idnits 2.17.1
draft-ietf-netmod-syslog-model-02.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== The page length should not exceed 58 lines per page, but there was 12
longer pages, the longest (page 5) being 134 lines
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack separate sections for Informative/Normative
References. All references will be assumed normative when checking for
downward references.
** There are 34 instances of too long lines in the document, the longest
one being 30 characters in excess of 72.
== There are 1 instance of lines with non-RFC2606-compliant FQDNs in the
document.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 190 has weird spacing: '...acility ide...'
== Line 204 has weird spacing: '...acility ide...'
== Line 218 has weird spacing: '...acility ide...'
== Line 235 has weird spacing: '...acility ide...'
== Line 256 has weird spacing: '...acility ide...'
== (7 more instances...)
-- The document date (Mar 05, 2015) is 3341 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Missing Reference: 'RFC5426' is mentioned on line 975, but not defined
** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424)
** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341)
Summary: 4 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETMOD WG Clyde Wildes
3 Internet-Draft Cisco Systems
4 Intended status: Informational Agrahara Kiran Koushik
5 Expires: Sep 05, 2015 Brocade Communication Systems
6 Mar 05, 2015
8 SYSLOG YANG model
9 draft-ietf-netmod-syslog-model-02
11 Abstract
13 This document describes a data model for Syslog
14 protocol which is used to convey event notification messages.
16 Status of This Memo
18 This Internet-Draft is submitted in full conformance with the
19 provisions of BCP 78 and BCP 79.
21 Internet-Drafts are working documents of the Internet Engineering
22 Task Force (IETF). Note that other groups may also distribute
23 working documents as Internet-Drafts. The list of current Internet-
24 Drafts is at http://datatracker.ietf.org/drafts/current/.
26 Internet-Drafts are draft documents valid for a maximum of six months
27 and may be updated, replaced, or obsoleted by other documents at any
28 time. It is inappropriate to use Internet-Drafts as reference
29 material or to cite them other than as "work in progress."
31 This Internet-Draft will expire on Sep 05, 2015.
33 Copyright Notice
35 Copyright (c) 2015 IETF Trust and the persons identified as the
36 document authors. All rights reserved.
38 This document is subject to BCP 78 and the IETF Trust's Legal
39 Provisions Relating to IETF Documents
40 (http://trustee.ietf.org/license-info) in effect on the date of
41 publication of this document. Please review these documents
42 carefully, as they describe your rights and restrictions with respect
43 to this document. Code Components extracted from this document must
44 include Simplified BSD License text as described in Section 4.e of
45 the Trust Legal Provisions and are provided without warranty as
46 described in the Simplified BSD License.
48 Table of Contents
50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
51 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3
52 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
53 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3
54 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4
55 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6
56 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6
57 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10
58 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18
59 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19
60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19
61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
62 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
63 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20
64 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
67 1. Introduction
69 Operating systems, processes and applications generate messages
70 indicating their own status or the occurrence of events. These
71 messages are useful for managing and/or debugging the network and its
72 services. The BSD Syslog protocol is a widely adopted protocol that
73 is used for transmission and processing of the messages.
75 Since each process, application and operating system was
76 written somewhat independently, there is little uniformity to the
77 content of Syslog messages. For this reason, no assumption is made
78 upon the formatting or contents of the messages. The protocol is
79 simply designed to transport these event messages. No
80 acknowledgement of the receipt is made.
82 Essentially, a Syslog process receives messages (from the kernel,
83 processes, applications or other Syslog processes) and processes
84 those. The processing involves logging to a local file, displaying on
85 console, user terminal, and/or relaying to syslog processes on other
86 machines. The processing is determined by the "facility" that
87 originated the message and the "severity" assigned to the message by
88 the facility.
90 We are using definitions of Syslog protocol from [RFC3164] in this
91 draft.
93 1.1. Definitions and Acronyms
95 IP: Internet Protocol
97 IPv4: Internet Protocol version 4
99 IPv6: Internet Protocol version 6
101 UDP: User Datagram Protocol
103 VRF: Virtual Routing and Forwarding
105 2. Problem Statement
107 This document defines a YANG [RFC6020] configuration data model that
108 may be used to monitor and control one or more syslog processes running
109 on a system. YANG models can be used with network management
110 agents such as NETCONF [RFC6241] to install, manipulate, and delete
111 the configuration of network devices.
113 This module makes use of the YANG "feature" construct which allows
114 implementations to support only those Syslog features that lie
115 within their capabilities.
117 3. Design of the SYSLOG Model
119 The syslog model was designed by comparing various syslog features
120 implemented by various vendors' in different implementations.
122 This draft addresses the common leafs between all vendors and creates
123 a common model, which can be augmented with proprietary features, if
124 necessary. The base model is designed to be very simple for maximum
125 flexibility.
127 Syslog consists of message producers, a group level suppression filter,
128 and message distributors. The following digram shows syslog messages
129 flowing from a message producer, through the group level suppression
130 filter, and if passed by the group filter to message distributors where
131 further suppression filtering can take place.
133 Message Producers
134 +-------------+ +-------------+ +-------------+ +-------------+
135 | Various | | OS | | | | Remote |
136 | Components | | Kernel | | Line Cards | | Servers |
137 +-------------+ +-------------+ +-------------+ +-------------+
139 +-------------+ +-------------+ +-------------+ +-------------+
140 | SNMP | | Interface | | Standby | | Syslog |
141 | Events | | Events | | Supervisor | | Itself |
142 +-------------+ +-------------+ +-------------+ +-------------+
144 | |
145 +----------------------------------------------------------------+
146 |
147 |
148 v
150 Group Level Suppression
151 +------------------------------+
152 | Filter by message facility |
153 | and message severity |
154 +------------------------------+
155 |
156 |
157 |
158 +------------+------------+------------+-----------+
159 | | | | |
160 v v v v v
161 Message Distributors
162 +----------+ +----------+ +----------+ +----------+ +----------+
163 | | | Log | | Log | | User | | Remote |
164 | Console | | Buffer | | File(s) | | Terminals| | Servers|
165 +----------+ +----------+ +----------+ +----------+ +----------+
167 The leaves in the base syslog model correspond to the group level
168 suppression filter and each message distributor:
170 - console
171 - log buffer
172 - log file(s)
173 - user terminals
174 - remote server(s).
176 Optional features are used to specified fields that are not present in
177 all vendor configurations.
179 3.1. SYSLOG Module
180 module: ietf-syslog
181 +--rw syslog
182 +--rw global-logging-action {global-logging-action}?
183 | +--rw (logging-level-scope)?
184 | | +--:(logging-facility-all)
185 | | | +--rw severity? syslogtypes:severity
186 | | +--:(logging-facility-none)
187 | | | +--rw none? empty
188 | | +--:(logging-facility)
189 | | +--rw logging-facilities* [facility]
190 | | +--rw facility identityref
191 | | +--rw severity? syslogtypes:severity
192 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
193 | | +--rw select-message-severity? enumeration
194 | +--rw logging-match-processing {selector-match-processing-config}?
195 | +--rw pattern-match? string
196 +--rw console-logging-action
197 | +--rw (logging-level-scope)?
198 | | +--:(logging-facility-all)
199 | | | +--rw severity? syslogtypes:severity
200 | | +--:(logging-facility-none)
201 | | | +--rw none? empty
202 | | +--:(logging-facility)
203 | | +--rw logging-facilities* [facility]
204 | | +--rw facility identityref
205 | | +--rw severity? syslogtypes:severity
206 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
207 | | +--rw select-message-severity? enumeration
208 | +--rw logging-match-processing {selector-match-processing-config}?
209 | +--rw pattern-match? string
210 +--rw buffered-logging-action
211 | +--rw (logging-level-scope)?
212 | | +--:(logging-facility-all)
213 | | | +--rw severity? syslogtypes:severity
214 | | +--:(logging-facility-none)
215 | | | +--rw none? empty
216 | | +--:(logging-facility)
217 | | +--rw logging-facilities* [facility]
218 | | +--rw facility identityref
219 | | +--rw severity? syslogtypes:severity
220 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
221 | | +--rw select-message-severity? enumeration
222 | +--rw logging-match-processing {selector-match-processing-config}?
223 | | +--rw pattern-match? string
224 | +--rw buffer-size? uint64
225 +--rw file-logging-action
226 | +--rw logging-files* [file-name]
227 | +--rw file-name inet:uri
228 | +--rw (logging-level-scope)?
229 | | +--:(logging-facility-all)
230 | | | +--rw severity? syslogtypes:severity
231 | | +--:(logging-facility-none)
232 | | | +--rw none? empty
233 | | +--:(logging-facility)
234 | | +--rw logging-facilities* [facility]
235 | | +--rw facility identityref
236 | | +--rw severity? syslogtypes:severity
237 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
238 | | +--rw select-message-severity? enumeration
239 | +--rw logging-match-processing {selector-match-processing-config}?
240 | | +--rw pattern-match? string
241 | +--rw file-logging-structured-data? boolean {file-logging-structured-data}?
242 | +--rw file-logging-archive {file-logging-archive-config}?
243 | +--rw file-number? uint32
244 | +--rw file-size? uint64
245 | +--rw file-permission? enumeration
246 +--rw remote-logging-action
247 | +--rw remote-logging-destination* [destination]
248 | +--rw destination inet:host
249 | +--rw (logging-level-scope)?
250 | | +--:(logging-facility-all)
251 | | | +--rw severity? syslogtypes:severity
252 | | +--:(logging-facility-none)
253 | | | +--rw none? empty
254 | | +--:(logging-facility)
255 | | +--rw logging-facilities* [facility]
256 | | +--rw facility identityref
257 | | +--rw severity? syslogtypes:severity
258 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
259 | | +--rw select-message-severity? enumeration
260 | +--rw logging-match-processing {selector-match-processing-config}?
261 | | +--rw pattern-match? string
262 | +--rw remote-logging-structured-data? boolean {remote-logging-structured-data}?
263 | +--rw destination-port? inet:port-number
264 | +--rw destination-facility? identityref
265 | +--rw source-interface? if:interface-ref
266 | +--rw vrf-name? string {remote-logging-use-vrf}?
267 | +--rw syslog-sign! {signed-messages-config}?
268 | +--rw cert-initial-repeat uint16
269 | +--rw cert-resend-delay uint16
270 | +--rw cert-resend-count uint16
271 | +--rw sig-max-delay uint16
272 | +--rw sig-number-resends uint16
273 | +--rw sig-resend-delay uint16
274 | +--rw sig-resend-count uint16
275 +--rw terminal-logging-action
276 +--rw (user-scope)?
277 +--:(all-users)
278 | +--rw all-users
279 | +--rw (logging-level-scope)?
280 | | +--:(logging-facility-all)
281 | | | +--rw severity? syslogtypes:severity
282 | | +--:(logging-facility-none)
283 | | | +--rw none? empty
284 | | +--:(logging-facility)
285 | | +--rw logging-facilities* [facility]
286 | | +--rw facility identityref
287 | | +--rw severity? syslogtypes:severity
288 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
289 | | +--rw select-message-severity? enumeration
290 | +--rw logging-match-processing {selector-match-processing-config}?
291 | +--rw pattern-match? string
292 +--:(per-user) {terminal-facility-user-logging-config}?
293 +--rw user-name* [uname]
294 +--rw uname string
295 +--rw (logging-level-scope)?
296 | +--:(logging-facility-all)
297 | | +--rw severity? syslogtypes:severity
298 | +--:(logging-facility-none)
299 | | +--rw none? empty
300 | +--:(logging-facility)
301 | +--rw logging-facilities* [facility]
302 | +--rw facility identityref
303 | +--rw severity? syslogtypes:severity
304 +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
305 | +--rw select-message-severity? enumeration
306 +--rw logging-match-processing {selector-match-processing-config}?
307 +--rw pattern-match? string
309 4. SYSLOG YANG Models
311 4.1. SYSLOG-TYPES module
313 module ietf-syslog-types {
314 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types";
315 prefix syslogtypes;
317 organization "IETF NETMOD (NETCONF Data Modeling Language) Working
318 Group";
319 contact
320 "WG Web:
321 WG List:
323 WG Chair: Juergen Schoenwaelder
324
326 WG Chair: Tom Nadeau
327
329 Editor: Clyde Wildes
330
332 Editor: Agrahara Kiran Koushik
333 ";
334 description
335 "This module contains a collection of YANG type definitions for
336 SYSLOG.";
338 revision 2015-03-05 {
339 description
340 "Initial Revision";
341 reference
342 "This model references RFC 5424 - The Syslog Protocol.";
344 }
346 typedef severity {
347 type enumeration {
348 enum "emergency" {
349 value 0;
350 description
351 "Emergency Level Msg";
352 }
353 enum "alert" {
354 value 1;
355 description
356 "Alert Level Msg";
357 }
358 enum "critical" {
359 value 2;
360 description
361 "Critical Level Msg";
362 }
363 enum "error" {
364 value 3;
365 description
366 "Error Level Msg";
367 }
368 enum "warning" {
369 value 4;
370 description
371 "Warning Level Msg";
372 }
373 enum "notice" {
374 value 5;
375 description
376 "Notification Level Msg";
377 }
378 enum "info" {
379 value 6;
380 description
381 "Informational Level Msg";
382 }
383 enum "debug" {
384 value 7;
385 description
386 "Debugging Level Msg";
387 }
388 }
389 description
390 "The definitions for Syslog message severity.";
391 }
393 identity syslog-facility {
394 description
395 "The base identity to represent syslog facilities";
396 }
398 identity kern {
399 base syslog-facility;
400 description
401 "The facility for kernel messages as defined in RFC 5424.";
402 }
403 identity user {
404 base syslog-facility;
405 description
406 "The facility for user-level messages as defined in RFC 5424.";
407 }
409 identity mail {
410 base syslog-facility;
411 description
412 "The facility for the mail system as defined in RFC 5424.";
413 }
415 identity daemon {
416 base syslog-facility;
417 }
418 description
419 "The facility for the system daemons as defined in RFC 5424.";
420 }
422 identity auth {
423 base syslog-facility;
424 description
425 "The facility for security/authorization messages as defined
426 in RFC 5424.";
427 }
429 identity syslog {
430 base syslog-facility;
431 description
432 "The facility for messages generated internally by syslogd
433 facility as defined in RFC 5424.";
434 }
436 identity lpr {
437 base syslog-facility;
438 description
439 "The facility for the line printer subsystem as defined in
440 RFC 5424.";
441 }
443 identity news {
444 base syslog-facility;
445 description
446 "The facility for the network news subsystem as defined in
447 RFC 5424.";
448 }
450 identity uucp {
451 base syslog-facility;
452 description
453 "The facility for the UUCP subsystem as defined in RFC 5424.";
454 }
456 identity cron {
457 base syslog-facility;
458 description
459 "The facility for the clock daemon as defined in RFC 5424.";
460 }
462 identity authpriv {
463 base syslog-facility;
464 description
465 "The facility for privileged security/authorization messages
466 as defined in RFC 5424.";
467 }
469 identity ftp {
470 base syslog-facility;
471 description
472 "The facility for the FTP daemon as defined in RFC 5424.";
473 }
475 identity ntp {
476 base syslog-facility;
477 description
478 "The facility for the NTP subsystem as defined in RFC 5424.";
479 }
481 identity audit {
482 base syslog-facility;
483 description
484 "The facility for log audit messages as defined in RFC 5424.";
485 }
487 identity console {
488 base syslog-facility;
489 description
490 "The facility for log alert messages as defined in RFC 5424.";
491 }
493 identity cron2 {
494 base syslog-facility;
495 description
496 "The facility for the second clock daemon as defined in
497 RFC 5424.";
498 }
500 identity local0 {
501 base syslog-facility;
502 description
503 "The facility for local use 0 messages as defined in
504 RFC 5424.";
505 }
507 identity local1 {
508 base syslog-facility;
509 description
510 "The facility for local use 1 messages as defined in
511 RFC 5424.";
512 }
514 identity local2 {
515 base syslog-facility;
516 description
517 "The facility for local use 2 messages as defined in
518 RFC 5424.";
519 }
521 identity local3 {
522 base syslog-facility;
523 description
524 "The facility for local use 3 messages as defined in
525 RFC 5424.";
526 }
528 identity local4 {
529 base syslog-facility;
530 description
531 "The facility for local use 4 messages as defined in
532 RFC 5424.";
533 }
535 identity local5 {
536 base syslog-facility;
537 description
538 "The facility for local use 5 messages as defined in
539 RFC 5424.";
540 }
542 identity local6 {
543 base syslog-facility;
544 description
545 "The facility for local use 6 messages as defined in
546 RFC 5424.";
547 }
549 identity local7 {
550 base syslog-facility;
551 description
552 "The facility for local use 7 messages as defined in
553 RFC 5424.";
554 }
555 }
556 4.2. SYSLOG module
558 module ietf-syslog {
559 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
560 prefix syslog;
562 import ietf-inet-types {
563 prefix inet;
564 }
566 import ietf-interfaces {
567 prefix if;
568 }
570 import ietf-syslog-types {
571 prefix syslogtypes;
572 }
574 organization "IETF NETMOD (NETCONF Data Modeling Language)
575 Working Group";
576 contact
577 "WG Web:
578 WG List:
580 WG Chair: David Kessens
581
583 WG Chair: Juergen Schoenwaelder
584
586 Editor: Clyde Wildes
587
589 Editor: Agrahara Kiran Koushik
590 ";
592 description
593 "This module contains a collection of YANG definitions
594 for Syslog configuration.";
596 revision 2015-03-05 {
597 description
598 "Initial Revision";
599 reference
600 "This model references RFC 5424 - The Syslog Protocol,
601 and RFC 5848 - Signed Syslog Messages.";
602 }
604 feature global-logging-action {
605 description
606 "This feature represents the ability to suppress log
607 messages on the global level.";
608 }
609 feature file-logging-structured-data {
610 description
611 "This feature represents the ability to log messages
612 to a file in structured-data format as per RFC 5424.";
613 }
615 feature remote-logging-structured-data {
616 description
617 "This feature represents the ability to deliver log
618 messages to a remote server in structured-data format
619 as per RFC 5424.";
620 }
622 feature file-logging-archive-config {
623 description
624 "This feature represents the ability to archive log files.";
625 }
627 feature remote-logging-use-vrf {
628 description
629 "This feature allows remote logging of messages to a
630 particular VRF.";
631 }
633 feature terminal-facility-user-logging-config {
634 description
635 "This feature represents the ability to adjust
636 log message settings for individual terminal users.";
637 }
639 feature selector-advanced-level-processing-config {
640 description
641 "This feature represents the ability to select messages
642 using the additional operators equal to, or not equal to
643 when comparing the Syslog message severity.";
644 }
646 feature selector-match-processing-config {
647 description
648 "This feature represents the ability to select messages based
649 on a Posix 1003.2 regular expression pattern match.";
650 }
652 feature signed-messages-config {
653 description
654 "This feature represents the ability to configure signed
655 syslog messages according to RFC 5848.";
656 }
658 grouping syslog-severity {
659 description
660 "This grouping defines the Syslog severity which is used to
661 filter log messages.";
662 leaf severity {
663 type syslogtypes:severity;
664 description
665 "This leaf specifies the Syslog message severity.
666 No value implies all severities.";
667 }
668 }
669 grouping syslog-selector {
670 description
671 "This grouping defines a Syslog selector which is used to
672 filter log messages for the given action in which the
673 selector appears. Choose one of the following:
674 logging-facility-all
675 logging-facility-none
676 logging-facility [ ...]
677 Additional severity comparison operations are available
678 using the logging-advanced-level-processing container. If
679 the logging-advanced-level-processing container is not
680 present all messages of the specified severity and higher
681 are logged according to the given action.";
682 choice logging-level-scope {
683 default logging-facility-all;
684 description
685 "This choice describes the option to specify all
686 facilities, no facilities, or a specific facility.";
687 case logging-facility-all {
688 description
689 "This case specifies all facilities will match when
690 comparing the Syslog message facility.";
691 uses syslog-severity;
692 }
693 case logging-facility-none {
694 description
695 "This case specifies no facilities will match when
696 comparing the Syslog message facility. This is a method
697 that can be used to turn an action off.";
698 leaf none {
699 type empty;
700 description
701 "This leaf specifies that no facilities participate in the
702 filtering of Syslog messages for this action.";
703 }
704 }
705 case logging-facility {
706 description
707 "This case specifies one or more specified facilities
708 will match when comparing the Syslog message facility.";
709 list logging-facilities {
710 key "facility";
711 description
712 "This list describes a collection of Syslog facilities
713 and severities.";
714 leaf facility {
715 type identityref {
716 base syslogtypes:syslog-facility;
717 }
718 description
719 "The leaf uniquely identifies a Syslog facility.";
720 }
721 uses syslog-severity;
722 }
723 }
724 }
725 container logging-advanced-level-processing {
726 if-feature selector-advanced-level-processing-config;
727 description
728 "This container describes the configuration parameters for
729 advanced Syslog selector severity comparison.";
730 leaf select-message-severity {
731 type enumeration {
732 enum equals-or-higher {
733 description
734 "All messages of the specified severity and higher are
735 logged according to the given action";
736 }
737 enum equals {
738 description
739 "This leaf specifies all messages for the specified
740 severity.";
741 }
742 enum not-equals {
743 description
744 "This leaf specifies all messages that are not for the
745 specified severity.";
746 }
747 }
748 default equals-or-higher;
749 description
750 "This leaf describes the option to specify how the
751 severity comparison is performed.";
752 }
753 }
754 container logging-match-processing {
755 if-feature selector-match-processing-config;
756 description
757 "This container describes the configuration parameters for
758 matching Syslog messages using a regular expression pattern
759 match.";
760 leaf pattern-match {
761 type string;
762 description
763 "This leaf desribes a Posix 1003.2 regular expression
764 string that can be used to select a Syslog message for
765 logging. The match is performed on the RFC 5424
766 SYSLOG-MSG field.";
767 }
768 }
769 }
771 container syslog {
772 description
773 "This container describes the configuration parameters for
774 Syslog.";
775 container global-logging-action {
776 if-feature global-logging-action;
777 description
778 "This container describes the configuration parameters for
779 global logging. Global logging represents the ability to
780 perform global log message suppression.";
781 uses syslog-selector;
782 }
783 container console-logging-action {
784 description
785 "This container describes the configuration parameters for
786 console logging.";
787 uses syslog-selector;
788 }
789 container buffered-logging-action {
790 description
791 "This container describes the configuration parameters for
792 local memory buffer logging.";
793 uses syslog-selector;
794 leaf buffer-size {
795 type uint64;
796 description
797 "This leaf describes the amount of memory that will be
798 dedicated to local memory buffer logging. The default
799 value varies by implementation.";
800 }
801 }
802 container file-logging-action {
803 description
804 "This container describes the configuration parameters for
805 file logging.";
806 list logging-files {
807 key "file-name";
808 description
809 "This list describes a collection of local logging
810 files.";
811 leaf file-name {
812 type inet:uri;
813 description
814 "This leaf specifies the name of the log file.";
815 }
816 uses syslog-selector;
817 leaf file-logging-structured-data {
818 if-feature file-logging-structured-data;
819 type boolean;
820 default false;
821 description
822 "This leaf describes how log messages are written to the
823 log file. If true, messages will be written in
824 structured-data format; if false, messages will be
825 written in standard message format.";
826 }
827 container file-logging-archive {
828 if-feature file-logging-archive-config;
829 description
830 "This container describes the configuration parameters
831 for log file archiving.";
832 leaf file-number {
833 type uint32;
834 default 1;
835 description
836 "This leaf specifies the maximum number of log files
837 retained.";
838 }
839 leaf file-size {
840 type uint64;
841 default 262144;
842 description
843 "This leaf specifies the maximum log file size.";
844 }
845 leaf file-permission {
846 type enumeration {
847 enum world-readable {
848 value 1;
849 description
850 "This enum specifies that the log files
851 are readable by world.";
852 }
853 enum no-world-readable {
854 value 2;
855 description
856 "This enum specifies that the log files
857 are not readable by world.";
858 }
859 }
860 default no-world-readable;
861 description
862 "This leaf describes who can read log files";
863 }
864 }
865 }
866 }
867 container remote-logging-action {
868 description
869 "This container describes the configuration parameters for
870 remote logging.";
871 list remote-logging-destination {
872 key "destination";
873 description
874 "This list describes a collection of remote logging
875 destinations.";
876 leaf destination {
877 type inet:host;
878 description
879 "The leaf uniquely specifies the address of the
880 remote host. One of the following must be specified:
881 an ipv4 address, an ipv6 address, or a host name.";
882 }
883 uses syslog-selector;
884 leaf remote-logging-structured-data {
885 if-feature remote-logging-structured-data;
886 type boolean;
887 default false;
888 description
889 "This leaf describes how log messages are sent to the
890 remote server. If true, messages will be sent in
891 structured-data format; if false, messages will be
892 sent in standard message format.";
893 }
894 leaf destination-port {
895 type inet:port-number;
896 default 514;
897 description
898 "This leaf specifies the port number used to deliver
899 messages to the remote server.";
900 }
901 leaf destination-facility {
902 type identityref {
903 base syslogtypes:syslog-facility;
904 }
905 default syslogtypes:local7;
906 description
907 "This leaf specifies the facility used in messages
908 delivered to the remote server.";
909 }
910 leaf source-interface {
911 type if:interface-ref;
912 description
913 "This leaf sets the source interface for the remote
914 Syslog server. Either the interface name or the
915 interface IP address can be specified. If not set,
916 messages sent to a remote syslog server will contain
917 the IP address of the interface the syslog message
918 uses to exit the network element";
919 }
920 leaf vrf-name {
921 if-feature remote-logging-use-vrf;
922 type string;
923 description
924 "This leaf specifies the name of the virtual routing
925 facility (VRF) that connects to the syslog server
926 host. If not set, the default VRF will be used.";
927 }
928 container syslog-sign {
929 if-feature signed-messages-config;
930 presence
931 "If present, syslog-sign is activated.";
932 description
933 "This container describes the configuration parameters
934 for signed syslog messages as described by RFC 5848.";
935 leaf cert-initial-repeat {
936 type uint16;
937 mandatory true;
938 description
939 "This leaf specifies the number of times each
940 Certificate Block should be sent before the first
941 message is sent.";
942 }
943 leaf cert-resend-delay {
944 type uint16;
945 mandatory true;
946 description
947 "This leaf specifies the maximum time delay in seconds
948 until resending the Certificate Block.";
949 }
950 leaf cert-resend-count {
951 type uint16;
952 mandatory true;
953 description
954 "This leaf specifies the maximum number of other
955 syslog messages to send until resending the
956 Certificate Block.";
957 }
958 leaf sig-max-delay {
959 type uint16;
960 mandatory true;
961 description
962 "This leaf specifies when to generate a new Signature
963 Block. If this many seconds have elapsed since the
964 message with the first message number of the
965 Signature Block was sent, a new Signature Block
966 should be generated.";
967 }
968 leaf sig-number-resends {
969 type uint16;
970 mandatory true;
971 description
972 "This leaf specifies the number of times a Signature
973 Block is resent. (It is recommended to select a value
974 of greater than 0 in particular when the UDP
975 transport [RFC5426] is used.).";
976 }
977 leaf sig-resend-delay {
978 type uint16;
979 mandatory true;
980 description
981 "This leaf specifies when to send the next Signature
982 Block transmission based on time. If this many
983 seconds have elapsed since the previous sending of
984 this Signature Block, resend it.";
985 }
986 leaf sig-resend-count {
987 type uint16;
988 mandatory true;
989 description
990 "This leaf specifies when to send the next Signature
991 Block transmission based on a count. If this many
992 other syslog messages have been sent since the
993 previous sending of this Signature Block, resend it.";
994 }
995 }
996 }
997 }
998 container terminal-logging-action {
999 description
1000 "This container describes the configuration parameters for
1001 the terminal logging configuration.";
1002 choice user-scope {
1003 default all-users;
1004 description
1005 "This choice describes the option to specify all users
1006 or a specific user. The all users case implies that
1007 messages will be sent to all terminals";
1008 case all-users {
1009 description
1010 "This case specifies all users.";
1011 container all-users {
1012 description
1013 "This container describes the configuration parameters
1014 for all users.";
1015 uses syslog-selector;
1016 }
1017 }
1018 case per-user {
1019 if-feature terminal-facility-user-logging-config;
1020 description
1021 "This case specifies a specific user.";
1022 list user-name {
1023 key "uname";
1024 description
1025 "This list describes a collection of user names.";
1027 leaf uname {
1028 type string;
1029 description
1030 "This leaf uniquely describes a user name which is
1031 the login name of the user whose terminal session
1032 is to receive log messages.";
1033 }
1034 uses syslog-selector;
1035 }
1036 }
1037 }
1038 }
1039 }
1040 }
1042 4.3. A SYSLOG Example
1044 Requirement:
1045 Enable global logging of two facilities:
1046 kern - severity critical(1)
1047 auth - severity error(3)
1049 Enable console logging of syslogs of severity
1050 critical(1)
1052 Here is the example syslog configuration xml:
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062 syslogtypes:kernsyslogtypes:critical
1063
1064
1065 syslogtypes:authsyslogtypes:error
1066
1067
1068
1069 syslogtypes:critical
1070
1071
1072
1073
1074
1076
1077
1078
1079
1081 5. Implementation Status
1083 [Note to RFC Editor: Please remove this section before publication.]
1085 This section records the status of known implementations of the Syslog
1086 YANG model at the time of posting of this Internet-Draft.
1088 Cisco Systems, Inc. has implemented the proposed IETF Syslog model
1089 for the Nexus 7000 NXOS OS as a prototype, together with an
1090 augmentation model for operating system specific Syslog configuration
1091 features.
1093 Five leaves were implemented in the base IETF model and three leaves
1094 were implemented in the Cisco specific augmentation model as follows:
1096 Leaf XPATH Sample NXOS CLI Command(s)
1098 syslog:global-logging-action logging level cron 2
1099 syslog:console-logging-action logging console 1
1100 syslog:file-logging-action logging logfile mylog.log 2 4096
1101 syslog:terminal-logging-action logging monitor 2
1102 syslog:remote-logging-action *logging server server.cisco.com 2
1103 facility user
1104 use-vrf management
1105 *logging source-interface loopback 0
1106 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds
1107 cisco-syslog:origin-id-cfg logging origin-id string abcdef
1108 cisco-syslog:module-logging logging module 1
1110 *The "logging server" and "logging source-interface" commands were
1111 combined into one base model leaf.
1113 The description of implementations in this section is intended to assist
1114 the IETF in its decision processes in progressing drafts to RFCs.
1116 6. Security Considerations
1118 The YANG module defined in this memo is designed to be accessed via
1119 the NETCONF protocol [RFC6241] [RFC6241]. The lowest NETCONF layer
1120 is the secure transport layer and the mandatory-to-implement secure
1121 transport is SSH [RFC6242] [RFC6242]. The NETCONF access control
1122 model [RFC6536] [RFC6536] provides the means to restrict access for
1123 particular NETCONF users to a pre-configured subset of all available
1124 NETCONF protocol operations and content.
1126 There are a number of data nodes defined in the YANG module which are
1127 writable/creatable/deletable (i.e., config true, which is the
1128 default). These data nodes may be considered sensitive or vulnerable
1129 in some network environments. Write operations (e.g., )
1130 to these data nodes without proper protection can have a negative
1131 effect on network operations.
1133 TBD: List specific Subtrees and data nodes and their sensitivity/
1134 vulnerability.
1136 7. IANA Considerations
1138 This document registers a URI in the IETF XML registry [RFC3688]
1139 [RFC3688]. Following the format in RFC 3688, the following
1140 registration is requested to be made:
1142 URI: urn:ietf:params:xml:ns:yang:syslog
1144 Registrant Contact: The IESG.
1146 XML: N/A, the requested URI is an XML namespace.
1148 This document registers a YANG module in the YANG Module Names
1149 registry [RFC6020].
1151 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog
1152 prefix: syslog reference: RFC XXXX
1154 8. Acknowledgements
1156 The authors wish to thank the following who commented on version 00 of this proposal:
1158 Jim Gibson
1159 Jeffrey Haas
1160 John Heasley
1161 Giles Heron
1162 Lisa Huang
1163 Jeffrey K Lange
1164 Chris Lonvick
1165 Juergen Schoenwaelder
1166 Peter Van Horne
1167 Bert Wijnen
1168 Aleksandr Zhdankin
1170 9. Change log [RFC Editor: Please remove]
1172 10. References
1174 [RFC3164] Lonvick, C., "The BSD syslog Protocol", BCP 81, RFC 3164,
1175 August 2001.
1177 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1178 March 2204.
1180 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
1181 Network Configuration Protocol (NETCONF)", RFC 6020,
1182 October 2010.
1184 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
1185 Bierman, "Network Configuration Protocol (NETCONF)", RFC
1186 6241, June 2011.
1188 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
1189 Shell (SSH)", RFC 6242, June 2011.
1191 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
1192 Protocol (NETCONF) Access Control Model", RFC 6536, March
1193 2012.
1195 Authors' Addresses
1197 Clyde Wildes
1198 Cisco Systems Inc.
1200 Email: cwildes@cisco.com
1202 Kiran Agrahara Sreenivasa
1203 Brocade Communications Systems
1205 Email: kkoushik@brocade.com