idnits 2.17.1 draft-ietf-disman-notif-log-mib-16.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of too long lines in the document, the longest one being 3 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 175 has weird spacing: '...ops ops-admi...' == Line 497 has weird spacing: '...isabled admin...' == Line 499 has weird spacing: '...ational adm...' == Line 501 has weird spacing: '...oFilter admin...' == Line 1144 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (10 March 2000) is 8812 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC1903' is defined on line 1106, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) ** Obsolete normative reference: RFC 1903 (Obsoleted by RFC 2579) Summary: 19 errors (**), 0 flaws (~~), 9 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Notification Log MIB 3 10 March 2000 5 draft-ietf-disman-notif-log-mib-16.txt 7 Bob Stewart 8 Cisco Systems, Inc. 10 Ramanathan R. Kavasseri 11 Cisco Systems, Inc. 13 Status of this Memo 15 This document is an Internet-Draft and is in full conformance with all 16 provisions of Section 10 of RFC2026. 18 Internet-Drafts are working documents of the Internet Engineering Task 19 Force (IETF), its areas, and its working groups. Note that other groups 20 may also distribute working documents as Internet-Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet- Drafts as reference material 25 or to cite them other than as ``work in progress.'' 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 Distribution of this document is unlimited. Please send comments to the 34 Distributed Management Working Group, . 36 Copyright Notice 38 Copyright (C) The Internet Society (1999). All Rights Reserved. 40 1. Abstract 42 This memo defines a portion of the Management Information Base (MIB) for 43 use with network management protocols in the Internet community. In 44 particular, it describes managed objects used for logging SNMP 45 Notifications. 47 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 48 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 49 document are to be interpreted as described in RFC 2119. 51 2. The SNMP Management Framework 53 The SNMP Management Framework presently consists of five major 54 components: 56 o An overall architecture, described in RFC 2571 [RFC2571]. 58 o Mechanisms for describing and naming objects and events for the 59 purpose of management. The first version of this Structure of 60 Management Information (SMI) is called SMIv1 and described in 61 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 62 1215 [RFC1215]. The second version, called SMIv2, is described 63 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 64 [RFC2580]. 66 o Message protocols for transferring management information. The 67 first version of the SNMP message protocol is called SNMPv1 and 68 described in STD 15, RFC 1157 [RFC1157]. A second version of the 69 SNMP message protocol, which is not an Internet standards track 70 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 71 and RFC 1906 [RFC1906]. The third version of the message 72 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 73 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 75 o Protocol operations for accessing management information. The 76 first set of protocol operations and associated PDU formats is 77 described in STD 15, RFC 1157 [RFC1157]. A second set of 78 protocol operations and associated PDU formats is described in 79 RFC 1905 [RFC1905]. 81 o A set of fundamental applications described in RFC 2573 82 [RFC2573] and the view-based access control mechanism described 83 in RFC 2575 [RFC2575]. 85 A more detailed introduction to the current SNMP Management Framework 86 can be found in RFC 2570 [RFC2570]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. Objects in the MIB are 90 defined using the mechanisms defined in the SMI. 92 This memo specifies a MIB module that is compliant to the SMIv2. A 93 MIB conforming to the SMIv1 can be produced through the appropriate 94 translations. The resulting translated MIB must be semantically 95 equivalent, except where objects or events are omitted because no 96 translation is possible (use of Counter64). Some machine readable 97 information in SMIv2 will be converted into textual descriptions in 98 SMIv1 during the translation process. However, this loss of machine 99 readable information is not considered to change the semantics of the 100 MIB. 102 3. Overview 104 Systems that support SNMP often need a mechanism for recording 105 Notification information as a hedge against lost Notifications, whether 106 those are Traps or Informs [RFC1905] that exceed retransmission limits. 107 This MIB therefore provides common infrastructure for other MIBs in the 108 form of a local logging function. It is intended primarily for senders 109 of Notifications but could be used also by receivers. 111 Given the Notification Log MIB, individual MIBs bear less responsibility 112 to record the transient information associated with an event against the 113 possibility that the Notification message is lost, and applications can 114 poll the log to verify that they have not missed important 115 Notifications. 117 3.1. Environment 119 The overall environmental concerns for the MIB are: 121 o SNMP Engines and Contexts 123 o Security 125 3.1.1. SNMP Engines and Contexts 127 There are two distinct information flows from multiple notification 128 originators that one may log. The first is the notifications that are 129 received (from one or more SNMP engines) for logging as SNMP informs and 130 traps. The other comprises notifications delivered to an SNMP engine at 131 the interface to the notification originator (using a notification 132 mechanism other than SNMP informs or traps). The latter information 133 flow (using a notification mechanism other than SNMP informs or traps) 134 MUST be modeled as the SNMP engine (which maintains the log) sending a 135 notification to itself. The remainder of this section discusses the 136 handling of the former information flow - notifications (received in the 137 form of SNMP informs or traps) from multiple SNMP engines. 139 As described in the SNMP architecture [RFC2571], a given system may 140 support multiple SNMP engines operating independently of one another, 141 each with its own SNMP engine identification. Furthermore, within the 142 purview of a given engine there may be multiple named management 143 contexts supporting overlapping or disjoint sets of MIB objects and 144 Notifications. Thus, understanding a particular Notification requires 145 knowing the SNMP engine and management context from whence it came. 147 To provide the necessary source information for a logged Notification, 148 the MIB includes objects to record that Notification's source SNMP 149 engine ID and management context name. 151 3.1.2. Security 153 Security for Notifications is awkward since access control for the 154 objects in the Notification can be checked only where the Notification 155 is created. Thus such checking is possible only for locally-generated 156 Notifications, and even then only when security credentials are 157 available. 159 For the purpose of this discussion, "security credentials" means the 160 input values for the abstract service interface function isAccessAllowed 161 [RFC2571] and using those credentials means conceptually using that 162 function to see that those credentials allow access to the MIB objects 163 in question, operating as for a Notification Originator in [RFC2573]. 165 The Notification Log MIB has the notion of a "named log." By using 166 hierarchically structured log names and view-based access control 167 [RFC2575] a network administrator can provide different access for 168 different users. When an application creates a named log the security 169 credentials of the creator stay associated with that log. 171 Hierarchically structured names encode groupings of names within the 172 name string, starting from the left so that they work well with 173 instance-level, view-based access control [RFC2575], for example: 175 ops ops-admin ops-oper ops-oper-senior ops-oper-junior 177 Network security managers designing such a naming policy SHOULD use 178 punctuation (as in the example) to avoid the problem of a lower level 179 name inadvertently running together with the next higher level name. 181 A managed system with fewer resources MAY disallow the creation of named 182 logs, providing only the default, null-named log. Such a log has no 183 implicit security credentials for Notification object access control and 184 Notifications are put into it with no further checking. 186 When putting locally-generated Notifications into a named log, the 187 managed system MUST use the security credentials associated with that 188 log and MUST apply the same access control rules as described for a 189 Notification Originator in [RFC2573]. 191 The managed system SHOULD NOT apply access control when adding remotely- 192 generated Notifications into either a named log or the default, null- 193 named log. In those cases the security of the information in the log 194 SHOULD be left to the normal, overall access control for the log itself. 196 The Notification Log MIB allows applications to set the maximum number 197 of Notifications that can be logged, using nlmConfigGlobalEntryLimit. 198 Similarly, an application can set the maximum age using 199 nlmConfigGlobalAgeOut, after which older Notifications MAY be timed out. 200 Please be aware that contention between multiple applications trying to 201 set these objects to different values MAY affect the reliability and 202 completeness of data seen by each application, i.e. it is possible that 203 one application may change the value of either of these objects, 204 resulting in some Notifications being deleted before the other 205 applications have had a chance to see them. This could be used to 206 orchestrate a denial-of-service attack. Methods for countering such an 207 attack are for further study. 209 3.2. Structure 211 The MIB has the following sections: 213 o Configuration -- control over how much the log can hold and what 214 Notifications are to be logged. 216 o Statistics -- indications of logging activity. 218 o Log -- the Notifications themselves. 220 3.2.1. Configuration 222 The configuration section contains objects to manage resource use by the 223 MIB. 225 This section also contains a table to specify what logs exist and how 226 they operate. Deciding which Notifications are to be logged depends on 227 filters defined in the the snmpNotifyFilterTable in the standard SNMP 228 Notification MIB [RFC2573] identified by the initial index 229 (snmpNotifyFilterName) from that table. 231 3.2.2. Statistics 233 The statistics section contains counters for Notifications logged and 234 discarded, supplying a means to understand the results of log capacity 235 configuration and resource problems. 237 3.2.3. Log 239 The log contains the Notifications and the objects that came in their 240 variable binding list, indexed by an integer that reflects when the 241 entry was made. An application that wants to collect all logged 242 Notifications or to know if it may have missed any can keep track of the 243 highest index it has retrieved and start from there on its next poll, 244 checking sysUpTime for a discontinuity that would have reset the index 245 and perhaps have lost entries. 247 Variables are in a table indexed by Notification index and variable 248 index within that Notification. The values are kept as a "discriminated 249 union," with one value object per variable. Exactly which value object 250 is instantiated depends on the SNMP data type of the variable, with a 251 separate object of appropriate type for each distinct SNMP data type. 253 An application can thus reconstruct the information from the 254 Notification PDU from what is recorded in the log. 256 3.3. Example 258 Following is an example configuration of a named log for logging only 259 linkUp and linkDown Notifications. 261 In nlmConfigLogTable: 263 nlmConfigLogFilterName.5."links" = "link-status" 264 nlmConfigLogEntryLimit.5."links" = 0 265 nlmConfigLogAdminStatus.5."links" = enabled 266 nlmConfigLogOperStatus.5."links" = operational 267 nlmConfigLogStorageType.5."links" = nonVolatile 268 nlmConfigLogEntryStatus.5."links" = active 270 Note that snmpTraps is: 272 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 274 Or numerically: 276 1.3.6.1.6.3.1.1.5 278 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 280 So to allow the two Notifications in snmpNotifyFilterTable: 282 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 283 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 284 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 285 = nonVolatile 286 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 287 = active 289 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 290 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 291 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 292 = nonVolatile 293 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 294 = active 296 4. Definitions 298 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 300 IMPORTS 301 MODULE-IDENTITY, OBJECT-TYPE, 302 Integer32, Unsigned32, 303 TimeTicks, Counter32, Counter64, 304 IpAddress, Opaque, mib-2 FROM SNMPv2-SMI 305 TimeStamp, DateAndTime, 306 StorageType, RowStatus FROM SNMPv2-TC 307 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 308 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 310 notificationLogMIB MODULE-IDENTITY 311 LAST-UPDATED "200003100000Z" -- 10 March 2000 312 ORGANIZATION "IETF Distributed Management Working Group" 313 CONTACT-INFO "Ramanathan Kavasseri 314 Cisco Systems, Inc. 315 170 West Tasman Drive, 316 San Jose CA 95134-1706. 317 Phone: +1 408 527 2446 318 Email: ramk@cisco.com" 319 DESCRIPTION 320 "The MIB module for logging SNMP Notifications, that is, Traps 321 and Informs." 322 -- Revision History 324 REVISION "200003100000Z" -- 10 March 2000 325 DESCRIPTION "Updated the DESCRIPTION of nlmLogTable, 326 nlmLogContextEngineID and nlmLogContextName." 327 REVISION "200002040000Z" -- 4 February 2000 328 DESCRIPTION "Updated the DESCRIPTION of nlmConfigGlobalEntryLimit 329 and nlmLogContextEngineID." 330 REVISION "9910220000Z" -- 22 October 1999 331 DESCRIPTION "This is the initial version of this MIB. 332 Published as RFC xxxxx" 333 ::= { mib-2 xx } -- final assignment by IANA at publication time 335 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 337 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 338 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 339 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 340 -- 341 -- Configuration Section 342 -- 344 nlmConfigGlobalEntryLimit OBJECT-TYPE 345 SYNTAX Unsigned32 346 MAX-ACCESS read-write 347 STATUS current 348 DESCRIPTION 349 "The maximum number of notification entries that may be held 350 in nlmLogTable for all nlmLogNames added together. A particular 351 setting does not guarantee that much data can be held. 353 If an application changes the limit while there are 354 Notifications in the log, the oldest Notifications MUST be 355 discarded to bring the log down to the new limit - thus the 356 value of nlmConfigGlobalEntryLimit MUST take precedence over 357 the values of nlmConfigGlobalAgeOut and nlmConfigLogEntryLimit, 358 even if the Notification being discarded has been present for 359 fewer minutes than the value of nlmConfigGlobalAgeOut, or if 360 the named log has fewer entries than that specified in 361 nlmConfigLogEntryLimit. 363 A value of 0 means no limit. 365 Please be aware that contention between multiple managers 366 trying to set this object to different values MAY affect the 367 reliability and completeness of data seen by each manager." 368 DEFVAL { 0 } 369 ::= { nlmConfig 1 } 371 nlmConfigGlobalAgeOut OBJECT-TYPE 372 SYNTAX Unsigned32 373 UNITS "minutes" 374 MAX-ACCESS read-write 375 STATUS current 376 DESCRIPTION 377 "The number of minutes a Notification SHOULD be kept in a log before 378 it is automatically removed. 380 If an application changes the value of nlmConfigGlobalAgeOut, 381 Notifications older than the new time MAY be discarded to meet the 382 new time. 384 A value of 0 means no age out. 386 Please be aware that contention between multiple managers 387 trying to set this object to different values MAY affect the 388 reliability and completeness of data seen by each manager." 389 DEFVAL { 1440 } -- 24 hours 390 ::= { nlmConfig 2 } 392 -- 393 -- Basic Log Configuration Table 394 -- 396 nlmConfigLogTable OBJECT-TYPE 397 SYNTAX SEQUENCE OF NlmConfigLogEntry 398 MAX-ACCESS not-accessible 399 STATUS current 400 DESCRIPTION 401 "A table of logging control entries." 402 ::= { nlmConfig 3 } 404 nlmConfigLogEntry OBJECT-TYPE 405 SYNTAX NlmConfigLogEntry 406 MAX-ACCESS not-accessible 407 STATUS current 408 DESCRIPTION 409 "A logging control entry. Depending on the entry's storage type 410 entries may be supplied by the system or created and deleted by 411 applications using nlmConfigLogEntryStatus." 412 INDEX { nlmLogName } 413 ::= { nlmConfigLogTable 1 } 415 NlmConfigLogEntry ::= SEQUENCE { 416 nlmLogName SnmpAdminString, 417 nlmConfigLogFilterName SnmpAdminString, 418 nlmConfigLogEntryLimit Unsigned32, 419 nlmConfigLogAdminStatus INTEGER, 420 nlmConfigLogOperStatus INTEGER, 421 nlmConfigLogStorageType StorageType, 422 nlmConfigLogEntryStatus RowStatus 423 } 425 nlmLogName OBJECT-TYPE 426 SYNTAX SnmpAdminString (SIZE(0..32)) 427 MAX-ACCESS not-accessible 428 STATUS current 429 DESCRIPTION 430 "The name of the log. 432 An implementation may allow multiple named logs, up to some 433 implementation-specific limit (which may be none). A 434 zero-length log name is reserved for creation and deletion by 435 the managed system, and MUST be used as the default log name by 436 systems that do not support named logs." 437 ::= { nlmConfigLogEntry 1 } 439 nlmConfigLogFilterName OBJECT-TYPE 440 SYNTAX SnmpAdminString (SIZE(0..32)) 441 MAX-ACCESS read-create 442 STATUS current 443 DESCRIPTION 444 "A value of snmpNotifyFilterProfileName as used as an index 445 into the snmpNotifyFilterTable in the SNMP Notification MIB, 446 specifying the locally or remotely originated Notifications 447 to be filtered out and not logged in this log. 449 A zero-length value or a name that does not identify an 450 existing entry in snmpNotifyFilterTable indicate no 451 Notifications are to be logged in this log." 452 DEFVAL { ''H } 453 ::= { nlmConfigLogEntry 2 } 455 nlmConfigLogEntryLimit OBJECT-TYPE 456 SYNTAX Unsigned32 457 MAX-ACCESS read-create 458 STATUS current 459 DESCRIPTION 460 "The maximum number of notification entries that can be held in 461 nlmLogTable for this named log. A particular setting does not 462 guarantee that that much data can be held. 464 If an application changes the limit while there are 465 Notifications in the log, the oldest Notifications are discarded 466 to bring the log down to the new limit. 468 A value of 0 indicates no limit. 470 Please be aware that contention between multiple managers 471 trying to set this object to different values MAY affect the 472 reliability and completeness of data seen by each manager." 473 DEFVAL { 0 } 474 ::= { nlmConfigLogEntry 3 } 476 nlmConfigLogAdminStatus OBJECT-TYPE 477 SYNTAX INTEGER { enabled(1), disabled(2) } 478 MAX-ACCESS read-create 479 STATUS current 480 DESCRIPTION 481 "Control to enable or disable the log without otherwise 482 disturbing the log's entry. 484 Please be aware that contention between multiple managers 485 trying to set this object to different values MAY affect the 486 reliability and completeness of data seen by each manager." 487 DEFVAL { enabled } 488 ::= { nlmConfigLogEntry 4 } 490 nlmConfigLogOperStatus OBJECT-TYPE 491 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 492 MAX-ACCESS read-only 493 STATUS current 494 DESCRIPTION 495 "The operational status of this log: 497 disabled administratively disabled 499 operational administratively enabled and working 501 noFilter administratively enabled but either 502 nlmConfigLogFilterName is zero length 503 or does not name an existing entry in 504 snmpNotifyFilterTable" 505 ::= { nlmConfigLogEntry 5 } 507 nlmConfigLogStorageType OBJECT-TYPE 508 SYNTAX StorageType 509 MAX-ACCESS read-create 510 STATUS current 511 DESCRIPTION 512 "The storage type of this conceptual row." 513 ::= { nlmConfigLogEntry 6 } 515 nlmConfigLogEntryStatus OBJECT-TYPE 516 SYNTAX RowStatus 517 MAX-ACCESS read-create 518 STATUS current 519 DESCRIPTION 520 "Control for creating and deleting entries. Entries may be 521 modified while active. 523 For non-null-named logs, the managed system records the security 524 credentials from the request that sets nlmConfigLogStatus 525 to 'active' and uses that identity to apply access control to 526 the objects in the Notification to decide if that Notification 527 may be logged." 528 ::= { nlmConfigLogEntry 7 } 530 -- 531 -- Statistics Section 532 -- 534 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 535 SYNTAX Counter32 536 UNITS "notifications" 537 MAX-ACCESS read-only 538 STATUS current 539 DESCRIPTION 540 "The number of Notifications put into the nlmLogTable. This 541 counts a Notification once for each log entry, so a Notification 542 put into multiple logs is counted multiple times." 543 ::= { nlmStats 1 } 545 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 546 SYNTAX Counter32 547 UNITS "notifications" 548 MAX-ACCESS read-only 549 STATUS current 550 DESCRIPTION 551 "The number of log entries discarded to make room for a new entry 552 due to lack of resources or the value of nlmConfigGlobalEntryLimit 553 or nlmConfigLogEntryLimit. This does not include entries discarded 554 due to the value of nlmConfigGlobalAgeOut." 555 ::= { nlmStats 2 } 557 -- 558 -- Log Statistics Table 559 -- 561 nlmStatsLogTable OBJECT-TYPE 562 SYNTAX SEQUENCE OF NlmStatsLogEntry 563 MAX-ACCESS not-accessible 564 STATUS current 565 DESCRIPTION 566 "A table of Notification log statistics entries." 567 ::= { nlmStats 3 } 569 nlmStatsLogEntry OBJECT-TYPE 570 SYNTAX NlmStatsLogEntry 571 MAX-ACCESS not-accessible 572 STATUS current 573 DESCRIPTION 574 "A Notification log statistics entry." 575 AUGMENTS { nlmConfigLogEntry } 576 ::= { nlmStatsLogTable 1 } 578 NlmStatsLogEntry ::= SEQUENCE { 579 nlmStatsLogNotificationsLogged Counter32, 580 nlmStatsLogNotificationsBumped Counter32 581 } 583 nlmStatsLogNotificationsLogged OBJECT-TYPE 584 SYNTAX Counter32 585 UNITS "notifications" 586 MAX-ACCESS read-only 587 STATUS current 588 DESCRIPTION 589 "The number of Notifications put in this named log." 590 ::= { nlmStatsLogEntry 1 } 592 nlmStatsLogNotificationsBumped OBJECT-TYPE 593 SYNTAX Counter32 594 UNITS "notifications" 595 MAX-ACCESS read-only 596 STATUS current 597 DESCRIPTION 598 "The number of log entries discarded from this named log to make 599 room for a new entry due to lack of resources or the value of 600 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 601 include entries discarded due to the value of 602 nlmConfigGlobalAgeOut." 603 ::= { nlmStatsLogEntry 2 } 605 -- 606 -- Log Section 607 -- 609 -- 610 -- Log Table 611 -- 613 nlmLogTable OBJECT-TYPE 614 SYNTAX SEQUENCE OF NlmLogEntry 615 MAX-ACCESS not-accessible 616 STATUS current 617 DESCRIPTION 618 "A table of Notification log entries. 620 It is an implementation-specific matter whether entries in this 621 table are preserved across initializations of the management 622 system. In general one would expect that they are not. 624 Note that keeping entries across initializations of the 625 management system leads to some confusion with counters and 626 TimeStamps, since both of those are based on sysUpTime, which 627 resets on management initialization. In this situation, 628 counters apply only after the reset and nlmLogTime for entries 629 made before the reset MUST be set to 0." 630 ::= { nlmLog 1 } 632 nlmLogEntry OBJECT-TYPE 633 SYNTAX NlmLogEntry 634 MAX-ACCESS not-accessible 635 STATUS current 636 DESCRIPTION 637 "A Notification log entry. 639 Entries appear in this table when Notifications occur and pass 640 filtering by nlmConfigLogFilterName and access control. They are 641 removed to make way for new entries due to lack of resources or 642 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 643 nlmConfigLogEntryLimit. 645 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 646 resources in general, the oldest entry in any log SHOULD be removed to 647 make room for the new one. 649 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 650 entry in that log SHOULD be removed to make room for the new one. 652 Before the managed system puts a locally-generated Notification 653 into a non-null-named log it assures that the creator of the log 654 has access to the information in the Notification. If not it 655 does not log that Notification in that log." 656 INDEX { nlmLogName, nlmLogIndex } 657 ::= { nlmLogTable 1 } 659 NlmLogEntry ::= SEQUENCE { 660 nlmLogIndex Unsigned32, 661 nlmLogTime TimeStamp, 662 nlmLogDateAndTime DateAndTime, 663 nlmLogEngineID SnmpEngineID, 664 nlmLogEngineAddress IpAddress, 665 nlmLogContextEngineID SnmpEngineID, 666 nlmLogContextName SnmpAdminString, 667 nlmLogNotificationID OBJECT IDENTIFIER 668 } 670 nlmLogIndex OBJECT-TYPE 671 SYNTAX Unsigned32 (1..4294967295) 672 MAX-ACCESS not-accessible 673 STATUS current 674 DESCRIPTION 675 "A monotonically increasing integer for the sole purpose of 676 indexing entries within the named log. When it reaches the 677 maximum value, an extremely unlikely event, the agent wraps the 678 value back to 1." 679 ::= { nlmLogEntry 1 } 681 nlmLogTime OBJECT-TYPE 682 SYNTAX TimeStamp 683 MAX-ACCESS read-only 684 STATUS current 685 DESCRIPTION 686 "The value of sysUpTime when the entry was placed in the log. If 687 the entry occurred before the most recent management system 688 initialization this object value MUST be set to zero." 689 ::= { nlmLogEntry 2 } 691 nlmLogDateAndTime OBJECT-TYPE 692 SYNTAX DateAndTime 693 MAX-ACCESS read-only 694 STATUS current 695 DESCRIPTION 696 "The local date and time when the entry was logged, instantiated 697 only by systems that have date and time capability." 698 ::= { nlmLogEntry 3 } 700 nlmLogEngineID OBJECT-TYPE 701 SYNTAX SnmpEngineID 702 MAX-ACCESS read-only 703 STATUS current 704 DESCRIPTION 705 "The identification of the SNMP engine at which the Notification 706 originated. 708 If the log can contain Notifications from only one engine 709 or the Trap is in SNMPv1 format, this object is not 710 instantiated." 711 ::= { nlmLogEntry 4 } 713 nlmLogEngineAddress OBJECT-TYPE 714 SYNTAX IpAddress 715 MAX-ACCESS read-only 716 STATUS current 717 DESCRIPTION 718 "The IP Address of the SNMP engine from which the Notification 719 was received. This is used to identify the source of an SNMPv1 720 trap, since an nlmLogEngineId cannot be extracted from the 721 SNMPv1 trap pdu. 723 This object MUST always be instantiated, even if the log 724 can contain Notifications from only one engine. 726 Please be aware that the nlmLogEngineAddress may not uniquely 727 identify the SNMP engine from which the Notification was received. 728 For example, if an SNMP engine uses DHCP or NAT to obtain 729 ip addresses, the address it uses may be shared with other 730 network devices, and hence will not uniquely identify the 731 SNMP engine." 732 ::= { nlmLogEntry 5 } 734 nlmLogContextEngineID OBJECT-TYPE 735 SYNTAX SnmpEngineID 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 "If the Notification was received in a protocol which has a 740 contextEngineID element like SNMPv3, this object has that value. 741 Otherwise its value is a zero-length string." 742 ::= { nlmLogEntry 6 } 744 nlmLogContextName OBJECT-TYPE 745 SYNTAX SnmpAdminString 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "The name of the SNMP MIB context from which the Notification came. 750 For SNMPv1 Traps this is the community string from the Trap." 751 ::= { nlmLogEntry 7 } 753 nlmLogNotificationID OBJECT-TYPE 754 SYNTAX OBJECT IDENTIFIER 755 MAX-ACCESS read-only 756 STATUS current 757 DESCRIPTION 758 "The NOTIFICATION-TYPE object identifer of the Notification that 759 occurred." 760 ::= { nlmLogEntry 8 } 762 -- 763 -- Log Variable Table 764 -- 766 nlmLogVariableTable OBJECT-TYPE 767 SYNTAX SEQUENCE OF NlmLogVariableEntry 768 MAX-ACCESS not-accessible 769 STATUS current 770 DESCRIPTION 771 "A table of variables to go with Notification log entries." 772 ::= { nlmLog 2 } 774 nlmLogVariableEntry OBJECT-TYPE 775 SYNTAX NlmLogVariableEntry 776 MAX-ACCESS not-accessible 777 STATUS current 778 DESCRIPTION 779 "A Notification log entry variable. 781 Entries appear in this table when there are variables in 782 the varbind list of a Notification in nlmLogTable." 783 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 784 ::= { nlmLogVariableTable 1 } 786 NlmLogVariableEntry ::= SEQUENCE { 787 nlmLogVariableIndex Unsigned32, 788 nlmLogVariableID OBJECT IDENTIFIER, 789 nlmLogVariableValueType INTEGER, 790 nlmLogVariableCounter32Val Counter32, 791 nlmLogVariableUnsigned32Val Unsigned32, 792 nlmLogVariableTimeTicksVal TimeTicks, 793 nlmLogVariableInteger32Val Integer32, 794 nlmLogVariableOctetStringVal OCTET STRING, 795 nlmLogVariableIpAddressVal IpAddress, 796 nlmLogVariableOidVal OBJECT IDENTIFIER, 797 nlmLogVariableCounter64Val Counter64, 798 nlmLogVariableOpaqueVal Opaque 799 } 801 nlmLogVariableIndex OBJECT-TYPE 802 SYNTAX Unsigned32 (1..4294967295) 803 MAX-ACCESS not-accessible 804 STATUS current 805 DESCRIPTION 806 "A monotonically increasing integer, starting at 1 for a given 807 nlmLogIndex, for indexing variables within the logged 808 Notification." 809 ::= { nlmLogVariableEntry 1 } 811 nlmLogVariableID OBJECT-TYPE 812 SYNTAX OBJECT IDENTIFIER 813 MAX-ACCESS read-only 814 STATUS current 815 DESCRIPTION 816 "The variable's object identifier." 817 ::= { nlmLogVariableEntry 2 } 819 nlmLogVariableValueType OBJECT-TYPE 820 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 821 integer32(4), ipAddress(5), octetString(6), 822 objectId(7), counter64(8), opaque(9) } 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 "The type of the value. One and only one of the value 827 objects that follow must be instantiated, based on this type." 828 ::= { nlmLogVariableEntry 3 } 830 nlmLogVariableCounter32Val OBJECT-TYPE 831 SYNTAX Counter32 832 MAX-ACCESS read-only 833 STATUS current 834 DESCRIPTION 835 "The value when nlmLogVariableType is 'counter32'." 836 ::= { nlmLogVariableEntry 4 } 838 nlmLogVariableUnsigned32Val OBJECT-TYPE 839 SYNTAX Unsigned32 840 MAX-ACCESS read-only 841 STATUS current 842 DESCRIPTION 843 "The value when nlmLogVariableType is 'unsigned32'." 844 ::= { nlmLogVariableEntry 5 } 846 nlmLogVariableTimeTicksVal OBJECT-TYPE 847 SYNTAX TimeTicks 848 MAX-ACCESS read-only 849 STATUS current 850 DESCRIPTION 851 "The value when nlmLogVariableType is 'timeTicks'." 852 ::= { nlmLogVariableEntry 6 } 854 nlmLogVariableInteger32Val OBJECT-TYPE 855 SYNTAX Integer32 856 MAX-ACCESS read-only 857 STATUS current 858 DESCRIPTION 859 "The value when nlmLogVariableType is 'integer32'." 860 ::= { nlmLogVariableEntry 7 } 862 nlmLogVariableOctetStringVal OBJECT-TYPE 863 SYNTAX OCTET STRING 864 MAX-ACCESS read-only 865 STATUS current 866 DESCRIPTION 867 "The value when nlmLogVariableType is 'octetString'." 868 ::= { nlmLogVariableEntry 8 } 870 nlmLogVariableIpAddressVal OBJECT-TYPE 871 SYNTAX IpAddress 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 "The value when nlmLogVariableType is 'ipAddress'." 876 ::= { nlmLogVariableEntry 9 } 878 nlmLogVariableOidVal OBJECT-TYPE 879 SYNTAX OBJECT IDENTIFIER 880 MAX-ACCESS read-only 881 STATUS current 882 DESCRIPTION 883 "The value when nlmLogVariableType is 'objectId'." 884 ::= { nlmLogVariableEntry 10 } 886 nlmLogVariableCounter64Val OBJECT-TYPE 887 SYNTAX Counter64 888 MAX-ACCESS read-only 889 STATUS current 890 DESCRIPTION 891 "The value when nlmLogVariableType is 'counter64'." 892 ::= { nlmLogVariableEntry 11 } 894 nlmLogVariableOpaqueVal OBJECT-TYPE 895 SYNTAX Opaque 896 MAX-ACCESS read-only 897 STATUS current 898 DESCRIPTION 899 "The value when nlmLogVariableType is 'opaque'." 900 ::= { nlmLogVariableEntry 12 } 902 -- 903 -- Conformance 904 -- 906 notificationLogMIBConformance OBJECT IDENTIFIER ::= 907 { notificationLogMIB 3 } 908 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 909 { notificationLogMIBConformance 1 } 910 notificationLogMIBGroups OBJECT IDENTIFIER ::= 911 { notificationLogMIBConformance 2 } 913 -- Compliance 915 notificationLogMIBCompliance MODULE-COMPLIANCE 916 STATUS current 917 DESCRIPTION 918 "The compliance statement for entities which implement 919 the Notification Log MIB." 920 MODULE -- this module 921 MANDATORY-GROUPS { 922 notificationLogConfigGroup, 923 notificationLogStatsGroup, 924 notificationLogLogGroup 925 } 927 OBJECT nlmConfigGlobalEntryLimit 928 SYNTAX Unsigned32 (0..4294967295) 929 MIN-ACCESS read-only 930 DESCRIPTION 931 "Implementations may choose a limit and not allow it to be 932 changed or may enforce an upper or lower bound on the 933 limit." 935 OBJECT nlmConfigLogEntryLimit 936 SYNTAX Unsigned32 (0..4294967295) 937 MIN-ACCESS read-only 938 DESCRIPTION 939 "Implementations may choose a limit and not allow it to be 940 changed or may enforce an upper or lower bound on the 941 limit." 943 OBJECT nlmConfigLogEntryStatus 944 MIN-ACCESS read-only 945 DESCRIPTION 946 "Implementations may disallow the creation of named logs." 948 GROUP notificationLogDateGroup 949 DESCRIPTION 950 "This group is mandatory on systems that keep wall clock 951 date and time and should not be implemented on systems that 952 do not have a wall clock date." 954 ::= { notificationLogMIBCompliances 1 } 956 -- Units of Conformance 958 notificationLogConfigGroup OBJECT-GROUP 959 OBJECTS { 960 nlmConfigGlobalEntryLimit, 961 nlmConfigGlobalAgeOut, 962 nlmConfigLogFilterName, 963 nlmConfigLogEntryLimit, 964 nlmConfigLogAdminStatus, 965 nlmConfigLogOperStatus, 966 nlmConfigLogStorageType, 967 nlmConfigLogEntryStatus 968 } 969 STATUS current 970 DESCRIPTION 971 "Notification log configuration management." 972 ::= { notificationLogMIBGroups 1 } 974 notificationLogStatsGroup OBJECT-GROUP 975 OBJECTS { 976 nlmStatsGlobalNotificationsLogged, 977 nlmStatsGlobalNotificationsBumped, 978 nlmStatsLogNotificationsLogged, 979 nlmStatsLogNotificationsBumped 980 } 981 STATUS current 982 DESCRIPTION 983 "Notification log statistics." 984 ::= { notificationLogMIBGroups 2 } 986 notificationLogLogGroup OBJECT-GROUP 987 OBJECTS { 988 nlmLogTime, 989 nlmLogEngineID, 990 nlmLogEngineAddress, 991 nlmLogContextEngineID, 992 nlmLogContextName, 993 nlmLogNotificationID, 995 nlmLogVariableID, 996 nlmLogVariableValueType, 997 nlmLogVariableCounter32Val, 998 nlmLogVariableUnsigned32Val, 999 nlmLogVariableTimeTicksVal, 1000 nlmLogVariableInteger32Val, 1001 nlmLogVariableOctetStringVal, 1002 nlmLogVariableIpAddressVal, 1003 nlmLogVariableOidVal, 1004 nlmLogVariableCounter64Val, 1005 nlmLogVariableOpaqueVal 1006 } 1007 STATUS current 1008 DESCRIPTION 1009 "Notification log data." 1010 ::= { notificationLogMIBGroups 3 } 1012 notificationLogDateGroup OBJECT-GROUP 1013 OBJECTS { 1014 nlmLogDateAndTime 1015 } 1016 STATUS current 1017 DESCRIPTION 1018 "Conditionally mandatory notification log data." 1019 ::= { notificationLogMIBGroups 4 } 1021 END 1022 5. Intellectual Property 1024 The IETF takes no position regarding the validity or scope of any 1025 intellectual property or other rights that might be claimed to pertain 1026 to the implementation or use of the technology described in this 1027 document or the extent to which any license under such rights might or 1028 might not be available; neither does it represent that it has made any 1029 effort to identify any such rights. Information on the IETF's 1030 procedures with respect to rights in standards-track and standards- 1031 related documentation can be found in BCP-11. Copies of claims of 1032 rights made available for publication and any assurances of licenses to 1033 be made available, or the result of an attempt made to obtain a general 1034 license or permission for the use of such proprietary rights by 1035 implementors or users of this specification can be obtained from the 1036 IETF Secretariat. 1038 The IETF invites any interested party to bring to its attention any 1039 copyrights, patents or patent applications, or other proprietary rights 1040 which may cover technology that may be required to practice this 1041 standard. Please address the information to the IETF Executive 1042 Director. 1044 6. References 1046 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 1047 for Describing SNMP Management Frameworks", RFC 2571, April 1048 1999 1050 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 1051 of Management Information for TCP/IP-based Internets", STD 1052 16, RFC 1155, May 1990 1054 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 1055 16, RFC 1212, March 1991 1057 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 1058 SNMP", RFC 1215, March 1991 1060 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1061 Rose, M., and S. Waldbusser, "Structure of Management 1062 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 1064 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1065 Rose, M., and S. Waldbusser, "Textual Conventions for 1066 SMIv2", STD 58, RFC 2579, April 1999 1068 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1069 Rose, M., and S. Waldbusser, "Conformance Statements for 1070 SMIv2", STD 58, RFC 2580, April 1999 1072 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1073 Network Management Protocol", STD 15, RFC 1157, May 1990. 1075 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1076 "Introduction to Community-based SNMPv2", RFC 1901, January 1077 1996. 1079 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1080 "Transport Mappings for Version 2 of the Simple Network 1081 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1083 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1084 Processing and Dispatching for the Simple Network Management 1085 Protocol (SNMP)", RFC 2572, April 1999 1087 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1088 (USM) for version 3 of the Simple Network Management 1089 Protocol (SNMPv3)", RFC 2574, April 1999 1091 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1092 "Protocol Operations for Version 2 of the Simple Network 1093 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1095 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1096 RFC 2573, April 1999 1098 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1099 Access Control Model (VACM) for the Simple Network 1100 Management Protocol (SNMP)", RFC 2575, April 1999 1102 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1103 "Introduction to Version 3 of the Internet-standard Network 1104 Management Framework", RFC 2570, April 1999 1106 [RFC1903] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, 1107 "Coexistence between Version 1 and version 2 of the 1108 Internet-standard Network Management Framework", RFC 1903, 1109 January 1996. 1111 7. Security Considerations 1113 Security issues are discussed in Section 3.1.2. 1115 8. Author's Address 1117 Bob Stewart 1118 Cisco Systems, Inc. 1119 170 West Tasman Drive 1120 San Jose, CA 95134-1706 1121 U.S.A. 1123 Ramanathan Kavasseri 1124 Cisco Systems, Inc. 1125 170 West Tasman Drive 1126 San Jose, CA 95134-1706 1127 U.S.A. 1129 Phone: +1 408 527 2446 1130 Email: ramk@cisco.com 1132 9. Full Copyright Statement 1134 Copyright (C) The Internet Society (1999). All Rights Reserved. 1136 This document and translations of it may be copied and furnished to 1137 others, and derivative works that comment on or otherwise explain it or 1138 assist in its implementation may be prepared, copied, published and 1139 distributed, in whole or in part, without restriction of any kind, 1140 provided that the above copyright notice and this paragraph are included 1141 on all such copies and derivative works. However, this document itself 1142 may not be modified in any way, such as by removing the copyright notice 1143 or references to the Internet Society or other Internet organizations, 1144 except as needed for the purpose of developing Internet standards in 1145 which case the procedures for copyrights defined in the Internet 1146 Standards process must be followed, or as required to translate it into 1147 languages other than English. 1149 The limited permissions granted above are perpetual and will not be 1150 revoked by the Internet Society or its successors or assigns. 1152 This document and the information contained herein is provided on an "AS 1153 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1154 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1155 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1156 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1157 FITNESS FOR A PARTICULAR PURPOSE. 1159 Table of Contents 1161 1 Abstract ........................................................ 2 1162 2 The SNMP Management Framework ................................... 2 1163 3 Overview ........................................................ 3 1164 3.1 Environment ................................................... 3 1165 3.1.1 SNMP Engines and Contexts ................................... 4 1166 3.1.2 Security .................................................... 4 1167 3.2 Structure ..................................................... 5 1168 3.2.1 Configuration ............................................... 6 1169 3.2.2 Statistics .................................................. 6 1170 3.2.3 Log ......................................................... 6 1171 3.3 Example ....................................................... 7 1172 4 Definitions ..................................................... 8 1173 5 Intellectual Property ........................................... 25 1174 6 References ...................................................... 26 1175 7 Security Considerations ......................................... 28 1176 8 Author's Address ................................................ 28 1177 9 Full Copyright Statement ........................................ 29