 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 294 = nonVolatile 295 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 296 = active 298 4. Definitions 300 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 302 IMPORTS 303 MODULE-IDENTITY, OBJECT-TYPE, 304 Integer32, Unsigned32, 305 TimeTicks, Counter32, Counter64, 306 IpAddress, Opaque, mib-2 FROM SNMPv2-SMI 307 TimeStamp, DateAndTime, 308 StorageType, RowStatus FROM SNMPv2-TC 309 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 310 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 312 notificationLogMIB MODULE-IDENTITY 313 LAST-UPDATED "9910220000Z" 314 ORGANIZATION "IETF Distributed Management Working Group" 315 CONTACT-INFO "Ramanathan Kavasseri 316 Cisco Systems, Inc. 317 170 West Tasman Drive, 318 San Jose CA 95134-1706. 319 Phone: +1 408 527 2446 320 Email: ramk@cisco.com" 321 DESCRIPTION 322 "The MIB module for logging SNMP Notifications, that is, Traps 323 and Informs." 324 -- Revision History 326 REVISION "9910220000Z" -- 22 October 1999 327 DESCRIPTION "This is the initial version of this MIB. 328 Published as RFC xxxxx" 329 ::= { mib-2 xx } -- final assignment by IANA at publication time 331 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 333 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 334 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 335 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 337 -- 338 -- Configuration Section 339 -- 341 nlmConfigGlobalEntryLimit OBJECT-TYPE 342 SYNTAX Unsigned32 343 MAX-ACCESS read-write 344 STATUS current 345 DESCRIPTION 346 "The maximum number of notification entries that may be held 347 in nlmLogTable for all nlmLogNames added together. A particular 348 setting does not guarantee that much data can be held. 350 If an application changes the limit while there are 351 Notifications in the log, the oldest Notifications MUST be 352 discarded to bring the log down to the new limit - thus the 353 value of nlmConfigGlobalEntryLimit MUST take precedence over 354 the values of nlmConfigGlobalAgeOut and nlmConfigLogEntryLimit, 355 even if the Notification being discarded has been present for 356 fewer minutes than the value of nlmConfigGlobalAgeOut, or if 357 the named log has fewer entries than that specified in 358 nlmConfigLogEntryLimit. 360 A value of 0 means no limit. 362 Please be aware that contention between multiple managers 363 trying to set this object to different values MAY affect the 364 reliability and completeness of data seen by each manager." 365 DEFVAL { 0 } 366 ::= { nlmConfig 1 } 368 nlmConfigGlobalAgeOut OBJECT-TYPE 369 SYNTAX Unsigned32 370 UNITS "minutes" 371 MAX-ACCESS read-write 372 STATUS current 373 DESCRIPTION 374 "The number of minutes a Notification SHOULD be kept in a log before 375 it is automatically removed. 377 If an application changes the value of nlmConfigGlobalAgeOut, 378 Notifications older than the new time MAY be discarded to meet the 379 new time. 381 A value of 0 means no age out. 383 Please be aware that contention between multiple managers 384 trying to set this object to different values MAY affect the 385 reliability and completeness of data seen by each manager." 386 DEFVAL { 1440 } -- 24 hours 387 ::= { nlmConfig 2 } 389 -- 390 -- Basic Log Configuration Table 391 -- 393 nlmConfigLogTable OBJECT-TYPE 394 SYNTAX SEQUENCE OF NlmConfigLogEntry 395 MAX-ACCESS not-accessible 396 STATUS current 397 DESCRIPTION 398 "A table of logging control entries." 399 ::= { nlmConfig 3 } 401 nlmConfigLogEntry OBJECT-TYPE 402 SYNTAX NlmConfigLogEntry 403 MAX-ACCESS not-accessible 404 STATUS current 405 DESCRIPTION 406 "A logging control entry. Depending on the entry's storage type 407 entries may be supplied by the system or created and deleted by 408 applications using nlmConfigLogEntryStatus." 409 INDEX { nlmLogName } 410 ::= { nlmConfigLogTable 1 } 412 NlmConfigLogEntry ::= SEQUENCE { 413 nlmLogName SnmpAdminString, 414 nlmConfigLogFilterName SnmpAdminString, 415 nlmConfigLogEntryLimit Unsigned32, 416 nlmConfigLogAdminStatus INTEGER, 417 nlmConfigLogOperStatus INTEGER, 418 nlmConfigLogStorageType StorageType, 419 nlmConfigLogEntryStatus RowStatus 420 } 422 nlmLogName OBJECT-TYPE 423 SYNTAX SnmpAdminString (SIZE(0..32)) 424 MAX-ACCESS not-accessible 425 STATUS current 426 DESCRIPTION 427 "The name of the log. 429 An implementation may allow multiple named logs, up to some 430 implementation-specific limit (which may be none). A 431 zero-length log name is reserved for creation and deletion by 432 the managed system, and MUST be used as the default log name by 433 systems that do not support named logs." 434 ::= { nlmConfigLogEntry 1 } 436 nlmConfigLogFilterName OBJECT-TYPE 437 SYNTAX SnmpAdminString (SIZE(0..32)) 438 MAX-ACCESS read-create 439 STATUS current 440 DESCRIPTION 441 "A value of snmpNotifyFilterProfileName as used as an index 442 into the snmpNotifyFilterTable in the SNMP Notification MIB, 443 specifying the locally or remotely originated Notifications 444 to be filtered out and not logged in this log. 446 A zero-length value or a name that does not identify an 447 existing entry in snmpNotifyFilterTable indicate no 448 Notifications are to be logged in this log." 449 DEFVAL { ''H } 450 ::= { nlmConfigLogEntry 2 } 452 nlmConfigLogEntryLimit OBJECT-TYPE 453 SYNTAX Unsigned32 454 MAX-ACCESS read-create 455 STATUS current 456 DESCRIPTION 457 "The maximum number of notification entries that can be held in 458 nlmLogTable for this named log. A particular setting does not 459 guarantee that that much data can be held. 461 If an application changes the limit while there are 462 Notifications in the log, the oldest Notifications are discarded 463 to bring the log down to the new limit. 465 A value of 0 indicates no limit. 467 Please be aware that contention between multiple managers 468 trying to set this object to different values MAY affect the 469 reliability and completeness of data seen by each manager." 470 DEFVAL { 0 } 471 ::= { nlmConfigLogEntry 3 } 473 nlmConfigLogAdminStatus OBJECT-TYPE 474 SYNTAX INTEGER { enabled(1), disabled(2) } 475 MAX-ACCESS read-create 476 STATUS current 477 DESCRIPTION 478 "Control to enable or disable the log without otherwise 479 disturbing the log's entry. 481 Please be aware that contention between multiple managers 482 trying to set this object to different values MAY affect the 483 reliability and completeness of data seen by each manager." 484 DEFVAL { enabled } 485 ::= { nlmConfigLogEntry 4 } 487 nlmConfigLogOperStatus OBJECT-TYPE 488 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 489 MAX-ACCESS read-only 490 STATUS current 491 DESCRIPTION 492 "The operational status of this log: 494 disabled administratively disabled 496 operational administratively enabled and working 498 noFilter administratively enabled but either 499 nlmConfigLogFilterName is zero length 500 or does not name an existing entry in 501 snmpNotifyFilterTable" 502 ::= { nlmConfigLogEntry 5 } 504 nlmConfigLogStorageType OBJECT-TYPE 505 SYNTAX StorageType 506 MAX-ACCESS read-create 507 STATUS current 508 DESCRIPTION 509 "The storage type of this conceptual row." 510 ::= { nlmConfigLogEntry 6 } 512 nlmConfigLogEntryStatus OBJECT-TYPE 513 SYNTAX RowStatus 514 MAX-ACCESS read-create 515 STATUS current 516 DESCRIPTION 517 "Control for creating and deleting entries. Entries may be 518 modified while active. 520 For non-null-named logs, the managed system records the security 521 credentials from the request that sets nlmConfigLogStatus 522 to 'active' and uses that identity to apply access control to 523 the objects in the Notification to decide if that Notification 524 may be logged." 525 ::= { nlmConfigLogEntry 7 } 527 -- 528 -- Statistics Section 529 -- 531 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 532 SYNTAX Counter32 533 UNITS "notifications" 534 MAX-ACCESS read-only 535 STATUS current 536 DESCRIPTION 537 "The number of Notifications put into the nlmLogTable. This 538 counts a Notification once for each log entry, so a Notification 539 put into multiple logs is counted multiple times." 540 ::= { nlmStats 1 } 542 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 543 SYNTAX Counter32 544 UNITS "notifications" 545 MAX-ACCESS read-only 546 STATUS current 547 DESCRIPTION 548 "The number of log entries discarded to make room for a new entry 549 due to lack of resources or the value of nlmConfigGlobalEntryLimit 550 or nlmConfigLogEntryLimit. This does not include entries discarded 551 due to the value of nlmConfigGlobalAgeOut." 552 ::= { nlmStats 2 } 554 -- 555 -- Log Statistics Table 556 -- 558 nlmStatsLogTable OBJECT-TYPE 559 SYNTAX SEQUENCE OF NlmStatsLogEntry 560 MAX-ACCESS not-accessible 561 STATUS current 562 DESCRIPTION 563 "A table of Notification log statistics entries." 564 ::= { nlmStats 3 } 566 nlmStatsLogEntry OBJECT-TYPE 567 SYNTAX NlmStatsLogEntry 568 MAX-ACCESS not-accessible 569 STATUS current 570 DESCRIPTION 571 "A Notification log statistics entry." 572 AUGMENTS { nlmConfigLogEntry } 573 ::= { nlmStatsLogTable 1 } 575 NlmStatsLogEntry ::= SEQUENCE { 576 nlmStatsLogNotificationsLogged Counter32, 577 nlmStatsLogNotificationsBumped Counter32 578 } 580 nlmStatsLogNotificationsLogged OBJECT-TYPE 581 SYNTAX Counter32 582 UNITS "notifications" 583 MAX-ACCESS read-only 584 STATUS current 585 DESCRIPTION 586 "The number of Notifications put in this named log." 587 ::= { nlmStatsLogEntry 1 } 589 nlmStatsLogNotificationsBumped OBJECT-TYPE 590 SYNTAX Counter32 591 UNITS "notifications" 592 MAX-ACCESS read-only 593 STATUS current 594 DESCRIPTION 595 "The number of log entries discarded from this named log to make 596 room for a new entry due to lack of resources or the value of 597 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 598 include entries discarded due to the value of 599 nlmConfigGlobalAgeOut." 600 ::= { nlmStatsLogEntry 2 } 602 -- 603 -- Log Section 604 -- 606 -- 607 -- Log Table 608 -- 609 nlmLogTable OBJECT-TYPE 610 SYNTAX SEQUENCE OF NlmLogEntry 611 MAX-ACCESS not-accessible 612 STATUS current 613 DESCRIPTION 614 "A table of Notification log entries. 616 It is an implementation-specific matter whether entries in this 617 table are preserved across initializations of the management 618 system. In general one would expect that they are not. 620 Note that keeping entries across initializations of the 621 management system leads to some confusion with counters and 622 TimeStamps, since both of those are based on sysUpTime, which 623 resets on management initialization. In this situation, 624 counters apply only after the reset and nlmLogTime for entries 625 made before the reset SHOULD be set to 0." 626 ::= { nlmLog 1 } 628 nlmLogEntry OBJECT-TYPE 629 SYNTAX NlmLogEntry 630 MAX-ACCESS not-accessible 631 STATUS current 632 DESCRIPTION 633 "A Notification log entry. 635 Entries appear in this table when Notifications occur and pass 636 filtering by nlmConfigLogFilterName and access control. They are 637 removed to make way for new entries due to lack of resources or 638 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 639 nlmConfigLogEntryLimit. 641 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 642 resources in general, the oldest entry in any log SHOULD be removed to 643 make room for the new one. 645 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 646 entry in that log SHOULD be removed to make room for the new one. 648 Before the managed system puts a locally-generated Notification 649 into a non-null-named log it assures that the creator of the log 650 has access to the information in the Notification. If not it 651 does not log that Notification in that log." 652 INDEX { nlmLogName, nlmLogIndex } 653 ::= { nlmLogTable 1 } 655 NlmLogEntry ::= SEQUENCE { 656 nlmLogIndex Unsigned32, 657 nlmLogTime TimeStamp, 658 nlmLogDateAndTime DateAndTime, 659 nlmLogEngineID SnmpEngineID, 660 nlmLogEngineAddress IpAddress, 661 nlmLogContextEngineID SnmpEngineID, 662 nlmLogContextName SnmpAdminString, 663 nlmLogNotificationID OBJECT IDENTIFIER 664 } 666 nlmLogIndex OBJECT-TYPE 667 SYNTAX Unsigned32 (1..4294967295) 668 MAX-ACCESS not-accessible 669 STATUS current 670 DESCRIPTION 671 "A monotonically increasing integer for the sole purpose of 672 indexing entries within the named log. When it reaches the 673 maximum value, an extremely unlikely event, the agent wraps the 674 value back to 1 and MUST flush existing entries." 675 ::= { nlmLogEntry 1 } 677 nlmLogTime OBJECT-TYPE 678 SYNTAX TimeStamp 679 MAX-ACCESS read-only 680 STATUS current 681 DESCRIPTION 682 "The value of sysUpTime when the entry was placed in the log. If 683 the entry occurred before the most recent management system 684 initialization this object value MUST be set to zero." 685 ::= { nlmLogEntry 2 } 687 nlmLogDateAndTime OBJECT-TYPE 688 SYNTAX DateAndTime 689 MAX-ACCESS read-only 690 STATUS current 691 DESCRIPTION 692 "The local date and time when the entry was logged, instantiated 693 only by systems that have date and time capability." 694 ::= { nlmLogEntry 3 } 696 nlmLogEngineID OBJECT-TYPE 697 SYNTAX SnmpEngineID 698 MAX-ACCESS read-only 699 STATUS current 700 DESCRIPTION 701 "The identification of the SNMP engine at which the Notification 702 originated. 704 If the log can contain Notifications from only one engine 705 or the Trap is in SNMPv1 format, this object is not 706 instantiated." 707 ::= { nlmLogEntry 4 } 709 nlmLogEngineAddress OBJECT-TYPE 710 SYNTAX IpAddress 711 MAX-ACCESS read-only 712 STATUS current 713 DESCRIPTION 714 "The IP Address of the SNMP engine from which the Notification 715 was received. This is used to identify the source of an SNMPv1 716 trap, since an nlmLogEngineId cannot be extracted from the 717 SNMPv1 trap pdu. 719 This object MUST always be instantiated, even if the log 720 can contain Notifications from only one engine. 722 Please be aware that the nlmLogEngineAddress may not uniquely 723 identify the SNMP engine from which the Notification was received. 724 For example, if an SNMP engine uses DHCP or NAT to obtain 725 ip addresses, the address it uses may be shared with other 726 network devices, and hence will not uniquely identify the 727 SNMP engine." 728 ::= { nlmLogEntry 5 } 730 nlmLogContextEngineID OBJECT-TYPE 731 SYNTAX SnmpEngineID 732 MAX-ACCESS read-only 733 STATUS current 734 DESCRIPTION 735 "The contextEngineID within an administrative domain (indicated 736 by nlmEngineID) that uniquely identifies an SNMP entity that may 737 realize an instance of a context with a particular contextName. 739 If the log originates from an administrative domain with only 740 one contextEngineID, or the Trap is from an SNMPv1 system, 741 this object SHOULD NOT be instantiated." 742 ::= { nlmLogEntry 6 } 744 nlmLogContextName OBJECT-TYPE 745 SYNTAX SnmpAdminString 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "The name of the SNMP MIB context from which the Notification came. 750 For SNMPv1 Traps this is the community string from the Trap. 752 If the Notification's source SNMP engine is known not to support 753 multiple contexts, this object MAY not be instantiated." 754 ::= { nlmLogEntry 7 } 756 nlmLogNotificationID OBJECT-TYPE 757 SYNTAX OBJECT IDENTIFIER 758 MAX-ACCESS read-only 759 STATUS current 760 DESCRIPTION 761 "The NOTIFICATION-TYPE object identifer of the Notification that 762 occurred." 763 ::= { nlmLogEntry 8 } 765 -- 766 -- Log Variable Table 767 -- 769 nlmLogVariableTable OBJECT-TYPE 770 SYNTAX SEQUENCE OF NlmLogVariableEntry 771 MAX-ACCESS not-accessible 772 STATUS current 773 DESCRIPTION 774 "A table of variables to go with Notification log entries." 775 ::= { nlmLog 2 } 777 nlmLogVariableEntry OBJECT-TYPE 778 SYNTAX NlmLogVariableEntry 779 MAX-ACCESS not-accessible 780 STATUS current 781 DESCRIPTION 782 "A Notification log entry variable. 784 Entries appear in this table when there are variables in 785 the varbind list of a Notification in nlmLogTable." 786 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 787 ::= { nlmLogVariableTable 1 } 789 NlmLogVariableEntry ::= SEQUENCE { 790 nlmLogVariableIndex Unsigned32, 791 nlmLogVariableID OBJECT IDENTIFIER, 792 nlmLogVariableValueType INTEGER, 793 nlmLogVariableCounter32Val Counter32, 794 nlmLogVariableUnsigned32Val Unsigned32, 795 nlmLogVariableTimeTicksVal TimeTicks, 796 nlmLogVariableInteger32Val Integer32, 797 nlmLogVariableOctetStringVal OCTET STRING, 798 nlmLogVariableIpAddressVal IpAddress, 799 nlmLogVariableOidVal OBJECT IDENTIFIER, 800 nlmLogVariableCounter64Val Counter64, 801 nlmLogVariableOpaqueVal Opaque 802 } 804 nlmLogVariableIndex OBJECT-TYPE 805 SYNTAX Unsigned32 (1..4294967295) 806 MAX-ACCESS not-accessible 807 STATUS current 808 DESCRIPTION 809 "A monotonically increasing integer, starting at 1 for a given 810 nlmLogIndex, for indexing variables within the logged 811 Notification." 812 ::= { nlmLogVariableEntry 1 } 814 nlmLogVariableID OBJECT-TYPE 815 SYNTAX OBJECT IDENTIFIER 816 MAX-ACCESS read-only 817 STATUS current 818 DESCRIPTION 819 "The variable's object identifier." 820 ::= { nlmLogVariableEntry 2 } 822 nlmLogVariableValueType OBJECT-TYPE 823 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 824 integer32(4), ipAddress(5), octetString(6), 825 objectId(7), counter64(8), opaque(9) } 826 MAX-ACCESS read-only 827 STATUS current 828 DESCRIPTION 829 "The type of the value. One and only one of the value 830 objects that follow must be instantiated, based on this type." 831 ::= { nlmLogVariableEntry 3 } 833 nlmLogVariableCounter32Val OBJECT-TYPE 834 SYNTAX Counter32 835 MAX-ACCESS read-only 836 STATUS current 837 DESCRIPTION 838 "The value when nlmLogVariableType is 'counter32'." 839 ::= { nlmLogVariableEntry 4 } 841 nlmLogVariableUnsigned32Val OBJECT-TYPE 842 SYNTAX Unsigned32 843 MAX-ACCESS read-only 844 STATUS current 845 DESCRIPTION 846 "The value when nlmLogVariableType is 'unsigned32'." 847 ::= { nlmLogVariableEntry 5 } 849 nlmLogVariableTimeTicksVal OBJECT-TYPE 850 SYNTAX TimeTicks 851 MAX-ACCESS read-only 852 STATUS current 853 DESCRIPTION 854 "The value when nlmLogVariableType is 'timeTicks'." 855 ::= { nlmLogVariableEntry 6 } 857 nlmLogVariableInteger32Val OBJECT-TYPE 858 SYNTAX Integer32 859 MAX-ACCESS read-only 860 STATUS current 861 DESCRIPTION 862 "The value when nlmLogVariableType is 'integer32'." 863 ::= { nlmLogVariableEntry 7 } 865 nlmLogVariableOctetStringVal OBJECT-TYPE 866 SYNTAX OCTET STRING 867 MAX-ACCESS read-only 868 STATUS current 869 DESCRIPTION 870 "The value when nlmLogVariableType is 'octetString'." 871 ::= { nlmLogVariableEntry 8 } 873 nlmLogVariableIpAddressVal OBJECT-TYPE 874 SYNTAX IpAddress 875 MAX-ACCESS read-only 876 STATUS current 877 DESCRIPTION 878 "The value when nlmLogVariableType is 'ipAddress'." 879 ::= { nlmLogVariableEntry 9 } 881 nlmLogVariableOidVal OBJECT-TYPE 882 SYNTAX OBJECT IDENTIFIER 883 MAX-ACCESS read-only 884 STATUS current 885 DESCRIPTION 886 "The value when nlmLogVariableType is 'objectId'." 887 ::= { nlmLogVariableEntry 10 } 889 nlmLogVariableCounter64Val OBJECT-TYPE 890 SYNTAX Counter64 891 MAX-ACCESS read-only 892 STATUS current 893 DESCRIPTION 894 "The value when nlmLogVariableType is 'counter64'." 895 ::= { nlmLogVariableEntry 11 } 897 nlmLogVariableOpaqueVal OBJECT-TYPE 898 SYNTAX Opaque 899 MAX-ACCESS read-only 900 STATUS current 901 DESCRIPTION 902 "The value when nlmLogVariableType is 'opaque'." 903 ::= { nlmLogVariableEntry 12 } 905 -- 906 -- Conformance 907 -- 909 notificationLogMIBConformance OBJECT IDENTIFIER ::= 910 { notificationLogMIB 3 } 911 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 912 { notificationLogMIBConformance 1 } 913 notificationLogMIBGroups OBJECT IDENTIFIER ::= 914 { notificationLogMIBConformance 2 } 916 -- Compliance 918 notificationLogMIBCompliance MODULE-COMPLIANCE 919 STATUS current 920 DESCRIPTION 921 "The compliance statement for entities which implement 922 the Notification Log MIB." 923 MODULE -- this module 924 MANDATORY-GROUPS { 925 notificationLogConfigGroup, 926 notificationLogStatsGroup, 927 notificationLogLogGroup 928 } 930 OBJECT nlmConfigGlobalEntryLimit 931 SYNTAX Unsigned32 (0..4294967295) 932 MIN-ACCESS read-only 933 DESCRIPTION 934 "Implementations may choose a limit and not allow it to be 935 changed or may enforce an upper or lower bound on the 936 limit." 938 OBJECT nlmConfigLogEntryLimit 939 SYNTAX Unsigned32 (0..4294967295) 940 MIN-ACCESS read-only 941 DESCRIPTION 942 "Implementations may choose a limit and not allow it to be 943 changed or may enforce an upper or lower bound on the 944 limit." 946 OBJECT nlmConfigLogEntryStatus 947 MIN-ACCESS read-only 948 DESCRIPTION 949 "Implementations may disallow the creation of named logs." 951 GROUP notificationLogDateGroup 952 DESCRIPTION 953 "This group is mandatory on systems that keep wall clock 954 date and time and should not be implemented on systems that 955 do not have a wall clock date." 957 ::= { notificationLogMIBCompliances 1 } 959 -- Units of Conformance 961 notificationLogConfigGroup OBJECT-GROUP 962 OBJECTS { 963 nlmConfigGlobalEntryLimit, 964 nlmConfigGlobalAgeOut, 965 nlmConfigLogFilterName, 966 nlmConfigLogEntryLimit, 967 nlmConfigLogAdminStatus, 968 nlmConfigLogOperStatus, 969 nlmConfigLogStorageType, 970 nlmConfigLogEntryStatus 971 } 972 STATUS current 973 DESCRIPTION 974 "Notification log configuration management." 975 ::= { notificationLogMIBGroups 1 } 977 notificationLogStatsGroup OBJECT-GROUP 978 OBJECTS { 979 nlmStatsGlobalNotificationsLogged, 980 nlmStatsGlobalNotificationsBumped, 981 nlmStatsLogNotificationsLogged, 982 nlmStatsLogNotificationsBumped 983 } 984 STATUS current 985 DESCRIPTION 986 "Notification log statistics." 987 ::= { notificationLogMIBGroups 2 } 989 notificationLogLogGroup OBJECT-GROUP 990 OBJECTS { 991 nlmLogTime, 992 nlmLogEngineID, 993 nlmLogEngineAddress, 994 nlmLogContextEngineID, 995 nlmLogContextName, 996 nlmLogNotificationID, 998 nlmLogVariableID, 999 nlmLogVariableValueType, 1000 nlmLogVariableCounter32Val, 1001 nlmLogVariableUnsigned32Val, 1002 nlmLogVariableTimeTicksVal, 1003 nlmLogVariableInteger32Val, 1004 nlmLogVariableOctetStringVal, 1005 nlmLogVariableIpAddressVal, 1006 nlmLogVariableOidVal, 1007 nlmLogVariableCounter64Val, 1008 nlmLogVariableOpaqueVal 1009 } 1010 STATUS current 1011 DESCRIPTION 1012 "Notification log data." 1013 ::= { notificationLogMIBGroups 3 } 1015 notificationLogDateGroup OBJECT-GROUP 1016 OBJECTS { 1017 nlmLogDateAndTime 1018 } 1019 STATUS current 1020 DESCRIPTION 1021 "Conditionally mandatory notification log data." 1022 ::= { notificationLogMIBGroups 4 } 1024 END 1025 5. Intellectual Property 1027 The IETF takes no position regarding the validity or scope of any 1028 intellectual property or other rights that might be claimed to pertain 1029 to the implementation or use of the technology described in this 1030 document or the extent to which any license under such rights might or 1031 might not be available; neither does it represent that it has made any 1032 effort to identify any such rights. Information on the IETF's 1033 procedures with respect to rights in standards-track and standards- 1034 related documentation can be found in BCP-11. Copies of claims of 1035 rights made available for publication and any assurances of licenses to 1036 be made available, or the result of an attempt made to obtain a general 1037 license or permission for the use of such proprietary rights by 1038 implementors or users of this specification can be obtained from the 1039 IETF Secretariat. 1041 The IETF invites any interested party to bring to its attention any 1042 copyrights, patents or patent applications, or other proprietary rights 1043 which may cover technology that may be required to practice this 1044 standard. Please address the information to the IETF Executive 1045 Director. 1047 6. References 1049 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 1050 for Describing SNMP Management Frameworks", RFC 2571, April 1051 1999 1053 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 1054 of Management Information for TCP/IP-based Internets", STD 1055 16, RFC 1155, May 1990 1057 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 1058 16, RFC 1212, March 1991 1060 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 1061 SNMP", RFC 1215, March 1991 1063 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1064 Rose, M., and S. Waldbusser, "Structure of Management 1065 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 1067 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1068 Rose, M., and S. Waldbusser, "Textual Conventions for 1069 SMIv2", STD 58, RFC 2579, April 1999 1071 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1072 Rose, M., and S. Waldbusser, "Conformance Statements for 1073 SMIv2", STD 58, RFC 2580, April 1999 1075 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1076 Network Management Protocol", STD 15, RFC 1157, May 1990. 1078 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1079 "Introduction to Community-based SNMPv2", RFC 1901, January 1080 1996. 1082 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1083 "Transport Mappings for Version 2 of the Simple Network 1084 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1086 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1087 Processing and Dispatching for the Simple Network Management 1088 Protocol (SNMP)", RFC 2572, April 1999 1090 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1091 (USM) for version 3 of the Simple Network Management 1092 Protocol (SNMPv3)", RFC 2574, April 1999 1094 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1095 "Protocol Operations for Version 2 of the Simple Network 1096 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1098 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1099 RFC 2573, April 1999 1101 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1102 Access Control Model (VACM) for the Simple Network 1103 Management Protocol (SNMP)", RFC 2575, April 1999 1105 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1106 "Introduction to Version 3 of the Internet-standard Network 1107 Management Framework", RFC 2570, April 1999 1109 [RFC1903] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 1110 "Coexistence between Version 1 and version 2 of the 1111 Internet-standard Network Management Framework", RFC 1903, 1112 January 1996. 1114 7. Security Considerations 1116 Security issues are discussed in Section 3.1.2. 1118 8. Author's Address 1120 Bob Stewart 1121 Cisco Systems, Inc. 1122 170 West Tasman Drive 1123 San Jose, CA 95134-1706 1124 U.S.A. 1126 Ramanathan Kavasseri 1127 Cisco Systems, Inc. 1128 170 West Tasman Drive 1129 San Jose, CA 95134-1706 1130 U.S.A. 1132 Phone: +1 408 527 2446 1133 Email: ramk@cisco.com 1135 9. Full Copyright Statement 1137 Copyright (C) The Internet Society (1999). All Rights Reserved. 1139 This document and translations of it may be copied and furnished to 1140 others, and derivative works that comment on or otherwise explain it or 1141 assist in its implementation may be prepared, copied, published and 1142 distributed, in whole or in part, without restriction of any kind, 1143 provided that the above copyright notice and this paragraph are included 1144 on all such copies and derivative works. However, this document itself 1145 may not be modified in any way, such as by removing the copyright notice 1146 or references to the Internet Society or other Internet organizations, 1147 except as needed for the purpose of developing Internet standards in 1148 which case the procedures for copyrights defined in the Internet 1149 Standards process must be followed, or as required to translate it into 1150 languages other than English. 1152 The limited permissions granted above are perpetual and will not be 1153 revoked by the Internet Society or its successors or assigns. 1155 This document and the information contained herein is provided on an "AS 1156 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1157 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1158 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1159 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1160 FITNESS FOR A PARTICULAR PURPOSE. 1162 Table of Contents 1164 1 Abstract ........................................................ 2 1165 2 The SNMP Management Framework ................................... 2 1166 3 Overview ........................................................ 3 1167 3.1 Environment ................................................... 3 1168 3.1.1 SNMP Engines and Contexts ................................... 4 1169 3.1.2 Security .................................................... 4 1170 3.2 Structure ..................................................... 5 1171 3.2.1 Configuration ............................................... 6 1172 3.2.2 Statistics .................................................. 6 1173 3.2.3 Log ......................................................... 6 1174 3.3 Example ....................................................... 7 1175 4 Definitions ..................................................... 8 1176 5 Intellectual Property ........................................... 25 1177 6 References ...................................................... 26 1178 7 Security Considerations ......................................... 28 1179 8 Author's Address ................................................ 28 1180 9 Full Copyright Statement ........................................ 29