idnits 2.17.1 draft-ietf-netmod-syslog-model-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 17 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 208 has weird spacing: '... rw for c...' == Line 209 has weird spacing: '... ro for n...' == Line 311 has weird spacing: '...-repeat uin...' -- The document date (October 31, 2016) is 2732 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6536' is mentioned on line 1348, but not defined ** Obsolete undefined reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) ** Downref: Normative reference to an Historic RFC: RFC 6587 ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) Summary: 5 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG C. Wildes, Ed. 3 Internet-Draft K. Koushik, Ed. 4 Intended status: Standards Track Cisco Systems Inc. 5 Expires: May 4, 2017 October 31, 2016 7 A YANG Data Model for Syslog Configuration 8 draft-ietf-netmod-syslog-model-10 10 Abstract 12 This document describes a data model for the configuration of syslog. 14 Status of This Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on May 4, 2017. 31 Copyright Notice 33 Copyright (c) 2016 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with respect 41 to this document. Code Components extracted from this document must 42 include Simplified BSD License text as described in Section 4.e of 43 the Trust Legal Provisions and are provided without warranty as 44 described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 50 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 3 53 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 54 4. Syslog YANG Modules . . . . . . . . . . . . . . . . . . . . . 8 55 4.1. The ietf-syslog-types Module . . . . . . . . . . . . . . 8 56 4.2. The ietf-syslog Module . . . . . . . . . . . . . . . . . 14 57 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 26 58 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 60 8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 61 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . 29 62 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 30 63 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 64 9.1. Normative References . . . . . . . . . . . . . . . . . . 30 65 9.2. Informative References . . . . . . . . . . . . . . . . . 31 66 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . 31 67 A.1. Extending Facilities . . . . . . . . . . . . . . . . . . 31 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 70 1. Introduction 72 Operating systems, processes and applications generate messages 73 indicating their own status or the occurrence of events. These 74 messages are useful for managing and/or debugging the network and its 75 services. The BSD syslog protocol is a widely adopted protocol that 76 is used for transmission and processing of the messages. 78 Since each process, application and operating system was written 79 somewhat independently, there is little uniformity to the content of 80 syslog messages. For this reason, no assumption is made upon the 81 formatting or contents of the messages. The protocol is simply 82 designed to transport these event messages. No acknowledgement of 83 the receipt is made. 85 Essentially, a syslog process receives messages (from the kernel, 86 processes, applications or other syslog processes) and processes 87 those. The processing involves logging to a local file, displaying 88 on console, user terminal, and/or relaying to syslog processes on 89 other machines. The processing is determined by the "facility" that 90 originated the message and the "severity" assigned to the message by 91 the facility. 93 We are using definitions of syslog protocol from [RFC5424] in this 94 RFC. 96 1.1. Requirements Language 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 100 document are to be interpreted as described in RFC 2119 [RFC2119]. 102 1.2. Terminology 104 The term "originator" is defined in [RFC5424]: an "originator" 105 generates syslog content to be carried in a message. 107 The terms "relay" and "collectors" are as defined in [RFC5424]. 109 2. Problem Statement 111 This document defines a YANG [RFC6020] configuration data model that 112 may be used to configure the syslog feature running on a system. 113 YANG models can be used with network management protocols such as 114 NETCONF [RFC6241] to install, manipulate, and delete the 115 configuration of network devices. 117 The data model makes use of the YANG "feature" construct which allows 118 implementations to support only those syslog features that lie within 119 their capabilities. 121 This module can be used to configure the syslog application 122 conceptual layers as implemented on the target system [RFC5424]. 124 3. Design of the Syslog Model 126 The syslog model was designed by comparing various syslog features 127 implemented by various vendors' in different implementations. 129 This draft addresses the common leafs between implementations and 130 creates a common model, which can be augmented with proprietary 131 features, if necessary. The base model is designed to be very simple 132 for maximum flexibility. 134 Syslog consists of originators, and collectors. The following digram 135 shows syslog messages flowing from an originator, to collectors where 136 suppression filtering can take place. 138 Many vendors extend the list of facilities available for logging in 139 their implementation. An example is included in Extending Facilities 140 (Appendix A.1). 142 Originators 143 +-------------+ +-------------+ +-------------+ +-------------+ 144 | Various | | OS | | | | Remote | 145 | Components | | Kernel | | Line Cards | | Servers | 146 +-------------+ +-------------+ +-------------+ +-------------+ 148 +-------------+ +-------------+ +-------------+ +-------------+ 149 | SNMP | | Interface | | Standby | | Syslog | 150 | Events | | Events | | Supervisor | | Itself | 151 +-------------+ +-------------+ +-------------+ +-------------+ 153 | | 154 +----------------------------------------------------------------+ 155 | 156 | 157 | 158 | 159 +-----------+------------+--------------+ 160 | | | | 161 v v v | 162 Collectors | 163 +----------+ +----------+ +----------+ | 164 | | | Log | | Log | | 165 | Console | | Buffer | | File(s) | | 166 +----------+ +----------+ +----------+ | 167 | 168 +-+-------------+ 169 | | 170 v v 172 +----------------+ +-----------+ 173 |Remote Relay(s)/| |User | 174 |Collectors(s) | |Sessions(s)| 175 +----------------+ +-----------+ 177 Figure 1. Syslog Processing Flow 179 The leaves in the base syslog model log-actions container correspond 180 to each message collector: 182 console 183 log buffer 184 log file(s) 185 remote relay(s)/collector(s) 186 user session(s). 188 Optional features are used to specified functionality that is present 189 in specific vendor configurations. 191 3.1. Syslog Module 193 A simplified graphical representation of the complete data tree is 194 presented here. 196 Each node is printed as: 198 200 is one of: 202 + for current 203 x for deprecated 204 o for obsolete 206 is one of: 208 rw for configuration data 209 ro for non-configuration data 210 -x for rpcs 211 -n for notifications 213 is the name of the node 215 () means that the node is a choice node 216 :() means that the node is a case node 218 If the node is augmented into the tree from another module, its name 219 is printed as :. 221 is one of: 223 ? for an optional leaf or choice 224 ! for a presence container 225 * for a leaf-list or list 226 [] for a list's keys 228 is the name of the type for leafs and leaf-lists 230 If the type is a leafref, the type is printed as "-> TARGET", where 231 TARGET is either the leafref path, with prefixed removed if possible. 233 is the list of features this node depends on, printed 234 within curly brackets and a question mark "{...}?" 236 module: ietf-syslog 237 +--rw syslog 238 +--rw actions 239 +--rw console! 240 | +--rw selector 241 | +--rw (selector-facility) 242 | | +--:(facility) 243 | | | +--rw no-facilities? empty 244 | | +--:(name) 245 | | +--rw facility* [facility] 246 | | +--rw facility union 247 | | +--rw severity union 248 | | +--rw compare-op? enumeration {select-sev-compare}? 249 | +--rw pattern-match? string {select-match}? 250 +--rw buffer 251 | +--rw selector 252 | | +--rw (selector-facility) 253 | | | +--:(facility) 254 | | | | +--rw no-facilities? empty 255 | | | +--:(name) 256 | | | +--rw facility* [facility] 257 | | | +--rw facility union 258 | | | +--rw severity union 259 | | | +--rw compare-op? enumeration {select-sev-compare}? 260 | | +--rw pattern-match? string {select-match}? 261 | +--rw structured-data? boolean {structured-data}? 262 | +--rw buffer-limit-bytes? uint64 {buffer-limit-bytes}? 263 | +--rw buffer-limit-messages? uint64 {buffer-limit-messages}? 264 +--rw file 265 | +--rw log-file* [name] 266 | +--rw name inet:uri 267 | +--rw selector 268 | | +--rw (selector-facility) 269 | | | +--:(facility) 270 | | | | +--rw no-facilities? empty 271 | | | +--:(name) 272 | | | +--rw facility* [facility] 273 | | | +--rw facility union 274 | | | +--rw severity union 275 | | | +--rw compare-op? enumeration {select-sev-compare}? 276 | | +--rw pattern-match? string {select-match}? 277 | +--rw structured-data? boolean {structured-data}? 278 | +--rw file-rotation 279 | +--rw number-of-files? uint32 {file-limit-size}? 280 | +--rw max-file-size? uint64 {file-limit-size}? 281 | +--rw rollover? uint32 {file-limit-duration}? 282 | +--rw retention? uint16 {file-limit-duration}? 283 +--rw remote 284 | +--rw destination* [name] 285 | +--rw name string 286 | +--rw (transport) 287 | | +--:(tcp) 288 | | | +--rw tcp 289 | | | +--rw address? inet:host 290 | | | +--rw port? inet:port-number 291 | | +--:(udp) 292 | | | +--rw udp 293 | | | +--rw address? inet:host 294 | | | +--rw port? inet:port-number 295 | | +--:(tls) 296 | | +--rw tls 297 | +--rw selector 298 | | +--rw (selector-facility) 299 | | | +--:(facility) 300 | | | | +--rw no-facilities? empty 301 | | | +--:(name) 302 | | | +--rw facility* [facility] 303 | | | +--rw facility union 304 | | | +--rw severity union 305 | | | +--rw compare-op? enumeration {select-sev-compare}? 306 | | +--rw pattern-match? string {select-match}? 307 | +--rw structured-data? boolean {structured-data}? 308 | +--rw facility-override? identityref 309 | +--rw source-interface? if:interface-ref 310 | +--rw syslog-sign! {signed-messages}? 311 | +--rw cert-initial-repeat uint16 312 | +--rw cert-resend-delay uint16 313 | +--rw cert-resend-count uint16 314 | +--rw sig-max-delay uint16 315 | +--rw sig-number-resends uint16 316 | +--rw sig-resend-delay uint16 317 | +--rw sig-resend-count uint16 318 +--rw session 319 +--rw all-users! 320 | +--rw selector 321 | +--rw (selector-facility) 322 | | +--:(facility) 323 | | | +--rw no-facilities? empty 324 | | +--:(name) 325 | | +--rw facility* [facility] 326 | | +--rw facility union 327 | | +--rw severity union 328 | | +--rw compare-op? enumeration {select-sev-compare}? 329 | +--rw pattern-match? string {select-match}? 330 +--rw user* [name] 331 +--rw name string 332 +--rw selector 333 +--rw (selector-facility) 334 | +--:(facility) 335 | | +--rw no-facilities? empty 336 | +--:(name) 337 | +--rw facility* [facility] 338 | +--rw facility union 339 | +--rw severity union 340 | +--rw compare-op? enumeration {select-sev-compare}? 341 +--rw pattern-match? string {select-match}? 343 Figure 2. ietf-syslog Module Tree 345 4. Syslog YANG Modules 347 4.1. The ietf-syslog-types Module 349 This module references [RFC5424]. 351 file "ietf-syslog-types.yang" 352 module ietf-syslog-types { 353 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 354 prefix syslogtypes; 356 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 357 Group"; 358 contact 359 "WG Web: 360 WG List: 362 WG Chair: Lou Berger 363 365 WG Chair: Kent Watsen 366 368 Editor: Kiran Agrahara Sreenivasa 369 371 Editor: Clyde Wildes 372 "; 373 description 374 "This module contains a collection of YANG type definitions for 375 SYSLOG. 377 Copyright (c) 2016 IETF Trust and the persons identified as 378 authors of the code. All rights reserved. 380 Redistribution and use in source and binary forms, with or 381 without modification, is permitted pursuant to, and subject to 382 the license terms contained in, the Simplified BSD License set 383 forth in Section 4.c of the IETF Trust's Legal Provisions 384 Relating to IETF Documents 385 (http://trustee.ietf.org/license-info). 387 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 388 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 389 'OPTIONAL' in the module text are to be interpreted as described 390 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 392 This version of this YANG module is part of RFC XXXX 393 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 394 full legal notices."; 396 reference 397 "RFC 5424: The Syslog Protocol"; 399 revision 2016-10-30 { 400 description 401 "Initial Revision"; 402 reference 403 "RFC XXXX: SYSLOG YANG Model"; 404 } 406 typedef severity { 407 type enumeration { 408 enum "emergency" { 409 value 0; 410 description 411 "The severity level 'Emergency' indicating that the system 412 is unusable."; 413 } 414 enum "alert" { 415 value 1; 416 description 417 "The severity level 'Alert' indicating that an action must be 418 taken immediately."; 419 } 420 enum "critical" { 421 value 2; 422 description 423 "The severity level 'Critical' indicating a critical condition."; 424 } 425 enum "error" { 426 value 3; 427 description 428 "The severity level 'Error' indicating an error condition."; 429 } 430 enum "warning" { 431 value 4; 432 description 433 "The severity level 'Warning' indicating a warning condition."; 434 } 435 enum "notice" { 436 value 5; 437 description 438 "The severity level 'Notice' indicating a normal but significant 439 condition."; 440 } 441 enum "info" { 442 value 6; 443 description 444 "The severity level 'Info' indicating an informational message."; 445 } 446 enum "debug" { 447 value 7; 448 description 449 "The severity level 'Debug' indicating a debug-level message."; 450 } 451 } 452 description 453 "The definitions for Syslog message severity as per RFC 5424."; 454 } 456 identity syslog-facility { 457 description 458 "This identity is used as a base for all syslog facilities as 459 per RFC 5424."; 460 } 462 identity kern { 463 base syslog-facility; 464 description 465 "The facility for kernel messages (0) as defined in RFC 5424."; 466 } 468 identity user { 469 base syslog-facility; 470 description 471 "The facility for user-level messages (1) as defined in RFC 5424."; 472 } 474 identity mail { 475 base syslog-facility; 476 description 477 "The facility for the mail system (2) as defined in RFC 5424."; 478 } 479 identity daemon { 480 base syslog-facility; 481 description 482 "The facility for the system daemons (3) as defined in RFC 5424."; 483 } 485 identity auth { 486 base syslog-facility; 487 description 488 "The facility for security/authorization messages (4) as defined 489 in RFC 5424."; 490 } 492 identity syslog { 493 base syslog-facility; 494 description 495 "The facility for messages generated internally by syslogd 496 facility (5) as defined in RFC 5424."; 497 } 499 identity lpr { 500 base syslog-facility; 501 description 502 "The facility for the line printer subsystem (6) as defined in 503 RFC 5424."; 504 } 506 identity news { 507 base syslog-facility; 508 description 509 "The facility for the network news subsystem (7) as defined in 510 RFC 5424."; 511 } 513 identity uucp { 514 base syslog-facility; 515 description 516 "The facility for the UUCP subsystem (8) as defined in RFC 5424."; 517 } 519 identity cron { 520 base syslog-facility; 521 description 522 "The facility for the clock daemon (9) as defined in RFC 5424."; 523 } 525 identity authpriv { 526 base syslog-facility; 527 description 528 "The facility for privileged security/authorization messages (10) 529 as defined in RFC 5424."; 530 } 532 identity ftp { 533 base syslog-facility; 534 description 535 "The facility for the FTP daemon (11) as defined in RFC 5424."; 536 } 538 identity ntp { 539 base syslog-facility; 540 description 541 "The facility for the NTP subsystem (12) as defined in RFC 5424."; 542 } 544 identity audit { 545 base syslog-facility; 546 description 547 "The facility for log audit messages (13) as defined in RFC 5424."; 548 } 550 identity console { 551 base syslog-facility; 552 description 553 "The facility for log alert messages (14) as defined in RFC 5424."; 554 } 556 identity cron2 { 557 base syslog-facility; 558 description 559 "The facility for the second clock daemon (15) as defined in 560 RFC 5424."; 561 } 563 identity local0 { 564 base syslog-facility; 565 description 566 "The facility for local use 0 messages (16) as defined in 567 RFC 5424."; 568 } 570 identity local1 { 571 base syslog-facility; 572 description 573 "The facility for local use 1 messages (17) as defined in 574 RFC 5424."; 576 } 578 identity local2 { 579 base syslog-facility; 580 description 581 "The facility for local use 2 messages (18) as defined in 582 RFC 5424."; 583 } 585 identity local3 { 586 base syslog-facility; 587 description 588 "The facility for local use 3 messages (19) as defined in 589 RFC 5424."; 590 } 592 identity local4 { 593 base syslog-facility; 594 description 595 "The facility for local use 4 messages (20) as defined in 596 RFC 5424."; 597 } 599 identity local5 { 600 base syslog-facility; 601 description 602 "The facility for local use 5 messages (21) as defined in 603 RFC 5424."; 604 } 606 identity local6 { 607 base syslog-facility; 608 description 609 "The facility for local use 6 messages (22) as defined in 610 RFC 5424."; 611 } 613 identity local7 { 614 base syslog-facility; 615 description 616 "The facility for local use 7 messages (23) as defined in 617 RFC 5424."; 618 } 619 } 620 622 Figure 3. ietf-syslog-types Module 624 4.2. The ietf-syslog Module 626 This module imports typedefs from [RFC6021] and [RFC7223], and it 627 references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. 629 file "ietf-syslog.yang" 630 module ietf-syslog { 631 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 632 prefix syslog; 634 import ietf-inet-types { 635 prefix inet; 636 } 638 import ietf-interfaces { 639 prefix if; 640 } 642 //import ietf-tls-client { 643 // prefix tlsc; 644 //} 646 import ietf-syslog-types { 647 prefix syslogtypes; 648 } 650 organization "IETF NETMOD (NETCONF Data Modeling Language) 651 Working Group"; 652 contact 653 "WG Web: 654 WG List: 656 WG Chair: Lou Berger 657 659 WG Chair: Kent Watsen 660 662 Editor: Kiran Agrahara Sreenivasa 663 665 Editor: Clyde Wildes 666 "; 667 description 668 "This module contains a collection of YANG definitions 669 for syslog configuration. 671 Copyright (c) 2016 IETF Trust and the persons identified as 672 authors of the code. All rights reserved. 674 Redistribution and use in source and binary forms, with or 675 without modification, is permitted pursuant to, and subject to 676 the license terms contained in, the Simplified BSD License set 677 forth in Section 4.c of the IETF Trust's Legal Provisions 678 Relating to IETF Documents 679 (http://trustee.ietf.org/license-info). 681 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 682 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 683 'OPTIONAL' in the module text are to be interpreted as described 684 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 686 This version of this YANG module is part of RFC XXXX 687 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 688 full legal notices."; 690 reference 691 "RFC 5424: The Syslog Protocol 692 RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog 693 RFC 5426: Transmission of Syslog Messages over UDP 694 RFC 6587: Transmission of Syslog Messages over TCP 695 RFC 5848: Signed Syslog Messages"; 697 revision 2016-10-30 { 698 description 699 "Initial Revision"; 700 reference 701 "RFC XXXX: Syslog YANG Model"; 702 } 704 feature buffer-limit-bytes { 705 description 706 "This feature indicates that local memory logging buffers 707 are limited in size using a limit expressed in bytes."; 708 } 710 feature buffer-limit-messages { 711 description 712 "This feature indicates that local memory logging buffers 713 are limited in size using a limit expressed in number 714 of log messages."; 715 } 717 feature file-limit-size { 718 description 719 "This feature indicates that file logging resources 720 are managed using size and number limits."; 721 } 723 feature file-limit-duration { 724 description 725 "This feature indicates that file logging resources 726 are managed using time based limits."; 727 } 729 feature select-sev-compare { 730 description 731 "This feature represents the ability to select messages 732 using the additional operators equal to, or not equal to 733 when comparing the syslog message severity."; 734 } 736 feature select-match { 737 description 738 "This feature represents the ability to select messages based 739 on a Posix 1003.2 regular expression pattern match."; 740 } 742 feature structured-data { 743 description 744 "This feature represents the ability to log messages 745 in structured-data format as per RFC 5424."; 746 } 748 feature signed-messages { 749 description 750 "This feature represents the ability to configure signed 751 syslog messages according to RFC 5848."; 752 } 754 grouping log-severity { 755 description 756 "This grouping defines the severity value that is used to 757 select log messages."; 758 leaf severity { 759 type union { 760 type syslogtypes:severity; 761 type enumeration { 762 enum all { 763 value -1; 764 description 765 "This enum describes the case where all severities 766 are selected."; 767 } 768 enum none { 769 value -2; 770 description 771 "This enum describes the case where no severities 772 are selected."; 773 } 774 } 775 } 776 mandatory true; 777 description 778 "This leaf specifies the syslog message severity. When 779 severity is specified, the default severity comparison 780 is all messages of the specified severity and greater are 781 selected. 'all' is a special case which means all severities 782 are selected. 'none' is a special case which means that 783 no selection should occur or disable this filter."; 784 } 785 leaf compare-op { 786 when '../severity != "all" and 787 ../severity != "none"' { 788 description 789 "The compare-op is not applicable for severity 'all' or 790 severity 'none'"; 791 } 792 if-feature select-sev-compare; 793 type enumeration { 794 enum equals-or-higher { 795 description 796 "This enum specifies all messages of the specified 797 severity and higher are logged according to the 798 given log-action"; 799 } 800 enum equals { 801 description 802 "This enum specifies all messages that are for 803 the specified severity are logged according to the 804 given log-action"; 805 } 806 enum not-equals { 807 description 808 "This enum specifies all messages that are not for 809 the specified severity are logged according to the 810 given log-action"; 811 } 812 } 813 default equals-or-higher; 814 description 815 "This leaf describes the option to specify how the 816 severity comparison is performed."; 817 } 818 } 820 grouping selector { 821 description 822 "This grouping defines a syslog selector which is used to 823 select log messages for the log-action (buffer, file, 824 etc). Choose one of the following: 825 no-facility 826 facility [ ...]"; 827 container selector { 828 description 829 "This container describes the log selector parameters 830 for syslog."; 831 choice selector-facility { 832 mandatory true; 833 description 834 "This choice describes the option to specify no 835 facilities, or a specific facility which can be 836 all for all facilities."; 837 case facility { 838 description 839 "This case specifies no facilities will match when 840 comparing the syslog message facility. This is a 841 method that can be used to effectively disable a 842 particular log-action (buffer, file, etc)."; 843 leaf no-facilities { 844 type empty; 845 description 846 "This leaf specifies that no facilities are selected 847 for this log-action."; 848 } 849 } 850 case name { 851 description 852 "This case specifies one or more specified facilities 853 will match when comparing the syslog message facility."; 854 list facility { 855 key facility; 856 description 857 "This list describes a collection of syslog 858 facilities and severities."; 859 leaf facility { 860 type union { 861 type identityref { 862 base syslogtypes:syslog-facility; 863 } 864 type enumeration { 865 enum all { 866 description 867 "This enum describes the case where all 868 facilities are requested."; 869 } 870 } 871 } 872 description 873 "The leaf uniquely identifies a syslog facility."; 874 } 875 uses log-severity; 876 } 877 } 878 } 879 leaf pattern-match { 880 if-feature select-match; 881 type string; 882 description 883 "This leaf desribes a Posix 1003.2 regular expression 884 string that can be used to select a syslog message for 885 logging. The match is performed on the RFC 5424 886 SYSLOG-MSG field."; 887 } 888 } 889 } 891 grouping structured-data { 892 description 893 "This grouping defines the syslog structured data option 894 which is used to select the format used to write log 895 messages."; 896 leaf structured-data { 897 if-feature structured-data; 898 type boolean; 899 default false; 900 description 901 "This leaf describes how log messages are written to 902 the log file. If true, messages will be written 903 with one or more STRUCTURED-DATA elements as per 904 RFC5424; if false, messages will be written with 905 STRUCTURED-DATA = NILVALUE."; 906 } 907 } 909 container syslog { 910 description 911 "This container describes the configuration parameters for 912 syslog."; 913 container actions { 914 description 915 "This container describes the log-action parameters 916 for syslog."; 917 container console { 918 presence "Enables logging console configuration"; 919 description 920 "This container describes the configuration parameters for 921 console logging."; 922 uses selector; 923 } 924 container buffer { 925 description 926 "This container describes the configuration parameters for 927 local memory buffer logging. The buffer is circular in 928 nature, so newer messages overwrite older messages after 929 the buffer is filled. The method used to read syslog messages 930 from the buffer is supplied by the local implementation."; 931 uses selector; 932 uses structured-data; 933 leaf buffer-limit-bytes { 934 if-feature buffer-limit-bytes; 935 type uint64; 936 units "bytes"; 937 description 938 "This leaf configures the amount of memory (in bytes) that 939 will be dedicated to the local memory logging buffer. 940 The default value varies by implementation."; 941 } 942 leaf buffer-limit-messages { 943 if-feature buffer-limit-messages; 944 type uint64; 945 units "log messages"; 946 description 947 "This leaf configures the number of log messages that 948 will be dedicated to the local memory logging buffer. 949 The default value varies by implementation."; 950 } 951 } 952 container file { 953 description 954 "This container describes the configuration parameters for 955 file logging. If file-archive limits are not supplied, it 956 is assumed that the local implementation defined limits will 957 be used."; 958 list log-file { 959 key "name"; 960 description 961 "This list describes a collection of local logging 962 files."; 963 leaf name { 964 type inet:uri { 965 pattern 'file:.*'; 966 } 967 description 968 "This leaf specifies the name of the log file which 969 MUST use the uri scheme file:."; 970 } 971 uses selector; 972 uses structured-data; 973 container file-rotation { 974 description 975 "This container describes the configuration 976 parameters for log file rotation."; 977 leaf number-of-files { 978 if-feature file-limit-size; 979 type uint32; 980 description 981 "This leaf specifies the maximum number of log 982 files retained. Specify 1 for implementations 983 that only support one log file."; 984 } 985 leaf max-file-size { 986 if-feature file-limit-size; 987 type uint64; 988 units "megabytes"; 989 description 990 "This leaf specifies the maximum log file size."; 991 } 992 leaf rollover { 993 if-feature file-limit-duration; 994 type uint32; 995 units "minutes"; 996 description 997 "This leaf specifies the length of time that log 998 events should be written to a specific log file. 999 Log events that arrive after the rollover period 1000 cause the current log file to be closed and a new 1001 log file to be opened."; 1002 } 1003 leaf retention { 1004 if-feature file-limit-duration; 1005 type uint16; 1006 units "hours"; 1007 description 1008 "This leaf specifies the length of time that 1009 completed/closed log event files should be stored 1010 in the file system before they are deleted."; 1011 } 1012 } 1013 } 1014 } 1015 container remote { 1016 description 1017 "This container describes the configuration parameters for 1018 forwarding syslog messages to remote relays or collectors."; 1019 list destination { 1020 key "name"; 1021 description 1022 "This list describes a collection of remote logging 1023 destinations."; 1024 leaf name { 1025 type string; 1026 description 1027 "An arbitrary name for the endpoint to connect to."; 1028 } 1029 choice transport { 1030 mandatory true; 1031 description 1032 "This choice describes the transport option."; 1033 case tcp { 1034 container tcp { 1035 description 1036 "This container describes the TCP transport 1037 options."; 1038 reference 1039 "RFC 6587: Transmission of Syslog Messages over TCP"; 1040 leaf address { 1041 type inet:host; 1042 description 1043 "The leaf uniquely specifies the address of 1044 the remote host. One of the following must 1045 be specified: an ipv4 address, an ipv6 1046 address, or a host name."; 1047 } 1048 leaf port { 1049 type inet:port-number; 1050 default 514; 1051 description 1052 "This leaf specifies the port number used to 1053 deliver messages to the remote server."; 1054 } 1055 } 1057 } 1058 case udp { 1059 container udp { 1060 description 1061 "This container describes the UDP transport 1062 options."; 1063 reference 1064 "RFC 5426: Transmission of Syslog Messages over UDP"; 1065 leaf address { 1066 type inet:host; 1067 description 1068 "The leaf uniquely specifies the address of 1069 the remote host. One of the following must be 1070 specified: an ipv4 address, an ipv6 address, 1071 or a host name."; 1072 } 1073 leaf port { 1074 type inet:port-number; 1075 default 514; 1076 description 1077 "This leaf specifies the port number used to 1078 deliver messages to the remote server."; 1079 } 1080 } 1081 } 1082 case tls { 1083 container tls { 1084 description 1085 "This container describes the TLS transport options."; 1086 reference 1087 "RFC 5425: Transport Layer Security (TLS) Transport 1088 Mapping for Syslog "; 1089 // uses tlsc:initiating-tls-client-grouping { 1090 // refine port { 1091 // default 6514; 1092 // description 1093 // "TCP port 6514 has been allocated as the default 1094 // port for syslog over TLS."; 1095 // } 1096 // } 1097 } 1098 } 1099 } 1100 uses selector; 1101 uses structured-data; 1102 leaf facility-override { 1103 type identityref { 1104 base syslogtypes:syslog-facility; 1106 } 1107 description 1108 "If specified, this leaf specifies the facility used 1109 to override the facility in messages delivered to the 1110 remote server."; 1111 } 1112 leaf source-interface { 1113 type if:interface-ref; 1114 description 1115 "This leaf sets the source interface to be used to send 1116 message to the remote syslog server. If not set, 1117 messages sent to a remote syslog server will 1118 contain the IP address of the interface the syslog 1119 message uses to exit the network element"; 1120 } 1121 container syslog-sign { 1122 if-feature signed-messages; 1123 presence 1124 "If present, syslog-sign is activated."; 1125 description 1126 "This container describes the configuration 1127 parameters for signed syslog messages as described 1128 by RFC 5848."; 1129 reference 1130 "RFC 5848: Signed Syslog Messages"; 1131 leaf cert-initial-repeat { 1132 type uint16; 1133 mandatory true; 1134 description 1135 "This leaf specifies the number of times each 1136 Certificate Block should be sent before the first 1137 message is sent."; 1138 } 1139 leaf cert-resend-delay { 1140 type uint16; 1141 units "seconds"; 1142 mandatory true; 1143 description 1144 "This leaf specifies the maximum time delay in 1145 seconds until resending the Certificate Block."; 1146 } 1147 leaf cert-resend-count { 1148 type uint16; 1149 mandatory true; 1150 description 1151 "This leaf specifies the maximum number of other 1152 syslog messages to send until resending the 1153 Certificate Block."; 1155 } 1156 leaf sig-max-delay { 1157 type uint16; 1158 units "seconds"; 1159 mandatory true; 1160 description 1161 "This leaf specifies when to generate a new 1162 Signature Block. If this many seconds have 1163 elapsed since the message with the first message 1164 number of the Signature Block was sent, a new 1165 Signature Block should be generated."; 1166 } 1167 leaf sig-number-resends { 1168 type uint16; 1169 mandatory true; 1170 description 1171 "This leaf specifies the number of times a 1172 Signature Block is resent. (It is recommended to 1173 select a value of greater than 0 in particular 1174 when the UDP transport [RFC5426] is used.)."; 1175 } 1176 leaf sig-resend-delay { 1177 type uint16; 1178 units "seconds"; 1179 mandatory true; 1180 description 1181 "This leaf specifies when to send the next 1182 Signature Block transmission based on time. If 1183 this many seconds have elapsed since the previous 1184 sending of this Signature Block, resend it."; 1185 } 1186 leaf sig-resend-count { 1187 type uint16; 1188 mandatory true; 1189 description 1190 "This leaf specifies when to send the next 1191 Signature Block transmission based on a count. 1192 If this many other syslog messages have been sent 1193 since the previous sending of this Signature 1194 Block, resend it."; 1195 } 1196 } 1197 } 1198 } 1199 container session { 1200 description 1201 "This container describes the configuration parameters for 1202 user CLI session logging configuration."; 1204 container all-users { 1205 presence "Enables logging to all user sessions."; 1206 description 1207 "This container describes the configuration 1208 parameters for all users."; 1209 uses selector; 1210 } 1211 list user { 1212 key "name"; 1213 description 1214 "This list describes a collection of user names."; 1215 leaf name { 1216 type string; 1217 description 1218 "This leaf uniquely describes a user name which 1219 is the login name of the user whose session 1220 is to receive log messages."; 1221 } 1222 uses selector; 1223 } 1224 } 1225 } 1226 } 1227 } 1228 1230 Figure 4. ietf-syslog Module 1232 5. Usage Examples 1233 Requirement: 1234 Enable console logging of syslogs of severity critical 1236 Here is the example syslog configuration xml: 1237 1238 1240 1241 1242 1243 1244 all 1245 critical 1246 1247 1248 1249 1250 1251 1253 Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 1254 for facility auth, severity error 1256 1257 1259 1260 1261 1262 remote1 1263 1264
2001:db8:a0b:12f0::1
1265 1266 1267 1268 1270 syslogtypes:auth 1271 error 1272 1273 1274 1275 1276 1277 1278 1280 Figure 5. ietf-syslog Examples 1282 6. Acknowledgements 1284 The authors wish to thank the following who commented on this 1285 proposal: 1287 Martin Bjorklund 1288 Jim Gibson 1289 Jeffrey Haas 1290 John Heasley 1291 Giles Heron 1292 Lisa Huang 1293 Mahesh Jethanandani 1294 Jeffrey K Lange 1295 Jan Lindblad 1296 Chris Lonvick 1297 Tom Petch 1298 Juergen Schoenwaelder 1299 Jason Sterne 1300 Peter Van Horne 1301 Bert Wijnen 1302 Aleksandr Zhdankin 1304 7. IANA Considerations 1306 This document registers two URIs in the IETF XML registry [RFC3688]. 1308 Following the format in RFC 3688, the following registration is 1309 requested to be made: 1311 URI: urn:ietf:params:xml:ns:yang:ietf-syslog-types 1313 Registrant Contact: The IESG. 1315 XML: N/A, the requested URI is an XML namespace. 1317 This document registers a YANG module in the YANG Module Names 1318 registry [RFC6020]. 1320 name: ietf-syslog-types namespace: urn:ietf:params:xml:ns:yang:ietf- 1321 syslog-types 1323 prefix: ietf-syslog-types reference: RFC XXXX 1325 Following the format in RFC 3688, the following registration is 1326 requested to be made: 1328 URI: urn:ietf:params:xml:ns:yang:ietf-syslog 1329 Registrant Contact: The IESG. 1331 XML: N/A, the requested URI is an XML namespace. 1333 This document registers a YANG module in the YANG Module Names 1334 registry [RFC6020]. 1336 name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog 1338 prefix: ietf-syslog 1340 reference: RFC XXXX 1342 8. Security Considerations 1344 The YANG module defined in this memo is designed to be accessed via 1345 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1346 secure transport layer and the mandatory-to-implement secure 1347 transport is SSH [RFC6242]. The NETCONF access control model 1348 [RFC6536] provides the means to restrict access for particular 1349 NETCONF users to a pre-configured subset of all available NETCONF 1350 protocol operations and content. 1352 There are a number of data nodes defined in the YANG module which are 1353 writable/creatable/deletable (i.e., config true, which is the 1354 default). These data nodes may be considered sensitive or vulnerable 1355 in some network environments. Write operations (e.g., ) 1356 to these data nodes without proper protection can have a negative 1357 effect on network operations. 1359 8.1. Resource Constraints 1361 Network administrators must take the time to estimate the appropriate 1362 memory limits caused by the configuration of actions/buffer using 1363 buffer-limit-bytes and/or buffer-limit-messages where necessary to 1364 limit the amount of memory used. 1366 Network administrators must take the time to estimate the appropriate 1367 storage capacity caused by the configuration of actions/file using 1368 file-archive attributes to limit storage used. 1370 It is the responsibility of the network administrator to ensure that 1371 the configured message flow does not overwhelm system resources. 1373 8.2. Inappropriate Configuration 1375 It is the responsibility of the network admisintrator to ensure that 1376 the messages are actually going to the intended recipients. 1378 9. References 1380 9.1. Normative References 1382 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1383 Requirement Levels", BCP 14, RFC 2119, 1384 DOI 10.17487/RFC2119, March 1997, 1385 . 1387 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 1388 DOI 10.17487/RFC5424, March 2009, 1389 . 1391 [RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed., 1392 "Transport Layer Security (TLS) Transport Mapping for 1393 Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009, 1394 . 1396 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", 1397 RFC 5426, DOI 10.17487/RFC5426, March 2009, 1398 . 1400 [RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog 1401 Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, 1402 . 1404 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1405 the Network Configuration Protocol (NETCONF)", RFC 6020, 1406 DOI 10.17487/RFC6020, October 2010, 1407 . 1409 [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", 1410 RFC 6021, DOI 10.17487/RFC6021, October 2010, 1411 . 1413 [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog 1414 Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April 1415 2012, . 1417 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1418 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1419 . 1421 9.2. Informative References 1423 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1424 DOI 10.17487/RFC3688, January 2004, 1425 . 1427 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1428 and A. Bierman, Ed., "Network Configuration Protocol 1429 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1430 . 1432 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1433 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1434 . 1436 Appendix A. Implementor Guidelines 1438 A.1. Extending Facilities 1440 Many vendors extend the list of facilities available for logging in 1441 their implementation. Additional facilities may not work with the 1442 syslog protocol as defined in [RFC5424] and hence such facilities 1443 apply for local syslog-like logging functionality. 1445 The following is an example that shows how additional facilities 1446 could be added to the list of available facilities (in this example 1447 two facilities are added): 1449 module vendor-syslog-types-example { 1450 namespace "urn:vendor:params:xml:ns:yang:vendor-syslog-types"; 1451 prefix vendor-syslogtypes; 1453 import ietf-syslog-types { 1454 prefix syslogtypes; 1455 } 1457 organization "Example, Inc."; 1458 contact 1459 "Example, Inc. 1460 Customer Service 1462 E-mail: syslog-yang@example.com"; 1464 description 1465 "This module contains a collection of vendor-specific YANG type 1466 definitions for SYSLOG."; 1468 revision 2016-03-20 { 1469 description 1470 "Version 1.0"; 1471 reference 1472 "Vendor SYSLOG Types: SYSLOG YANG Model"; 1473 } 1475 identity vendor_specific_type_1 { 1476 base syslogtypes:syslog-facility; 1477 } 1479 identity vendor_specific_type_2 { 1480 base syslogtypes:syslog-facility; 1481 } 1482 } 1484 Authors' Addresses 1486 Clyde Wildes (editor) 1487 Cisco Systems Inc. 1488 170 West Tasman Drive 1489 San Jose, CA 95134 1490 US 1492 Phone: +1 408 527-2672 1493 Email: cwildes@cisco.com 1494 Kiran Koushik (editor) 1495 Cisco Systems Inc. 1496 12515Research Blvd., Building 4 1497 Austin, TX 78759 1498 US 1500 Phone: +1 512 378-1482 1501 Email: kkoushik@cisco.com