idnits 2.17.1 draft-ietf-netmod-syslog-model-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 14 longer pages, the longest (page 18) being 115 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 27 instances of too long lines in the document, the longest one being 36 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 821: '... MUST use the uri scheme...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 243 has weird spacing: '...-repeat uin...' == Line 1171 has weird spacing: '...erminal log...' == Line 1175 has weird spacing: '...-config loggi...' == Line 1176 has weird spacing: '...-id-cfg loggi...' -- The document date (Oct 16, 2015) is 3112 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424) ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) Summary: 5 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NETMOD WG Clyde Wildes 2 Internet-Draft Kiran Koushik 3 Intended status: Informational Cisco Systems Inc. 4 Expires: Apr 16, 2016 Oct 16, 2015 6 SYSLOG YANG model 7 draft-ietf-netmod-syslog-model-05 9 Abstract 11 This document describes a data model for Syslog 12 protocol which is used to convey event notification messages. 14 Status of This Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on Jan 06, 2016. 31 Copyright Notice 33 Copyright (c) 2015 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with respect 41 to this document. Code Components extracted from this document must 42 include Simplified BSD License text as described in Section 4.e of 43 the Trust Legal Provisions and are provided without warranty as 44 described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3 50 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 51 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3 52 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4 53 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6 54 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6 55 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10 56 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18 57 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19 58 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 60 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 61 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20 62 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 65 1. Introduction 67 Operating systems, processes and applications generate messages 68 indicating their own status or the occurrence of events. These 69 messages are useful for managing and/or debugging the network and its 70 services. The BSD Syslog protocol is a widely adopted protocol that 71 is used for transmission and processing of the messages. 73 Since each process, application and operating system was 74 written somewhat independently, there is little uniformity to the 75 content of Syslog messages. For this reason, no assumption is made 76 upon the formatting or contents of the messages. The protocol is 77 simply designed to transport these event messages. No 78 acknowledgement of the receipt is made. 80 Essentially, a Syslog process receives messages (from the kernel, 81 processes, applications or other Syslog processes) and processes 82 those. The processing involves logging to a local file, displaying on 83 console, user terminal, and/or relaying to syslog processes on other 84 machines. The processing is determined by the "facility" that 85 originated the message and the "severity" assigned to the message by 86 the facility. 88 We are using definitions of Syslog protocol from [RFC3164] in this 89 draft. 91 1.1. Definitions and Acronyms 93 IP: Internet Protocol 95 IPv4: Internet Protocol version 4 97 IPv6: Internet Protocol version 6 99 UDP: User Datagram Protocol 101 VRF: Virtual Routing and Forwarding 103 2. Problem Statement 105 This document defines a YANG [RFC6020] configuration data model that 106 may be used to monitor and control one or more syslog processes running 107 on a system. YANG models can be used with network management 108 agents such as NETCONF [RFC6241] to install, manipulate, and delete 109 the configuration of network devices. 111 This module makes use of the YANG "feature" construct which allows 112 implementations to support only those Syslog features that lie 113 within their capabilities. 115 3. Design of the SYSLOG Model 117 The syslog model was designed by comparing various syslog features 118 implemented by various vendors' in different implementations. 120 This draft addresses the common leafs between all vendors and creates 121 a common model, which can be augmented with proprietary features, if 122 necessary. The base model is designed to be very simple for maximum 123 flexibility. 125 Syslog consists of message producers, a group level suppression filter, 126 and message distributors. The following digram shows syslog messages 127 flowing from a message producer, through the group level suppression 128 filter, and if passed by the group filter to message distributors where 129 further suppression filtering can take place. 131 Message Producers 132 +-------------+ +-------------+ +-------------+ +-------------+ 133 | Various | | OS | | | | Remote | 134 | Components | | Kernel | | Line Cards | | Servers | 135 +-------------+ +-------------+ +-------------+ +-------------+ 137 +-------------+ +-------------+ +-------------+ +-------------+ 138 | SNMP | | Interface | | Standby | | Syslog | 139 | Events | | Events | | Supervisor | | Itself | 140 +-------------+ +-------------+ +-------------+ +-------------+ 142 | | 143 +----------------------------------------------------------------+ 144 | 145 | 146 | 147 | 148 +------------+------------+------------+-----------+ 149 | | | | | 150 v v v v v 151 Message Distributors 152 +----------+ +----------+ +----------+ +----------+ +----------+ 153 | | | Log | | Log | | User | | Remote | 154 | Console | | Buffer | | File(s) | | Terminals| | Servers| 155 +----------+ +----------+ +----------+ +----------+ +----------+ 157 The leaves in the base syslog model correspond to the group level 158 suppression filter and each message distributor: 160 - console 161 - log buffer 162 - log file(s) 163 - user terminals 164 - remote server(s). 166 Optional features are used to specified fields that are not present in 167 all vendor configurations. 169 3.1. SYSLOG Module 170 module: ietf-syslog 171 +--rw syslog 172 +--rw log-actions 173 +--rw console! 174 | +--rw log-selector 175 | +--rw (selector-facility) 176 | | +--:(no-log-facility) 177 | | | +--rw no-facilities? empty 178 | | +--:(log-facility) 179 | | +--rw log-facility* [facility] 180 | | +--rw facility union 181 | | +--rw severity union 182 | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 183 | +--rw pattern-match? string {selector-match-processing-config}? 184 +--rw buffer 185 | +--rw log-buffer* [name] 186 | +--rw name string 187 | +--rw log-selector 188 | | +--rw (selector-facility) 189 | | | +--:(no-log-facility) 190 | | | | +--rw no-facilities? empty 191 | | | +--:(log-facility) 192 | | | +--rw log-facility* [facility] 193 | | | +--rw facility union 194 | | | +--rw severity union 195 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 196 | | +--rw pattern-match? string {selector-match-processing-config}? 197 | +--rw buffer-size-bytes? uint64 {buffer-limit-bytes}? 198 | +--rw buffer-size-messages? uint64 {buffer-limit-messages}? 199 +--rw file 200 | +--rw log-file* [name] 201 | +--rw name inet:uri 202 | +--rw log-selector 203 | | +--rw (selector-facility) 204 | | | +--:(no-log-facility) 205 | | | | +--rw no-facilities? empty 206 | | | +--:(log-facility) 207 | | | +--rw log-facility* [facility] 208 | | | +--rw facility union 209 | | | +--rw severity union 210 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 211 | | +--rw pattern-match? string {selector-match-processing-config}? 212 | +--rw structured-data? boolean {structured-data-config}? 213 | +--rw file-archive 214 | +--rw number-of-files? uint32 {file-limit-size}? 215 | +--rw max-file-size? uint64 {file-limit-size}? 216 | +--rw rollover? uint32 {file-limit-duration}? 217 | +--rw retention? uint16 {file-limit-duration}? 218 +--rw remote 219 | +--rw destination* [name] 220 | +--rw name string 221 | +--rw (transport) 222 | | +--:(tcp) 223 | | | +--rw tcp 224 | | | +--rw address? inet:host 225 | | | +--rw port? inet:port-number 226 | | +--:(udp) 227 | | +--rw udp 228 | | +--rw address? inet:host 229 | | +--rw port? inet:port-number 230 | +--rw log-selector 231 | | +--rw (selector-facility) 232 | | | +--:(no-log-facility) 233 | | | | +--rw no-facilities? empty 234 | | | +--:(log-facility) 235 | | | +--rw log-facility* [facility] 236 | | | +--rw facility union 237 | | | +--rw severity union 238 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 239 | | +--rw pattern-match? string {selector-match-processing-config}? 240 | +--rw destination-facility? identityref 241 | +--rw source-interface? if:interface-ref 242 | +--rw syslog-sign! {signed-messages-config}? 243 | +--rw cert-initial-repeat uint16 244 | +--rw cert-resend-delay uint16 245 | +--rw cert-resend-count uint16 246 | +--rw sig-max-delay uint16 247 | +--rw sig-number-resends uint16 248 | +--rw sig-resend-delay uint16 249 | +--rw sig-resend-count uint16 250 +--rw terminal 251 +--rw (user-scope) 252 +--:(all-users) 253 | +--rw all-users 254 | +--rw log-selector 255 | +--rw (selector-facility) 256 | | +--:(no-log-facility) 257 | | | +--rw no-facilities? empty 258 | | +--:(log-facility) 259 | | +--rw log-facility* [facility] 260 | | +--rw facility union 261 | | +--rw severity union 262 | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 263 | +--rw pattern-match? string {selector-match-processing-config}? 264 +--:(per-user) {terminal-facility-user-logging-config}? 265 +--rw user-name* [uname] 266 +--rw uname string 267 +--rw log-selector 268 +--rw (selector-facility) 269 | +--:(no-log-facility) 270 | | +--rw no-facilities? empty 271 | +--:(log-facility) 272 | +--rw log-facility* [facility] 273 | +--rw facility union 274 | +--rw severity union 275 | +--rw severity-operator? enumeration {selector-severity-operator-config}? 276 +--rw pattern-match? string {selector-match-processing-config}? 278 4. SYSLOG YANG Models 280 4.1. SYSLOG-TYPES module 282 file "ietf-syslog-types.yang" 283 module ietf-syslog-types { 284 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 285 prefix syslogtypes; 287 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 288 Group"; 289 contact 290 "WG Web: 291 WG List: 293 WG Chair: Tom Nadeau 294 296 WG Chair: Kent Watson 297 299 Editor: Ladislav Lhotka 300 "; 301 description 302 "This module contains a collection of YANG type definitions for 303 SYSLOG."; 305 revision 2015-10-14 { 306 description 307 "Initial Revision"; 308 reference 309 "This model references RFC 5424 - The Syslog Protocol, 310 and RFC 5848 - Signed Syslog Messages."; 311 } 313 typedef severity { 314 type enumeration { 315 enum "emergency" { 316 value 0; 317 description 318 "Emergency Level Msg"; 319 } 320 enum "alert" { 321 value 1; 322 description 323 "Alert Level Msg"; 324 } 325 enum "critical" { 326 value 2; 327 description 328 "Critical Level Msg"; 329 } 330 enum "error" { 331 value 3; 332 description 333 "Error Level Msg"; 334 } 335 enum "warning" { 336 value 4; 337 description 338 "Warning Level Msg"; 339 } 340 enum "notice" { 341 value 5; 342 description 343 "Notification Level Msg"; 344 } 345 enum "info" { 346 value 6; 347 description 348 "Informational Level Msg"; 349 } 350 enum "debug" { 351 value 7; 352 description 353 "Debugging Level Msg"; 354 } 355 } 356 description 357 "The definitions for Syslog message severity as per RFC 5424."; 358 } 360 identity syslog-facility { 361 description 362 "The base identity to represent syslog facilities"; 363 } 365 identity kern { 366 base syslog-facility; 367 description 368 "The facility for kernel messages as defined in RFC 5424."; 369 } 371 identity user { 372 base syslog-facility; 373 description 374 "The facility for user-level messages as defined in RFC 5424."; 375 } 377 identity mail { 378 base syslog-facility; 379 description 380 "The facility for the mail system as defined in RFC 5424."; 381 } 383 identity daemon { 384 base syslog-facility; 385 description 386 "The facility for the system daemons as defined in RFC 5424."; 387 } 389 identity auth { 390 base syslog-facility; 391 description 392 "The facility for security/authorization messages as defined 393 in RFC 5424."; 394 } 395 identity syslog { 396 base syslog-facility; 397 description 398 "The facility for messages generated internally by syslogd 399 facility as defined in RFC 5424."; 400 } 402 identity lpr { 403 base syslog-facility; 404 description 405 "The facility for the line printer subsystem as defined in 406 RFC 5424."; 407 } 409 identity news { 410 base syslog-facility; 411 description 412 "The facility for the network news subsystem as defined in 413 RFC 5424."; 414 } 416 identity uucp { 417 base syslog-facility; 418 description 419 "The facility for the UUCP subsystem as defined in RFC 5424."; 420 } 422 identity cron { 423 base syslog-facility; 424 description 425 "The facility for the clock daemon as defined in RFC 5424."; 426 } 428 identity authpriv { 429 base syslog-facility; 430 description 431 "The facility for privileged security/authorization messages 432 as defined in RFC 5424."; 433 } 435 identity ftp { 436 base syslog-facility; 437 description 438 "The facility for the FTP daemon as defined in RFC 5424."; 439 } 441 identity ntp { 442 base syslog-facility; 443 description 444 "The facility for the NTP subsystem as defined in RFC 5424."; 445 } 447 identity audit { 448 base syslog-facility; 449 description 450 "The facility for log audit messages as defined in RFC 5424."; 451 } 452 identity console { 453 base syslog-facility; 454 description 455 "The facility for log alert messages as defined in RFC 5424."; 456 } 458 identity cron2 { 459 base syslog-facility; 460 description 461 "The facility for the second clock daemon as defined in 462 RFC 5424."; 463 } 465 identity local0 { 466 base syslog-facility; 467 description 468 "The facility for local use 0 messages as defined in 469 RFC 5424."; 470 } 472 identity local1 { 473 base syslog-facility; 474 description 475 "The facility for local use 1 messages as defined in 476 RFC 5424."; 477 } 479 identity local2 { 480 base syslog-facility; 481 description 482 "The facility for local use 2 messages as defined in 483 RFC 5424."; 484 } 486 identity local3 { 487 base syslog-facility; 488 description 489 "The facility for local use 3 messages as defined in 490 RFC 5424."; 491 } 493 identity local4 { 494 base syslog-facility; 495 description 496 "The facility for local use 4 messages as defined in 497 RFC 5424."; 498 } 500 identity local5 { 501 base syslog-facility; 502 description 503 "The facility for local use 5 messages as defined in 504 RFC 5424."; 505 } 507 identity local6 { 508 base syslog-facility; 509 description 510 "The facility for local use 6 messages as defined in 511 RFC 5424."; 512 } 514 identity local7 { 515 base syslog-facility; 516 description 517 "The facility for local use 7 messages as defined in 518 RFC 5424."; 519 } 520 } 522 523 4.2. SYSLOG module 525 file "ietf-syslog.yang" 526 module ietf-syslog { 527 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 528 prefix syslog; 530 import ietf-inet-types { 531 prefix inet; 532 } 534 import ietf-interfaces { 535 prefix if; 536 } 538 import ietf-syslog-types { 539 prefix syslogtypes; 540 } 542 organization "IETF NETMOD (NETCONF Data Modeling Language) 543 Working Group"; 544 contact 545 "WG Web: 546 WG List: 548 WG Chair: Tom Nadeau 549 551 WG Chair: Kent Watson 552 554 Editor: Ladislav Lhotka 555 "; 556 description 557 "This module contains a collection of YANG definitions 558 for Syslog configuration."; 560 revision 2015-10-14 { 561 description 562 "Initial Revision"; 563 reference 564 "RFC 5424: The Syslog Protocol 565 RFC 5848: Signed Syslog Messages"; 566 } 568 feature buffer-limit-bytes { 569 description 570 "This feature indicates that local memory logging buffers 571 are limited in size using a limit expressed in bytes."; 572 } 574 feature buffer-limit-messages { 575 description 576 "This feature indicates that local memory logging buffers 577 are limited in size using a limit expressed in number 578 of messages."; 579 } 581 feature structured-data-config { 582 description 583 "This feature represents the ability to log messages 584 in structured-data format as per RFC 5424."; 585 } 586 feature file-limit-size { 587 description 588 "This feature indicates that file logging resources 589 are managed using size and number limits."; 590 } 592 feature file-limit-duration { 593 description 594 "This feature indicates that file logging resources 595 are managed using time based limits."; 596 } 598 feature terminal-facility-user-logging-config { 599 description 600 "This feature represents the ability to adjust 601 log message settings for individual terminal users."; 602 } 604 feature selector-severity-operator-config { 605 description 606 "This feature represents the ability to select messages 607 using the additional operators equal to, or not equal to 608 when comparing the Syslog message severity."; 609 } 611 feature selector-match-processing-config { 612 description 613 "This feature represents the ability to select messages based 614 on a Posix 1003.2 regular expression pattern match."; 615 } 617 feature signed-messages-config { 618 description 619 "This feature represents the ability to configure signed 620 syslog messages according to RFC 5848."; 621 } 623 grouping syslog-severity { 624 description 625 "This grouping defines the Syslog severity which is used to 626 select log messages."; 627 leaf severity { 628 type union { 629 type syslogtypes:severity; 630 type enumeration { 631 enum all { 632 value -1; 633 description 634 "This enum describes the case where all severities 635 are requested."; 636 } 637 enum none { 638 value -2; 639 description 640 "This enum describes the case where no severities 641 are requested."; 642 } 643 } 644 } 645 mandatory true; 646 description 647 "This leaf specifies the Syslog message severity. When 648 severity is specified, the default severity comparison 649 is all messages of the specified severity and greater are 650 logged. 'all' is a special case which means all severities 651 are requested. 'none' is a special case which means that 652 no severity selection should occur."; 653 } 654 leaf severity-operator { 655 if-feature selector-severity-operator-config; 656 type enumeration { 657 enum equals-or-higher { 658 description 659 "This enum specifies all messages of the specified 660 severity and higher are logged according to the 661 given log-action"; 662 } 663 enum equals { 664 description 665 "This enum specifies all messages that are for 666 the specified severity are logged according to the 667 given log-action"; 668 } 669 enum not-equals { 670 description 671 "This enum specifies all messages that are not for 672 the specified severity are logged according to the 673 given log-action"; 674 } 675 } 676 default equals-or-higher; 677 description 678 "This leaf describes the option to specify how the 679 severity comparison is performed."; 680 } 681 } 683 grouping syslog-selector { 684 description 685 "This grouping defines a Syslog selector which is used to 686 select log messages for the log-action (buffer, file, 687 etc). Choose one of the following: 688 no-log-facility 689 log-facility [ ...]"; 690 container log-selector { 691 description 692 "This container describes the log selector parameters 693 for Syslog."; 694 choice selector-facility { 695 mandatory true; 696 description 697 "This choice describes the option to specify no 698 facilities, or a specific facility which can be 699 all for all facilities."; 700 case no-log-facility { 701 description 702 "This case specifies no facilities will match when 703 comparing the Syslog message facility. This is a 704 method that can be used to effectively disable a 705 particular log-action (buffer, file, etc)."; 706 leaf no-facilities { 707 type empty; 708 description 709 "This leaf specifies that no facilities are selected 710 for this log-action."; 711 } 712 } 713 case log-facility { 714 description 715 "This case specifies one or more specified facilities 716 will match when comparing the Syslog message facility."; 717 list log-facility { 718 key facility; 719 description 720 "This list describes a collection of Syslog 721 facilities and severities."; 722 leaf facility { 723 type union { 724 type identityref { 725 base syslogtypes:syslog-facility; 726 } 727 type enumeration { 728 enum all { 729 description 730 "This enum describes the case where all 731 facilities are requested."; 732 } 733 } 734 } 735 description 736 "The leaf uniquely identifies a Syslog facility."; 737 } 738 uses syslog-severity; 739 } 740 } 741 } 742 leaf pattern-match { 743 if-feature selector-match-processing-config; 744 type string; 745 description 746 "This leaf desribes a Posix 1003.2 regular expression 747 string that can be used to select a Syslog message for 748 logging. The match is performed on the RFC 5424 749 SYSLOG-MSG field."; 750 } 751 } 752 } 754 container syslog { 755 description 756 "This container describes the configuration parameters for 757 Syslog."; 758 container log-actions { 759 description 760 "This container describes the log-action parameters 761 for Syslog."; 762 container console { 763 presence "Enables logging console configuration"; 764 description 765 "This container describes the configuration parameters for 766 console logging."; 767 uses syslog-selector; 768 } 769 container buffer { 770 description 771 "This container describes the configuration parameters for 772 local memory buffer logging. The buffer is circular in 773 nature, so newer messages overwrite older messages after 774 the buffer is filled."; 775 list log-buffer { 776 key name; 777 description 778 "This list describes a collection of local logging 779 memory buffers."; 780 leaf name { 781 type string; 782 description 783 "This leaf specifies the name of the log buffer."; 784 } 785 uses syslog-selector; 786 leaf buffer-size-bytes { 787 if-feature buffer-limit-bytes; 788 type uint64; 789 units "bytes"; 790 description 791 "This leaf configures the amount of memory 792 (in bytes) that will be dedicated to the local 793 memory logging buffer. The default value varies 794 by implementation."; 795 } 796 leaf buffer-size-messages { 797 if-feature buffer-limit-messages; 798 type uint64; 799 units "log messages"; 800 description 801 "This leaf configures the amount number of log 802 messages that can be stored in the local memory 803 logging buffer. The default value varies by 804 implementation."; 805 } 806 } 807 } 808 container file { 809 description 810 "This container describes the configuration parameters for 811 file logging."; 812 list log-file { 813 key "name"; 814 description 815 "This list describes a collection of local logging 816 files."; 817 leaf name { 818 type inet:uri; 819 description 820 "This leaf specifies the name of the log file which 821 MUST use the uri scheme file:."; 822 } 823 uses syslog-selector; 824 leaf structured-data { 825 if-feature structured-data-config; 826 type boolean; 827 default false; 828 description 829 "This leaf describes how log messages are written to 830 the log file. If true, messages will be written 831 with one or more STRUCTURED-DATA elements as per 832 RFC5424; if false, messages will be written with 833 STRUCTURED-DATA = NILVALUE."; 834 } 835 container file-archive { 836 description 837 "This container describes the configuration 838 parameters for log file archiving."; 839 leaf number-of-files { 840 if-feature file-limit-size; 841 type uint32; 842 description 843 "This leaf specifies the maximum number of log 844 files retained. Specify 1 for implementations 845 that only support one log file."; 846 } 847 leaf max-file-size { 848 if-feature file-limit-size; 849 type uint64; 850 units "megabytes"; 851 description 852 "This leaf specifies the maximum log file size."; 853 } 854 leaf rollover { 855 if-feature file-limit-duration; 856 type uint32; 857 units "minutes"; 858 description 859 "This leaf specifies the length of time that log 860 events should be written to a specific log file. 861 Log events that arrive after the rollover period 862 cause the current log file to be closed and a new 863 log file to be opened."; 864 } 865 leaf retention { 866 if-feature file-limit-duration; 867 type uint16; 868 units "hours"; 869 description 870 "This leaf specifies the length of time that 871 completed/closed log event files should be stored 872 in the file system before they are deleted."; 873 } 874 } 875 } 876 } 877 container remote { 878 description 879 "This container describes the configuration parameters for 880 remote logging."; 881 list destination { 882 key "name"; 883 description 884 "This list describes a collection of remote logging 885 destinations."; 886 leaf name { 887 type string; 888 description 889 "An arbitrary name for the endpoint to connect to."; 890 } 891 choice transport { 892 mandatory true; 893 description 894 "This choice describes the transport option."; 895 case tcp { 896 container tcp { 897 description 898 "This container describes the TCP transport 899 options."; 900 leaf address { 901 type inet:host; 902 description 903 "The leaf uniquely specifies the address of 904 the remote host. One of the following must 905 be specified: an ipv4 address, an ipv6 906 address, or a host name."; 907 } 908 leaf port { 909 type inet:port-number; 910 default 514; 911 description 912 "This leaf specifies the port number used to 913 deliver messages to the remote server."; 914 } 915 } 916 } 917 case udp { 918 container udp { 919 description 920 "This container describes the UDP transport 921 options."; 922 leaf address { 923 type inet:host; 924 description 925 "The leaf uniquely specifies the address of 926 the remote host. One of the following must be 927 specified: an ipv4 address, an ipv6 address, 928 or a host name."; 929 } 930 leaf port { 931 type inet:port-number; 932 default 514; 933 description 934 "This leaf specifies the port number used to 935 deliver messages to the remote server."; 936 } 937 } 938 } 939 } 940 uses syslog-selector; 941 leaf destination-facility { 942 type identityref { 943 base syslogtypes:syslog-facility; 944 } 945 default syslogtypes:local7; 946 description 947 "This leaf specifies the facility used in messages 948 delivered to the remote server."; 949 } 950 leaf source-interface { 951 type if:interface-ref; 952 description 953 "This leaf sets the source interface for the remote 954 Syslog server. Either the interface name or the 955 interface IP address can be specified. If not set, 956 messages sent to a remote syslog server will 957 contain the IP address of the interface the syslog 958 message uses to exit the network element"; 959 } 960 container syslog-sign { 961 if-feature signed-messages-config; 962 presence 963 "If present, syslog-sign is activated."; 964 description 965 "This container describes the configuration 966 parameters for signed syslog messages as described 967 by RFC 5848."; 968 reference 969 "RFC 5848: Signed Syslog Messages"; 970 leaf cert-initial-repeat { 971 type uint16; 972 mandatory true; 973 description 974 "This leaf specifies the number of times each 975 Certificate Block should be sent before the first 976 message is sent."; 977 } 978 leaf cert-resend-delay { 979 type uint16; 980 mandatory true; 981 description 982 "This leaf specifies the maximum time delay in 983 seconds until resending the Certificate Block."; 984 } 985 leaf cert-resend-count { 986 type uint16; 987 mandatory true; 988 description 989 "This leaf specifies the maximum number of other 990 syslog messages to send until resending the 991 Certificate Block."; 992 } 993 leaf sig-max-delay { 994 type uint16; 995 mandatory true; 996 description 997 "This leaf specifies when to generate a new 998 Signature Block. If this many seconds have 999 elapsed since the message with the first message 1000 number of the Signature Block was sent, a new 1001 Signature Block should be generated."; 1002 } 1003 leaf sig-number-resends { 1004 type uint16; 1005 mandatory true; 1006 description 1007 "This leaf specifies the number of times a 1008 Signature Block is resent. (It is recommended to 1009 select a value of greater than 0 in particular 1010 when the UDP transport [RFC5426] is used.)."; 1011 } 1012 leaf sig-resend-delay { 1013 type uint16; 1014 mandatory true; 1015 description 1016 "This leaf specifies when to send the next 1017 Signature Block transmission based on time. If 1018 this many seconds have elapsed since the previous 1019 sending of this Signature Block, resend it."; 1020 } 1021 leaf sig-resend-count { 1022 type uint16; 1023 mandatory true; 1024 description 1025 "This leaf specifies when to send the next 1026 Signature Block transmission based on a count. 1027 If this many other syslog messages have been sent 1028 since the previous sending of this Signature 1029 Block, resend it."; 1030 } 1031 } 1032 } 1033 } 1034 container terminal { 1035 description 1036 "This container describes the configuration parameters for 1037 the terminal logging configuration."; 1038 choice user-scope { 1039 mandatory true; 1040 description 1041 "This choice describes the option to specify all users 1042 or a specific user. The all users case implies that 1043 messages will be sent to all terminals"; 1044 case all-users { 1045 description 1046 "This case specifies all users."; 1047 container all-users { 1048 description 1049 "This container describes the configuration 1050 parameters for all users."; 1051 uses syslog-selector; 1052 } 1053 } 1054 case per-user { 1055 if-feature terminal-facility-user-logging-config; 1056 description 1057 "This case specifies a specific user."; 1058 list user-name { 1059 key "uname"; 1060 description 1061 "This list describes a collection of user names."; 1062 leaf uname { 1063 type string; 1064 description 1065 "This leaf uniquely describes a user name which 1066 is the login name of the user whose terminal 1067 session is to receive log messages."; 1068 } 1069 uses syslog-selector; 1070 } 1071 } 1072 } 1073 } 1074 } 1075 } 1076 } 1078 1080 4.3. A SYSLOG Example 1082 Requirement: 1083 Enable console logging of syslogs of severity critical 1085 Here is the example syslog configuration xml: 1086 1087 1088 1089 1090 1091 1092 1094 1095 1096 1097 1098 all 1099 critical 1100 1101 1102 1103 1104 1105 1106 1107 1109 1110 1111 1112 1113 Enable remote logging of syslogs to udp destination 1.1.1.1 1114 for facility auth, severity error 1116 1117 1118 1119 1120 1121 1122 1124 1125 1126 1127 remote1 1128 1129
1.1.1.1
1130 1131 1132 1133 1135 syslogtypes:auth 1136 error 1137 1138 1139 1140 1141 1142 1143 1144 1145 1147 1148 1149 1150 1152 5. Implementation Status 1154 [Note to RFC Editor: Please remove this section before publication.] 1156 This section records the status of known implementations of the Syslog 1157 YANG model at the time of posting of this Internet-Draft. 1159 Cisco Systems, Inc. has implemented the proposed IETF Syslog model 1160 for the Nexus 7000 NXOS OS as a prototype, together with an 1161 augmentation model for operating system specific Syslog configuration 1162 features. 1164 Five leaves were implemented in the base IETF model and three leaves 1165 were implemented in the Cisco specific augmentation model as follows: 1167 Leaf XPATH Sample NXOS CLI Command(s) 1169 syslog:log-actions/console logging console 1 1170 syslog:log-actions/file logging logfile mylog.log 2 4096 1171 syslog:log-actions/terminal logging monitor 2 1172 syslog:log-actions/remote *logging server server.cisco.com 2 1173 facility user 1174 *logging source-interface loopback 0 1175 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds 1176 cisco-syslog:origin-id-cfg logging origin-id string abcdef 1177 cisco-syslog:module-logging logging module 1 1179 *The "logging server" and "logging source-interface" commands were 1180 combined into one base model leaf. 1182 The description of implementations in this section is intended to assist 1183 the IETF in its decision processes in progressing drafts to RFCs. 1185 6. Security Considerations 1187 The YANG module defined in this memo is designed to be accessed via 1188 the NETCONF protocol [RFC6241] [RFC6241]. The lowest NETCONF layer 1189 is the secure transport layer and the mandatory-to-implement secure 1190 transport is SSH [RFC6242] [RFC6242]. The NETCONF access control 1191 model [RFC6536] [RFC6536] provides the means to restrict access for 1192 particular NETCONF users to a pre-configured subset of all available 1193 NETCONF protocol operations and content. 1195 There are a number of data nodes defined in the YANG module which are 1196 writable/creatable/deletable (i.e., config true, which is the 1197 default). These data nodes may be considered sensitive or vulnerable 1198 in some network environments. Write operations (e.g., ) 1199 to these data nodes without proper protection can have a negative 1200 effect on network operations. 1202 TBD: List specific Subtrees and data nodes and their sensitivity/ 1203 vulnerability. 1205 7. IANA Considerations 1207 This document registers a URI in the IETF XML registry [RFC3688] 1208 [RFC3688]. Following the format in RFC 3688, the following 1209 registration is requested to be made: 1211 URI: urn:ietf:params:xml:ns:yang:syslog 1213 Registrant Contact: The IESG. 1215 XML: N/A, the requested URI is an XML namespace. 1217 This document registers a YANG module in the YANG Module Names 1218 registry [RFC6020]. 1220 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog 1221 prefix: syslog reference: RFC XXXX 1223 8. Acknowledgements 1225 The authors wish to thank the following who commented on versions 01 through 05 1226 of this proposal: 1228 Martin Bjorklund 1229 Jim Gibson 1230 Jeffrey Haas 1231 John Heasley 1232 Giles Heron 1233 Lisa Huang 1234 Jeffrey K Lange 1235 Jan Lindblad 1236 Chris Lonvick 1237 Juergen Schoenwaelder 1238 Jason Sterne 1239 Peter Van Horne 1240 Bert Wijnen 1241 Aleksandr Zhdankin 1243 9. Change log [RFC Editor: Please remove] 1245 10. References 1247 [RFC3164] Lonvick, C., "The BSD syslog Protocol", BCP 81, RFC 3164, 1248 August 2001. 1250 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1251 March 2204. 1253 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1254 Network Configuration Protocol (NETCONF)", RFC 6020, 1255 October 2010. 1257 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 1258 Bierman, "Network Configuration Protocol (NETCONF)", RFC 1259 6241, June 2011. 1261 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1262 Shell (SSH)", RFC 6242, June 2011. 1264 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1265 Protocol (NETCONF) Access Control Model", RFC 6536, March 1266 2012. 1268 Authors' Addresses 1270 Clyde Wildes 1271 Cisco Systems Inc. 1272 Email: cwildes@cisco.com 1274 Kiran Agrahara Sreenivasa 1275 Cisco Systems, Inc. 1276 Email: kkoushik@cisco.com