idnits 2.17.1 draft-ietf-netmod-syslog-model-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 16 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 214 has weird spacing: '... rw for c...' == Line 215 has weird spacing: '... ro for n...' == Line 316 has weird spacing: '...-repeat uin...' -- The document date (July 8, 2016) is 2850 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6536' is mentioned on line 1368, but not defined ** Obsolete undefined reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) ** Downref: Normative reference to an Historic RFC: RFC 6587 ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) Summary: 5 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG C. Wildes, Ed. 3 Internet-Draft K. Koushik, Ed. 4 Intended status: Standards Track Cisco Systems Inc. 5 Expires: January 9, 2017 July 8, 2016 7 Syslog YANG Model 8 draft-ietf-netmod-syslog-model-09 10 Abstract 12 This document describes a data model for the configuration of syslog. 14 Status of This Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on January 9, 2017. 31 Copyright Notice 33 Copyright (c) 2016 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with respect 41 to this document. Code Components extracted from this document must 42 include Simplified BSD License text as described in Section 4.e of 43 the Trust Legal Provisions and are provided without warranty as 44 described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 50 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 3 53 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 54 4. Syslog YANG Modules . . . . . . . . . . . . . . . . . . . . . 8 55 4.1. The ietf-syslog-types Module . . . . . . . . . . . . . . 8 56 4.2. The ietf-syslog Module . . . . . . . . . . . . . . . . . 14 57 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 26 58 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 60 8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 61 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . 29 62 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 30 63 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 64 9.1. Normative References . . . . . . . . . . . . . . . . . . 30 65 9.2. Informative References . . . . . . . . . . . . . . . . . 31 66 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . 31 67 A.1. Extending Facilities . . . . . . . . . . . . . . . . . . 31 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 70 1. Introduction 72 Operating systems, processes and applications generate messages 73 indicating their own status or the occurrence of events. These 74 messages are useful for managing and/or debugging the network and its 75 services. The BSD syslog protocol is a widely adopted protocol that 76 is used for transmission and processing of the messages. 78 Since each process, application and operating system was written 79 somewhat independently, there is little uniformity to the content of 80 syslog messages. For this reason, no assumption is made upon the 81 formatting or contents of the messages. The protocol is simply 82 designed to transport these event messages. No acknowledgement of 83 the receipt is made. 85 Essentially, a syslog process receives messages (from the kernel, 86 processes, applications or other syslog processes) and processes 87 those. The processing involves logging to a local file, displaying 88 on console, user terminal, and/or relaying to syslog processes on 89 other machines. The processing is determined by the "facility" that 90 originated the message and the "severity" assigned to the message by 91 the facility. 93 We are using definitions of syslog protocol from [RFC5424] in this 94 RFC. 96 1.1. Requirements Language 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 100 document are to be interpreted as described in RFC 2119 [RFC2119]. 102 1.2. Terminology 104 The term "message originator" is derived from the term "originator" 105 as defined in [RFC5424]: an "originator" generates syslog content to 106 be carried in a message. 108 The term "message distributor" is defined as a function that filters 109 log messages and then distributes them. 111 The terms "relay" and "collectors" are as defined in [RFC5424]. 113 2. Problem Statement 115 This document defines a YANG [RFC6020] configuration data model that 116 may be used to configure one or more syslog processes running on a 117 system. YANG models can be used with network management protocols 118 such as NETCONF [RFC6241] to install, manipulate, and delete the 119 configuration of network devices. 121 The data model makes use of the YANG "feature" construct which allows 122 implementations to support only those syslog features that lie within 123 their capabilities. 125 This module can be used to configure the syslog application 126 conceptual layer [RFC5424]. 128 3. Design of the Syslog Model 130 The syslog model was designed by comparing various syslog features 131 implemented by various vendors' in different implementations. 133 This draft addresses the common leafs between implementations and 134 creates a common model, which can be augmented with proprietary 135 features, if necessary. The base model is designed to be very simple 136 for maximum flexibility. 138 Syslog consists of message originators, and message distributors. 139 The following digram shows syslog messages flowing from a message 140 originator, to message distributors where suppression filtering can 141 take place. 143 Many vendors extend the list of facilities available for logging in 144 their implementation. An example is included in Extending Facilities 145 (Appendix A.1). 147 Message Originators 148 +-------------+ +-------------+ +-------------+ +-------------+ 149 | Various | | OS | | | | Remote | 150 | Components | | Kernel | | Line Cards | | Servers | 151 +-------------+ +-------------+ +-------------+ +-------------+ 153 +-------------+ +-------------+ +-------------+ +-------------+ 154 | SNMP | | Interface | | Standby | | Syslog | 155 | Events | | Events | | Supervisor | | Itself | 156 +-------------+ +-------------+ +-------------+ +-------------+ 158 | | 159 +----------------------------------------------------------------+ 160 | 161 | 162 | 163 | 164 +-----------+------------+--------------+ 165 | | | | 166 v v v | 167 Message Distributors | 168 +----------+ +----------+ +----------+ | 169 | | | Log | | Log | | 170 | Console | | Buffer | | File(s) | | 171 +----------+ +----------+ +----------+ | 172 | 173 +-+-------------+ 174 | | 175 v v 177 +----------------+ +-----------+ 178 |Remote Relay(s)/| |User | 179 |Collectors(s) | |Sessions(s)| 180 +----------------+ +-----------+ 182 The leaves in the base syslog model log-input-transports container 183 correspond to remote message originators or remote message relays. 185 The leaves in the base syslog model log-actions container correspond 186 to each message distributor: 188 console 189 log buffer 190 log file(s) 191 remote relay(s)/collector(s) 192 user session(s). 194 Optional features are used to specified functionality that is present 195 in specific vendor configurations. 197 3.1. Syslog Module 199 A simplified graphical representation of the complete data tree is 200 presented here. 202 Each node is printed as: 204 206 is one of: 208 + for current 209 x for deprecated 210 o for obsolete 212 is one of: 214 rw for configuration data 215 ro for non-configuration data 216 -x for rpcs 217 -n for notifications 219 is the name of the node 221 () means that the node is a choice node 222 :() means that the node is a case node 224 If the node is augmented into the tree from another module, its name 225 is printed as :. 227 is one of: 229 ? for an optional leaf or choice 230 ! for a presence container 231 * for a leaf-list or list 232 [] for a list's keys 234 is the name of the type for leafs and leaf-lists 235 If the type is a leafref, the type is printed as "-> TARGET", where 236 TARGET is either the leafref path, with prefixed removed if possible. 238 is the list of features this node depends on, printed 239 within curly brackets and a question mark "{...}?" 241 module: ietf-syslog 242 +--rw syslog 243 +--rw actions 244 +--rw console! 245 | +--rw log-selector 246 | +--rw (selector-facility) 247 | | +--:(no-log-facility) 248 | | | +--rw no-facilities? empty 249 | | +--:(log-facility) 250 | | +--rw log-facility* [facility] 251 | | +--rw facility union 252 | | +--rw severity union 253 | | +--rw compare-op? enumeration {select-sev-compare}? 254 | +--rw pattern-match? string {select-match}? 255 +--rw buffer 256 | +--rw log-selector 257 | | +--rw (selector-facility) 258 | | | +--:(no-log-facility) 259 | | | | +--rw no-facilities? empty 260 | | | +--:(log-facility) 261 | | | +--rw log-facility* [facility] 262 | | | +--rw facility union 263 | | | +--rw severity union 264 | | | +--rw compare-op? enumeration {select-sev-compare}? 265 | | +--rw pattern-match? string {select-match}? 266 | +--rw buffer-limit-bytes? uint64 {buffer-limit-bytes}? 267 | +--rw buffer-limit-messages? uint64 {buffer-limit-messages}? 268 | +--rw structured-data? boolean {structured-data}? 269 +--rw file 270 | +--rw log-file* [name] 271 | +--rw name inet:uri 272 | +--rw log-selector 273 | | +--rw (selector-facility) 274 | | | +--:(no-log-facility) 275 | | | | +--rw no-facilities? empty 276 | | | +--:(log-facility) 277 | | | +--rw log-facility* [facility] 278 | | | +--rw facility union 279 | | | +--rw severity union 280 | | | +--rw compare-op? enumeration {select-sev-compare}? 281 | | +--rw pattern-match? string {select-match}? 282 | +--rw structured-data? boolean {structured-data}? 283 | +--rw file-archive 284 | +--rw number-of-files? uint32 {file-limit-size}? 285 | +--rw max-file-size? uint64 {file-limit-size}? 286 | +--rw rollover? uint32 {file-limit-duration}? 287 | +--rw retention? uint16 {file-limit-duration}? 288 +--rw remote 289 | +--rw destination* [name] 290 | +--rw name string 291 | +--rw (transport) 292 | | +--:(tcp) 293 | | | +--rw tcp 294 | | | +--rw address? inet:host 295 | | | +--rw port? inet:port-number 296 | | +--:(udp) 297 | | | +--rw udp 298 | | | +--rw address? inet:host 299 | | | +--rw port? inet:port-number 300 | | +--:(tls) 301 | | +--rw tls 302 | +--rw log-selector 303 | | +--rw (selector-facility) 304 | | | +--:(no-log-facility) 305 | | | | +--rw no-facilities? empty 306 | | | +--:(log-facility) 307 | | | +--rw log-facility* [facility] 308 | | | +--rw facility union 309 | | | +--rw severity union 310 | | | +--rw compare-op? enumeration {select-sev-compare}? 311 | | +--rw pattern-match? string {select-match}? 312 | +--rw destination-facility? identityref 313 | +--rw source-interface? if:interface-ref 314 | +--rw structured-data? boolean {structured-data}? 315 | +--rw syslog-sign! {signed-messages}? 316 | +--rw cert-initial-repeat uint16 317 | +--rw cert-resend-delay uint16 318 | +--rw cert-resend-count uint16 319 | +--rw sig-max-delay uint16 320 | +--rw sig-number-resends uint16 321 | +--rw sig-resend-delay uint16 322 | +--rw sig-resend-count uint16 323 +--rw session 324 +--rw all-users! 325 | +--rw log-selector 326 | +--rw (selector-facility) 327 | | +--:(no-log-facility) 328 | | | +--rw no-facilities? empty 329 | | +--:(log-facility) 330 | | +--rw log-facility* [facility] 331 | | +--rw facility union 332 | | +--rw severity union 333 | | +--rw compare-op? enumeration {select-sev-compare}? 334 | +--rw pattern-match? string {select-match}? 335 +--rw user* [name] 336 +--rw name string 337 +--rw log-selector 338 +--rw (selector-facility) 339 | +--:(no-log-facility) 340 | | +--rw no-facilities? empty 341 | +--:(log-facility) 342 | +--rw log-facility* [facility] 343 | +--rw facility union 344 | +--rw severity union 345 | +--rw compare-op? enumeration {select-sev-compare}? 346 +--rw pattern-match? string {select-match}? 348 4. Syslog YANG Modules 350 4.1. The ietf-syslog-types Module 352 This module references [RFC5424]. 354 file "ietf-syslog-types.yang" 355 module ietf-syslog-types { 356 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 357 prefix syslogtypes; 359 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 360 Group"; 361 contact 362 "WG Web: 363 WG List: 365 WG Chair: Lou Berger 366 368 WG Chair: Kent Watsen 369 371 Editor: Kiran Agrahara Sreenivasa 372 374 Editor: Clyde Wildes 375 "; 376 description 377 "This module contains a collection of YANG type definitions for 378 SYSLOG. 380 Copyright (c) 2016 IETF Trust and the persons identified as 381 authors of the code. All rights reserved. 383 Redistribution and use in source and binary forms, with or 384 without modification, is permitted pursuant to, and subject to 385 the license terms contained in, the Simplified BSD License set 386 forth in Section 4.c of the IETF Trust's Legal Provisions 387 Relating to IETF Documents 388 (http://trustee.ietf.org/license-info). 390 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 391 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 392 'OPTIONAL' in the module text are to be interpreted as described 393 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 395 This version of this YANG module is part of RFC XXXX 396 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 397 full legal notices."; 399 reference 400 "RFC 5424: The Syslog Protocol"; 402 revision 2016-07-08 { 403 description 404 "Initial Revision"; 405 reference 406 "RFC XXXX: SYSLOG YANG Model"; 407 } 409 typedef severity { 410 type enumeration { 411 enum "emergency" { 412 value 0; 413 description 414 "Emergency Level Msg"; 415 } 416 enum "alert" { 417 value 1; 418 description 419 "Alert Level Msg"; 420 } 421 enum "critical" { 422 value 2; 423 description 424 "Critical Level Msg"; 425 } 426 enum "error" { 427 value 3; 428 description 429 "Error Level Msg"; 430 } 431 enum "warning" { 432 value 4; 433 description 434 "Warning Level Msg"; 435 } 436 enum "notice" { 437 value 5; 438 description 439 "Notification Level Msg"; 440 } 441 enum "info" { 442 value 6; 443 description 444 "Informational Level Msg"; 445 } 446 enum "debug" { 447 value 7; 448 description 449 "Debugging Level Msg"; 450 } 451 } 452 description 453 "The definitions for Syslog message severity as per RFC 5424."; 454 } 456 identity syslog-facility { 457 description 458 "This identity is used as a base for all syslog facilities as 459 per RFC 5424."; 460 } 462 identity kern { 463 base syslog-facility; 464 description 465 "The facility for kernel messages (0) as defined in RFC 5424."; 466 } 468 identity user { 469 base syslog-facility; 470 description 471 "The facility for user-level messages (1) as defined in RFC 5424."; 472 } 474 identity mail { 475 base syslog-facility; 476 description 477 "The facility for the mail system (2) as defined in RFC 5424."; 478 } 480 identity daemon { 481 base syslog-facility; 482 description 483 "The facility for the system daemons (3) as defined in RFC 5424."; 484 } 486 identity auth { 487 base syslog-facility; 488 description 489 "The facility for security/authorization messages (4) as defined 490 in RFC 5424."; 491 } 493 identity syslog { 494 base syslog-facility; 495 description 496 "The facility for messages generated internally by syslogd 497 facility (5)as defined in RFC 5424."; 498 } 500 identity lpr { 501 base syslog-facility; 502 description 503 "The facility for the line printer subsystem (6) as defined in 504 RFC 5424."; 505 } 507 identity news { 508 base syslog-facility; 509 description 510 "The facility for the network news subsystem (7) as defined in 511 RFC 5424."; 512 } 514 identity uucp { 515 base syslog-facility; 516 description 517 "The facility for the UUCP subsystem (8) as defined in RFC 5424."; 518 } 520 identity cron { 521 base syslog-facility; 522 description 523 "The facility for the clock daemon (9) as defined in RFC 5424."; 525 } 527 identity authpriv { 528 base syslog-facility; 529 description 530 "The facility for privileged security/authorization messages (10) 531 as defined in RFC 5424."; 532 } 534 identity ftp { 535 base syslog-facility; 536 description 537 "The facility for the FTP daemon (11) as defined in RFC 5424."; 538 } 540 identity ntp { 541 base syslog-facility; 542 description 543 "The facility for the NTP subsystem (12) as defined in RFC 5424."; 544 } 546 identity audit { 547 base syslog-facility; 548 description 549 "The facility for log audit messages (13) as defined in RFC 5424."; 550 } 552 identity console { 553 base syslog-facility; 554 description 555 "The facility for log alert messages (14) as defined in RFC 5424."; 556 } 558 identity cron2 { 559 base syslog-facility; 560 description 561 "The facility for the second clock daemon (15) as defined in 562 RFC 5424."; 563 } 565 identity local0 { 566 base syslog-facility; 567 description 568 "The facility for local use 0 messages (16) as defined in 569 RFC 5424."; 570 } 572 identity local1 { 573 base syslog-facility; 574 description 575 "The facility for local use 1 messages (17) as defined in 576 RFC 5424."; 577 } 579 identity local2 { 580 base syslog-facility; 581 description 582 "The facility for local use 2 messages (18) as defined in 583 RFC 5424."; 584 } 586 identity local3 { 587 base syslog-facility; 588 description 589 "The facility for local use 3 messages (19) as defined in 590 RFC 5424."; 591 } 593 identity local4 { 594 base syslog-facility; 595 description 596 "The facility for local use 4 messages (20) as defined in 597 RFC 5424."; 598 } 600 identity local5 { 601 base syslog-facility; 602 description 603 "The facility for local use 5 messages (21) as defined in 604 RFC 5424."; 605 } 607 identity local6 { 608 base syslog-facility; 609 description 610 "The facility for local use 6 messages (22) as defined in 611 RFC 5424."; 612 } 614 identity local7 { 615 base syslog-facility; 616 description 617 "The facility for local use 7 messages (23) as defined in 618 RFC 5424."; 619 } 620 } 621 623 4.2. The ietf-syslog Module 625 This module imports typedefs from [RFC6021] and [RFC7223], and it 626 references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. 628 file "ietf-syslog.yang" 629 module ietf-syslog { 630 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 631 prefix syslog; 633 import ietf-inet-types { 634 prefix inet; 635 } 637 import ietf-interfaces { 638 prefix if; 639 } 641 //import ietf-tls-client { 642 // prefix tlsc; 643 //} 645 import ietf-syslog-types { 646 prefix syslogtypes; 647 } 649 organization "IETF NETMOD (NETCONF Data Modeling Language) 650 Working Group"; 651 contact 652 "WG Web: 653 WG List: 655 WG Chair: Lou Berger 656 658 WG Chair: Kent Watsen 659 661 Editor: Kiran Agrahara Sreenivasa 662 664 Editor: Clyde Wildes 665 "; 666 description 667 "This module contains a collection of YANG definitions 668 for syslog configuration. 670 Copyright (c) 2016 IETF Trust and the persons identified as 671 authors of the code. All rights reserved. 673 Redistribution and use in source and binary forms, with or 674 without modification, is permitted pursuant to, and subject to 675 the license terms contained in, the Simplified BSD License set 676 forth in Section 4.c of the IETF Trust's Legal Provisions 677 Relating to IETF Documents 678 (http://trustee.ietf.org/license-info). 680 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 681 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 682 'OPTIONAL' in the module text are to be interpreted as described 683 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 685 This version of this YANG module is part of RFC XXXX 686 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 687 full legal notices."; 689 reference 690 "RFC 5424: The Syslog Protocol 691 RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog 692 RFC 5426: Transmission of Syslog Messages over UDP 693 RFC 6587: Transmission of Syslog Messages over TCP 694 RFC 5848: Signed Syslog Messages"; 696 revision 2016-07-08 { 697 description 698 "Initial Revision"; 699 reference 700 "RFC XXXX: Syslog YANG Model"; 701 } 703 feature buffer-limit-bytes { 704 description 705 "This feature indicates that local memory logging buffers 706 are limited in size using a limit expressed in bytes."; 707 } 709 feature buffer-limit-messages { 710 description 711 "This feature indicates that local memory logging buffers 712 are limited in size using a limit expressed in number 713 of log messages."; 714 } 716 feature file-limit-size { 717 description 718 "This feature indicates that file logging resources 719 are managed using size and number limits."; 720 } 722 feature file-limit-duration { 723 description 724 "This feature indicates that file logging resources 725 are managed using time based limits."; 726 } 728 feature select-sev-compare { 729 description 730 "This feature represents the ability to select messages 731 using the additional operators equal to, or not equal to 732 when comparing the syslog message severity."; 733 } 735 feature select-match { 736 description 737 "This feature represents the ability to select messages based 738 on a Posix 1003.2 regular expression pattern match."; 739 } 741 feature structured-data { 742 description 743 "This feature represents the ability to log messages 744 in structured-data format as per RFC 5424."; 745 } 747 feature signed-messages { 748 description 749 "This feature represents the ability to configure signed 750 syslog messages according to RFC 5848."; 751 } 753 grouping log-severity { 754 description 755 "This grouping defines the severity value that is used to 756 select log messages."; 757 leaf severity { 758 type union { 759 type syslogtypes:severity; 760 type enumeration { 761 enum all { 762 value -1; 763 description 764 "This enum describes the case where all severities 765 are selected."; 767 } 768 enum none { 769 value -2; 770 description 771 "This enum describes the case where no severities 772 are selected."; 773 } 774 } 775 } 776 mandatory true; 777 description 778 "This leaf specifies the syslog message severity. When 779 severity is specified, the default severity comparison 780 is all messages of the specified severity and greater are 781 selected. 'all' is a special case which means all severities 782 are selected. 'none' is a special case which means that 783 no selection should occur or disable this filter."; 784 } 785 leaf compare-op { 786 when '../severity != "all" and 787 ../severity != "none"' { 788 description 789 "The compare-op is not applicable for severity 'all' or 790 severity 'none'"; 791 } 792 if-feature select-sev-compare; 793 type enumeration { 794 enum equals-or-higher { 795 description 796 "This enum specifies all messages of the specified 797 severity and higher are logged according to the 798 given log-action"; 799 } 800 enum equals { 801 description 802 "This enum specifies all messages that are for 803 the specified severity are logged according to the 804 given log-action"; 805 } 806 enum not-equals { 807 description 808 "This enum specifies all messages that are not for 809 the specified severity are logged according to the 810 given log-action"; 811 } 812 } 813 default equals-or-higher; 814 description 815 "This leaf describes the option to specify how the 816 severity comparison is performed."; 817 } 818 } 820 grouping selector { 821 description 822 "This grouping defines a syslog selector which is used to 823 select log messages for the log-action (buffer, file, 824 etc). Choose one of the following: 825 no-log-facility 826 log-facility [ ...]"; 827 container log-selector { 828 description 829 "This container describes the log selector parameters 830 for syslog."; 831 choice selector-facility { 832 mandatory true; 833 description 834 "This choice describes the option to specify no 835 facilities, or a specific facility which can be 836 all for all facilities."; 837 case no-log-facility { 838 description 839 "This case specifies no facilities will match when 840 comparing the syslog message facility. This is a 841 method that can be used to effectively disable a 842 particular log-action (buffer, file, etc)."; 843 leaf no-facilities { 844 type empty; 845 description 846 "This leaf specifies that no facilities are selected 847 for this log-action."; 848 } 849 } 850 case log-facility { 851 description 852 "This case specifies one or more specified facilities 853 will match when comparing the syslog message facility."; 854 list log-facility { 855 key facility; 856 description 857 "This list describes a collection of syslog 858 facilities and severities."; 859 leaf facility { 860 type union { 861 type identityref { 862 base syslogtypes:syslog-facility; 864 } 865 type enumeration { 866 enum all { 867 description 868 "This enum describes the case where all 869 facilities are requested."; 870 } 871 } 872 } 873 description 874 "The leaf uniquely identifies a syslog facility."; 875 } 876 uses log-severity; 877 } 878 } 879 } 880 leaf pattern-match { 881 if-feature select-match; 882 type string; 883 description 884 "This leaf desribes a Posix 1003.2 regular expression 885 string that can be used to select a syslog message for 886 logging. The match is performed on the RFC 5424 887 SYSLOG-MSG field."; 888 } 889 } 890 } 892 grouping structured-data { 893 description 894 "This grouping defines the syslog structured data option 895 which is used to select the format used to write log 896 messages."; 897 leaf structured-data { 898 if-feature structured-data; 899 type boolean; 900 default false; 901 description 902 "This leaf describes how log messages are written to 903 the log file. If true, messages will be written 904 with one or more STRUCTURED-DATA elements as per 905 RFC5424; if false, messages will be written with 906 STRUCTURED-DATA = NILVALUE."; 907 } 908 } 910 container syslog { 911 description 912 "This container describes the configuration parameters for 913 syslog."; 914 container actions { 915 description 916 "This container describes the log-action parameters 917 for syslog."; 918 container console { 919 presence "Enables logging console configuration"; 920 description 921 "This container describes the configuration parameters for 922 console logging."; 923 uses selector; 924 } 925 container buffer { 926 description 927 "This container describes the configuration parameters for 928 local memory buffer logging. The buffer is circular in 929 nature, so newer messages overwrite older messages after 930 the buffer is filled. The method used to read syslog messages 931 from the buffer is supplied by the local implementation."; 932 uses selector; 933 leaf buffer-limit-bytes { 934 if-feature buffer-limit-bytes; 935 type uint64; 936 units "bytes"; 937 description 938 "This leaf configures the amount of memory (in bytes) that 939 will be dedicated to the local memory logging buffer. 940 The default value varies by implementation."; 941 } 942 leaf buffer-limit-messages { 943 if-feature buffer-limit-messages; 944 type uint64; 945 units "log messages"; 946 description 947 "This leaf configures the number of log messages that 948 will be dedicated to the local memory logging buffer. 949 The default value varies by implementation."; 950 } 951 uses structured-data; 952 } 953 container file { 954 description 955 "This container describes the configuration parameters for 956 file logging. If file-archive limits are not supplied, it 957 is assumed that the local implementation defined limits will 958 be used."; 959 list log-file { 960 key "name"; 961 description 962 "This list describes a collection of local logging 963 files."; 964 leaf name { 965 type inet:uri { 966 pattern 'file:.*'; 967 } 968 description 969 "This leaf specifies the name of the log file which 970 MUST use the uri scheme file:."; 971 } 972 uses selector; 973 uses structured-data; 974 container file-archive { 975 description 976 "This container describes the configuration 977 parameters for log file archiving."; 978 leaf number-of-files { 979 if-feature file-limit-size; 980 type uint32; 981 description 982 "This leaf specifies the maximum number of log 983 files retained. Specify 1 for implementations 984 that only support one log file."; 985 } 986 leaf max-file-size { 987 if-feature file-limit-size; 988 type uint64; 989 units "megabytes"; 990 description 991 "This leaf specifies the maximum log file size."; 992 } 993 leaf rollover { 994 if-feature file-limit-duration; 995 type uint32; 996 units "minutes"; 997 description 998 "This leaf specifies the length of time that log 999 events should be written to a specific log file. 1000 Log events that arrive after the rollover period 1001 cause the current log file to be closed and a new 1002 log file to be opened."; 1003 } 1004 leaf retention { 1005 if-feature file-limit-duration; 1006 type uint16; 1007 units "hours"; 1008 description 1009 "This leaf specifies the length of time that 1010 completed/closed log event files should be stored 1011 in the file system before they are deleted."; 1012 } 1013 } 1014 } 1015 } 1016 container remote { 1017 description 1018 "This container describes the configuration parameters for 1019 forwarding syslog messages to remote relays or collectors."; 1020 list destination { 1021 key "name"; 1022 description 1023 "This list describes a collection of remote logging 1024 destinations."; 1025 leaf name { 1026 type string; 1027 description 1028 "An arbitrary name for the endpoint to connect to."; 1029 } 1030 choice transport { 1031 mandatory true; 1032 description 1033 "This choice describes the transport option."; 1034 case tcp { 1035 container tcp { 1036 description 1037 "This container describes the TCP transport 1038 options."; 1039 reference 1040 "RFC 6587: Transmission of Syslog Messages over TCP"; 1041 leaf address { 1042 type inet:host; 1043 description 1044 "The leaf uniquely specifies the address of 1045 the remote host. One of the following must 1046 be specified: an ipv4 address, an ipv6 1047 address, or a host name."; 1048 } 1049 leaf port { 1050 type inet:port-number; 1051 default 514; 1052 description 1053 "This leaf specifies the port number used to 1054 deliver messages to the remote server."; 1055 } 1057 } 1058 } 1059 case udp { 1060 container udp { 1061 description 1062 "This container describes the UDP transport 1063 options."; 1064 reference 1065 "RFC 5426: Transmission of Syslog Messages over UDP"; 1066 leaf address { 1067 type inet:host; 1068 description 1069 "The leaf uniquely specifies the address of 1070 the remote host. One of the following must be 1071 specified: an ipv4 address, an ipv6 address, 1072 or a host name."; 1073 } 1074 leaf port { 1075 type inet:port-number; 1076 default 514; 1077 description 1078 "This leaf specifies the port number used to 1079 deliver messages to the remote server."; 1080 } 1081 } 1082 } 1083 case tls { 1084 container tls { 1085 description 1086 "This container describes the TLS transport options."; 1087 reference 1088 "RFC 5425: Transport Layer Security (TLS) Transport 1089 Mapping for Syslog "; 1090 // uses tlsc:initiating-tls-client-grouping { 1091 // refine port { 1092 // default 6514; 1093 // description 1094 // "TCP port 6514 has been allocated as the default 1095 // port for syslog over TLS."; 1096 // } 1097 // } 1098 } 1099 } 1100 } 1101 uses selector; 1102 leaf destination-facility { 1103 type identityref { 1104 base syslogtypes:syslog-facility; 1106 } 1107 default syslogtypes:local7; 1108 description 1109 "This leaf specifies the facility used in messages 1110 delivered to the remote server."; 1111 } 1112 leaf source-interface { 1113 type if:interface-ref; 1114 description 1115 "This leaf sets the source interface for the remote 1116 syslog server. Either the interface name or the 1117 interface IP address can be specified. If not set, 1118 messages sent to a remote syslog server will 1119 contain the IP address of the interface the syslog 1120 message uses to exit the network element"; 1121 } 1122 uses structured-data; 1123 container syslog-sign { 1124 if-feature signed-messages; 1125 presence 1126 "If present, syslog-sign is activated."; 1127 description 1128 "This container describes the configuration 1129 parameters for signed syslog messages as described 1130 by RFC 5848."; 1131 reference 1132 "RFC 5848: Signed Syslog Messages"; 1133 leaf cert-initial-repeat { 1134 type uint16; 1135 mandatory true; 1136 description 1137 "This leaf specifies the number of times each 1138 Certificate Block should be sent before the first 1139 message is sent."; 1140 } 1141 leaf cert-resend-delay { 1142 type uint16; 1143 mandatory true; 1144 description 1145 "This leaf specifies the maximum time delay in 1146 seconds until resending the Certificate Block."; 1147 } 1148 leaf cert-resend-count { 1149 type uint16; 1150 mandatory true; 1151 description 1152 "This leaf specifies the maximum number of other 1153 syslog messages to send until resending the 1154 Certificate Block."; 1155 } 1156 leaf sig-max-delay { 1157 type uint16; 1158 mandatory true; 1159 description 1160 "This leaf specifies when to generate a new 1161 Signature Block. If this many seconds have 1162 elapsed since the message with the first message 1163 number of the Signature Block was sent, a new 1164 Signature Block should be generated."; 1165 } 1166 leaf sig-number-resends { 1167 type uint16; 1168 mandatory true; 1169 description 1170 "This leaf specifies the number of times a 1171 Signature Block is resent. (It is recommended to 1172 select a value of greater than 0 in particular 1173 when the UDP transport [RFC5426] is used.)."; 1174 } 1175 leaf sig-resend-delay { 1176 type uint16; 1177 mandatory true; 1178 description 1179 "This leaf specifies when to send the next 1180 Signature Block transmission based on time. If 1181 this many seconds have elapsed since the previous 1182 sending of this Signature Block, resend it."; 1183 } 1184 leaf sig-resend-count { 1185 type uint16; 1186 mandatory true; 1187 description 1188 "This leaf specifies when to send the next 1189 Signature Block transmission based on a count. 1190 If this many other syslog messages have been sent 1191 since the previous sending of this Signature 1192 Block, resend it."; 1193 } 1194 } 1195 } 1196 } 1197 container session { 1198 description 1199 "This container describes the configuration parameters for 1200 user CLI session logging configuration."; 1201 container all-users { 1202 presence "Enables logging to all user sessions."; 1203 description 1204 "This container describes the configuration 1205 parameters for all users."; 1206 uses selector; 1207 } 1208 list user { 1209 key "name"; 1210 description 1211 "This list describes a collection of user names."; 1212 leaf name { 1213 type string; 1214 description 1215 "This leaf uniquely describes a user name which 1216 is the login name of the user whose session 1217 is to receive log messages."; 1218 } 1219 uses selector; 1220 } 1221 } 1222 } 1223 } 1224 } 1225 1227 5. Usage Examples 1229 Requirement: 1230 Enable console logging of syslogs of severity critical 1232 Here is the example syslog configuration xml: 1233 1234 1235 1236 1237 1238 1239 1241 1242 1243 1244 1245 all 1246 critical 1247 1248 1249 1251 1252 1253 1254 1255 1257 1258 1259 1260 1262 Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 1263 for facility auth, severity error 1265 1266 1267 1268 1269 1270 1271 1273 1274 1275 1276 remote1 1277 1278
2001:db8:a0b:12f0::1
1279 1280 1281 1282 1284 syslogtypes:auth 1285 error 1286 1287 1288 1289 1290 1291 1292 1293 1294 1296 1297 1298 1299 1301 6. Acknowledgements 1303 The authors wish to thank the following who commented on this 1304 proposal: 1306 Martin Bjorklund 1307 Jim Gibson 1308 Jeffrey Haas 1309 John Heasley 1310 Giles Heron 1311 Lisa Huang 1312 Mahesh Jethanandani 1313 Jeffrey K Lange 1314 Jan Lindblad 1315 Chris Lonvick 1316 Tom Petch 1317 Juergen Schoenwaelder 1318 Jason Sterne 1319 Peter Van Horne 1320 Bert Wijnen 1321 Aleksandr Zhdankin 1323 7. IANA Considerations 1325 This document registers two URIs in the IETF XML registry [RFC3688]. 1327 Following the format in RFC 3688, the following registration is 1328 requested to be made: 1330 URI: urn:ietf:params:xml:ns:yang:ietf-syslog-types 1332 Registrant Contact: The IESG. 1334 XML: N/A, the requested URI is an XML namespace. 1336 This document registers a YANG module in the YANG Module Names 1337 registry [RFC6020]. 1339 name: ietf-syslog-types namespace: urn:ietf:params:xml:ns:yang:ietf- 1340 syslog-types 1342 prefix: ietf-syslog-types reference: RFC XXXX 1344 Following the format in RFC 3688, the following registration is 1345 requested to be made: 1347 URI: urn:ietf:params:xml:ns:yang:ietf-syslog 1349 Registrant Contact: The IESG. 1351 XML: N/A, the requested URI is an XML namespace. 1353 This document registers a YANG module in the YANG Module Names 1354 registry [RFC6020]. 1356 name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog 1358 prefix: ietf-syslog 1360 reference: RFC XXXX 1362 8. Security Considerations 1364 The YANG module defined in this memo is designed to be accessed via 1365 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1366 secure transport layer and the mandatory-to-implement secure 1367 transport is SSH [RFC6242]. The NETCONF access control model 1368 [RFC6536] provides the means to restrict access for particular 1369 NETCONF users to a pre-configured subset of all available NETCONF 1370 protocol operations and content. 1372 There are a number of data nodes defined in the YANG module which are 1373 writable/creatable/deletable (i.e., config true, which is the 1374 default). These data nodes may be considered sensitive or vulnerable 1375 in some network environments. Write operations (e.g., ) 1376 to these data nodes without proper protection can have a negative 1377 effect on network operations. 1379 8.1. Resource Constraints 1381 Network administrators must take the time to estimate the appropriate 1382 memory limits caused by the configuration of actions/buffer using 1383 buffer-limit-bytes and/or buffer-limit-messages where necessary to 1384 limit the amount of memory used. 1386 Network administrators must take the time to estimate the appropriate 1387 storage capacity caused by the configuration of actions/file using 1388 file-archive attributes to limit storage used. 1390 It is the responsibility of the network admisintrator to ensure that 1391 the configured message flow does not overwhelm system resources. 1393 8.2. Inappropriate Configuration 1395 It is the responsibility of the network admisintrator to ensure that 1396 the messages are actually going to the intended recipients. 1398 9. References 1400 9.1. Normative References 1402 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1403 Requirement Levels", BCP 14, RFC 2119, 1404 DOI 10.17487/RFC2119, March 1997, 1405 . 1407 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 1408 DOI 10.17487/RFC5424, March 2009, 1409 . 1411 [RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed., 1412 "Transport Layer Security (TLS) Transport Mapping for 1413 Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009, 1414 . 1416 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", 1417 RFC 5426, DOI 10.17487/RFC5426, March 2009, 1418 . 1420 [RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog 1421 Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, 1422 . 1424 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1425 the Network Configuration Protocol (NETCONF)", RFC 6020, 1426 DOI 10.17487/RFC6020, October 2010, 1427 . 1429 [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", 1430 RFC 6021, DOI 10.17487/RFC6021, October 2010, 1431 . 1433 [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog 1434 Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April 1435 2012, . 1437 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1438 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1439 . 1441 9.2. Informative References 1443 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1444 DOI 10.17487/RFC3688, January 2004, 1445 . 1447 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1448 and A. Bierman, Ed., "Network Configuration Protocol 1449 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1450 . 1452 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1453 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1454 . 1456 Appendix A. Implementor Guidelines 1458 A.1. Extending Facilities 1460 Many vendors extend the list of facilities available for logging in 1461 their implementation. Additional facilities may not work with the 1462 syslog protocol as defined in [RFC5424] and hence such facilities 1463 apply for local syslog-like logging functionality. 1465 The following is an example that shows how additional facilities 1466 could be added to the list of available facilities (in this example 1467 two facilities are added): 1469 module vendor-syslog-types-example { 1470 namespace "urn:vendor:params:xml:ns:yang:vendor-syslog-types"; 1471 prefix vendor-syslogtypes; 1473 import ietf-syslog-types { 1474 prefix syslogtypes; 1475 } 1477 organization "Vendor, Inc."; 1478 contact 1479 "Vendor, Inc. 1480 Customer Service 1482 E-mail: syslog-yang@vendor.com"; 1484 description 1485 "This module contains a collection of vendor-sprecific YANG type 1486 definitions for SYSLOG."; 1488 revision 2016-03-20 { 1489 description 1490 "Version 1.0"; 1491 reference 1492 "Vendor SYSLOG Types: SYSLOG YANG Model"; 1493 } 1495 identity vendor_specific_type_1 { 1496 base syslogtypes:syslog-facility; 1497 } 1499 identity vendor_specific_type_2 { 1500 base syslogtypes:syslog-facility; 1501 } 1502 } 1504 Authors' Addresses 1506 Clyde Wildes (editor) 1507 Cisco Systems Inc. 1508 170 West Tasman Drive 1509 San Jose, CA 95134 1510 US 1512 Phone: +1 408 527-2672 1513 Email: cwildes@cisco.com 1514 Kiran Koushik (editor) 1515 Cisco Systems Inc. 1516 12515Research Blvd., Building 4 1517 Austin, TX 78759 1518 US 1520 Phone: +1 512 378-1482 1521 Email: kkoushik@cisco.com