idnits 2.17.1 draft-ietf-netmod-syslog-model-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 14 longer pages, the longest (page 5) being 180 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 33 instances of too long lines in the document, the longest one being 36 characters in excess of 72. == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 904: '... MUST use the uri scheme...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 193 has weird spacing: '... rw for co...' == Line 194 has weird spacing: '... ro for no...' == Line 292 has weird spacing: '...-repeat uin...' == Line 1294 has weird spacing: '...erminal log...' == Line 1298 has weird spacing: '...-config loggi...' == (1 more instance...) -- The document date (Dec 23, 2015) is 3048 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) Summary: 4 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NETMOD WG Clyde Wildes 2 Internet-Draft Kiran Koushik 3 Intended status: Informational Cisco Systems Inc. 4 Expires: Jun 16, 2016 Dec 23, 2015 6 SYSLOG YANG model 7 draft-ietf-netmod-syslog-model-06 9 Abstract 11 This document describes a data model for Syslog 12 protocol which is used to convey event notification messages. 14 Status of This Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on Jun 16, 2016. 31 Copyright Notice 33 Copyright (c) 2015 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with respect 41 to this document. Code Components extracted from this document must 42 include Simplified BSD License text as described in Section 4.e of 43 the Trust Legal Provisions and are provided without warranty as 44 described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3 50 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 51 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3 52 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4 53 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6 54 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6 55 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10 56 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18 57 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19 58 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 60 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 61 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20 62 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 65 1. Introduction 67 Operating systems, processes and applications generate messages 68 indicating their own status or the occurrence of events. These 69 messages are useful for managing and/or debugging the network and its 70 services. The BSD Syslog protocol is a widely adopted protocol that 71 is used for transmission and processing of the messages. 73 Since each process, application and operating system was 74 written somewhat independently, there is little uniformity to the 75 content of Syslog messages. For this reason, no assumption is made 76 upon the formatting or contents of the messages. The protocol is 77 simply designed to transport these event messages. No 78 acknowledgement of the receipt is made. 80 Essentially, a Syslog process receives messages (from the kernel, 81 processes, applications or other Syslog processes) and processes 82 those. The processing involves logging to a local file, displaying on 83 console, user terminal, and/or relaying to syslog processes on other 84 machines. The processing is determined by the "facility" that 85 originated the message and the "severity" assigned to the message by 86 the facility. 88 We are using definitions of Syslog protocol from [RFC5424] in this 89 draft. 91 1.1. Definitions and Acronyms 93 IP: Internet Protocol 95 IPv4: Internet Protocol version 4 97 IPv6: Internet Protocol version 6 99 UDP: User Datagram Protocol 101 VRF: Virtual Routing and Forwarding 103 2. Problem Statement 105 This document defines a YANG [RFC6020] configuration data model that 106 may be used to monitor and control one or more syslog processes running 107 on a system. YANG models can be used with network management 108 agents such as NETCONF [RFC6241] to install, manipulate, and delete 109 the configuration of network devices. 111 This module makes use of the YANG "feature" construct which allows 112 implementations to support only those Syslog features that lie 113 within their capabilities. 115 3. Design of the SYSLOG Model 117 The syslog model was designed by comparing various syslog features 118 implemented by various vendors' in different implementations. 120 This draft addresses the common leafs between all vendors and creates 121 a common model, which can be augmented with proprietary features, if 122 necessary. The base model is designed to be very simple for maximum 123 flexibility. 125 Syslog consists of message producers, a group level suppression filter, 126 and message distributors. The following digram shows syslog messages 127 flowing from a message producer, through the group level suppression 128 filter, and if passed by the group filter to message distributors where 129 further suppression filtering can take place. 131 Message Producers 132 +-------------+ +-------------+ +-------------+ +-------------+ 133 | Various | | OS | | | | Remote | 134 | Components | | Kernel | | Line Cards | | Servers | 135 +-------------+ +-------------+ +-------------+ +-------------+ 137 +-------------+ +-------------+ +-------------+ +-------------+ 138 | SNMP | | Interface | | Standby | | Syslog | 139 | Events | | Events | | Supervisor | | Itself | 140 +-------------+ +-------------+ +-------------+ +-------------+ 142 | | 143 +----------------------------------------------------------------+ 144 | 145 | 146 | 147 | 148 +-----------+------------+--------------+ 149 | | | | 150 v v v | 151 Message Distributors | 152 +----------+ +----------+ +----------+ | 153 | | | Log | | Log | | 154 | Console | | Buffer(s)| | File(s) | | 155 +----------+ +----------+ +----------+ | 156 +-------------+-------------+ 157 | | | 158 v v v 160 +-------------+ +-----------+ +-----------+ 161 |Remote | | | |User | 162 |Collectors(s)| |Terminal(s)| |Sessions(s)| 163 +-------------+ +-----------+ +-----------+ 165 The leaves in the base syslog model correspond to the group level 166 suppression filter and each message distributor: 168 - console 169 - log buffer(s) 170 - log file(s) 171 - remote collector(s) 172 - terminal(s) 173 - user session(s). 175 Optional features are used to specified fields that are not present in 176 all vendor configurations. 178 3.1. SYSLOG Module 180 A simplified graphical representation of the complete data tree is 181 presented here. 183 Each node is printed as: 185 187 is one of: 188 + for current 189 x for deprecated 190 o for obsolete 192 is one of: 193 rw for configuration data 194 ro for non-configuration data 195 -x for rpcs 196 -n for notifications 198 is the name of the node 199 () means that the node is a choice node 200 :() means that the node is a case node 202 If the node is augmented into the tree from another module, its 203 name is printed as :. 205 is one of: 206 ? for an optional leaf or choice 207 ! for a presence container 208 * for a leaf-list or list 209 [] for a list's keys 211 is the name of the type for leafs and leaf-lists 213 If the type is a leafref, the type is printed as "-> TARGET", where 214 TARGET is either the leafref path, with prefixed removed if possible. 216 is the list of features this node depends on, printed 217 within curly brackets and a question mark "{...}?" 219 module: ietf-syslog 220 +--rw syslog 221 +--rw log-actions 222 +--rw console! 223 | +--rw log-selector 224 | +--rw (selector-facility) 225 | | +--:(no-log-facility) 226 | | | +--rw no-facilities? empty 227 | | +--:(log-facility) 228 | | +--rw log-facility* [facility] 229 | | +--rw facility union 230 | | +--rw severity union 231 | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 232 | +--rw pattern-match? string {selector-match-processing-config}? 233 +--rw buffer 234 | +--rw log-buffer* [name] 235 | +--rw name string 236 | +--rw log-selector 237 | | +--rw (selector-facility) 238 | | | +--:(no-log-facility) 239 | | | | +--rw no-facilities? empty 240 | | | +--:(log-facility) 241 | | | +--rw log-facility* [facility] 242 | | | +--rw facility union 243 | | | +--rw severity union 244 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 245 | | +--rw pattern-match? string {selector-match-processing-config}? 246 | +--rw buffer-size-bytes? uint64 {buffer-limit-bytes}? 247 | +--rw buffer-size-messages? uint64 {buffer-limit-messages}? 248 +--rw file 249 | +--rw log-file* [name] 250 | +--rw name inet:uri 251 | +--rw log-selector 252 | | +--rw (selector-facility) 253 | | | +--:(no-log-facility) 254 | | | | +--rw no-facilities? empty 255 | | | +--:(log-facility) 256 | | | +--rw log-facility* [facility] 257 | | | +--rw facility union 258 | | | +--rw severity union 259 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 260 | | +--rw pattern-match? string {selector-match-processing-config}? 261 | +--rw structured-data? boolean {structured-data-config}? 262 | +--rw file-archive 263 | +--rw number-of-files? uint32 {file-limit-size}? 264 | +--rw max-file-size? uint64 {file-limit-size}? 265 | +--rw rollover? uint32 {file-limit-duration}? 266 | +--rw retention? uint16 {file-limit-duration}? 267 +--rw remote 268 | +--rw destination* [name] 269 | +--rw name string 270 | +--rw (transport) 271 | | +--:(tcp) 272 | | | +--rw tcp 273 | | | +--rw address? inet:host 274 | | | +--rw port? inet:port-number 275 | | +--:(udp) 276 | | +--rw udp 277 | | +--rw address? inet:host 278 | | +--rw port? inet:port-number 279 | +--rw log-selector 280 | | +--rw (selector-facility) 281 | | | +--:(no-log-facility) 282 | | | | +--rw no-facilities? empty 283 | | | +--:(log-facility) 284 | | | +--rw log-facility* [facility] 285 | | | +--rw facility union 286 | | | +--rw severity union 287 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 288 | | +--rw pattern-match? string {selector-match-processing-config}? 289 | +--rw destination-facility? identityref 290 | +--rw source-interface? if:interface-ref 291 | +--rw syslog-sign! {signed-messages-config}? 292 | +--rw cert-initial-repeat uint16 293 | +--rw cert-resend-delay uint16 294 | +--rw cert-resend-count uint16 295 | +--rw sig-max-delay uint16 296 | +--rw sig-number-resends uint16 297 | +--rw sig-resend-delay uint16 298 | +--rw sig-resend-count uint16 299 +--rw terminal 300 | +--rw (terminal-scope) 301 | +--:(all-terminals) 302 | | +--rw all-terminals 303 | | +--rw log-selector 304 | | +--rw (selector-facility) 305 | | | +--:(no-log-facility) 306 | | | | +--rw no-facilities? empty 307 | | | +--:(log-facility) 308 | | | +--rw log-facility* [facility] 309 | | | +--rw facility union 310 | | | +--rw severity union 311 | | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 312 | | +--rw pattern-match? string {selector-match-processing-config}? 313 | +--:(per-terminal) {terminal-facility-user-logging-config}? 314 | +--rw device-name* [dname] 315 | +--rw dname string 316 | +--rw log-selector 317 | +--rw (selector-facility) 318 | | +--:(no-log-facility) 319 | | | +--rw no-facilities? empty 320 | | +--:(log-facility) 321 | | +--rw log-facility* [facility] 322 | | +--rw facility union 323 | | +--rw severity union 324 | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 325 | +--rw pattern-match? string {selector-match-processing-config}? 326 +--rw session 327 +--rw (user-scope) 328 +--:(all-users) 329 | +--rw all-users 330 | +--rw log-selector 331 | +--rw (selector-facility) 332 | | +--:(no-log-facility) 333 | | | +--rw no-facilities? empty 334 | | +--:(log-facility) 335 | | +--rw log-facility* [facility] 336 | | +--rw facility union 337 | | +--rw severity union 338 | | +--rw severity-operator? enumeration {selector-severity-operator-config}? 339 | +--rw pattern-match? string {selector-match-processing-config}? 340 +--:(per-user) {session-facility-user-logging-config}? 341 +--rw user-name* [uname] 342 +--rw uname string 343 +--rw log-selector 344 +--rw (selector-facility) 345 | +--:(no-log-facility) 346 | | +--rw no-facilities? empty 347 | +--:(log-facility) 348 | +--rw log-facility* [facility] 349 | +--rw facility union 350 | +--rw severity union 351 | +--rw severity-operator? enumeration {selector-severity-operator-config}? 352 +--rw pattern-match? string {selector-match-processing-config}? 354 4. SYSLOG YANG Models 356 4.1. SYSLOG-TYPES module 358 file "ietf-syslog-types.yang" 359 module ietf-syslog-types { 360 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 361 prefix syslogtypes; 363 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 364 Group"; 365 contact 366 "WG Web: 367 WG List: 369 WG Chair: Tom Nadeau 370 372 WG Chair: Kent Watsen 373 375 Editor: Ladislav Lhotka 376 "; 377 description 378 "This module contains a collection of YANG type definitions for 379 SYSLOG."; 381 revision 2015-11-09 { 382 description 383 "Initial Revision"; 384 reference 385 "This model references RFC 5424 - The Syslog Protocol, 386 and RFC 5848 - Signed Syslog Messages."; 387 } 389 typedef severity { 390 type enumeration { 391 enum "emergency" { 392 value 0; 393 description 394 "Emergency Level Msg"; 395 } 396 enum "alert" { 397 value 1; 398 description 399 "Alert Level Msg"; 400 } 401 enum "critical" { 402 value 2; 403 description 404 "Critical Level Msg"; 405 } 406 enum "error" { 407 value 3; 408 description 409 "Error Level Msg"; 410 } 411 enum "warning" { 412 value 4; 413 description 414 "Warning Level Msg"; 415 } 416 enum "notice" { 417 value 5; 418 description 419 "Notification Level Msg"; 420 } 421 enum "info" { 422 value 6; 423 description 424 "Informational Level Msg"; 425 } 426 enum "debug" { 427 value 7; 428 description 429 "Debugging Level Msg"; 430 } 431 } 432 description 433 "The definitions for Syslog message severity as per RFC 5424."; 434 } 436 identity syslog-facility { 437 description 438 "The base identity to represent syslog facilities"; 439 } 441 identity kern { 442 base syslog-facility; 443 description 444 "The facility for kernel messages as defined in RFC 5424."; 445 } 447 identity user { 448 base syslog-facility; 449 description 450 "The facility for user-level messages as defined in RFC 5424."; 451 } 453 identity mail { 454 base syslog-facility; 455 description 456 "The facility for the mail system as defined in RFC 5424."; 457 } 459 identity daemon { 460 base syslog-facility; 461 description 462 "The facility for the system daemons as defined in RFC 5424."; 463 } 465 identity auth { 466 base syslog-facility; 467 description 468 "The facility for security/authorization messages as defined 469 in RFC 5424."; 470 } 471 identity syslog { 472 base syslog-facility; 473 description 474 "The facility for messages generated internally by syslogd 475 facility as defined in RFC 5424."; 476 } 478 identity lpr { 479 base syslog-facility; 480 description 481 "The facility for the line printer subsystem as defined in 482 RFC 5424."; 483 } 485 identity news { 486 base syslog-facility; 487 description 488 "The facility for the network news subsystem as defined in 489 RFC 5424."; 490 } 492 identity uucp { 493 base syslog-facility; 494 description 495 "The facility for the UUCP subsystem as defined in RFC 5424."; 496 } 498 identity cron { 499 base syslog-facility; 500 description 501 "The facility for the clock daemon as defined in RFC 5424."; 502 } 504 identity authpriv { 505 base syslog-facility; 506 description 507 "The facility for privileged security/authorization messages 508 as defined in RFC 5424."; 509 } 511 identity ftp { 512 base syslog-facility; 513 description 514 "The facility for the FTP daemon as defined in RFC 5424."; 515 } 517 identity ntp { 518 base syslog-facility; 519 description 520 "The facility for the NTP subsystem as defined in RFC 5424."; 521 } 523 identity audit { 524 base syslog-facility; 525 description 526 "The facility for log audit messages as defined in RFC 5424."; 527 } 528 identity console { 529 base syslog-facility; 530 description 531 "The facility for log alert messages as defined in RFC 5424."; 532 } 534 identity cron2 { 535 base syslog-facility; 536 description 537 "The facility for the second clock daemon as defined in 538 RFC 5424."; 539 } 541 identity local0 { 542 base syslog-facility; 543 description 544 "The facility for local use 0 messages as defined in 545 RFC 5424."; 546 } 548 identity local1 { 549 base syslog-facility; 550 description 551 "The facility for local use 1 messages as defined in 552 RFC 5424."; 553 } 555 identity local2 { 556 base syslog-facility; 557 description 558 "The facility for local use 2 messages as defined in 559 RFC 5424."; 560 } 562 identity local3 { 563 base syslog-facility; 564 description 565 "The facility for local use 3 messages as defined in 566 RFC 5424."; 567 } 569 identity local4 { 570 base syslog-facility; 571 description 572 "The facility for local use 4 messages as defined in 573 RFC 5424."; 574 } 576 identity local5 { 577 base syslog-facility; 578 description 579 "The facility for local use 5 messages as defined in 580 RFC 5424."; 581 } 583 identity local6 { 584 base syslog-facility; 585 description 586 "The facility for local use 6 messages as defined in 587 RFC 5424."; 588 } 590 identity local7 { 591 base syslog-facility; 592 description 593 "The facility for local use 7 messages as defined in 594 RFC 5424."; 595 } 596 } 598 599 4.2. SYSLOG module 601 file "ietf-syslog.yang" 602 module ietf-syslog { 603 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 604 prefix syslog; 606 import ietf-inet-types { 607 prefix inet; 608 } 610 import ietf-interfaces { 611 prefix if; 612 } 614 import ietf-syslog-types { 615 prefix syslogtypes; 616 } 618 organization "IETF NETMOD (NETCONF Data Modeling Language) 619 Working Group"; 620 contact 621 "WG Web: 622 WG List: 624 WG Chair: Tom Nadeau 625 627 WG Chair: Kent Watsen 628 630 Editor: Ladislav Lhotka 631 "; 632 description 633 "This module contains a collection of YANG definitions 634 for Syslog configuration."; 636 revision 2015-11-09 { 637 description 638 "Initial Revision"; 639 reference 640 "RFC 5424: The Syslog Protocol 641 RFC 5848: Signed Syslog Messages"; 642 } 644 feature buffer-limit-bytes { 645 description 646 "This feature indicates that local memory logging buffers 647 are limited in size using a limit expressed in bytes."; 648 } 650 feature buffer-limit-messages { 651 description 652 "This feature indicates that local memory logging buffers 653 are limited in size using a limit expressed in number 654 of messages."; 655 } 657 feature structured-data-config { 658 description 659 "This feature represents the ability to log messages 660 in structured-data format as per RFC 5424."; 661 } 662 feature file-limit-size { 663 description 664 "This feature indicates that file logging resources 665 are managed using size and number limits."; 666 } 668 feature file-limit-duration { 669 description 670 "This feature indicates that file logging resources 671 are managed using time based limits."; 672 } 674 feature terminal-facility-user-logging-config { 675 description 676 "This feature represents the ability to adjust 677 log message settings for individual terminal 678 devices."; 679 } 681 feature session-facility-user-logging-config { 682 description 683 "This feature represents the ability to adjust 684 log message settings for individual user sessions."; 685 } 687 feature selector-severity-operator-config { 688 description 689 "This feature represents the ability to select messages 690 using the additional operators equal to, or not equal to 691 when comparing the Syslog message severity."; 692 } 694 feature selector-match-processing-config { 695 description 696 "This feature represents the ability to select messages based 697 on a Posix 1003.2 regular expression pattern match."; 698 } 700 feature signed-messages-config { 701 description 702 "This feature represents the ability to configure signed 703 syslog messages according to RFC 5848."; 704 } 706 grouping syslog-severity { 707 description 708 "This grouping defines the Syslog severity which is used to 709 select log messages."; 710 leaf severity { 711 type union { 712 type syslogtypes:severity; 713 type enumeration { 714 enum all { 715 value -1; 716 description 717 "This enum describes the case where all severities 718 are requested."; 719 } 720 enum none { 721 value -2; 722 description 723 "This enum describes the case where no severities 724 are requested."; 725 } 726 } 727 } 728 mandatory true; 729 description 730 "This leaf specifies the Syslog message severity. When 731 severity is specified, the default severity comparison 732 is all messages of the specified severity and greater are 733 logged. 'all' is a special case which means all severities 734 are requested. 'none' is a special case which means that 735 no severity selection should occur."; 736 } 737 leaf severity-operator { 738 if-feature selector-severity-operator-config; 739 type enumeration { 740 enum equals-or-higher { 741 description 742 "This enum specifies all messages of the specified 743 severity and higher are logged according to the 744 given log-action"; 745 } 746 enum equals { 747 description 748 "This enum specifies all messages that are for 749 the specified severity are logged according to the 750 given log-action"; 751 } 752 enum not-equals { 753 description 754 "This enum specifies all messages that are not for 755 the specified severity are logged according to the 756 given log-action"; 757 } 758 } 759 default equals-or-higher; 760 description 761 "This leaf describes the option to specify how the 762 severity comparison is performed."; 763 } 764 } 766 grouping syslog-selector { 767 description 768 "This grouping defines a Syslog selector which is used to 769 select log messages for the log-action (buffer, file, 770 etc). Choose one of the following: 771 no-log-facility 772 log-facility [ ...]"; 773 container log-selector { 774 description 775 "This container describes the log selector parameters 776 for Syslog."; 777 choice selector-facility { 778 mandatory true; 779 description 780 "This choice describes the option to specify no 781 facilities, or a specific facility which can be 782 all for all facilities."; 783 case no-log-facility { 784 description 785 "This case specifies no facilities will match when 786 comparing the Syslog message facility. This is a 787 method that can be used to effectively disable a 788 particular log-action (buffer, file, etc)."; 789 leaf no-facilities { 790 type empty; 791 description 792 "This leaf specifies that no facilities are selected 793 for this log-action."; 794 } 795 } 796 case log-facility { 797 description 798 "This case specifies one or more specified facilities 799 will match when comparing the Syslog message facility."; 800 list log-facility { 801 key facility; 802 description 803 "This list describes a collection of Syslog 804 facilities and severities."; 805 leaf facility { 806 type union { 807 type identityref { 808 base syslogtypes:syslog-facility; 809 } 810 type enumeration { 811 enum all { 812 description 813 "This enum describes the case where all 814 facilities are requested."; 815 } 816 } 817 } 818 description 819 "The leaf uniquely identifies a Syslog facility."; 820 } 821 uses syslog-severity; 822 } 823 } 824 } 825 leaf pattern-match { 826 if-feature selector-match-processing-config; 827 type string; 828 description 829 "This leaf desribes a Posix 1003.2 regular expression 830 string that can be used to select a Syslog message for 831 logging. The match is performed on the RFC 5424 832 SYSLOG-MSG field."; 833 } 834 } 835 } 837 container syslog { 838 description 839 "This container describes the configuration parameters for 840 Syslog."; 841 container log-actions { 842 description 843 "This container describes the log-action parameters 844 for Syslog."; 845 container console { 846 presence "Enables logging console configuration"; 847 description 848 "This container describes the configuration parameters for 849 console logging."; 850 uses syslog-selector; 851 } 852 container buffer { 853 description 854 "This container describes the configuration parameters for 855 local memory buffer logging. The buffer is circular in 856 nature, so newer messages overwrite older messages after 857 the buffer is filled."; 858 list log-buffer { 859 key name; 860 description 861 "This list describes a collection of local logging 862 memory buffers."; 863 leaf name { 864 type string; 865 description 866 "This leaf specifies the name of the log buffer."; 867 } 868 uses syslog-selector; 869 leaf buffer-size-bytes { 870 if-feature buffer-limit-bytes; 871 type uint64; 872 units "bytes"; 873 description 874 "This leaf configures the amount of memory 875 (in bytes) that will be dedicated to the local 876 memory logging buffer. The default value varies 877 by implementation."; 878 } 879 leaf buffer-size-messages { 880 if-feature buffer-limit-messages; 881 type uint64; 882 units "log messages"; 883 description 884 "This leaf configures the amount number of log 885 messages that can be stored in the local memory 886 logging buffer. The default value varies by 887 implementation."; 888 } 889 } 890 } 891 container file { 892 description 893 "This container describes the configuration parameters for 894 file logging."; 895 list log-file { 896 key "name"; 897 description 898 "This list describes a collection of local logging 899 files."; 900 leaf name { 901 type inet:uri; 902 description 903 "This leaf specifies the name of the log file which 904 MUST use the uri scheme file:."; 905 } 906 uses syslog-selector; 907 leaf structured-data { 908 if-feature structured-data-config; 909 type boolean; 910 default false; 911 description 912 "This leaf describes how log messages are written to 913 the log file. If true, messages will be written 914 with one or more STRUCTURED-DATA elements as per 915 RFC5424; if false, messages will be written with 916 STRUCTURED-DATA = NILVALUE."; 917 } 918 container file-archive { 919 description 920 "This container describes the configuration 921 parameters for log file archiving."; 922 leaf number-of-files { 923 if-feature file-limit-size; 924 type uint32; 925 description 926 "This leaf specifies the maximum number of log 927 files retained. Specify 1 for implementations 928 that only support one log file."; 929 } 930 leaf max-file-size { 931 if-feature file-limit-size; 932 type uint64; 933 units "megabytes"; 934 description 935 "This leaf specifies the maximum log file size."; 936 } 937 leaf rollover { 938 if-feature file-limit-duration; 939 type uint32; 940 units "minutes"; 941 description 942 "This leaf specifies the length of time that log 943 events should be written to a specific log file. 944 Log events that arrive after the rollover period 945 cause the current log file to be closed and a new 946 log file to be opened."; 947 } 948 leaf retention { 949 if-feature file-limit-duration; 950 type uint16; 951 units "hours"; 952 description 953 "This leaf specifies the length of time that 954 completed/closed log event files should be stored 955 in the file system before they are deleted."; 956 } 957 } 958 } 959 } 960 container remote { 961 description 962 "This container describes the configuration parameters for 963 remote logging."; 964 list destination { 965 key "name"; 966 description 967 "This list describes a collection of remote logging 968 destinations."; 969 leaf name { 970 type string; 971 description 972 "An arbitrary name for the endpoint to connect to."; 973 } 974 choice transport { 975 mandatory true; 976 description 977 "This choice describes the transport option."; 978 case tcp { 979 container tcp { 980 description 981 "This container describes the TCP transport 982 options."; 983 leaf address { 984 type inet:host; 985 description 986 "The leaf uniquely specifies the address of 987 the remote host. One of the following must 988 be specified: an ipv4 address, an ipv6 989 address, or a host name."; 990 } 991 leaf port { 992 type inet:port-number; 993 default 514; 994 description 995 "This leaf specifies the port number used to 996 deliver messages to the remote server."; 997 } 998 } 999 } 1000 case udp { 1001 container udp { 1002 description 1003 "This container describes the UDP transport 1004 options."; 1005 leaf address { 1006 type inet:host; 1007 description 1008 "The leaf uniquely specifies the address of 1009 the remote host. One of the following must be 1010 specified: an ipv4 address, an ipv6 address, 1011 or a host name."; 1012 } 1013 leaf port { 1014 type inet:port-number; 1015 default 514; 1016 description 1017 "This leaf specifies the port number used to 1018 deliver messages to the remote server."; 1019 } 1020 } 1021 } 1022 } 1023 uses syslog-selector; 1024 leaf destination-facility { 1025 type identityref { 1026 base syslogtypes:syslog-facility; 1027 } 1028 default syslogtypes:local7; 1029 description 1030 "This leaf specifies the facility used in messages 1031 delivered to the remote server."; 1032 } 1033 leaf source-interface { 1034 type if:interface-ref; 1035 description 1036 "This leaf sets the source interface for the remote 1037 Syslog server. Either the interface name or the 1038 interface IP address can be specified. If not set, 1039 messages sent to a remote syslog server will 1040 contain the IP address of the interface the syslog 1041 message uses to exit the network element"; 1042 } 1043 container syslog-sign { 1044 if-feature signed-messages-config; 1045 presence 1046 "If present, syslog-sign is activated."; 1047 description 1048 "This container describes the configuration 1049 parameters for signed syslog messages as described 1050 by RFC 5848."; 1051 reference 1052 "RFC 5848: Signed Syslog Messages"; 1053 leaf cert-initial-repeat { 1054 type uint16; 1055 mandatory true; 1056 description 1057 "This leaf specifies the number of times each 1058 Certificate Block should be sent before the first 1059 message is sent."; 1060 } 1061 leaf cert-resend-delay { 1062 type uint16; 1063 mandatory true; 1064 description 1065 "This leaf specifies the maximum time delay in 1066 seconds until resending the Certificate Block."; 1067 } 1068 leaf cert-resend-count { 1069 type uint16; 1070 mandatory true; 1071 description 1072 "This leaf specifies the maximum number of other 1073 syslog messages to send until resending the 1074 Certificate Block."; 1075 } 1076 leaf sig-max-delay { 1077 type uint16; 1078 mandatory true; 1079 description 1080 "This leaf specifies when to generate a new 1081 Signature Block. If this many seconds have 1082 elapsed since the message with the first message 1083 number of the Signature Block was sent, a new 1084 Signature Block should be generated."; 1085 } 1086 leaf sig-number-resends { 1087 type uint16; 1088 mandatory true; 1089 description 1090 "This leaf specifies the number of times a 1091 Signature Block is resent. (It is recommended to 1092 select a value of greater than 0 in particular 1093 when the UDP transport [RFC5426] is used.)."; 1094 } 1095 leaf sig-resend-delay { 1096 type uint16; 1097 mandatory true; 1098 description 1099 "This leaf specifies when to send the next 1100 Signature Block transmission based on time. If 1101 this many seconds have elapsed since the previous 1102 sending of this Signature Block, resend it."; 1103 } 1104 leaf sig-resend-count { 1105 type uint16; 1106 mandatory true; 1107 description 1108 "This leaf specifies when to send the next 1109 Signature Block transmission based on a count. 1110 If this many other syslog messages have been sent 1111 since the previous sending of this Signature 1112 Block, resend it."; 1113 } 1114 } 1115 } 1116 } 1117 container terminal { 1118 description 1119 "This container describes the configuration parameters for 1120 the terminal logging configuration."; 1121 choice terminal-scope { 1122 mandatory true; 1123 description 1124 "This choice describes the option to specify all 1125 terminals or a specific terminal. The all terminals 1126 case implies that messages will be sent to all 1127 sessions on that terminal"; 1128 case all-terminals { 1129 description 1130 "This case specifies all terminals."; 1131 container all-terminals { 1132 description 1133 "This container describes the configuration 1134 parameters for all terminals."; 1135 uses syslog-selector; 1136 } 1137 } 1138 case per-terminal { 1139 if-feature terminal-facility-user-logging-config; 1140 description 1141 "This case specifies one or more terminals."; 1142 list device-name { 1143 key "dname"; 1144 description 1145 "This list describes a collection of device names."; 1146 leaf dname { 1147 type string; 1148 description 1149 "This leaf uniquely describes a device name which 1150 is the device to receive log messages."; 1151 } 1152 uses syslog-selector; 1153 } 1154 } 1155 } 1156 } 1157 container session { 1158 description 1159 "This container describes the configuration parameters for 1160 session logging configuration."; 1161 choice user-scope { 1162 mandatory true; 1163 description 1164 "This choice describes the option to specify all users 1165 or a specific user. The all users case implies that 1166 messages will be sent to all sessions"; 1167 case all-users { 1168 description 1169 "This case specifies all users."; 1170 container all-users { 1171 description 1172 "This container describes the configuration 1173 parameters for all users."; 1174 uses syslog-selector; 1175 } 1176 } 1177 case per-user { 1178 if-feature session-facility-user-logging-config; 1179 description 1180 "This case specifies a specific user."; 1181 list user-name { 1182 key "uname"; 1183 description 1184 "This list describes a collection of user names."; 1185 leaf uname { 1186 type string; 1187 description 1188 "This leaf uniquely describes a user name which 1189 is the login name of the user whose session 1190 is to receive log messages."; 1191 } 1192 uses syslog-selector; 1193 } 1194 } 1195 } 1196 } 1197 } 1198 } 1199 } 1201 1203 4.3. A SYSLOG Example 1205 Requirement: 1206 Enable console logging of syslogs of severity critical 1208 Here is the example syslog configuration xml: 1209 1210 1211 1212 1213 1214 1215 1217 1218 1219 1220 1221 all 1222 critical 1223 1224 1225 1226 1227 1228 1229 1230 1232 1233 1234 1235 1236 Enable remote logging of syslogs to udp destination 1.1.1.1 1237 for facility auth, severity error 1239 1240 1241 1242 1243 1244 1245 1247 1248 1249 1250 remote1 1251 1252
1.1.1.1
1253 1254 1255 1256 1258 syslogtypes:auth 1259 error 1260 1261 1262 1263 1264 1265 1266 1267 1268 1270 1271 1272 1273 1275 5. Implementation Status 1277 [Note to RFC Editor: Please remove this section before publication.] 1279 This section records the status of known implementations of the Syslog 1280 YANG model at the time of posting of this Internet-Draft. 1282 Cisco Systems, Inc. has implemented the proposed IETF Syslog model 1283 for the Nexus 7000 NXOS OS as a prototype, together with an 1284 augmentation model for operating system specific Syslog configuration 1285 features. 1287 Five leaves were implemented in the base IETF model and three leaves 1288 were implemented in the Cisco specific augmentation model as follows: 1290 Leaf XPATH Sample NXOS CLI Command(s) 1292 syslog:log-actions/console logging console 1 1293 syslog:log-actions/file logging logfile mylog.log 2 4096 1294 syslog:log-actions/terminal logging monitor 2 1295 syslog:log-actions/remote *logging server server.cisco.com 2 1296 facility user 1297 *logging source-interface loopback 0 1298 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds 1299 cisco-syslog:origin-id-cfg logging origin-id string abcdef 1300 cisco-syslog:module-logging logging module 1 1302 *The "logging server" and "logging source-interface" commands were 1303 combined into one base model leaf. 1305 The description of implementations in this section is intended to assist 1306 the IETF in its decision processes in progressing drafts to RFCs. 1308 6. Security Considerations 1310 The YANG module defined in this memo is designed to be accessed via 1311 the NETCONF protocol [RFC6241] [RFC6241]. The lowest NETCONF layer 1312 is the secure transport layer and the mandatory-to-implement secure 1313 transport is SSH [RFC6242] [RFC6242]. The NETCONF access control 1314 model [RFC6536] [RFC6536] provides the means to restrict access for 1315 particular NETCONF users to a pre-configured subset of all available 1316 NETCONF protocol operations and content. 1318 There are a number of data nodes defined in the YANG module which are 1319 writable/creatable/deletable (i.e., config true, which is the 1320 default). These data nodes may be considered sensitive or vulnerable 1321 in some network environments. Write operations (e.g., ) 1322 to these data nodes without proper protection can have a negative 1323 effect on network operations. 1325 TBD: List specific Subtrees and data nodes and their sensitivity/ 1326 vulnerability. 1328 7. IANA Considerations 1330 This document registers a URI in the IETF XML registry [RFC3688] 1331 [RFC3688]. Following the format in RFC 3688, the following 1332 registration is requested to be made: 1334 URI: urn:ietf:params:xml:ns:yang:syslog 1336 Registrant Contact: The IESG. 1338 XML: N/A, the requested URI is an XML namespace. 1340 This document registers a YANG module in the YANG Module Names 1341 registry [RFC6020]. 1343 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog 1344 prefix: syslog reference: RFC XXXX 1346 8. Acknowledgements 1348 The authors wish to thank the following who commented on versions 01 through 05 1349 of this proposal: 1351 Martin Bjorklund 1352 Jim Gibson 1353 Jeffrey Haas 1354 John Heasley 1355 Giles Heron 1356 Lisa Huang 1357 Jeffrey K Lange 1358 Jan Lindblad 1359 Chris Lonvick 1360 Juergen Schoenwaelder 1361 Jason Sterne 1362 Peter Van Horne 1363 Bert Wijnen 1364 Aleksandr Zhdankin 1366 9. Change log [RFC Editor: Please remove] 1368 10. References 1370 [RFC5424] Gerhards, R., "The Syslog Protocol", BCP 78, RFC 5424, 1371 March 2009. 1373 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1374 March 2004. 1376 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the 1377 Network Configuration Protocol (NETCONF)", RFC 6020, 1378 October 2010. 1380 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A. 1381 Bierman, "Network Configuration Protocol (NETCONF)", RFC 1382 6241, June 2011. 1384 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1385 Shell (SSH)", RFC 6242, June 2011. 1387 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1388 Protocol (NETCONF) Access Control Model", RFC 6536, March 1389 2012. 1391 Authors' Addresses 1393 Clyde Wildes 1394 Cisco Systems Inc. 1395 Email: cwildes@cisco.com 1397 Kiran Agrahara Sreenivasa 1398 Cisco Systems, Inc. 1399 Email: kkoushik@cisco.com