idnits 2.17.1 draft-ietf-disman-notif-log-mib-17.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 3 instances of too long lines in the document, the longest one being 3 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 482 has weird spacing: '...isabled admin...' == Line 484 has weird spacing: '...ational adm...' == Line 486 has weird spacing: '...oFilter admin...' == Line 1150 has weird spacing: '...for the purpo...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (12 October 2000) is 8589 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '8' on line 731 ** Obsolete normative reference: RFC 2571 (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 ** Downref: Normative reference to an Historic RFC: RFC 1157 ** Downref: Normative reference to an Historic RFC: RFC 1901 ** Obsolete normative reference: RFC 1906 (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (Obsoleted by RFC 3410) Summary: 17 errors (**), 0 flaws (~~), 7 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Editor of this version: 2 Internet-Draft Ramanathan R. Kavasseri 3 Expires April 2001 Cisco Systems, Inc. 4 Author of previous version: 5 Bob Stewart 6 12 October 2000 8 Notification Log MIB 10 draft-ietf-disman-notif-log-mib-17.txt 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with all 15 provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering Task 18 Force (IETF), its areas, and its working groups. Note that other groups 19 may also distribute working documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet- Drafts as reference material 24 or to cite them other than as ``work in progress.'' 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Distribution of this document is unlimited. Please send comments to the 33 Distributed Management Working Group, . 35 Copyright Notice 37 Copyright (C) The Internet Society (2000). All Rights Reserved. 39 1. Abstract 41 This memo defines a portion of the Management Information Base (MIB) for 42 use with network management protocols in the Internet community. In 43 particular, it describes managed objects used for logging SNMP 44 Notifications. 46 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 47 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 48 document are to be interpreted as described in RFC 2119. 50 2. The SNMP Management Framework 52 The SNMP Management Framework presently consists of five major 53 components: 55 o An overall architecture, described in RFC 2571 [RFC2571]. 57 o Mechanisms for describing and naming objects and events for the 58 purpose of management. The first version of this Structure of 59 Management Information (SMI) is called SMIv1 and described in 60 STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 61 1215 [RFC1215]. The second version, called SMIv2, is described 62 in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 63 [RFC2580]. 65 o Message protocols for transferring management information. The 66 first version of the SNMP message protocol is called SNMPv1 and 67 described in STD 15, RFC 1157 [RFC1157]. A second version of the 68 SNMP message protocol, which is not an Internet standards track 69 protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] 70 and RFC 1906 [RFC1906]. The third version of the message 71 protocol is called SNMPv3 and described in RFC 1906 [RFC1906], 72 RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 74 o Protocol operations for accessing management information. The 75 first set of protocol operations and associated PDU formats is 76 described in STD 15, RFC 1157 [RFC1157]. A second set of 77 protocol operations and associated PDU formats is described in 78 RFC 1905 [RFC1905]. 80 o A set of fundamental applications described in RFC 2573 81 [RFC2573] and the view-based access control mechanism described 82 in RFC 2575 [RFC2575]. 84 A more detailed introduction to the current SNMP Management Framework 85 can be found in RFC 2570 [RFC2570]. 87 Managed objects are accessed via a virtual information store, termed 88 the Management Information Base or MIB. Objects in the MIB are 89 defined using the mechanisms defined in the SMI. 91 This memo specifies a MIB module that is compliant to the SMIv2. A 92 MIB conforming to the SMIv1 can be produced through the appropriate 93 translations. The resulting translated MIB must be semantically 94 equivalent, except where objects or events are omitted because no 95 translation is possible (use of Counter64). Some machine readable 96 information in SMIv2 will be converted into textual descriptions in 97 SMIv1 during the translation process. However, this loss of machine 98 readable information is not considered to change the semantics of the 99 MIB. 101 3. Overview 103 Systems that support SNMP often need a mechanism for recording 104 Notification information as a hedge against lost Notifications, whether 105 those are Traps or Informs [RFC1905] that exceed retransmission limits. 106 This MIB therefore provides common infrastructure for other MIBs in the 107 form of a local logging function. It is intended primarily for senders 108 of Notifications but could be used also by receivers. 110 Given the Notification Log MIB, individual MIBs bear less responsibility 111 to record the transient information associated with an event against the 112 possibility that the Notification message is lost, and applications can 113 poll the log to verify that they have not missed important 114 Notifications. 116 3.1. Environment 118 The overall environmental concerns for the MIB are: 120 o SNMP Engines and Contexts 122 o Security 124 3.1.1. SNMP Engines and Contexts 126 There are two distinct information flows from multiple notification 127 originators that one may log. The first is the notifications that are 128 received (from one or more SNMP engines) for logging as SNMP informs and 129 traps. The other comprises notifications delivered to an SNMP engine at 130 the interface to the notification originator (using a notification 131 mechanism other than SNMP informs or traps). The latter information 132 flow (using a notification mechanism other than SNMP informs or traps) 133 is modeled here as the SNMP engine (which maintains the log) sending a 134 notification to itself. The remainder of this section discusses the 135 handling of the former information flow - notifications (received in the 136 form of SNMP informs or traps) from multiple SNMP engines. 138 As described in the SNMP architecture [RFC2571], a given system may 139 support multiple SNMP engines operating independently of one another, 140 each with its own SNMP engine identification. Furthermore, within the 141 purview of a given engine there may be multiple named management 142 contexts supporting overlapping or disjoint sets of MIB objects and 143 Notifications. Thus, understanding a particular Notification requires 144 knowing the SNMP engine and management context from whence it came. 146 To provide the necessary source information for a logged Notification, 147 the MIB includes objects to record that Notification's source SNMP 148 engine ID and management context name. 150 3.1.2. Security 152 Security for Notifications is awkward since access control for the 153 objects in the Notification can be checked only where the Notification 154 is created. Thus such checking is possible only for locally-generated 155 Notifications, and even then only when security credentials are 156 available. 158 For the purpose of this discussion, "security credentials" means the 159 input values for the abstract service interface function isAccessAllowed 160 [RFC2571] and using those credentials means conceptually using that 161 function to see that those credentials allow access to the MIB objects 162 in question, operating as for a Notification Originator in [RFC2573]. 164 The Notification Log MIB has the notion of a "named log." By using log 165 names and view-based access control [RFC2575] a network administrator 166 can provide different access for different users. When an application 167 creates a named log the security credentials of the creator stay 168 associated with that log. 170 A managed system with fewer resources MAY disallow the creation of named 171 logs, providing only the default, null-named log. Such a log has no 172 implicit security credentials for Notification object access control and 173 Notifications are put into it with no further checking. 175 When putting locally-generated Notifications into a named log, the 176 managed system MUST use the security credentials associated with that 177 log and MUST apply the same access control rules as described for a 178 Notification Originator in [RFC2573]. 180 The managed system SHOULD NOT apply access control when adding remotely- 181 generated Notifications into either a named log or the default, null- 182 named log. In those cases the security of the information in the log 183 SHOULD be left to the normal, overall access control for the log itself. 185 The Notification Log MIB allows applications to set the maximum number 186 of Notifications that can be logged, using nlmConfigGlobalEntryLimit. 187 Similarly, an application can set the maximum age using 188 nlmConfigGlobalAgeOut, after which older Notifications MAY be timed out. 189 Please be aware that contention between multiple applications trying to 190 set these objects to different values MAY affect the reliability and 191 completeness of data seen by each application, i.e. it is possible that 192 one application may change the value of either of these objects, 193 resulting in some Notifications being deleted before the other 194 applications have had a chance to see them. This could be used to 195 orchestrate a denial-of-service attack. Methods for countering such an 196 attack are for further study. 198 3.2. Structure 200 The MIB has the following sections: 202 o Configuration -- control over how much the log can hold and what 203 Notifications are to be logged. 205 o Statistics -- indications of logging activity. 207 o Log -- the Notifications themselves. 209 3.2.1. Configuration 211 The configuration section contains objects to manage resource use by the 212 MIB. 214 This section also contains a table to specify what logs exist and how 215 they operate. Deciding which Notifications are to be logged depends on 216 filters defined in the the snmpNotifyFilterTable in the standard SNMP 217 Notification MIB [RFC2573] identified by the initial index 218 (snmpNotifyFilterName) from that table. 220 3.2.2. Statistics 222 The statistics section contains counters for Notifications logged and 223 discarded, supplying a means to understand the results of log capacity 224 configuration and resource problems. 226 3.2.3. Log 228 The log contains the Notifications and the objects that came in their 229 variable binding list, indexed by an integer that reflects when the 230 entry was made. An application that wants to collect all logged 231 Notifications or to know if it may have missed any can keep track of the 232 highest index it has retrieved and start from there on its next poll, 233 checking sysUpTime for a discontinuity that would have reset the index 234 and perhaps have lost entries. 236 Variables are in a table indexed by Notification index and variable 237 index within that Notification. The values are kept as a "discriminated 238 union," with one value object per variable. Exactly which value object 239 is instantiated depends on the SNMP data type of the variable, with a 240 separate object of appropriate type for each distinct SNMP data type. 242 An application can thus reconstruct the information from the 243 Notification PDU from what is recorded in the log. 245 3.3. Example 247 Following is an example configuration of a named log for logging only 248 linkUp and linkDown Notifications. 250 In nlmConfigLogTable: 252 nlmConfigLogFilterName.5."links" = "link-status" 253 nlmConfigLogEntryLimit.5."links" = 0 254 nlmConfigLogAdminStatus.5."links" = enabled 255 nlmConfigLogOperStatus.5."links" = operational 256 nlmConfigLogStorageType.5."links" = nonVolatile 257 nlmConfigLogEntryStatus.5."links" = active 259 Note that snmpTraps is: 261 iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5 263 Or numerically: 265 1.3.6.1.6.3.1.1.5 267 And linkDown is snmpTraps.3 and linkUp is snmpTraps.4. 269 So to allow the two Notifications in snmpNotifyFilterTable: 271 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H 272 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include 273 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3 274 = nonVolatile 275 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3 276 = active 278 snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H 279 snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include 280 snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4 281 = nonVolatile 282 snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4 283 = active 285 4. Definitions 287 NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN 289 IMPORTS 290 MODULE-IDENTITY, OBJECT-TYPE, 291 Integer32, Unsigned32, 292 TimeTicks, Counter32, Counter64, 293 IpAddress, Opaque, mib-2 FROM SNMPv2-SMI 294 TimeStamp, DateAndTime, 295 StorageType, RowStatus, 296 TAddress, TDomain FROM SNMPv2-TC 297 SnmpAdminString, SnmpEngineID FROM SNMP-FRAMEWORK-MIB 298 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; 300 notificationLogMIB MODULE-IDENTITY 301 LAST-UPDATED "200010120000Z" -- 12 October 2000 302 ORGANIZATION "IETF Distributed Management Working Group" 303 CONTACT-INFO "Ramanathan Kavasseri 304 Cisco Systems, Inc. 305 170 West Tasman Drive, 306 San Jose CA 95134-1706. 307 Phone: +1 408 527 2446 308 Email: ramk@cisco.com" 309 DESCRIPTION 310 "The MIB module for logging SNMP Notifications, that is, Traps 311 and Informs." 312 -- Revision History 314 REVISION "200010120000Z" -- 12 October 2000 315 DESCRIPTION "This is the initial version of this MIB. 316 Published as RFC xxxx" 317 ::= { mib-2 xx } -- final assignment by IANA at publication time 319 notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 } 321 nlmConfig OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 } 322 nlmStats OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 } 323 nlmLog OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 } 325 -- 326 -- Configuration Section 327 -- 328 nlmConfigGlobalEntryLimit OBJECT-TYPE 329 SYNTAX Unsigned32 330 MAX-ACCESS read-write 331 STATUS current 332 DESCRIPTION 333 "The maximum number of notification entries that may be held 334 in nlmLogTable for all nlmLogNames added together. A particular 335 setting does not guarantee that much data can be held. 337 If an application changes the limit while there are 338 Notifications in the log, the oldest Notifications MUST be 339 discarded to bring the log down to the new limit - thus the 340 value of nlmConfigGlobalEntryLimit MUST take precedence over 341 the values of nlmConfigGlobalAgeOut and nlmConfigLogEntryLimit, 342 even if the Notification being discarded has been present for 343 fewer minutes than the value of nlmConfigGlobalAgeOut, or if 344 the named log has fewer entries than that specified in 345 nlmConfigLogEntryLimit. 347 A value of 0 means no limit. 349 Please be aware that contention between multiple managers 350 trying to set this object to different values MAY affect the 351 reliability and completeness of data seen by each manager." 352 DEFVAL { 0 } 353 ::= { nlmConfig 1 } 355 nlmConfigGlobalAgeOut OBJECT-TYPE 356 SYNTAX Unsigned32 357 UNITS "minutes" 358 MAX-ACCESS read-write 359 STATUS current 360 DESCRIPTION 361 "The number of minutes a Notification SHOULD be kept in a log before 362 it is automatically removed. 364 If an application changes the value of nlmConfigGlobalAgeOut, 365 Notifications older than the new time MAY be discarded to meet the 366 new time. 368 A value of 0 means no age out. 370 Please be aware that contention between multiple managers 371 trying to set this object to different values MAY affect the 372 reliability and completeness of data seen by each manager." 374 DEFVAL { 1440 } -- 24 hours 375 ::= { nlmConfig 2 } 377 -- 378 -- Basic Log Configuration Table 379 -- 381 nlmConfigLogTable OBJECT-TYPE 382 SYNTAX SEQUENCE OF NlmConfigLogEntry 383 MAX-ACCESS not-accessible 384 STATUS current 385 DESCRIPTION 386 "A table of logging control entries." 387 ::= { nlmConfig 3 } 389 nlmConfigLogEntry OBJECT-TYPE 390 SYNTAX NlmConfigLogEntry 391 MAX-ACCESS not-accessible 392 STATUS current 393 DESCRIPTION 394 "A logging control entry. Depending on the entry's storage type 395 entries may be supplied by the system or created and deleted by 396 applications using nlmConfigLogEntryStatus." 397 INDEX { nlmLogName } 398 ::= { nlmConfigLogTable 1 } 400 NlmConfigLogEntry ::= SEQUENCE { 401 nlmLogName SnmpAdminString, 402 nlmConfigLogFilterName SnmpAdminString, 403 nlmConfigLogEntryLimit Unsigned32, 404 nlmConfigLogAdminStatus INTEGER, 405 nlmConfigLogOperStatus INTEGER, 406 nlmConfigLogStorageType StorageType, 407 nlmConfigLogEntryStatus RowStatus 408 } 410 nlmLogName OBJECT-TYPE 411 SYNTAX SnmpAdminString (SIZE(0..32)) 412 MAX-ACCESS not-accessible 413 STATUS current 414 DESCRIPTION 415 "The name of the log. 417 An implementation may allow multiple named logs, up to some 418 implementation-specific limit (which may be none). A 419 zero-length log name is reserved for creation and deletion by 420 the managed system, and MUST be used as the default log name by 421 systems that do not support named logs." 422 ::= { nlmConfigLogEntry 1 } 424 nlmConfigLogFilterName OBJECT-TYPE 425 SYNTAX SnmpAdminString (SIZE(0..32)) 426 MAX-ACCESS read-create 427 STATUS current 428 DESCRIPTION 429 "A value of snmpNotifyFilterProfileName as used as an index 430 into the snmpNotifyFilterTable in the SNMP Notification MIB, 431 specifying the locally or remotely originated Notifications 432 to be filtered out and not logged in this log. 434 A zero-length value or a name that does not identify an 435 existing entry in snmpNotifyFilterTable indicate no 436 Notifications are to be logged in this log." 437 DEFVAL { ''H } 438 ::= { nlmConfigLogEntry 2 } 440 nlmConfigLogEntryLimit OBJECT-TYPE 441 SYNTAX Unsigned32 442 MAX-ACCESS read-create 443 STATUS current 444 DESCRIPTION 445 "The maximum number of notification entries that can be held in 446 nlmLogTable for this named log. A particular setting does not 447 guarantee that that much data can be held. 449 If an application changes the limit while there are 450 Notifications in the log, the oldest Notifications are discarded 451 to bring the log down to the new limit. 453 A value of 0 indicates no limit. 455 Please be aware that contention between multiple managers 456 trying to set this object to different values MAY affect the 457 reliability and completeness of data seen by each manager." 458 DEFVAL { 0 } 459 ::= { nlmConfigLogEntry 3 } 461 nlmConfigLogAdminStatus OBJECT-TYPE 462 SYNTAX INTEGER { enabled(1), disabled(2) } 463 MAX-ACCESS read-create 464 STATUS current 465 DESCRIPTION 466 "Control to enable or disable the log without otherwise 467 disturbing the log's entry. 469 Please be aware that contention between multiple managers 470 trying to set this object to different values MAY affect the 471 reliability and completeness of data seen by each manager." 472 DEFVAL { enabled } 473 ::= { nlmConfigLogEntry 4 } 475 nlmConfigLogOperStatus OBJECT-TYPE 476 SYNTAX INTEGER { disabled(1), operational(2), noFilter(3) } 477 MAX-ACCESS read-only 478 STATUS current 479 DESCRIPTION 480 "The operational status of this log: 482 disabled administratively disabled 484 operational administratively enabled and working 486 noFilter administratively enabled but either 487 nlmConfigLogFilterName is zero length 488 or does not name an existing entry in 489 snmpNotifyFilterTable" 490 ::= { nlmConfigLogEntry 5 } 492 nlmConfigLogStorageType OBJECT-TYPE 493 SYNTAX StorageType 494 MAX-ACCESS read-create 495 STATUS current 496 DESCRIPTION 497 "The storage type of this conceptual row." 498 ::= { nlmConfigLogEntry 6 } 500 nlmConfigLogEntryStatus OBJECT-TYPE 501 SYNTAX RowStatus 502 MAX-ACCESS read-create 503 STATUS current 504 DESCRIPTION 505 "Control for creating and deleting entries. Entries may be 506 modified while active. 508 For non-null-named logs, the managed system records the security 509 credentials from the request that sets nlmConfigLogStatus 510 to 'active' and uses that identity to apply access control to 511 the objects in the Notification to decide if that Notification 512 may be logged." 513 ::= { nlmConfigLogEntry 7 } 515 -- 516 -- Statistics Section 517 -- 519 nlmStatsGlobalNotificationsLogged OBJECT-TYPE 520 SYNTAX Counter32 521 UNITS "notifications" 522 MAX-ACCESS read-only 523 STATUS current 524 DESCRIPTION 525 "The number of Notifications put into the nlmLogTable. This 526 counts a Notification once for each log entry, so a Notification 527 put into multiple logs is counted multiple times." 528 ::= { nlmStats 1 } 530 nlmStatsGlobalNotificationsBumped OBJECT-TYPE 531 SYNTAX Counter32 532 UNITS "notifications" 533 MAX-ACCESS read-only 534 STATUS current 535 DESCRIPTION 536 "The number of log entries discarded to make room for a new entry 537 due to lack of resources or the value of nlmConfigGlobalEntryLimit 538 or nlmConfigLogEntryLimit. This does not include entries discarded 539 due to the value of nlmConfigGlobalAgeOut." 540 ::= { nlmStats 2 } 542 -- 543 -- Log Statistics Table 544 -- 546 nlmStatsLogTable OBJECT-TYPE 547 SYNTAX SEQUENCE OF NlmStatsLogEntry 548 MAX-ACCESS not-accessible 549 STATUS current 550 DESCRIPTION 551 "A table of Notification log statistics entries." 552 ::= { nlmStats 3 } 554 nlmStatsLogEntry OBJECT-TYPE 555 SYNTAX NlmStatsLogEntry 556 MAX-ACCESS not-accessible 557 STATUS current 558 DESCRIPTION 559 "A Notification log statistics entry." 560 AUGMENTS { nlmConfigLogEntry } 561 ::= { nlmStatsLogTable 1 } 563 NlmStatsLogEntry ::= SEQUENCE { 564 nlmStatsLogNotificationsLogged Counter32, 565 nlmStatsLogNotificationsBumped Counter32 566 } 568 nlmStatsLogNotificationsLogged OBJECT-TYPE 569 SYNTAX Counter32 570 UNITS "notifications" 571 MAX-ACCESS read-only 572 STATUS current 573 DESCRIPTION 574 "The number of Notifications put in this named log." 575 ::= { nlmStatsLogEntry 1 } 577 nlmStatsLogNotificationsBumped OBJECT-TYPE 578 SYNTAX Counter32 579 UNITS "notifications" 580 MAX-ACCESS read-only 581 STATUS current 582 DESCRIPTION 583 "The number of log entries discarded from this named log to make 584 room for a new entry due to lack of resources or the value of 585 nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit. This does not 586 include entries discarded due to the value of 587 nlmConfigGlobalAgeOut." 588 ::= { nlmStatsLogEntry 2 } 590 -- 591 -- Log Section 592 -- 594 -- 595 -- Log Table 596 -- 597 nlmLogTable OBJECT-TYPE 598 SYNTAX SEQUENCE OF NlmLogEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "A table of Notification log entries. 604 It is an implementation-specific matter whether entries in this 605 table are preserved across initializations of the management 606 system. In general one would expect that they are not. 608 Note that keeping entries across initializations of the 609 management system leads to some confusion with counters and 610 TimeStamps, since both of those are based on sysUpTime, which 611 resets on management initialization. In this situation, 612 counters apply only after the reset and nlmLogTime for entries 613 made before the reset MUST be set to 0." 614 ::= { nlmLog 1 } 616 nlmLogEntry OBJECT-TYPE 617 SYNTAX NlmLogEntry 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "A Notification log entry. 623 Entries appear in this table when Notifications occur and pass 624 filtering by nlmConfigLogFilterName and access control. They are 625 removed to make way for new entries due to lack of resources or 626 the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or 627 nlmConfigLogEntryLimit. 629 If adding an entry would exceed nlmConfigGlobalEntryLimit or system 630 resources in general, the oldest entry in any log SHOULD be removed to 631 make room for the new one. 633 If adding an entry would exceed nlmConfigLogEntryLimit the oldest 634 entry in that log SHOULD be removed to make room for the new one. 636 Before the managed system puts a locally-generated Notification 637 into a non-null-named log it assures that the creator of the log 638 has access to the information in the Notification. If not it 639 does not log that Notification in that log." 640 INDEX { nlmLogName, nlmLogIndex } 641 ::= { nlmLogTable 1 } 643 NlmLogEntry ::= SEQUENCE { 644 nlmLogIndex Unsigned32, 645 nlmLogTime TimeStamp, 646 nlmLogDateAndTime DateAndTime, 647 nlmLogEngineID SnmpEngineID, 648 nlmLogEngineTAddress TAddress, 649 nlmLogEngineTDomain TDomain, 650 nlmLogContextEngineID SnmpEngineID, 651 nlmLogContextName SnmpAdminString, 652 nlmLogNotificationID OBJECT IDENTIFIER 653 } 655 nlmLogIndex OBJECT-TYPE 656 SYNTAX Unsigned32 (1..4294967295) 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "A monotonically increasing integer for the sole purpose of 661 indexing entries within the named log. When it reaches the 662 maximum value, an extremely unlikely event, the agent wraps the 663 value back to 1." 664 ::= { nlmLogEntry 1 } 666 nlmLogTime OBJECT-TYPE 667 SYNTAX TimeStamp 668 MAX-ACCESS read-only 669 STATUS current 670 DESCRIPTION 671 "The value of sysUpTime when the entry was placed in the log. If 672 the entry occurred before the most recent management system 673 initialization this object value MUST be set to zero." 674 ::= { nlmLogEntry 2 } 676 nlmLogDateAndTime OBJECT-TYPE 677 SYNTAX DateAndTime 678 MAX-ACCESS read-only 679 STATUS current 680 DESCRIPTION 681 "The local date and time when the entry was logged, instantiated 682 only by systems that have date and time capability." 683 ::= { nlmLogEntry 3 } 685 nlmLogEngineID OBJECT-TYPE 686 SYNTAX SnmpEngineID 687 MAX-ACCESS read-only 688 STATUS current 689 DESCRIPTION 690 "The identification of the SNMP engine at which the Notification 691 originated. 693 If the log can contain Notifications from only one engine 694 or the Trap is in SNMPv1 format, this object is a zero-length 695 string." 696 ::= { nlmLogEntry 4 } 698 nlmLogEngineTAddress OBJECT-TYPE 699 SYNTAX TAddress 700 MAX-ACCESS read-only 701 STATUS current 702 DESCRIPTION 703 "The transport service address of the SNMP engine from which the 704 Notification was received, formatted according to the corresponding 705 value of nlmLogEngineTDomain. This is used to identify the source 706 of an SNMPv1 trap, since an nlmLogEngineId cannot be extracted 707 from the SNMPv1 trap pdu. 709 This object MUST always be instantiated, even if the log 710 can contain Notifications from only one engine. 712 Please be aware that the nlmLogEngineTAddress may not uniquely 713 identify the SNMP engine from which the Notification was received. 714 For example, if an SNMP engine uses DHCP or NAT to obtain 715 ip addresses, the address it uses may be shared with other 716 network devices, and hence will not uniquely identify the 717 SNMP engine." 718 ::= { nlmLogEntry 5 } 720 nlmLogEngineTDomain OBJECT-TYPE 721 SYNTAX TDomain 722 MAX-ACCESS read-only 723 STATUS current 724 DESCRIPTION 725 "Indicates the kind of transport service by which a Notification was 726 received from an SNMP engine. nlmLogEngineTAddress contains the 727 transport service address of the SNMP engine from which this 728 Notification was received. 730 Possible values for this object are presently found in the 731 Transport Mappings for SNMPv2 document (RFC 1906 [8])." 732 ::= { nlmLogEntry 6 } 734 nlmLogContextEngineID OBJECT-TYPE 735 SYNTAX SnmpEngineID 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 "If the Notification was received in a protocol which has a 740 contextEngineID element like SNMPv3, this object has that value. 741 Otherwise its value is a zero-length string." 742 ::= { nlmLogEntry 7 } 744 nlmLogContextName OBJECT-TYPE 745 SYNTAX SnmpAdminString 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "The name of the SNMP MIB context from which the Notification came. 750 For SNMPv1 Traps this is the community string from the Trap." 751 ::= { nlmLogEntry 8 } 753 nlmLogNotificationID OBJECT-TYPE 754 SYNTAX OBJECT IDENTIFIER 755 MAX-ACCESS read-only 756 STATUS current 757 DESCRIPTION 758 "The NOTIFICATION-TYPE object identifer of the Notification that 759 occurred." 760 ::= { nlmLogEntry 9 } 762 -- 763 -- Log Variable Table 764 -- 766 nlmLogVariableTable OBJECT-TYPE 767 SYNTAX SEQUENCE OF NlmLogVariableEntry 768 MAX-ACCESS not-accessible 769 STATUS current 770 DESCRIPTION 771 "A table of variables to go with Notification log entries." 772 ::= { nlmLog 2 } 774 nlmLogVariableEntry OBJECT-TYPE 775 SYNTAX NlmLogVariableEntry 776 MAX-ACCESS not-accessible 777 STATUS current 778 DESCRIPTION 779 "A Notification log entry variable. 781 Entries appear in this table when there are variables in 782 the varbind list of a Notification in nlmLogTable." 783 INDEX { nlmLogName, nlmLogIndex, nlmLogVariableIndex } 784 ::= { nlmLogVariableTable 1 } 786 NlmLogVariableEntry ::= SEQUENCE { 787 nlmLogVariableIndex Unsigned32, 788 nlmLogVariableID OBJECT IDENTIFIER, 789 nlmLogVariableValueType INTEGER, 790 nlmLogVariableCounter32Val Counter32, 791 nlmLogVariableUnsigned32Val Unsigned32, 792 nlmLogVariableTimeTicksVal TimeTicks, 793 nlmLogVariableInteger32Val Integer32, 794 nlmLogVariableOctetStringVal OCTET STRING, 795 nlmLogVariableIpAddressVal IpAddress, 796 nlmLogVariableOidVal OBJECT IDENTIFIER, 797 nlmLogVariableCounter64Val Counter64, 798 nlmLogVariableOpaqueVal Opaque 799 } 801 nlmLogVariableIndex OBJECT-TYPE 802 SYNTAX Unsigned32 (1..4294967295) 803 MAX-ACCESS not-accessible 804 STATUS current 805 DESCRIPTION 806 "A monotonically increasing integer, starting at 1 for a given 807 nlmLogIndex, for indexing variables within the logged 808 Notification." 809 ::= { nlmLogVariableEntry 1 } 811 nlmLogVariableID OBJECT-TYPE 812 SYNTAX OBJECT IDENTIFIER 813 MAX-ACCESS read-only 814 STATUS current 815 DESCRIPTION 816 "The variable's object identifier." 817 ::= { nlmLogVariableEntry 2 } 819 nlmLogVariableValueType OBJECT-TYPE 820 SYNTAX INTEGER { counter32(1), unsigned32(2), timeTicks(3), 821 integer32(4), ipAddress(5), octetString(6), 822 objectId(7), counter64(8), opaque(9) } 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 "The type of the value. One and only one of the value 827 objects that follow must be instantiated, based on this type." 828 ::= { nlmLogVariableEntry 3 } 830 nlmLogVariableCounter32Val OBJECT-TYPE 831 SYNTAX Counter32 832 MAX-ACCESS read-only 833 STATUS current 834 DESCRIPTION 835 "The value when nlmLogVariableType is 'counter32'." 836 ::= { nlmLogVariableEntry 4 } 838 nlmLogVariableUnsigned32Val OBJECT-TYPE 839 SYNTAX Unsigned32 840 MAX-ACCESS read-only 841 STATUS current 842 DESCRIPTION 843 "The value when nlmLogVariableType is 'unsigned32'." 844 ::= { nlmLogVariableEntry 5 } 846 nlmLogVariableTimeTicksVal OBJECT-TYPE 847 SYNTAX TimeTicks 848 MAX-ACCESS read-only 849 STATUS current 850 DESCRIPTION 851 "The value when nlmLogVariableType is 'timeTicks'." 852 ::= { nlmLogVariableEntry 6 } 854 nlmLogVariableInteger32Val OBJECT-TYPE 855 SYNTAX Integer32 856 MAX-ACCESS read-only 857 STATUS current 858 DESCRIPTION 859 "The value when nlmLogVariableType is 'integer32'." 860 ::= { nlmLogVariableEntry 7 } 862 nlmLogVariableOctetStringVal OBJECT-TYPE 863 SYNTAX OCTET STRING 864 MAX-ACCESS read-only 865 STATUS current 866 DESCRIPTION 867 "The value when nlmLogVariableType is 'octetString'." 868 ::= { nlmLogVariableEntry 8 } 870 nlmLogVariableIpAddressVal OBJECT-TYPE 871 SYNTAX IpAddress 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 "The value when nlmLogVariableType is 'ipAddress'. 876 Although this seems to be unfriendly for IPv6, we 877 have to recognize that there are a number of older 878 MIBs that do contain an IPv4 format address, known 879 as IpAddress. 881 IPv6 addresses are represented using TAddress or 882 InetAddress, and so the underlying datatype is 883 OCTET STRING, and their value would be stored in 884 the nlmLogVariableOctetStringVal column." 885 ::= { nlmLogVariableEntry 9 } 887 nlmLogVariableOidVal OBJECT-TYPE 888 SYNTAX OBJECT IDENTIFIER 889 MAX-ACCESS read-only 890 STATUS current 891 DESCRIPTION 892 "The value when nlmLogVariableType is 'objectId'." 893 ::= { nlmLogVariableEntry 10 } 895 nlmLogVariableCounter64Val OBJECT-TYPE 896 SYNTAX Counter64 897 MAX-ACCESS read-only 898 STATUS current 899 DESCRIPTION 900 "The value when nlmLogVariableType is 'counter64'." 901 ::= { nlmLogVariableEntry 11 } 903 nlmLogVariableOpaqueVal OBJECT-TYPE 904 SYNTAX Opaque 905 MAX-ACCESS read-only 906 STATUS current 907 DESCRIPTION 908 "The value when nlmLogVariableType is 'opaque'." 909 ::= { nlmLogVariableEntry 12 } 911 -- 912 -- Conformance 913 -- 914 notificationLogMIBConformance OBJECT IDENTIFIER ::= 915 { notificationLogMIB 3 } 916 notificationLogMIBCompliances OBJECT IDENTIFIER ::= 917 { notificationLogMIBConformance 1 } 918 notificationLogMIBGroups OBJECT IDENTIFIER ::= 919 { notificationLogMIBConformance 2 } 921 -- Compliance 923 notificationLogMIBCompliance MODULE-COMPLIANCE 924 STATUS current 925 DESCRIPTION 926 "The compliance statement for entities which implement 927 the Notification Log MIB." 928 MODULE -- this module 929 MANDATORY-GROUPS { 930 notificationLogConfigGroup, 931 notificationLogStatsGroup, 932 notificationLogLogGroup 933 } 935 OBJECT nlmConfigGlobalEntryLimit 936 SYNTAX Unsigned32 (0..4294967295) 937 MIN-ACCESS read-only 938 DESCRIPTION 939 "Implementations may choose a limit and not allow it to be 940 changed or may enforce an upper or lower bound on the 941 limit." 943 OBJECT nlmConfigLogEntryLimit 944 SYNTAX Unsigned32 (0..4294967295) 945 MIN-ACCESS read-only 946 DESCRIPTION 947 "Implementations may choose a limit and not allow it to be 948 changed or may enforce an upper or lower bound on the 949 limit." 951 OBJECT nlmConfigLogEntryStatus 952 MIN-ACCESS read-only 953 DESCRIPTION 954 "Implementations may disallow the creation of named logs." 956 GROUP notificationLogDateGroup 957 DESCRIPTION 958 "This group is mandatory on systems that keep wall clock 959 date and time and should not be implemented on systems that 960 do not have a wall clock date." 962 ::= { notificationLogMIBCompliances 1 } 964 -- Units of Conformance 966 notificationLogConfigGroup OBJECT-GROUP 967 OBJECTS { 968 nlmConfigGlobalEntryLimit, 969 nlmConfigGlobalAgeOut, 970 nlmConfigLogFilterName, 971 nlmConfigLogEntryLimit, 972 nlmConfigLogAdminStatus, 973 nlmConfigLogOperStatus, 974 nlmConfigLogStorageType, 975 nlmConfigLogEntryStatus 976 } 977 STATUS current 978 DESCRIPTION 979 "Notification log configuration management." 980 ::= { notificationLogMIBGroups 1 } 982 notificationLogStatsGroup OBJECT-GROUP 983 OBJECTS { 984 nlmStatsGlobalNotificationsLogged, 985 nlmStatsGlobalNotificationsBumped, 986 nlmStatsLogNotificationsLogged, 987 nlmStatsLogNotificationsBumped 988 } 989 STATUS current 990 DESCRIPTION 991 "Notification log statistics." 992 ::= { notificationLogMIBGroups 2 } 994 notificationLogLogGroup OBJECT-GROUP 995 OBJECTS { 996 nlmLogTime, 997 nlmLogEngineID, 998 nlmLogEngineTAddress, 999 nlmLogEngineTDomain, 1000 nlmLogContextEngineID, 1001 nlmLogContextName, 1002 nlmLogNotificationID, 1003 nlmLogVariableID, 1004 nlmLogVariableValueType, 1005 nlmLogVariableCounter32Val, 1006 nlmLogVariableUnsigned32Val, 1007 nlmLogVariableTimeTicksVal, 1008 nlmLogVariableInteger32Val, 1009 nlmLogVariableOctetStringVal, 1010 nlmLogVariableIpAddressVal, 1011 nlmLogVariableOidVal, 1012 nlmLogVariableCounter64Val, 1013 nlmLogVariableOpaqueVal 1014 } 1015 STATUS current 1016 DESCRIPTION 1017 "Notification log data." 1018 ::= { notificationLogMIBGroups 3 } 1020 notificationLogDateGroup OBJECT-GROUP 1021 OBJECTS { 1022 nlmLogDateAndTime 1023 } 1024 STATUS current 1025 DESCRIPTION 1026 "Conditionally mandatory notification log data. 1027 This group is mandatory on systems that keep wall 1028 clock date and time and should not be implemented 1029 on systems that do not have a wall clock date." 1030 ::= { notificationLogMIBGroups 4 } 1032 END 1033 5. Intellectual Property 1035 The IETF takes no position regarding the validity or scope of any 1036 intellectual property or other rights that might be claimed to pertain 1037 to the implementation or use of the technology described in this 1038 document or the extent to which any license under such rights might or 1039 might not be available; neither does it represent that it has made any 1040 effort to identify any such rights. Information on the IETF's 1041 procedures with respect to rights in standards-track and standards- 1042 related documentation can be found in BCP-11. Copies of claims of 1043 rights made available for publication and any assurances of licenses to 1044 be made available, or the result of an attempt made to obtain a general 1045 license or permission for the use of such proprietary rights by 1046 implementors or users of this specification can be obtained from the 1047 IETF Secretariat. 1049 The IETF invites any interested party to bring to its attention any 1050 copyrights, patents or patent applications, or other proprietary rights 1051 which may cover technology that may be required to practice this 1052 standard. Please address the information to the IETF Executive 1053 Director. 1055 6. References 1057 [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture 1058 for Describing SNMP Management Frameworks", RFC 2571, April 1059 1999 1061 [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification 1062 of Management Information for TCP/IP-based Internets", STD 1063 16, RFC 1155, May 1990 1065 [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 1066 16, RFC 1212, March 1991 1068 [RFC1215] M. Rose, "A Convention for Defining Traps for use with the 1069 SNMP", RFC 1215, March 1991 1071 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1072 Rose, M., and S. Waldbusser, "Structure of Management 1073 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999 1075 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1076 Rose, M., and S. Waldbusser, "Textual Conventions for 1077 SMIv2", STD 58, RFC 2579, April 1999 1079 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1080 Rose, M., and S. Waldbusser, "Conformance Statements for 1081 SMIv2", STD 58, RFC 2580, April 1999 1083 [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1084 Network Management Protocol", STD 15, RFC 1157, May 1990. 1086 [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1087 "Introduction to Community-based SNMPv2", RFC 1901, January 1088 1996. 1090 [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1091 "Transport Mappings for Version 2 of the Simple Network 1092 Management Protocol (SNMPv2)", RFC 1906, January 1996. 1094 [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1095 Processing and Dispatching for the Simple Network Management 1096 Protocol (SNMP)", RFC 2572, April 1999 1098 [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model 1099 (USM) for version 3 of the Simple Network Management 1100 Protocol (SNMPv3)", RFC 2574, April 1999 1102 [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1103 "Protocol Operations for Version 2 of the Simple Network 1104 Management Protocol (SNMPv2)", RFC 1905, January 1996. 1106 [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", 1107 RFC 2573, April 1999 1109 [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based 1110 Access Control Model (VACM) for the Simple Network 1111 Management Protocol (SNMP)", RFC 2575, April 1999 1113 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, 1114 "Introduction to Version 3 of the Internet-standard Network 1115 Management Framework", RFC 2570, April 1999 1117 7. Security Considerations 1119 Security issues are discussed in Section 3.1.2. 1121 8. Author's Address 1123 Bob Stewart 1124 Cisco Systems, Inc. 1125 170 West Tasman Drive 1126 San Jose, CA 95134-1706 1127 U.S.A. 1129 Ramanathan Kavasseri 1130 Cisco Systems, Inc. 1131 170 West Tasman Drive 1132 San Jose, CA 95134-1706 1133 U.S.A. 1135 Phone: +1 408 527 2446 1136 Email: ramk@cisco.com 1138 9. Full Copyright Statement 1140 Copyright (C) The Internet Society (2000). All Rights Reserved. 1142 This document and translations of it may be copied and furnished to 1143 others, and derivative works that comment on or otherwise explain it or 1144 assist in its implementation may be prepared, copied, published and 1145 distributed, in whole or in part, without restriction of any kind, 1146 provided that the above copyright notice and this paragraph are included 1147 on all such copies and derivative works. However, this document itself 1148 may not be modified in any way, such as by removing the copyright notice 1149 or references to the Internet Society or other Internet organizations, 1150 except as needed for the purpose of developing Internet standards in 1151 which case the procedures for copyrights defined in the Internet 1152 Standards process must be followed, or as required to translate it into 1153 languages other than English. 1155 The limited permissions granted above are perpetual and will not be 1156 revoked by the Internet Society or its successors or assigns. 1158 This document and the information contained herein is provided on an "AS 1159 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1160 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1161 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1162 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1163 FITNESS FOR A PARTICULAR PURPOSE. 1165 Table of Contents 1167 1 Abstract ........................................................ 2 1168 2 The SNMP Management Framework ................................... 2 1169 3 Overview ........................................................ 3 1170 3.1 Environment ................................................... 3 1171 3.1.1 SNMP Engines and Contexts ................................... 4 1172 3.1.2 Security .................................................... 4 1173 3.2 Structure ..................................................... 5 1174 3.2.1 Configuration ............................................... 6 1175 3.2.2 Statistics .................................................. 6 1176 3.2.3 Log ......................................................... 6 1177 3.3 Example ....................................................... 6 1178 4 Definitions ..................................................... 8 1179 5 Intellectual Property ........................................... 25 1180 6 References ...................................................... 26 1181 7 Security Considerations ......................................... 28 1182 8 Author's Address ................................................ 28 1183 9 Full Copyright Statement ........................................ 29