idnits 2.17.1 draft-ietf-netmod-syslog-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 14 longer pages, the longest (page 5) being 134 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 34 instances of too long lines in the document, the longest one being 30 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 190 has weird spacing: '...acility ide...' == Line 204 has weird spacing: '...acility ide...' == Line 218 has weird spacing: '...acility ide...' == Line 235 has weird spacing: '...acility ide...' == Line 256 has weird spacing: '...acility ide...' == (7 more instances...) -- The document date (Mar 09, 2015) is 3329 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) Summary: 4 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG Clyde Wildes 3 Internet-Draft Cisco Systems 4 Intended status: Informational Agrahara Kiran Koushik 5 Expires: Sep 09, 2015 Brocade Communication Systems 6 Mar 09, 2015 8 SYSLOG YANG model 9 draft-ietf-netmod-syslog-model-03 11 Abstract 13 This document describes a data model for Syslog 14 protocol which is used to convey event notification messages. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on Sep 05, 2015. 33 Copyright Notice 35 Copyright (c) 2015 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3 52 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 53 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3 54 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4 55 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6 56 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6 57 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10 58 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18 59 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19 60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 62 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 63 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20 64 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 67 1. Introduction 69 Operating systems, processes and applications generate messages 70 indicating their own status or the occurrence of events. These 71 messages are useful for managing and/or debugging the network and its 72 services. The BSD Syslog protocol is a widely adopted protocol that 73 is used for transmission and processing of the messages. 75 Since each process, application and operating system was 76 written somewhat independently, there is little uniformity to the 77 content of Syslog messages. For this reason, no assumption is made 78 upon the formatting or contents of the messages. The protocol is 79 simply designed to transport these event messages. No 80 acknowledgement of the receipt is made. 82 Essentially, a Syslog process receives messages (from the kernel, 83 processes, applications or other Syslog processes) and processes 84 those. The processing involves logging to a local file, displaying on 85 console, user terminal, and/or relaying to syslog processes on other 86 machines. The processing is determined by the "facility" that 87 originated the message and the "severity" assigned to the message by 88 the facility. 90 We are using definitions of Syslog protocol from [RFC3164] in this 91 draft. 93 1.1. Definitions and Acronyms 95 IP: Internet Protocol 97 IPv4: Internet Protocol version 4 99 IPv6: Internet Protocol version 6 101 UDP: User Datagram Protocol 103 VRF: Virtual Routing and Forwarding 105 2. Problem Statement 107 This document defines a YANG [RFC6020] configuration data model that 108 may be used to monitor and control one or more syslog processes running 109 on a system. YANG models can be used with network management 110 agents such as NETCONF [RFC6241] to install, manipulate, and delete 111 the configuration of network devices. 113 This module makes use of the YANG "feature" construct which allows 114 implementations to support only those Syslog features that lie 115 within their capabilities. 117 3. Design of the SYSLOG Model 119 The syslog model was designed by comparing various syslog features 120 implemented by various vendors' in different implementations. 122 This draft addresses the common leafs between all vendors and creates 123 a common model, which can be augmented with proprietary features, if 124 necessary. The base model is designed to be very simple for maximum 125 flexibility. 127 Syslog consists of message producers, a group level suppression filter, 128 and message distributors. The following digram shows syslog messages 129 flowing from a message producer, through the group level suppression 130 filter, and if passed by the group filter to message distributors where 131 further suppression filtering can take place. 133 Message Producers 134 +-------------+ +-------------+ +-------------+ +-------------+ 135 | Various | | OS | | | | Remote | 136 | Components | | Kernel | | Line Cards | | Servers | 137 +-------------+ +-------------+ +-------------+ +-------------+ 139 +-------------+ +-------------+ +-------------+ +-------------+ 140 | SNMP | | Interface | | Standby | | Syslog | 141 | Events | | Events | | Supervisor | | Itself | 142 +-------------+ +-------------+ +-------------+ +-------------+ 144 | | 145 +----------------------------------------------------------------+ 146 | 147 | 148 v 150 Group Level Suppression 151 +------------------------------+ 152 | Filter by message facility | 153 | and message severity | 154 +------------------------------+ 155 | 156 | 157 | 158 +------------+------------+------------+-----------+ 159 | | | | | 160 v v v v v 161 Message Distributors 162 +----------+ +----------+ +----------+ +----------+ +----------+ 163 | | | Log | | Log | | User | | Remote | 164 | Console | | Buffer | | File(s) | | Terminals| | Servers| 165 +----------+ +----------+ +----------+ +----------+ +----------+ 167 The leaves in the base syslog model correspond to the group level 168 suppression filter and each message distributor: 170 - console 171 - log buffer 172 - log file(s) 173 - user terminals 174 - remote server(s). 176 Optional features are used to specified fields that are not present in 177 all vendor configurations. 179 3.1. SYSLOG Module 180 module: ietf-syslog 181 +--rw syslog 182 +--rw global-logging-action {global-logging-action}? 183 | +--rw (logging-level-scope)? 184 | | +--:(logging-facility-all) 185 | | | +--rw severity? syslogtypes:severity 186 | | +--:(logging-facility-none) 187 | | | +--rw none? empty 188 | | +--:(logging-facility) 189 | | +--rw logging-facilities* [facility] 190 | | +--rw facility identityref 191 | | +--rw severity? syslogtypes:severity 192 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 193 | | +--rw select-message-severity? enumeration 194 | +--rw logging-match-processing {selector-match-processing-config}? 195 | +--rw pattern-match? string 196 +--rw console-logging-action 197 | +--rw (logging-level-scope)? 198 | | +--:(logging-facility-all) 199 | | | +--rw severity? syslogtypes:severity 200 | | +--:(logging-facility-none) 201 | | | +--rw none? empty 202 | | +--:(logging-facility) 203 | | +--rw logging-facilities* [facility] 204 | | +--rw facility identityref 205 | | +--rw severity? syslogtypes:severity 206 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 207 | | +--rw select-message-severity? enumeration 208 | +--rw logging-match-processing {selector-match-processing-config}? 209 | +--rw pattern-match? string 210 +--rw buffered-logging-action 211 | +--rw (logging-level-scope)? 212 | | +--:(logging-facility-all) 213 | | | +--rw severity? syslogtypes:severity 214 | | +--:(logging-facility-none) 215 | | | +--rw none? empty 216 | | +--:(logging-facility) 217 | | +--rw logging-facilities* [facility] 218 | | +--rw facility identityref 219 | | +--rw severity? syslogtypes:severity 220 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 221 | | +--rw select-message-severity? enumeration 222 | +--rw logging-match-processing {selector-match-processing-config}? 223 | | +--rw pattern-match? string 224 | +--rw buffer-size? uint64 225 +--rw file-logging-action 226 | +--rw logging-files* [file-name] 227 | +--rw file-name inet:uri 228 | +--rw (logging-level-scope)? 229 | | +--:(logging-facility-all) 230 | | | +--rw severity? syslogtypes:severity 231 | | +--:(logging-facility-none) 232 | | | +--rw none? empty 233 | | +--:(logging-facility) 234 | | +--rw logging-facilities* [facility] 235 | | +--rw facility identityref 236 | | +--rw severity? syslogtypes:severity 237 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 238 | | +--rw select-message-severity? enumeration 239 | +--rw logging-match-processing {selector-match-processing-config}? 240 | | +--rw pattern-match? string 241 | +--rw file-logging-structured-data? boolean {file-logging-structured-data}? 242 | +--rw file-logging-archive {file-logging-archive-config}? 243 | +--rw file-number? uint32 244 | +--rw file-size? uint64 245 | +--rw file-permission? enumeration 246 +--rw remote-logging-action 247 | +--rw remote-logging-destination* [destination] 248 | +--rw destination inet:host 249 | +--rw (logging-level-scope)? 250 | | +--:(logging-facility-all) 251 | | | +--rw severity? syslogtypes:severity 252 | | +--:(logging-facility-none) 253 | | | +--rw none? empty 254 | | +--:(logging-facility) 255 | | +--rw logging-facilities* [facility] 256 | | +--rw facility identityref 257 | | +--rw severity? syslogtypes:severity 258 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 259 | | +--rw select-message-severity? enumeration 260 | +--rw logging-match-processing {selector-match-processing-config}? 261 | | +--rw pattern-match? string 262 | +--rw remote-logging-structured-data? boolean {remote-logging-structured-data}? 263 | +--rw destination-port? inet:port-number 264 | +--rw destination-facility? identityref 265 | +--rw source-interface? if:interface-ref 266 | +--rw vrf-name? string {remote-logging-use-vrf}? 267 | +--rw syslog-sign! {signed-messages-config}? 268 | +--rw cert-initial-repeat uint16 269 | +--rw cert-resend-delay uint16 270 | +--rw cert-resend-count uint16 271 | +--rw sig-max-delay uint16 272 | +--rw sig-number-resends uint16 273 | +--rw sig-resend-delay uint16 274 | +--rw sig-resend-count uint16 275 +--rw terminal-logging-action 276 +--rw (user-scope)? 277 +--:(all-users) 278 | +--rw all-users 279 | +--rw (logging-level-scope)? 280 | | +--:(logging-facility-all) 281 | | | +--rw severity? syslogtypes:severity 282 | | +--:(logging-facility-none) 283 | | | +--rw none? empty 284 | | +--:(logging-facility) 285 | | +--rw logging-facilities* [facility] 286 | | +--rw facility identityref 287 | | +--rw severity? syslogtypes:severity 288 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 289 | | +--rw select-message-severity? enumeration 290 | +--rw logging-match-processing {selector-match-processing-config}? 291 | +--rw pattern-match? string 292 +--:(per-user) {terminal-facility-user-logging-config}? 293 +--rw user-name* [uname] 294 +--rw uname string 295 +--rw (logging-level-scope)? 296 | +--:(logging-facility-all) 297 | | +--rw severity? syslogtypes:severity 298 | +--:(logging-facility-none) 299 | | +--rw none? empty 300 | +--:(logging-facility) 301 | +--rw logging-facilities* [facility] 302 | +--rw facility identityref 303 | +--rw severity? syslogtypes:severity 304 +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}? 305 | +--rw select-message-severity? enumeration 306 +--rw logging-match-processing {selector-match-processing-config}? 307 +--rw pattern-match? string 309 4. SYSLOG YANG Models 311 4.1. SYSLOG-TYPES module 313 file "ietf-syslog-types.yang" 315 module ietf-syslog-types { 316 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 317 prefix syslogtypes; 319 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 320 Group"; 321 contact 322 "WG Web: 323 WG List: 325 WG Chair: Juergen Schoenwaelder 326 328 WG Chair: Tom Nadeau 329 331 Editor: Clyde Wildes 332 334 Editor: Agrahara Kiran Koushik 335 "; 336 description 337 "This module contains a collection of YANG type definitions for 338 SYSLOG."; 340 revision 2015-03-05 { 341 description 342 "Initial Revision"; 343 reference 344 "This model references RFC 5424 - The Syslog Protocol."; 346 } 348 typedef severity { 349 type enumeration { 350 enum "emergency" { 351 value 0; 352 description 353 "Emergency Level Msg"; 354 } 355 enum "alert" { 356 value 1; 357 description 358 "Alert Level Msg"; 359 } 360 enum "critical" { 361 value 2; 362 description 363 "Critical Level Msg"; 364 } 365 enum "error" { 366 value 3; 367 description 368 "Error Level Msg"; 369 } 370 enum "warning" { 371 value 4; 372 description 373 "Warning Level Msg"; 374 } 375 enum "notice" { 376 value 5; 377 description 378 "Notification Level Msg"; 379 } 380 enum "info" { 381 value 6; 382 description 383 "Informational Level Msg"; 384 } 385 enum "debug" { 386 value 7; 387 description 388 "Debugging Level Msg"; 389 } 390 } 391 description 392 "The definitions for Syslog message severity."; 393 } 395 identity syslog-facility { 396 description 397 "The base identity to represent syslog facilities"; 398 } 400 identity kern { 401 base syslog-facility; 402 description 403 "The facility for kernel messages as defined in RFC 5424."; 404 } 405 identity user { 406 base syslog-facility; 407 description 408 "The facility for user-level messages as defined in RFC 5424."; 409 } 411 identity mail { 412 base syslog-facility; 413 description 414 "The facility for the mail system as defined in RFC 5424."; 415 } 417 identity daemon { 418 base syslog-facility; 419 description 420 "The facility for the system daemons as defined in RFC 5424."; 421 } 423 identity auth { 424 base syslog-facility; 425 description 426 "The facility for security/authorization messages as defined 427 in RFC 5424."; 428 } 430 identity syslog { 431 base syslog-facility; 432 description 433 "The facility for messages generated internally by syslogd 434 facility as defined in RFC 5424."; 435 } 437 identity lpr { 438 base syslog-facility; 439 description 440 "The facility for the line printer subsystem as defined in 441 RFC 5424."; 442 } 444 identity news { 445 base syslog-facility; 446 description 447 "The facility for the network news subsystem as defined in 448 RFC 5424."; 449 } 451 identity uucp { 452 base syslog-facility; 453 description 454 "The facility for the UUCP subsystem as defined in RFC 5424."; 455 } 457 identity cron { 458 base syslog-facility; 459 description 460 "The facility for the clock daemon as defined in RFC 5424."; 461 } 463 identity authpriv { 464 base syslog-facility; 465 description 466 "The facility for privileged security/authorization messages 467 as defined in RFC 5424."; 468 } 470 identity ftp { 471 base syslog-facility; 472 description 473 "The facility for the FTP daemon as defined in RFC 5424."; 474 } 476 identity ntp { 477 base syslog-facility; 478 description 479 "The facility for the NTP subsystem as defined in RFC 5424."; 480 } 482 identity audit { 483 base syslog-facility; 484 description 485 "The facility for log audit messages as defined in RFC 5424."; 486 } 488 identity console { 489 base syslog-facility; 490 description 491 "The facility for log alert messages as defined in RFC 5424."; 492 } 494 identity cron2 { 495 base syslog-facility; 496 description 497 "The facility for the second clock daemon as defined in 498 RFC 5424."; 499 } 501 identity local0 { 502 base syslog-facility; 503 description 504 "The facility for local use 0 messages as defined in 505 RFC 5424."; 506 } 508 identity local1 { 509 base syslog-facility; 510 description 511 "The facility for local use 1 messages as defined in 512 RFC 5424."; 513 } 515 identity local2 { 516 base syslog-facility; 517 description 518 "The facility for local use 2 messages as defined in 519 RFC 5424."; 520 } 522 identity local3 { 523 base syslog-facility; 524 description 525 "The facility for local use 3 messages as defined in 526 RFC 5424."; 527 } 529 identity local4 { 530 base syslog-facility; 531 description 532 "The facility for local use 4 messages as defined in 533 RFC 5424."; 534 } 536 identity local5 { 537 base syslog-facility; 538 description 539 "The facility for local use 5 messages as defined in 540 RFC 5424."; 541 } 543 identity local6 { 544 base syslog-facility; 545 description 546 "The facility for local use 6 messages as defined in 547 RFC 5424."; 548 } 550 identity local7 { 551 base syslog-facility; 552 description 553 "The facility for local use 7 messages as defined in 554 RFC 5424."; 555 } 556 } 558 559 4.2. SYSLOG module 561 file "ietf-syslog.yang" 563 module ietf-syslog { 564 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 565 prefix syslog; 567 import ietf-inet-types { 568 prefix inet; 569 } 571 import ietf-interfaces { 572 prefix if; 573 } 575 import ietf-syslog-types { 576 prefix syslogtypes; 577 } 579 organization "IETF NETMOD (NETCONF Data Modeling Language) 580 Working Group"; 581 contact 582 "WG Web: 583 WG List: 585 WG Chair: David Kessens 586 588 WG Chair: Juergen Schoenwaelder 589 591 Editor: Clyde Wildes 592 594 Editor: Agrahara Kiran Koushik 595 "; 597 description 598 "This module contains a collection of YANG definitions 599 for Syslog configuration."; 601 revision 2015-03-05 { 602 description 603 "Initial Revision"; 604 reference 605 "This model references RFC 5424 - The Syslog Protocol, 606 and RFC 5848 - Signed Syslog Messages."; 607 } 609 feature global-logging-action { 610 description 611 "This feature represents the ability to suppress log 612 messages on the global level."; 613 } 614 feature file-logging-structured-data { 615 description 616 "This feature represents the ability to log messages 617 to a file in structured-data format as per RFC 5424."; 618 } 620 feature remote-logging-structured-data { 621 description 622 "This feature represents the ability to deliver log 623 messages to a remote server in structured-data format 624 as per RFC 5424."; 625 } 627 feature file-logging-archive-config { 628 description 629 "This feature represents the ability to archive log files."; 630 } 632 feature remote-logging-use-vrf { 633 description 634 "This feature allows remote logging of messages to a 635 particular VRF."; 636 } 638 feature terminal-facility-user-logging-config { 639 description 640 "This feature represents the ability to adjust 641 log message settings for individual terminal users."; 642 } 644 feature selector-advanced-level-processing-config { 645 description 646 "This feature represents the ability to select messages 647 using the additional operators equal to, or not equal to 648 when comparing the Syslog message severity."; 649 } 651 feature selector-match-processing-config { 652 description 653 "This feature represents the ability to select messages based 654 on a Posix 1003.2 regular expression pattern match."; 655 } 657 feature signed-messages-config { 658 description 659 "This feature represents the ability to configure signed 660 syslog messages according to RFC 5848."; 661 } 663 grouping syslog-severity { 664 description 665 "This grouping defines the Syslog severity which is used to 666 filter log messages."; 667 leaf severity { 668 type syslogtypes:severity; 669 description 670 "This leaf specifies the Syslog message severity. 671 No value implies all severities."; 672 } 673 } 674 grouping syslog-selector { 675 description 676 "This grouping defines a Syslog selector which is used to 677 filter log messages for the given action in which the 678 selector appears. Choose one of the following: 679 logging-facility-all 680 logging-facility-none 681 logging-facility [ ...] 682 Additional severity comparison operations are available 683 using the logging-advanced-level-processing container. If 684 the logging-advanced-level-processing container is not 685 present all messages of the specified severity and higher 686 are logged according to the given action."; 687 choice logging-level-scope { 688 default logging-facility-all; 689 description 690 "This choice describes the option to specify all 691 facilities, no facilities, or a specific facility."; 692 case logging-facility-all { 693 description 694 "This case specifies all facilities will match when 695 comparing the Syslog message facility."; 696 uses syslog-severity; 697 } 698 case logging-facility-none { 699 description 700 "This case specifies no facilities will match when 701 comparing the Syslog message facility. This is a method 702 that can be used to turn an action off."; 703 leaf none { 704 type empty; 705 description 706 "This leaf specifies that no facilities participate in the 707 filtering of Syslog messages for this action."; 708 } 709 } 710 case logging-facility { 711 description 712 "This case specifies one or more specified facilities 713 will match when comparing the Syslog message facility."; 714 list logging-facilities { 715 key "facility"; 716 description 717 "This list describes a collection of Syslog facilities 718 and severities."; 719 leaf facility { 720 type identityref { 721 base syslogtypes:syslog-facility; 722 } 723 description 724 "The leaf uniquely identifies a Syslog facility."; 725 } 726 uses syslog-severity; 727 } 728 } 729 } 730 container logging-advanced-level-processing { 731 if-feature selector-advanced-level-processing-config; 732 description 733 "This container describes the configuration parameters for 734 advanced Syslog selector severity comparison."; 735 leaf select-message-severity { 736 type enumeration { 737 enum equals-or-higher { 738 description 739 "All messages of the specified severity and higher are 740 logged according to the given action"; 741 } 742 enum equals { 743 description 744 "This leaf specifies all messages for the specified 745 severity."; 746 } 747 enum not-equals { 748 description 749 "This leaf specifies all messages that are not for the 750 specified severity."; 751 } 752 } 753 default equals-or-higher; 754 description 755 "This leaf describes the option to specify how the 756 severity comparison is performed."; 757 } 758 } 759 container logging-match-processing { 760 if-feature selector-match-processing-config; 761 description 762 "This container describes the configuration parameters for 763 matching Syslog messages using a regular expression pattern 764 match."; 765 leaf pattern-match { 766 type string; 767 description 768 "This leaf desribes a Posix 1003.2 regular expression 769 string that can be used to select a Syslog message for 770 logging. The match is performed on the RFC 5424 771 SYSLOG-MSG field."; 772 } 773 } 774 } 776 container syslog { 777 description 778 "This container describes the configuration parameters for 779 Syslog."; 780 container global-logging-action { 781 if-feature global-logging-action; 782 description 783 "This container describes the configuration parameters for 784 global logging. Global logging represents the ability to 785 perform global log message suppression."; 786 uses syslog-selector; 787 } 788 container console-logging-action { 789 description 790 "This container describes the configuration parameters for 791 console logging."; 792 uses syslog-selector; 793 } 794 container buffered-logging-action { 795 description 796 "This container describes the configuration parameters for 797 local memory buffer logging."; 798 uses syslog-selector; 799 leaf buffer-size { 800 type uint64; 801 description 802 "This leaf describes the amount of memory that will be 803 dedicated to local memory buffer logging. The default 804 value varies by implementation."; 805 } 806 } 807 container file-logging-action { 808 description 809 "This container describes the configuration parameters for 810 file logging."; 811 list logging-files { 812 key "file-name"; 813 description 814 "This list describes a collection of local logging 815 files."; 816 leaf file-name { 817 type inet:uri; 818 description 819 "This leaf specifies the name of the log file."; 820 } 821 uses syslog-selector; 822 leaf file-logging-structured-data { 823 if-feature file-logging-structured-data; 824 type boolean; 825 default false; 826 description 827 "This leaf describes how log messages are written to the 828 log file. If true, messages will be written in 829 structured-data format; if false, messages will be 830 written in standard message format."; 831 } 832 container file-logging-archive { 833 if-feature file-logging-archive-config; 834 description 835 "This container describes the configuration parameters 836 for log file archiving."; 837 leaf file-number { 838 type uint32; 839 default 1; 840 description 841 "This leaf specifies the maximum number of log files 842 retained."; 843 } 844 leaf file-size { 845 type uint64; 846 default 262144; 847 description 848 "This leaf specifies the maximum log file size."; 849 } 850 leaf file-permission { 851 type enumeration { 852 enum world-readable { 853 value 1; 854 description 855 "This enum specifies that the log files 856 are readable by world."; 857 } 858 enum no-world-readable { 859 value 2; 860 description 861 "This enum specifies that the log files 862 are not readable by world."; 863 } 864 } 865 default no-world-readable; 866 description 867 "This leaf describes who can read log files"; 868 } 869 } 870 } 871 } 872 container remote-logging-action { 873 description 874 "This container describes the configuration parameters for 875 remote logging."; 876 list remote-logging-destination { 877 key "destination"; 878 description 879 "This list describes a collection of remote logging 880 destinations."; 881 leaf destination { 882 type inet:host; 883 description 884 "The leaf uniquely specifies the address of the 885 remote host. One of the following must be specified: 886 an ipv4 address, an ipv6 address, or a host name."; 887 } 888 uses syslog-selector; 889 leaf remote-logging-structured-data { 890 if-feature remote-logging-structured-data; 891 type boolean; 892 default false; 893 description 894 "This leaf describes how log messages are sent to the 895 remote server. If true, messages will be sent in 896 structured-data format; if false, messages will be 897 sent in standard message format."; 898 } 899 leaf destination-port { 900 type inet:port-number; 901 default 514; 902 description 903 "This leaf specifies the port number used to deliver 904 messages to the remote server."; 905 } 906 leaf destination-facility { 907 type identityref { 908 base syslogtypes:syslog-facility; 909 } 910 default syslogtypes:local7; 911 description 912 "This leaf specifies the facility used in messages 913 delivered to the remote server."; 914 } 915 leaf source-interface { 916 type if:interface-ref; 917 description 918 "This leaf sets the source interface for the remote 919 Syslog server. Either the interface name or the 920 interface IP address can be specified. If not set, 921 messages sent to a remote syslog server will contain 922 the IP address of the interface the syslog message 923 uses to exit the network element"; 924 } 925 leaf vrf-name { 926 if-feature remote-logging-use-vrf; 927 type string; 928 description 929 "This leaf specifies the name of the virtual routing 930 facility (VRF) that connects to the syslog server 931 host. If not set, the default VRF will be used."; 932 } 933 container syslog-sign { 934 if-feature signed-messages-config; 935 presence 936 "If present, syslog-sign is activated."; 937 description 938 "This container describes the configuration parameters 939 for signed syslog messages as described by RFC 5848."; 940 leaf cert-initial-repeat { 941 type uint16; 942 mandatory true; 943 description 944 "This leaf specifies the number of times each 945 Certificate Block should be sent before the first 946 message is sent."; 947 } 948 leaf cert-resend-delay { 949 type uint16; 950 mandatory true; 951 description 952 "This leaf specifies the maximum time delay in seconds 953 until resending the Certificate Block."; 954 } 955 leaf cert-resend-count { 956 type uint16; 957 mandatory true; 958 description 959 "This leaf specifies the maximum number of other 960 syslog messages to send until resending the 961 Certificate Block."; 962 } 963 leaf sig-max-delay { 964 type uint16; 965 mandatory true; 966 description 967 "This leaf specifies when to generate a new Signature 968 Block. If this many seconds have elapsed since the 969 message with the first message number of the 970 Signature Block was sent, a new Signature Block 971 should be generated."; 972 } 973 leaf sig-number-resends { 974 type uint16; 975 mandatory true; 976 description 977 "This leaf specifies the number of times a Signature 978 Block is resent. (It is recommended to select a value 979 of greater than 0 in particular when the UDP 980 transport [RFC5426] is used.)."; 981 } 982 leaf sig-resend-delay { 983 type uint16; 984 mandatory true; 985 description 986 "This leaf specifies when to send the next Signature 987 Block transmission based on time. If this many 988 seconds have elapsed since the previous sending of 989 this Signature Block, resend it."; 990 } 991 leaf sig-resend-count { 992 type uint16; 993 mandatory true; 994 description 995 "This leaf specifies when to send the next Signature 996 Block transmission based on a count. If this many 997 other syslog messages have been sent since the 998 previous sending of this Signature Block, resend it."; 999 } 1000 } 1001 } 1002 } 1003 container terminal-logging-action { 1004 description 1005 "This container describes the configuration parameters for 1006 the terminal logging configuration."; 1007 choice user-scope { 1008 default all-users; 1009 description 1010 "This choice describes the option to specify all users 1011 or a specific user. The all users case implies that 1012 messages will be sent to all terminals"; 1013 case all-users { 1014 description 1015 "This case specifies all users."; 1016 container all-users { 1017 description 1018 "This container describes the configuration parameters 1019 for all users."; 1020 uses syslog-selector; 1021 } 1022 } 1023 case per-user { 1024 if-feature terminal-facility-user-logging-config; 1025 description 1026 "This case specifies a specific user."; 1027 list user-name { 1028 key "uname"; 1029 description 1030 "This list describes a collection of user names."; 1032 leaf uname { 1033 type string; 1034 description 1035 "This leaf uniquely describes a user name which is 1036 the login name of the user whose terminal session 1037 is to receive log messages."; 1038 } 1039 uses syslog-selector; 1040 } 1041 } 1042 } 1043 } 1044 } 1045 } 1047 1049 4.3. A SYSLOG Example 1051 Requirement: 1052 Enable global logging of two facilities: 1053 kern - severity critical(1) 1054 auth - severity error(3) 1056 Enable console logging of syslogs of severity 1057 critical(1) 1059 Here is the example syslog configuration xml: 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 syslogtypes:kernsyslogtypes:critical 1070 1071 1072 syslogtypes:authsyslogtypes:error 1073 1074 1075 1076 syslogtypes:critical 1077 1078 1079 1080 1081 1083 1084 1085 1086 1088 5. Implementation Status 1090 [Note to RFC Editor: Please remove this section before publication.] 1092 This section records the status of known implementations of the Syslog 1093 YANG model at the time of posting of this Internet-Draft. 1095 Cisco Systems, Inc. has implemented the proposed IETF Syslog model 1096 for the Nexus 7000 NXOS OS as a prototype, together with an 1097 augmentation model for operating system specific Syslog configuration 1098 features. 1100 Five leaves were implemented in the base IETF model and three leaves 1101 were implemented in the Cisco specific augmentation model as follows: 1103 Leaf XPATH Sample NXOS CLI Command(s) 1105 syslog:global-logging-action logging level cron 2 1106 syslog:console-logging-action logging console 1 1107 syslog:file-logging-action logging logfile mylog.log 2 4096 1108 syslog:terminal-logging-action logging monitor 2 1109 syslog:remote-logging-action *logging server server.cisco.com 2 1110 facility user 1111 use-vrf management 1112 *logging source-interface loopback 0 1113 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds 1114 cisco-syslog:origin-id-cfg logging origin-id string abcdef 1115 cisco-syslog:module-logging logging module 1 1117 *The "logging server" and "logging source-interface" commands were 1118 combined into one base model leaf. 1120 The description of implementations in this section is intended to assist 1121 the IETF in its decision processes in progressing drafts to RFCs. 1123 6. Security Considerations 1125 The YANG module defined in this memo is designed to be accessed via 1126 the NETCONF protocol [RFC6241] [RFC6241]. The lowest NETCONF layer 1127 is the secure transport layer and the mandatory-to-implement secure 1128 transport is SSH [RFC6242] [RFC6242]. The NETCONF access control 1129 model [RFC6536] [RFC6536] provides the means to restrict access for 1130 particular NETCONF users to a pre-configured subset of all available 1131 NETCONF protocol operations and content. 1133 There are a number of data nodes defined in the YANG module which are 1134 writable/creatable/deletable (i.e., config true, which is the 1135 default). These data nodes may be considered sensitive or vulnerable 1136 in some network environments. Write operations (e.g., ) 1137 to these data nodes without proper protection can have a negative 1138 effect on network operations. 1140 TBD: List specific Subtrees and data nodes and their sensitivity/ 1141 vulnerability. 1143 7. IANA Considerations 1145 This document registers a URI in the IETF XML registry [RFC3688] 1146 [RFC3688]. Following the format in RFC 3688, the following 1147 registration is requested to be made: 1149 URI: urn:ietf:params:xml:ns:yang:syslog 1151 Registrant Contact: The IESG. 1153 XML: N/A, the requested URI is an XML namespace. 1155 This document registers a YANG module in the YANG Module Names 1156 registry [RFC6020]. 1158 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog 1159 prefix: syslog reference: RFC XXXX 1161 8. Acknowledgements 1163 The authors wish to thank the following who commented on version 00 of this proposal: 1165 Jim Gibson 1166 Jeffrey Haas 1167 John Heasley 1168 Giles Heron 1169 Lisa Huang 1170 Jeffrey K Lange 1171 Chris Lonvick 1172 Juergen Schoenwaelder 1173 Peter Van Horne 1174 Bert Wijnen 1175 Aleksandr Zhdankin 1177 9. Change log [RFC Editor: Please remove] 1179 10. References 1181 [RFC3164] Lonvick, C., "The BSD syslog Protocol", BCP 81, RFC 3164, 1182 August 2001. 1184 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1185 March 2204. 1187 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1188 Network Configuration Protocol (NETCONF)", RFC 6020, 1189 October 2010. 1191 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 1192 Bierman, "Network Configuration Protocol (NETCONF)", RFC 1193 6241, June 2011. 1195 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1196 Shell (SSH)", RFC 6242, June 2011. 1198 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1199 Protocol (NETCONF) Access Control Model", RFC 6536, March 1200 2012. 1202 Authors' Addresses 1204 Clyde Wildes 1205 Cisco Systems Inc. 1207 Email: cwildes@cisco.com 1209 Kiran Agrahara Sreenivasa 1210 Brocade Communications Systems 1212 Email: kkoushik@brocade.com