idnits 2.17.1
draft-ietf-netmod-syslog-model-01.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== The page length should not exceed 58 lines per page, but there was 11
longer pages, the longest (page 5) being 234 lines
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack separate sections for Informative/Normative
References. All references will be assumed normative when checking for
downward references.
** There are 36 instances of too long lines in the document, the longest
one being 37 characters in excess of 72.
== There are 1 instance of lines with non-RFC2606-compliant FQDNs in the
document.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 195 has weird spacing: '...acility ide...'
== Line 223 has weird spacing: '...acility ide...'
== Line 251 has weird spacing: '...acility ide...'
== Line 282 has weird spacing: '...acility ide...'
== Line 317 has weird spacing: '...acility ide...'
== (5 more instances...)
-- The document date (Feb 22, 2015) is 3352 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Missing Reference: 'RFC5426' is mentioned on line 1094, but not defined
** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424)
** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341)
Summary: 4 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETMOD WG Clyde Wildes
3 Internet-Draft Cisco Systems
4 Intended status: Informational Agrahara Kiran Koushik
5 Expires: Aug 22, 2015 Brocade Communication Systems
6 Feb 22, 2015
8 SYSLOG YANG model
9 draft-ietf-netmod-syslog-model-01
11 Abstract
13 This document describes a data model for Syslog
14 protocol which is used to convey event notification messages.
16 Status of This Memo
18 This Internet-Draft is submitted in full conformance with the
19 provisions of BCP 78 and BCP 79.
21 Internet-Drafts are working documents of the Internet Engineering
22 Task Force (IETF). Note that other groups may also distribute
23 working documents as Internet-Drafts. The list of current Internet-
24 Drafts is at http://datatracker.ietf.org/drafts/current/.
26 Internet-Drafts are draft documents valid for a maximum of six months
27 and may be updated, replaced, or obsoleted by other documents at any
28 time. It is inappropriate to use Internet-Drafts as reference
29 material or to cite them other than as "work in progress."
31 This Internet-Draft will expire on Aug 22, 2015.
33 Copyright Notice
35 Copyright (c) 2015 IETF Trust and the persons identified as the
36 document authors. All rights reserved.
38 This document is subject to BCP 78 and the IETF Trust's Legal
39 Provisions Relating to IETF Documents
40 (http://trustee.ietf.org/license-info) in effect on the date of
41 publication of this document. Please review these documents
42 carefully, as they describe your rights and restrictions with respect
43 to this document. Code Components extracted from this document must
44 include Simplified BSD License text as described in Section 4.e of
45 the Trust Legal Provisions and are provided without warranty as
46 described in the Simplified BSD License.
48 Table of Contents
50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
51 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3
52 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
53 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3
54 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4
55 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6
56 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6
57 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10
58 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18
59 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19
60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19
61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
62 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
63 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20
64 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
67 1. Introduction
69 Operating systems, processes and applications generate messages
70 indicating their own status or the occurrence of events. These
71 messages are useful for managing and/or debugging the network and its
72 services. The BSD Syslog protocol is a widely adopted protocol that
73 is used for transmission and processing of the messages.
75 Since each process, application and operating system was
76 written somewhat independently, there is little uniformity to the
77 content of Syslog messages. For this reason, no assumption is made
78 upon the formatting or contents of the messages. The protocol is
79 simply designed to transport these event messages. No
80 acknowledgement of the receipt is made.
82 Essentially, a Syslog process receives messages (from the kernel,
83 processes, applications or other Syslog processes) and processes
84 those. The processing involves logging to a local file, displaying on
85 console, user terminal, and/or relaying to syslog processes on other
86 machines. The processing is determined by the "facility" that
87 originated the message and the "severity" assigned to the message by
88 the facility.
90 We are using definitions of Syslog protocol from [RFC3164] in this
91 draft.
93 1.1. Definitions and Acronyms
95 IP: Internet Protocol
97 IPv4: Internet Protocol version 4
99 IPv6: Internet Protocol version 6
101 UDP: User Datagram Protocol
103 VRF: Virtual Routing and Forwarding
105 2. Problem Statement
107 This document defines a YANG [RFC6020] configuration data model that
108 may be used to monitor and control one or more syslog processes running
109 on a system. YANG models can be used with network management
110 agents such as NETCONF [RFC6241] to install, manipulate, and delete
111 the configuration of network devices.
113 This module makes use of the YANG "feature" construct which allows
114 implementations to support only those Syslog features that lie
115 within their capabilities.
117 3. Design of the SYSLOG Model
119 The syslog model was designed by comparing various syslog features
120 implemented by various vendors' in different implementations.
122 This draft addresses the common leafs between all vendors and creates
123 a common model, which can be augmented with proprietary features, if
124 necessary. The base model is designed to be very simple for maximum
125 flexibility.
127 Syslog consists of message producers, a group level suppression filter,
128 and message distributors. The following digram shows syslog messages
129 flowing from a message producer, through the group level suppression
130 filter, and if passed by the group filter to message distributors where
131 further suppression filtering can take place.
133 Message Producers
134 +-------------+ +-------------+ +-------------+ +-------------+
135 | Various | | OS | | | | Remote |
136 | Components | | Kernel | | Line Cards | | Servers |
137 +-------------+ +-------------+ +-------------+ +-------------+
139 +-------------+ +-------------+ +-------------+ +-------------+
140 | SNMP | | Interface | | Standby | | Syslog |
141 | Events | | Events | | Supervisor | | Itself |
142 +-------------+ +-------------+ +-------------+ +-------------+
144 | |
145 +----------------------------------------------------------------+
146 |
147 |
148 v
150 Group Level Suppression
151 +------------------------------+
152 | Filter by message facility |
153 | and message severity |
154 +------------------------------+
155 |
156 |
157 |
158 +------------+------------+------------+-----------+
159 | | | | |
160 v v v v v
161 Message Distributors
162 +----------+ +----------+ +----------+ +----------+ +----------+
163 | | | Log | | Log | | User | | Remote |
164 | Console | | Buffer | | File(s) | | Terminals| | Servers|
165 +----------+ +----------+ +----------+ +----------+ +----------+
167 The leaves in the base syslog model correspond to the group level
168 suppression filter and each message distributor:
170 - console
171 - log buffer
172 - log file(s)
173 - user terminals
174 - remote server(s).
176 Optional features are used to specified fields that are not present in
177 all vendor configurations.
179 3.1. SYSLOG Module
181 module: ietf-syslog
182 +--rw syslog
183 +--rw global-logging-action {global-logging-action}?
184 | +--rw (logging-level-scope)?
185 | | +--:(logging-facility-all)
186 | | | +--rw (logging-severity-scope)?
187 | | | +--:(logging-severity-all)
188 | | | | +--rw all? empty
189 | | | +--:(logging-severity)
190 | | | +--rw severity? syslogtypes:Severity
191 | | +--:(logging-facility-none)
192 | | | +--rw none? empty
193 | | +--:(logging-facility)
194 | | +--rw logging-facilities* [facility]
195 | | +--rw facility identityref
196 | | +--rw (logging-severity-scope)?
197 | | +--:(logging-severity-all)
198 | | | +--rw all? empty
199 | | +--:(logging-severity)
200 | | +--rw severity? syslogtypes:Severity
201 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
202 | | +--rw (logging-severity-operator)?
203 | | +--:(default)
204 | | | +--rw default? empty
205 | | +--:(equals)
206 | | | +--rw equals? empty
207 | | +--:(not-equals)
208 | | +--rw not-equals? empty
209 | +--rw logging-match-processing {selector-match-processing-config}?
210 | +--rw pattern-match? string
211 +--rw console-logging-action
212 | +--rw (logging-level-scope)?
213 | | +--:(logging-facility-all)
214 | | | +--rw (logging-severity-scope)?
215 | | | +--:(logging-severity-all)
216 | | | | +--rw all? empty
217 | | | +--:(logging-severity)
218 | | | +--rw severity? syslogtypes:Severity
219 | | +--:(logging-facility-none)
220 | | | +--rw none? empty
221 | | +--:(logging-facility)
222 | | +--rw logging-facilities* [facility]
223 | | +--rw facility identityref
224 | | +--rw (logging-severity-scope)?
225 | | +--:(logging-severity-all)
226 | | | +--rw all? empty
227 | | +--:(logging-severity)
228 | | +--rw severity? syslogtypes:Severity
229 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
230 | | +--rw (logging-severity-operator)?
231 | | +--:(default)
232 | | | +--rw default? empty
233 | | +--:(equals)
234 | | | +--rw equals? empty
235 | | +--:(not-equals)
236 | | +--rw not-equals? empty
237 | +--rw logging-match-processing {selector-match-processing-config}?
238 | +--rw pattern-match? string
239 +--rw buffered-logging-action
240 | +--rw (logging-level-scope)?
241 | | +--:(logging-facility-all)
242 | | | +--rw (logging-severity-scope)?
243 | | | +--:(logging-severity-all)
244 | | | | +--rw all? empty
245 | | | +--:(logging-severity)
246 | | | +--rw severity? syslogtypes:Severity
247 | | +--:(logging-facility-none)
248 | | | +--rw none? empty
249 | | +--:(logging-facility)
250 | | +--rw logging-facilities* [facility]
251 | | +--rw facility identityref
252 | | +--rw (logging-severity-scope)?
253 | | +--:(logging-severity-all)
254 | | | +--rw all? empty
255 | | +--:(logging-severity)
256 | | +--rw severity? syslogtypes:Severity
257 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
258 | | +--rw (logging-severity-operator)?
259 | | +--:(default)
260 | | | +--rw default? empty
261 | | +--:(equals)
262 | | | +--rw equals? empty
263 | | +--:(not-equals)
264 | | +--rw not-equals? empty
265 | +--rw logging-match-processing {selector-match-processing-config}?
266 | | +--rw pattern-match? string
267 | +--rw buffer-size? uint32
268 +--rw file-logging-action
269 | +--rw logging-files* [file-name]
270 | +--rw file-name inet:uri
271 | +--rw (logging-level-scope)?
272 | | +--:(logging-facility-all)
273 | | | +--rw (logging-severity-scope)?
274 | | | +--:(logging-severity-all)
275 | | | | +--rw all? empty
276 | | | +--:(logging-severity)
277 | | | +--rw severity? syslogtypes:Severity
278 | | +--:(logging-facility-none)
279 | | | +--rw none? empty
280 | | +--:(logging-facility)
281 | | +--rw logging-facilities* [facility]
282 | | +--rw facility identityref
283 | | +--rw (logging-severity-scope)?
284 | | +--:(logging-severity-all)
285 | | | +--rw all? empty
286 | | +--:(logging-severity)
287 | | +--rw severity? syslogtypes:Severity
288 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
289 | | +--rw (logging-severity-operator)?
290 | | +--:(default)
291 | | | +--rw default? empty
292 | | +--:(equals)
293 | | | +--rw equals? empty
294 | | +--:(not-equals)
295 | | +--rw not-equals? empty
296 | +--rw logging-match-processing {selector-match-processing-config}?
297 | | +--rw pattern-match? string
298 | +--rw file-logging-structured-data? boolean {file-logging-structured-data}?
299 | +--rw file-logging-archive {file-logging-archive-config}?
300 | +--rw file-number? uint32
301 | +--rw file-size? uint32
302 | +--rw file-permission? enumeration
303 +--rw remote-logging-action
304 | +--rw remote-logging-destination* [destination]
305 | +--rw destination inet:host
306 | +--rw (logging-level-scope)?
307 | | +--:(logging-facility-all)
308 | | | +--rw (logging-severity-scope)?
309 | | | +--:(logging-severity-all)
310 | | | | +--rw all? empty
311 | | | +--:(logging-severity)
312 | | | +--rw severity? syslogtypes:Severity
313 | | +--:(logging-facility-none)
314 | | | +--rw none? empty
315 | | +--:(logging-facility)
316 | | +--rw logging-facilities* [facility]
317 | | +--rw facility identityref
318 | | +--rw (logging-severity-scope)?
319 | | +--:(logging-severity-all)
320 | | | +--rw all? empty
321 | | +--:(logging-severity)
322 | | +--rw severity? syslogtypes:Severity
323 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
324 | | +--rw (logging-severity-operator)?
325 | | +--:(default)
326 | | | +--rw default? empty
327 | | +--:(equals)
328 | | | +--rw equals? empty
329 | | +--:(not-equals)
330 | | +--rw not-equals? empty
331 | +--rw logging-match-processing {selector-match-processing-config}?
332 | | +--rw pattern-match? string
333 | +--rw remote-logging-structured-data? boolean {remote-logging-structured-data}?
334 | +--rw destination-port? inet:port-number
335 | +--rw destination-facility? identityref
336 | +--rw source-interface? if:interface-ref
337 | +--rw vrf-name? string {remote-logging-use-vrf}?
338 | +--rw syslog-sign! {signed-messages-config}?
339 | +--rw certInitialRepeat? uint16
340 | +--rw certResendDelay? uint16
341 | +--rw certResendCount? uint16
342 | +--rw sigMaxDelay? uint16
343 | +--rw sigNumberResends? uint16
344 | +--rw sigResendDelay? uint16
345 | +--rw sigResendCount? uint16
346 +--rw terminal-logging-action
347 +--rw (user-scope)?
348 +--:(all-users)
349 | +--rw all-users
350 | +--rw (logging-level-scope)?
351 | | +--:(logging-facility-all)
352 | | | +--rw (logging-severity-scope)?
353 | | | +--:(logging-severity-all)
354 | | | | +--rw all? empty
355 | | | +--:(logging-severity)
356 | | | +--rw severity? syslogtypes:Severity
357 | | +--:(logging-facility-none)
358 | | | +--rw none? empty
359 | | +--:(logging-facility)
360 | | +--rw logging-facilities* [facility]
361 | | +--rw facility identityref
362 | | +--rw (logging-severity-scope)?
363 | | +--:(logging-severity-all)
364 | | | +--rw all? empty
365 | | +--:(logging-severity)
366 | | +--rw severity? syslogtypes:Severity
367 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
368 | | +--rw (logging-severity-operator)?
369 | | +--:(default)
370 | | | +--rw default? empty
371 | | +--:(equals)
372 | | | +--rw equals? empty
373 | | +--:(not-equals)
374 | | +--rw not-equals? empty
375 | +--rw logging-match-processing {selector-match-processing-config}?
376 | +--rw pattern-match? string
377 +--:(per-user) {terminal-facility-user-logging-config}?
378 +--rw user-name* [uname]
379 +--rw uname string
380 +--rw (logging-level-scope)?
381 | +--:(logging-facility-all)
382 | | +--rw (logging-severity-scope)?
383 | | +--:(logging-severity-all)
384 | | | +--rw all? empty
385 | | +--:(logging-severity)
386 | | +--rw severity? syslogtypes:Severity
387 | +--:(logging-facility-none)
388 | | +--rw none? empty
389 | +--:(logging-facility)
390 | +--rw logging-facilities* [facility]
391 | +--rw facility identityref
392 | +--rw (logging-severity-scope)?
393 | +--:(logging-severity-all)
394 | | +--rw all? empty
395 | +--:(logging-severity)
396 | +--rw severity? syslogtypes:Severity
397 +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
398 | +--rw (logging-severity-operator)?
399 | +--:(default)
400 | | +--rw default? empty
401 | +--:(equals)
402 | | +--rw equals? empty
403 | +--:(not-equals)
404 | +--rw not-equals? empty
405 +--rw logging-match-processing {selector-match-processing-config}?
406 +--rw pattern-match? string
408 4. SYSLOG YANG Models
410 4.1. SYSLOG-TYPES module
412 module ietf-syslog-types {
413 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types";
414 prefix syslogtypes;
416 organization "IETF NETMOD (NETCONF Data Modeling Language) Working
417 Group";
418 contact
419 "WG Web:
420 WG List:
422 WG Chair: Juergen Schoenwaelder
423
425 WG Chair: Tom Nadeau
426
428 Editor: Clyde Wildes
429
431 Editor: Agrahara Kiran Koushik
432 ";
433 description
434 "This module contains a collection of YANG type definitions for
435 SYSLOG.";
437 revision 2014-09-15 {
438 description
439 "Initial Revision";
440 reference
441 "This model references RFC 5424 - The Syslog Protocol.";
443 }
445 typedef Severity {
446 type enumeration {
447 enum "emergency" {
448 value 0;
449 description
450 "Emergency Level Msg";
451 }
452 enum "alert" {
453 value 1;
454 description
455 "Alert Level Msg";
456 }
457 enum "critical" {
458 value 2;
459 description
460 "Critical Level Msg";
461 }
462 enum "error" {
463 value 3;
464 description
465 "Error Level Msg";
466 }
467 enum "warning" {
468 value 4;
469 description
470 "Warning Level Msg";
471 }
472 enum "notice" {
473 value 5;
474 description
475 "Notification Level Msg";
476 }
477 enum "info" {
478 value 6;
479 description
480 "Informational Level Msg";
481 }
482 enum "debug" {
483 value 7;
484 description
485 "Debugging Level Msg";
486 }
487 }
488 description
489 "The definitions for Syslog message severity.";
490 }
492 identity syslog-facility {
493 description
494 "The base identity to represent syslog facilities";
495 }
497 identity kern {
498 base syslog-facility;
499 description
500 "The facility for kernel messages as defined in RFC 5424.";
501 }
502 identity user {
503 base syslog-facility;
504 description
505 "The facility for user-level messages as defined in RFC 5424.";
506 }
508 identity mail {
509 base syslog-facility;
510 description
511 "The facility for the mail system as defined in RFC 5424.";
512 }
514 identity daemon {
515 base syslog-facility;
516 }
517 description
518 "The facility for the system daemons as defined in RFC 5424.";
519 }
521 identity auth {
522 base syslog-facility;
523 description
524 "The facility for security/authorization messages as defined
525 in RFC 5424.";
526 }
528 identity syslog {
529 base syslog-facility;
530 description
531 "The facility for messages generated internally by syslogd
532 facility as defined in RFC 5424.";
533 }
535 identity lpr {
536 base syslog-facility;
537 description
538 "The facility for the line printer subsystem as defined in
539 RFC 5424.";
540 }
542 identity news {
543 base syslog-facility;
544 description
545 "The facility for the network news subsystem as defined in
546 RFC 5424.";
547 }
549 identity uucp {
550 base syslog-facility;
551 description
552 "The facility for the UUCP subsystem as defined in RFC 5424.";
553 }
555 identity cron {
556 base syslog-facility;
557 description
558 "The facility for the clock daemon as defined in RFC 5424.";
559 }
561 identity authpriv {
562 base syslog-facility;
563 description
564 "The facility for privileged security/authorization messages
565 as defined in RFC 5424.";
566 }
568 identity ftp {
569 base syslog-facility;
570 description
571 "The facility for the FTP daemon as defined in RFC 5424.";
572 }
574 identity ntp {
575 base syslog-facility;
576 description
577 "The facility for the NTP subsystem as defined in RFC 5424.";
578 }
580 identity audit {
581 base syslog-facility;
582 description
583 "The facility for log audit messages as defined in RFC 5424.";
584 }
586 identity console {
587 base syslog-facility;
588 description
589 "The facility for log alert messages as defined in RFC 5424.";
590 }
592 identity cron2 {
593 base syslog-facility;
594 description
595 "The facility for the second clock daemon as defined in
596 RFC 5424.";
597 }
599 identity local0 {
600 base syslog-facility;
601 description
602 "The facility for local use 0 messages as defined in
603 RFC 5424.";
604 }
606 identity local1 {
607 base syslog-facility;
608 description
609 "The facility for local use 1 messages as defined in
610 RFC 5424.";
611 }
613 identity local2 {
614 base syslog-facility;
615 description
616 "The facility for local use 2 messages as defined in
617 RFC 5424.";
618 }
620 identity local3 {
621 base syslog-facility;
622 description
623 "The facility for local use 3 messages as defined in
624 RFC 5424.";
625 }
627 identity local4 {
628 base syslog-facility;
629 description
630 "The facility for local use 4 messages as defined in
631 RFC 5424.";
632 }
634 identity local5 {
635 base syslog-facility;
636 description
637 "The facility for local use 5 messages as defined in
638 RFC 5424.";
639 }
641 identity local6 {
642 base syslog-facility;
643 description
644 "The facility for local use 6 messages as defined in
645 RFC 5424.";
646 }
648 identity local7 {
649 base syslog-facility;
650 description
651 "The facility for local use 7 messages as defined in
652 RFC 5424.";
653 }
654 }
655 4.2. SYSLOG module
657 module ietf-syslog {
658 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
659 prefix syslog;
661 import ietf-inet-types {
662 prefix inet;
663 }
665 import ietf-interfaces {
666 prefix if;
667 }
669 import ietf-syslog-types {
670 prefix syslogtypes;
671 }
673 organization "IETF NETMOD (NETCONF Data Modeling Language)
674 Working Group";
675 contact
676 "WG Web:
677 WG List:
679 WG Chair: David Kessens
680
682 WG Chair: Juergen Schoenwaelder
683
685 Editor: Clyde Wildes
686
688 Editor: Agrahara Kiran Koushik
689 ";
690 description
691 "This module contains a collection of YANG definitions
692 for Syslog configuration.";
694 revision 2015-02-23 {
695 description
696 "Initial Revision";
697 reference
698 "This model references RFC 5424 - The Syslog Protocol,
699 and RFC 5848 - Signed Syslog Messages.";
700 }
702 feature global-logging-action {
703 description
704 "This feature represents the ability to suppress log
705 messages on the global level.";
706 }
708 feature file-logging-structured-data {
709 description
710 "This feature represents the ability to log messages
711 to a file in structured-data format as per RFC 5424.";
712 }
713 feature remote-logging-structured-data {
714 description
715 "This feature represents the ability to deliver log
716 messages to a remote server in structured-data format
717 as per RFC 5424.";
718 }
720 feature file-logging-archive-config {
721 description
722 "This feature represents the ability to archive log files.";
723 }
725 feature remote-logging-use-vrf {
726 description
727 "This feature allows remote logging of messages to a
728 particular VRF.";
729 }
731 feature terminal-facility-user-logging-config {
732 description
733 "This feature represents the ability to adjust
734 log message settings for individual terminal users.";
735 }
737 feature selector-advanced-level-processing-config {
738 description
739 "This feature represents the ability to select messages
740 using the additional operators equal to, or not equal to
741 when comparing the Syslog message severity.";
742 }
744 feature selector-match-processing-config {
745 description
746 "This feature represents the ability to select messages based
747 on a Posix 1003.2 regular expression pattern match.";
748 }
750 feature signed-messages-config {
751 description
752 "This feature represents the ability to configure signed
753 syslog messages according to RFC 5848.";
754 }
755 grouping syslog-severity {
756 description
757 "This grouping defines the Syslog severity which is used to
758 filter log messages. Choose one of the following:
759 logging-severity-all
760 logging-severity ";
761 choice logging-severity-scope {
762 description
763 "This choice describes the option to specify all severities
764 or a specific severity.";
765 case logging-severity-all {
766 description
767 "This case specifies all severities.";
768 leaf all {
769 type empty;
770 description
771 "This leaf specifies that all severities participate in
772 the filtering of Syslog messages.";
773 }
774 }
775 case logging-severity {
776 description
777 "This case specifies a specific severity to participate
778 in the filtering of Syslog messages.";
779 leaf severity {
780 type syslogtypes:Severity;
781 description
782 "This leaf specifies the Syslog message severity.";
783 }
784 }
785 }
786 }
788 grouping syslog-selector {
789 description
790 "This grouping defines a Syslog selector which is used to
791 filter log messages for the given action in which the
792 selector appears. Choose one of the following:
793 logging-facility-all
794 logging-facility-none
795 logging-facility [ ...]
796 Additional severity comparison operations are available
797 using the logging-advanced-level-processing container. If
798 the logging-advanced-level-processing container is not
799 present all messages of the specified severity and higher
800 are logged according to the given action.";
801 choice logging-level-scope {
802 description
803 "This choice describes the option to specify all
804 facilities, no facilities, or a specific facility.";
805 case logging-facility-all {
806 description
807 "This case specifies all facilities will match when
808 comparing the Syslog message facility.";
809 uses syslog-severity;
810 }
811 case logging-facility-none {
812 description
813 "This case specifies no facilities will match when
814 comparing the Syslog message facility. This is a method
815 that can be used to turn an action off.";
816 leaf none {
817 type empty;
818 description
819 "This leaf specifies that no facilities participate in the
820 filtering of Syslog messages for this action.";
821 }
822 }
823 case logging-facility {
824 description
825 "This case specifies one or more specified facilities
826 will match when comparing the Syslog message facility.";
827 list logging-facilities {
828 key "facility";
829 description
830 "This list describes a collection of Syslog facilities
831 and severities.";
832 leaf facility {
833 type identityref {
834 base syslogtypes:syslog-facility;
835 }
836 description
837 "The leaf uniquely identifies a Syslog facility.";
838 }
839 uses syslog-severity;
840 }
841 }
842 }
843 container logging-advanced-level-processing {
844 if-feature selector-advanced-level-processing-config;
845 description
846 "This container describes the configuration parameters for
847 advanced Syslog selector severity comparison.";
848 choice logging-severity-operator {
849 description
850 "This choice describes the option to specify how the
851 severity comparison is performed.";
852 case default {
853 description
854 "All messages of the specified severity and higher are
855 logged according to the given action";
856 leaf default {
857 type empty;
858 description
859 "This leaf specifies the default behavior.";
860 }
861 }
862 case equals {
863 description
864 "All messages of the specified severity are logged
865 according to the given action";
866 leaf equals {
867 type empty;
868 description
869 "This leaf specifies all messages for the specified
870 severity.";
871 }
872 }
873 case not-equals {
874 description
875 "All messages that are not of the specified severity are
876 logged according to the given action";
877 leaf not-equals {
878 type empty;
879 description
880 "This leaf specifies all messages that are not for the
881 specified severity.";
882 }
883 }
884 }
885 }
886 container logging-match-processing {
887 if-feature selector-match-processing-config;
888 description
889 "This container describes the configuration parameters for
890 matching Syslog messages using a regular expression pattern
891 match.";
892 leaf pattern-match {
893 type string;
894 description
895 "This leaf desribes a Posix 1003.2 regular expression
896 string that can be used to select a Syslog message for
897 logging. The match is performed on the RFC 5424
898 SYSLOG-MSG field.";
899 }
900 }
901 }
903 container syslog {
904 config true;
905 description
906 "This container describes the configuration parameters for
907 Syslog.";
908 container global-logging-action {
909 if-feature global-logging-action;
910 description
911 "This container describes the configuration parameters for
912 global logging. Global logging represents the ability to
913 perform global log message suppression.";
914 uses syslog-selector;
915 }
916 container console-logging-action {
917 description
918 "This container describes the configuration parameters for
919 console logging.";
920 uses syslog-selector;
921 }
922 container buffered-logging-action {
923 description
924 "This container describes the configuration parameters for
925 buffered logging.";
926 uses syslog-selector;
927 leaf buffer-size {
928 type uint32;
929 description
930 "This leaf describes the amount of memory that will be
931 dedicated to buffered logging.";
932 }
933 }
934 container file-logging-action {
935 description
936 "This container describes the configuration parameters for
937 file logging.";
938 list logging-files {
939 key "file-name";
940 description
941 "This list describes a collection of local logging
942 files.";
943 leaf file-name {
944 type inet:uri;
945 mandatory true;
946 description
947 "This leaf specifies the name of the log file.";
948 }
949 uses syslog-selector;
950 leaf file-logging-structured-data {
951 if-feature file-logging-structured-data;
952 type boolean;
953 description
954 "This leaf describes how log messages are written to the
955 log file. If set messages will be written in structured-
956 data format; if not set messages will be written in
957 standard message format.";
958 }
959 container file-logging-archive {
960 if-feature file-logging-archive-config;
961 description
962 "This container describes the configuration parameters
963 for log file archiving.";
964 leaf file-number {
965 type uint32;
966 description
967 "This leaf specifies the maximum number of log files
968 retained.";
969 }
970 leaf file-size {
971 type uint32;
972 description
973 "This leaf specifies the maximum log file size.";
974 }
975 leaf file-permission {
976 type enumeration {
977 enum world-readable {
978 value 1;
979 description
980 "This enum specifies that the log files
981 are readable by world.";
982 }
983 enum no-world-readable {
984 value 2;
985 description
986 "This enum specifies that the log files
987 are not readable by world.";
988 }
989 }
990 description
991 "This leaf describes who can read log files";
992 }
993 }
994 }
995 }
996 container remote-logging-action {
997 description
998 "This container describes the configuration parameters for
999 remote logging.";
1000 list remote-logging-destination {
1001 key "destination";
1002 description
1003 "This list describes a collection of remote logging
1004 destinations.";
1005 leaf destination {
1006 type inet:host;
1007 mandatory true;
1008 description
1009 "The leaf uniquely specifies the address of the
1010 remote host. One of the following must be specified:
1011 an ipv4 address, an ipv6 address, or a host name.";
1012 }
1013 uses syslog-selector;
1014 leaf remote-logging-structured-data {
1015 if-feature remote-logging-structured-data;
1016 type boolean;
1017 description
1018 "This leaf describes how log messages are sent to the
1019 remote server. If set messages will be sent in
1020 structured-data format; if not set messages will be
1021 sent in standard message format.";
1022 }
1023 leaf destination-port {
1024 type inet:port-number;
1025 default 514;
1026 description
1027 "This leaf specifies the port number used to deliver
1028 messages to the remote server.";
1029 }
1030 leaf destination-facility {
1031 type identityref {
1032 base syslogtypes:syslog-facility;
1033 }
1034 description
1035 "This leaf specifies the facility used in messages
1036 delivered to the remote server.";
1037 }
1038 leaf source-interface {
1039 type if:interface-ref;
1040 description
1041 "This leaf sets the source interface for the remote
1042 Syslog server. Either the interface name or the
1043 interface IP address can be specified.";
1044 }
1045 leaf vrf-name {
1046 if-feature remote-logging-use-vrf;
1047 type string;
1048 description
1049 "This leaf specifies the name of the virtual routing
1050 facility (VRF).";
1051 }
1052 container syslog-sign {
1053 if-feature signed-messages-config;
1054 presence
1055 "If present, syslog-sign is activated.";
1056 description
1057 "This container describes the configuration parameters
1058 for signed syslog messages as described by RFC 5848.";
1059 leaf certInitialRepeat {
1060 type uint16;
1061 description
1062 "This leaf specifies the number of times each
1063 Certificate Block should be sent before the first
1064 message is sent.";
1065 }
1066 leaf certResendDelay {
1067 type uint16;
1068 description
1069 "This leaf specifies the maximum time delay in seconds
1070 until resending the Certificate Block.";
1071 }
1072 leaf certResendCount {
1073 type uint16;
1074 description
1075 "This leaf specifies the maximum number of other
1076 syslog messages to send until resending the
1077 Certificate Block.";
1078 }
1079 leaf sigMaxDelay {
1080 type uint16;
1081 description
1082 "This leaf specifies when to generate a new Signature
1083 Block. If this many seconds have elapsed since the
1084 message with the first message number of the
1085 Signature Block was sent, a new Signature Block
1086 should be generated.";
1087 }
1088 leaf sigNumberResends {
1089 type uint16;
1090 description
1091 "This leaf specifies the number of times a Signature
1092 Block is resent. (It is recommended to select a value
1093 of greater than 0 in particular when the UDP
1094 transport [RFC5426] is used.).";
1095 }
1096 leaf sigResendDelay {
1097 type uint16;
1098 description
1099 "This leaf specifies when to send the next Signature
1100 Block transmission based on time. If this many
1101 seconds have elapsed since the previous sending of
1102 this Signature Block, resend it.";
1103 }
1104 leaf sigResendCount {
1105 type uint16;
1106 description
1107 "This leaf specifies when to send the next Signature
1108 Block transmission based on a count. If this many
1109 other syslog messages have been sent since the
1110 previous sending of this Signature Block, resend it.";
1111 }
1112 }
1113 }
1114 }
1115 container terminal-logging-action {
1116 description
1117 "This container describes the configuration parameters for
1118 the terminal logging configuration.";
1119 choice user-scope {
1120 description
1121 "This choice describes the option to specify all users
1122 or a specific user. The all users case implies that
1123 messages will be sent to all terminals";
1124 case all-users {
1125 description
1126 "This case specifies all users.";
1127 container all-users {
1128 description
1129 "This container describes the configuration parameters
1130 for all users.";
1131 uses syslog-selector;
1132 }
1133 }
1134 case per-user {
1135 if-feature terminal-facility-user-logging-config;
1136 description
1137 "This case specifies a specific user.";
1138 list user-name {
1139 key "uname";
1140 description
1141 "This list describes a collection of user names.";
1142 leaf uname {
1143 type string;
1144 description
1145 "This leaf uniquely describes a user name.";
1146 }
1147 uses syslog-selector;
1148 }
1149 }
1150 }
1151 }
1152 }
1153 }
1155 4.3. A SYSLOG Example
1157 Requirement:
1158 Enable global logging of two facilities:
1159 kern - severity critical(1)
1160 auth - severity error(3)
1162 Enable console logging of syslogs of severity
1163 critical(1)
1165 Here is the example syslog configuration xml:
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175 syslogtypes:kernsyslogtypes:critical
1176
1177
1178 syslogtypes:authsyslogtypes:error
1179
1180
1181
1182 syslogtypes:critical
1183
1184
1185
1186
1187
1189
1190
1191
1192
1194 5. Implementation Status
1196 [Note to RFC Editor: Please remove this section before publication.]
1198 This section records the status of known implementations of the Syslog
1199 YANG model at the time of posting of this Internet-Draft.
1201 Cisco Systems, Inc. has implemented the proposed IETF Syslog model
1202 for the Nexus 7000 NXOS OS as a prototype, together with an
1203 augmentation model for operating system specific Syslog configuration
1204 features.
1206 Five leaves were implemented in the base IETF model and three leaves
1207 were implemented in the NXOS specific augmentation model as follows:
1209 Leaf XPATH Sample NXOS CLI Command(s)
1211 syslog:global-logging logging level cron 2
1212 syslog:console-logging logging console 1
1213 syslog:file-logging logging logfile mylog.log 2 4096
1214 syslog:terminal-logging logging monitor 2
1215 syslog:remote-logging *logging server server.cisco.com 2
1216 facility user use-vrf management
1217 *logging source-interface loopback 0
1218 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds
1219 cisco-syslog:origin-id-cfg logging origin-id string abcdef
1220 cisco-syslog:module-logging logging module 1
1222 *The "logging server" and "logging source-interface" commands were
1223 combined into one base model leaf.
1225 The description of implementations in this section is intended to assist
1226 the IETF in its decision processes in progressing drafts to RFCs.
1228 6. Security Considerations
1230 The YANG module defined in this memo is designed to be accessed via
1231 the NETCONF protocol [RFC6241] [RFC6241]. The lowest NETCONF layer
1232 is the secure transport layer and the mandatory-to-implement secure
1233 transport is SSH [RFC6242] [RFC6242]. The NETCONF access control
1234 model [RFC6536] [RFC6536] provides the means to restrict access for
1235 particular NETCONF users to a pre-configured subset of all available
1236 NETCONF protocol operations and content.
1238 There are a number of data nodes defined in the YANG module which are
1239 writable/creatable/deletable (i.e., config true, which is the
1240 default). These data nodes may be considered sensitive or vulnerable
1241 in some network environments. Write operations (e.g., )
1242 to these data nodes without proper protection can have a negative
1243 effect on network operations.
1245 TBD: List specific Subtrees and data nodes and their sensitivity/
1246 vulnerability.
1248 7. IANA Considerations
1250 This document registers a URI in the IETF XML registry [RFC3688]
1251 [RFC3688]. Following the format in RFC 3688, the following
1252 registration is requested to be made:
1254 URI: urn:ietf:params:xml:ns:yang:syslog
1256 Registrant Contact: The IESG.
1258 XML: N/A, the requested URI is an XML namespace.
1260 This document registers a YANG module in the YANG Module Names
1261 registry [RFC6020].
1263 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog
1264 prefix: syslog reference: RFC XXXX
1266 8. Acknowledgements
1268 The authors wish to thank the following who commented on version 00 of this proposal:
1270 Jim Gibson
1271 Jeffrey Haas
1272 John Heasley
1273 Giles Heron
1274 Lisa Huang
1275 Jeffrey K Lange
1276 Chris Lonvick
1277 Juergen Schoenwaelder
1278 Peter Van Horne
1279 Bert Wijnen
1280 Aleksandr Zhdankin
1282 9. Change log [RFC Editor: Please remove]
1284 10. References
1286 [RFC3164] Lonvick, C., "The BSD syslog Protocol", BCP 81, RFC 3164,
1287 August 2001.
1289 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1290 March 2204.
1292 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
1293 Network Configuration Protocol (NETCONF)", RFC 6020,
1294 October 2010.
1296 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
1297 Bierman, "Network Configuration Protocol (NETCONF)", RFC
1298 6241, June 2011.
1300 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
1301 Shell (SSH)", RFC 6242, June 2011.
1303 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
1304 Protocol (NETCONF) Access Control Model", RFC 6536, March
1305 2012.
1307 Authors' Addresses
1309 Clyde Wildes
1310 Cisco Systems Inc.
1312 Email: cwildes@cisco.com
1314 Kiran Agrahara Sreenivasa
1315 Brocade Communications Systems
1317 Email: kkoushik@brocade.com