idnits 2.17.1 draft-ietf-netmod-syslog-model-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 16 instances of too long lines in the document, the longest one being 6 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 228 has weird spacing: '... rw for c...' == Line 229 has weird spacing: '... ro for n...' == Line 266 has weird spacing: '...acility uni...' == Line 267 has weird spacing: '...everity uni...' == Line 277 has weird spacing: '...acility uni...' == (10 more instances...) -- The document date (November 13, 2016) is 2719 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5425' is mentioned on line 644, but not defined == Missing Reference: 'RFC6536' is mentioned on line 1350, but not defined ** Obsolete undefined reference: RFC 6536 (Obsoleted by RFC 8341) ** Obsolete normative reference: RFC 6021 (Obsoleted by RFC 6991) ** Downref: Normative reference to an Historic RFC: RFC 6587 ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) Summary: 5 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG C. Wildes, Ed. 3 Internet-Draft K. Koushik, Ed. 4 Intended status: Standards Track Cisco Systems Inc. 5 Expires: May 17, 2017 November 13, 2016 7 A YANG Data Model for Syslog Configuration 8 draft-ietf-netmod-syslog-model-11 10 Abstract 12 This document describes a data model for the configuration of syslog. 14 Status of This Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF). Note that other groups may also distribute 21 working documents as Internet-Drafts. The list of current Internet- 22 Drafts is at http://datatracker.ietf.org/drafts/current/. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 This Internet-Draft will expire on May 17, 2017. 31 Copyright Notice 33 Copyright (c) 2016 IETF Trust and the persons identified as the 34 document authors. All rights reserved. 36 This document is subject to BCP 78 and the IETF Trust's Legal 37 Provisions Relating to IETF Documents 38 (http://trustee.ietf.org/license-info) in effect on the date of 39 publication of this document. Please review these documents 40 carefully, as they describe your rights and restrictions with respect 41 to this document. Code Components extracted from this document must 42 include Simplified BSD License text as described in Section 4.e of 43 the Trust Legal Provisions and are provided without warranty as 44 described in the Simplified BSD License. 46 Table of Contents 48 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 49 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 50 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 3 53 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 54 4. Syslog YANG Modules . . . . . . . . . . . . . . . . . . . . . 8 55 4.1. The ietf-syslog-types Module . . . . . . . . . . . . . . 8 56 4.2. The ietf-syslog Module . . . . . . . . . . . . . . . . . 14 57 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 26 58 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 59 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 60 8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 61 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . 29 62 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 30 63 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 64 9.1. Normative References . . . . . . . . . . . . . . . . . . 30 65 9.2. Informative References . . . . . . . . . . . . . . . . . 30 66 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . 31 67 A.1. Extending Facilities . . . . . . . . . . . . . . . . . . 31 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 70 1. Introduction 72 Operating systems, processes and applications generate messages 73 indicating their own status or the occurrence of events. These 74 messages are useful for managing and/or debugging the network and its 75 services. The BSD syslog protocol is a widely adopted protocol that 76 is used for transmission and processing of the messages. 78 Since each process, application and operating system was written 79 somewhat independently, there is little uniformity to the content of 80 syslog messages. For this reason, no assumption is made upon the 81 formatting or contents of the messages. The protocol is simply 82 designed to transport these event messages. No acknowledgement of 83 the receipt is made. 85 Essentially, a syslog process receives messages (from the kernel, 86 processes, applications or other syslog processes) and processes 87 those. The processing involves logging to a local file, displaying 88 on console, user terminal, and/or relaying to syslog processes on 89 other machines. The processing is determined by the "facility" that 90 originated the message and the "severity" assigned to the message by 91 the facility. 93 We are using definitions of syslog protocol from [RFC5424] in this 94 RFC. 96 1.1. Requirements Language 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 100 document are to be interpreted as described in RFC 2119 [RFC2119]. 102 1.2. Terminology 104 The term "originator" is defined in [RFC5424]: an "originator" 105 generates syslog content to be carried in a message. 107 The terms "relay" and "collectors" are as defined in [RFC5424]. 109 2. Problem Statement 111 This document defines a YANG [RFC6020] configuration data model that 112 may be used to configure the syslog feature running on a system. 113 YANG models can be used with network management protocols such as 114 NETCONF [RFC6241] to install, manipulate, and delete the 115 configuration of network devices. 117 The data model makes use of the YANG "feature" construct which allows 118 implementations to support only those syslog features that lie within 119 their capabilities. 121 This module can be used to configure the syslog application 122 conceptual layers as implemented on the target system [RFC5424]. 124 3. Design of the Syslog Model 126 The syslog model was designed by comparing various syslog features 127 implemented by various vendors' in different implementations. 129 This draft addresses the common leafs between implementations and 130 creates a common model, which can be augmented with proprietary 131 features, if necessary. The base model is designed to be very simple 132 for maximum flexibility. 134 Syslog consists of originators, and collectors. The following digram 135 shows syslog messages flowing from an originator, to collectors where 136 suppression filtering can take place. 138 Many vendors extend the list of facilities available for logging in 139 their implementation. An example is included in Extending Facilities 140 (Appendix A.1). 142 Originators 143 +-------------+ +-------------+ +-------------+ +-------------+ 144 | Various | | OS | | | | Remote | 145 | Components | | Kernel | | Line Cards | | Servers | 146 +-------------+ +-------------+ +-------------+ +-------------+ 148 +-------------+ +-------------+ +-------------+ +-------------+ 149 | SNMP | | Interface | | Standby | | Syslog | 150 | Events | | Events | | Supervisor | | Itself | 151 +-------------+ +-------------+ +-------------+ +-------------+ 153 | | 154 +----------------------------------------------------------------+ 155 | 156 | 157 | 158 | 159 +-----------+------------+--------------+ 160 | | | | 161 v v v | 162 Collectors | 163 +----------+ +----------+ +----------+ | 164 | | | Log | | Log | | 165 | Console | | Buffer | | File(s) | | 166 +----------+ +----------+ +----------+ | 167 | 168 +-+-------------+ 169 | | 170 v v 172 +----------------+ +-----------+ 173 |Remote Relay(s)/| |User | 174 |Collectors(s) | |Sessions(s)| 175 +----------------+ +-----------+ 177 Figure 1. Syslog Processing Flow 179 The leaves in the base syslog model actions container correspond to 180 each message collector: 182 console 183 log buffer 184 log file(s) 185 remote relay(s)/collector(s) 186 user session(s). 188 Within each action, a selector is used to filter syslog messages. A 189 selector consists of two parts: one or more facility-severity 190 matches, and if supported via the select-match feature, an optional 191 regular expression pattern match that is performed on the SYSLOG-MSG 192 field. 194 The facility is one of a specific syslogtypes:syslog-facility, none, 195 or all facilities. None is a special case that can be used to 196 disable an action. 198 The severity is one of syslogtypes:severity, all severities, or none. 199 None is a special case that can be used to disable a facility. When 200 filtering severity, the default comparison is that all messages of 201 the specified severity and higher are logged. This is shown in the 202 model as ?default equals-or-higher?. This behavior can be altered if 203 the select-sev-compare feature is enabled to specify: ?equals? to 204 specify only this single severity; ?not-equals? to ignore that 205 severity; ?equals-or-higher? to specify all messages of the specified 206 severity and higher. 208 Optional features are used to specified functionality that is present 209 in specific vendor configurations. 211 3.1. Syslog Module 213 A simplified graphical representation of the complete data tree is 214 presented here. 216 Each node is printed as: 218 220 is one of: 222 + for current 223 x for deprecated 224 o for obsolete 226 is one of: 228 rw for configuration data 229 ro for non-configuration data 230 -x for rpcs 231 -n for notifications 233 is the name of the node 235 () means that the node is a choice node 236 :() means that the node is a case node 238 If the node is augmented into the tree from another module, its name 239 is printed as :. 241 is one of: 243 ? for an optional leaf or choice 244 ! for a presence container 245 * for a leaf-list or list 246 [] for a list's keys 248 is the name of the type for leafs and leaf-lists 250 If the type is a leafref, the type is printed as "-> TARGET", where 251 TARGET is either the leafref path, with prefixed removed if possible. 253 is the list of features this node depends on, printed 254 within curly brackets and a question mark "{...}?" 256 module: ietf-syslog 257 +--rw syslog! 258 +--rw actions 259 +--rw console! 260 | +--rw selector 261 | +--rw (selector-facility) 262 | | +--:(facility) 263 | | | +--rw no-facilities? empty 264 | | +--:(name) 265 | | +--rw facility-list* [facility] 266 | | +--rw facility union 267 | | +--rw severity union 268 | | +--rw compare? enumeration {select-sev-compare}? 269 | +--rw pattern-match? string {select-match}? 270 +--rw buffer {buffer-action}? 271 | +--rw selector 272 | | +--rw (selector-facility) 273 | | | +--:(facility) 274 | | | | +--rw no-facilities? empty 275 | | | +--:(name) 276 | | | +--rw facility-list* [facility] 277 | | | +--rw facility union 278 | | | +--rw severity union 279 | | | +--rw compare? enumeration {select-sev-compare}? 280 | | +--rw pattern-match? string {select-match}? 281 | +--rw structured-data? boolean {structured-data}? 282 | +--rw buffer-limit-bytes? uint64 {buffer-limit-bytes}? 283 | +--rw buffer-limit-messages? uint64 {buffer-limit-messages}? 284 +--rw file 285 | +--rw log-file* [name] 286 | +--rw name inet:uri 287 | +--rw selector 288 | | +--rw (selector-facility) 289 | | | +--:(facility) 290 | | | | +--rw no-facilities? empty 291 | | | +--:(name) 292 | | | +--rw facility-list* [facility] 293 | | | +--rw facility union 294 | | | +--rw severity union 295 | | | +--rw compare? enumeration {select-sev-compare}? 296 | | +--rw pattern-match? string {select-match}? 297 | +--rw structured-data? boolean {structured-data}? 298 | +--rw file-rotation 299 | +--rw number-of-files? uint32 {file-limit-size}? 300 | +--rw max-file-size? uint64 {file-limit-size}? 301 | +--rw rollover? uint32 {file-limit-duration}? 302 | +--rw retention? uint16 {file-limit-duration}? 303 +--rw remote 304 | +--rw destination* [name] 305 | +--rw name string 306 | +--rw (transport) 307 | | +--:(tcp) 308 | | | +--rw tcp 309 | | | +--rw address? inet:host 310 | | | +--rw port? inet:port-number 311 | | +--:(udp) 312 | | +--rw udp 313 | | +--rw address? inet:host 314 | | +--rw port? inet:port-number 315 | +--rw selector 316 | | +--rw (selector-facility) 317 | | | +--:(facility) 318 | | | | +--rw no-facilities? empty 319 | | | +--:(name) 320 | | | +--rw facility-list* [facility] 321 | | | +--rw facility union 322 | | | +--rw severity union 323 | | | +--rw compare? enumeration {select-sev-compare}? 324 | | +--rw pattern-match? string {select-match}? 325 | +--rw structured-data? boolean {structured-data}? 326 | +--rw facility-override? identityref 327 | +--rw source-interface? if:interface-ref 328 | +--rw signing-options! {signed-messages}? 329 | +--rw cert-initial-repeat uint16 330 | +--rw cert-resend-delay uint16 331 | +--rw cert-resend-count uint16 332 | +--rw max-delay uint16 333 | +--rw number-resends uint16 334 | +--rw resend-delay uint16 335 | +--rw resend-count uint16 336 +--rw session 337 +--rw all-users! 338 | +--rw selector 339 | +--rw (selector-facility) 340 | | +--:(facility) 341 | | | +--rw no-facilities? empty 342 | | +--:(name) 343 | | +--rw facility-list* [facility] 344 | | +--rw facility union 345 | | +--rw severity union 346 | | +--rw compare? enumeration {select-sev-compare}? 347 | +--rw pattern-match? string {select-match}? 348 +--rw user* [name] 349 +--rw name string 350 +--rw selector 351 +--rw (selector-facility) 352 | +--:(facility) 353 | | +--rw no-facilities? empty 354 | +--:(name) 355 | +--rw facility-list* [facility] 356 | +--rw facility union 357 | +--rw severity union 358 | +--rw compare? enumeration {select-sev-compare}? 359 +--rw pattern-match? string {select-match}? 361 Figure 2. ietf-syslog Module Tree 363 4. Syslog YANG Modules 365 4.1. The ietf-syslog-types Module 367 This module references [RFC5424]. 369 file "ietf-syslog-types.yang" 370 module ietf-syslog-types { 371 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; 372 prefix syslogtypes; 374 organization "IETF NETMOD (NETCONF Data Modeling Language) Working 375 Group"; 376 contact 377 "WG Web: 378 WG List: 380 WG Chair: Lou Berger 381 383 WG Chair: Kent Watsen 384 386 Editor: Kiran Agrahara Sreenivasa 387 389 Editor: Clyde Wildes 390 "; 391 description 392 "This module contains a collection of YANG type definitions for 393 SYSLOG. 395 Copyright (c) 2016 IETF Trust and the persons identified as 396 authors of the code. All rights reserved. 398 Redistribution and use in source and binary forms, with or 399 without modification, is permitted pursuant to, and subject to 400 the license terms contained in, the Simplified BSD License set 401 forth in Section 4.c of the IETF Trust's Legal Provisions 402 Relating to IETF Documents 403 (http://trustee.ietf.org/license-info). 405 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 406 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 407 'OPTIONAL' in the module text are to be interpreted as described 408 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 410 This version of this YANG module is part of RFC XXXX 411 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 412 full legal notices."; 414 reference 415 "RFC 5424: The Syslog Protocol"; 417 revision 2016-11-13 { 418 description 419 "Initial Revision"; 420 reference 421 "RFC XXXX: SYSLOG YANG Model"; 422 } 424 typedef severity { 425 type enumeration { 426 enum "emergency" { 427 value 0; 428 description 429 "The severity level 'Emergency' indicating that the system 430 is unusable."; 432 } 433 enum "alert" { 434 value 1; 435 description 436 "The severity level 'Alert' indicating that an action must be 437 taken immediately."; 438 } 439 enum "critical" { 440 value 2; 441 description 442 "The severity level 'Critical' indicating a critical condition."; 443 } 444 enum "error" { 445 value 3; 446 description 447 "The severity level 'Error' indicating an error condition."; 448 } 449 enum "warning" { 450 value 4; 451 description 452 "The severity level 'Warning' indicating a warning condition."; 453 } 454 enum "notice" { 455 value 5; 456 description 457 "The severity level 'Notice' indicating a normal but significant 458 condition."; 459 } 460 enum "info" { 461 value 6; 462 description 463 "The severity level 'Info' indicating an informational message."; 464 } 465 enum "debug" { 466 value 7; 467 description 468 "The severity level 'Debug' indicating a debug-level message."; 469 } 470 } 471 description 472 "The definitions for Syslog message severity as per RFC 5424."; 473 } 475 identity syslog-facility { 476 description 477 "This identity is used as a base for all syslog facilities as 478 per RFC 5424."; 479 } 480 identity kern { 481 base syslog-facility; 482 description 483 "The facility for kernel messages (0) as defined in RFC 5424."; 484 } 486 identity user { 487 base syslog-facility; 488 description 489 "The facility for user-level messages (1) as defined in RFC 5424."; 490 } 492 identity mail { 493 base syslog-facility; 494 description 495 "The facility for the mail system (2) as defined in RFC 5424."; 496 } 498 identity daemon { 499 base syslog-facility; 500 description 501 "The facility for the system daemons (3) as defined in RFC 5424."; 502 } 504 identity auth { 505 base syslog-facility; 506 description 507 "The facility for security/authorization messages (4) as defined 508 in RFC 5424."; 509 } 511 identity syslog { 512 base syslog-facility; 513 description 514 "The facility for messages generated internally by syslogd 515 facility (5) as defined in RFC 5424."; 516 } 518 identity lpr { 519 base syslog-facility; 520 description 521 "The facility for the line printer subsystem (6) as defined in 522 RFC 5424."; 523 } 525 identity news { 526 base syslog-facility; 527 description 528 "The facility for the network news subsystem (7) as defined in 529 RFC 5424."; 530 } 532 identity uucp { 533 base syslog-facility; 534 description 535 "The facility for the UUCP subsystem (8) as defined in RFC 5424."; 536 } 538 identity cron { 539 base syslog-facility; 540 description 541 "The facility for the clock daemon (9) as defined in RFC 5424."; 542 } 544 identity authpriv { 545 base syslog-facility; 546 description 547 "The facility for privileged security/authorization messages (10) 548 as defined in RFC 5424."; 549 } 551 identity ftp { 552 base syslog-facility; 553 description 554 "The facility for the FTP daemon (11) as defined in RFC 5424."; 555 } 557 identity ntp { 558 base syslog-facility; 559 description 560 "The facility for the NTP subsystem (12) as defined in RFC 5424."; 561 } 563 identity audit { 564 base syslog-facility; 565 description 566 "The facility for log audit messages (13) as defined in RFC 5424."; 567 } 569 identity console { 570 base syslog-facility; 571 description 572 "The facility for log alert messages (14) as defined in RFC 5424."; 573 } 575 identity cron2 { 576 base syslog-facility; 577 description 578 "The facility for the second clock daemon (15) as defined in 579 RFC 5424."; 580 } 582 identity local0 { 583 base syslog-facility; 584 description 585 "The facility for local use 0 messages (16) as defined in 586 RFC 5424."; 587 } 589 identity local1 { 590 base syslog-facility; 591 description 592 "The facility for local use 1 messages (17) as defined in 593 RFC 5424."; 594 } 596 identity local2 { 597 base syslog-facility; 598 description 599 "The facility for local use 2 messages (18) as defined in 600 RFC 5424."; 601 } 603 identity local3 { 604 base syslog-facility; 605 description 606 "The facility for local use 3 messages (19) as defined in 607 RFC 5424."; 608 } 610 identity local4 { 611 base syslog-facility; 612 description 613 "The facility for local use 4 messages (20) as defined in 614 RFC 5424."; 615 } 617 identity local5 { 618 base syslog-facility; 619 description 620 "The facility for local use 5 messages (21) as defined in 621 RFC 5424."; 622 } 623 identity local6 { 624 base syslog-facility; 625 description 626 "The facility for local use 6 messages (22) as defined in 627 RFC 5424."; 628 } 630 identity local7 { 631 base syslog-facility; 632 description 633 "The facility for local use 7 messages (23) as defined in 634 RFC 5424."; 635 } 636 } 637 639 Figure 3. ietf-syslog-types Module 641 4.2. The ietf-syslog Module 643 This module imports typedefs from [RFC6021] and [RFC7223], and it 644 references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. 646 file "ietf-syslog.yang" 647 module ietf-syslog { 648 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 649 prefix syslog; 651 import ietf-inet-types { 652 prefix inet; 653 } 655 import ietf-interfaces { 656 prefix if; 657 } 659 import ietf-syslog-types { 660 prefix syslogtypes; 661 } 663 organization "IETF NETMOD (NETCONF Data Modeling Language) 664 Working Group"; 665 contact 666 "WG Web: 667 WG List: 669 WG Chair: Lou Berger 670 672 WG Chair: Kent Watsen 673 675 Editor: Kiran Agrahara Sreenivasa 676 678 Editor: Clyde Wildes 679 "; 680 description 681 "This module contains a collection of YANG definitions 682 for syslog configuration. 684 Copyright (c) 2016 IETF Trust and the persons identified as 685 authors of the code. All rights reserved. 687 Redistribution and use in source and binary forms, with or 688 without modification, is permitted pursuant to, and subject to 689 the license terms contained in, the Simplified BSD License set 690 forth in Section 4.c of the IETF Trust's Legal Provisions 691 Relating to IETF Documents 692 (http://trustee.ietf.org/license-info). 694 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 695 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 696 'OPTIONAL' in the module text are to be interpreted as described 697 in RFC 2119 (http://tools.ietf.org/html/rfc2119). 699 This version of this YANG module is part of RFC XXXX 700 (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for 701 full legal notices."; 703 reference 704 "RFC 5424: The Syslog Protocol 705 RFC 5426: Transmission of Syslog Messages over UDP 706 RFC 6587: Transmission of Syslog Messages over TCP 707 RFC 5848: Signed Syslog Messages"; 709 revision 2016-11-13 { 710 description 711 "Initial Revision"; 712 reference 713 "RFC XXXX: Syslog YANG Model"; 714 } 716 feature buffer-action { 717 description 718 "This feature indicates that the local memory logging buffer 719 action is supported."; 721 } 723 feature buffer-limit-bytes { 724 description 725 "This feature indicates that the local memory logging buffer 726 is limited in size using a limit expressed in bytes."; 727 } 729 feature buffer-limit-messages { 730 description 731 "This feature indicates that the local memory logging buffer 732 is limited in size using a limit expressed in number of log 733 messages."; 734 } 736 feature file-limit-size { 737 description 738 "This feature indicates that file logging resources 739 are managed using size and number limits."; 740 } 742 feature file-limit-duration { 743 description 744 "This feature indicates that file logging resources 745 are managed using time based limits."; 746 } 748 feature select-sev-compare { 749 description 750 "This feature represents the ability to select messages 751 using the additional operators equal to, or not equal to 752 when comparing the syslog message severity."; 753 } 755 feature select-match { 756 description 757 "This feature represents the ability to select messages based 758 on a Posix 1003.2 regular expression pattern match."; 759 } 761 feature structured-data { 762 description 763 "This feature represents the ability to log messages 764 in structured-data format as per RFC 5424."; 765 } 767 feature signed-messages { 768 description 769 "This feature represents the ability to configure signed 770 syslog messages according to RFC 5848."; 771 } 773 grouping log-severity { 774 description 775 "This grouping defines the severity value that is used to 776 select log messages."; 777 leaf severity { 778 type union { 779 type syslogtypes:severity; 780 type enumeration { 781 enum none { 782 value -2; 783 description 784 "This enum describes the case where no severities 785 are selected."; 786 } 787 enum all { 788 value -1; 789 description 790 "This enum describes the case where all severities 791 are selected."; 792 } 793 } 794 } 795 mandatory true; 796 description 797 "This leaf specifies the syslog message severity. When 798 severity is specified, the default severity comparison 799 is all messages of the specified severity and greater are 800 selected. 'all' is a special case which means all severities 801 are selected. 'none' is a special case which means that 802 no selection should occur or disable this filter."; 803 } 804 leaf compare { 805 when '../severity != "all" and 806 ../severity != "none"' { 807 description 808 "The compare leaf is not applicable for severity 'all' or 809 severity 'none'"; 810 } 811 if-feature select-sev-compare; 812 type enumeration { 813 enum equals-or-higher { 814 description 815 "This enum specifies all messages of the specified 816 severity and higher are logged according to the 817 given log-action"; 818 } 819 enum equals { 820 description 821 "This enum specifies all messages that are for 822 the specified severity are logged according to the 823 given log-action"; 824 } 825 enum not-equals { 826 description 827 "This enum specifies all messages that are not for 828 the specified severity are logged according to the 829 given log-action"; 830 } 831 } 832 default equals-or-higher; 833 description 834 "This leaf describes the option to specify how the 835 severity comparison is performed."; 836 } 837 } 839 grouping selector { 840 description 841 "This grouping defines a syslog selector which is used to 842 select log messages for the log-action (console, file, 843 remote, etc). Choose one of the following: 844 no-facility 845 facility [ ...]"; 846 container selector { 847 description 848 "This container describes the log selector parameters 849 for syslog."; 850 choice selector-facility { 851 mandatory true; 852 description 853 "This choice describes the option to specify no 854 facilities, or a specific facility which can be 855 all for all facilities."; 856 case facility { 857 description 858 "This case specifies no facilities will match when 859 comparing the syslog message facility. This is a 860 method that can be used to effectively disable a 861 particular log-action (buffer, file, etc)."; 862 leaf no-facilities { 863 type empty; 864 description 865 "This leaf specifies that no facilities are selected 866 for this log-action."; 867 } 868 } 869 case name { 870 description 871 "This case specifies one or more specified facilities 872 will match when comparing the syslog message facility."; 873 list facility-list { 874 key facility; 875 description 876 "This list describes a collection of syslog 877 facilities and severities."; 878 leaf facility { 879 type union { 880 type identityref { 881 base syslogtypes:syslog-facility; 882 } 883 type enumeration { 884 enum all { 885 description 886 "This enum describes the case where all 887 facilities are requested."; 888 } 889 } 890 } 891 description 892 "The leaf uniquely identifies a syslog facility."; 893 } 894 uses log-severity; 895 } 896 } 897 } 898 leaf pattern-match { 899 if-feature select-match; 900 type string; 901 description 902 "This leaf desribes a Posix 1003.2 regular expression 903 string that can be used to select a syslog message for 904 logging. The match is performed on the RFC 5424 905 SYSLOG-MSG field."; 906 } 907 } 908 } 910 grouping structured-data { 911 description 912 "This grouping defines the syslog structured data option 913 which is used to select the format used to write log 914 messages."; 915 leaf structured-data { 916 if-feature structured-data; 917 type boolean; 918 default false; 919 description 920 "This leaf describes how log messages are written. 921 If true, messages will be written with one or more 922 STRUCTURED-DATA elements as per RFC5424; if false, 923 messages will be written with STRUCTURED-DATA = 924 NILVALUE."; 925 } 926 } 928 container syslog { 929 presence "Enables logging."; 930 description 931 "This container describes the configuration parameters for 932 syslog."; 933 container actions { 934 description 935 "This container describes the log-action parameters 936 for syslog."; 937 container console { 938 presence "Enables logging console configuration"; 939 description 940 "This container describes the configuration parameters for 941 console logging."; 942 uses selector; 943 } 944 container buffer { 945 if-feature buffer-action; 946 description 947 "This container describes the configuration parameters for 948 local memory buffer logging. The buffer is circular in 949 nature, so newer messages overwrite older messages after 950 the buffer is filled. The method used to read syslog messages 951 from the buffer is supplied by the local implementation."; 952 uses selector; 953 uses structured-data; 954 leaf buffer-limit-bytes { 955 if-feature buffer-limit-bytes; 956 type uint64; 957 units "bytes"; 958 description 959 "This leaf configures the amount of memory (in bytes) that 960 will be dedicated to the local memory logging buffer. 962 The default value varies by implementation."; 963 } 964 leaf buffer-limit-messages { 965 if-feature buffer-limit-messages; 966 type uint64; 967 units "log messages"; 968 description 969 "This leaf configures the number of log messages that 970 will be dedicated to the local memory logging buffer. 971 The default value varies by implementation."; 972 } 973 } 974 container file { 975 description 976 "This container describes the configuration parameters for 977 file logging. If file-archive limits are not supplied, it 978 is assumed that the local implementation defined limits will 979 be used."; 980 list log-file { 981 key "name"; 982 description 983 "This list describes a collection of local logging 984 files."; 985 leaf name { 986 type inet:uri { 987 pattern 'file:.*'; 988 } 989 description 990 "This leaf specifies the name of the log file which 991 MUST use the uri scheme file:."; 992 } 993 uses selector; 994 uses structured-data; 995 container file-rotation { 996 description 997 "This container describes the configuration 998 parameters for log file rotation."; 999 leaf number-of-files { 1000 if-feature file-limit-size; 1001 type uint32; 1002 description 1003 "This leaf specifies the maximum number of log 1004 files retained. Specify 1 for implementations 1005 that only support one log file."; 1006 } 1007 leaf max-file-size { 1008 if-feature file-limit-size; 1009 type uint64; 1010 units "megabytes"; 1011 description 1012 "This leaf specifies the maximum log file size."; 1013 } 1014 leaf rollover { 1015 if-feature file-limit-duration; 1016 type uint32; 1017 units "minutes"; 1018 description 1019 "This leaf specifies the length of time that log 1020 events should be written to a specific log file. 1021 Log events that arrive after the rollover period 1022 cause the current log file to be closed and a new 1023 log file to be opened."; 1024 } 1025 leaf retention { 1026 if-feature file-limit-duration; 1027 type uint16; 1028 units "hours"; 1029 description 1030 "This leaf specifies the length of time that 1031 completed/closed log event files should be stored 1032 in the file system before they are deleted."; 1033 } 1034 } 1035 } 1036 } 1037 container remote { 1038 description 1039 "This container describes the configuration parameters for 1040 forwarding syslog messages to remote relays or collectors."; 1041 list destination { 1042 key "name"; 1043 description 1044 "This list describes a collection of remote logging 1045 destinations."; 1046 leaf name { 1047 type string; 1048 description 1049 "An arbitrary name for the endpoint to connect to."; 1050 } 1051 choice transport { 1052 mandatory true; 1053 description 1054 "This choice describes the transport option."; 1055 case tcp { 1056 container tcp { 1057 description 1058 "This container describes the TCP transport 1059 options."; 1060 reference 1061 "RFC 6587: Transmission of Syslog Messages over TCP"; 1062 leaf address { 1063 type inet:host; 1064 description 1065 "The leaf uniquely specifies the address of 1066 the remote host. One of the following must 1067 be specified: an ipv4 address, an ipv6 1068 address, or a host name."; 1069 } 1070 leaf port { 1071 type inet:port-number; 1072 default 514; 1073 description 1074 "This leaf specifies the port number used to 1075 deliver messages to the remote server."; 1076 } 1077 } 1078 } 1079 case udp { 1080 container udp { 1081 description 1082 "This container describes the UDP transport 1083 options."; 1084 reference 1085 "RFC 5426: Transmission of Syslog Messages over UDP"; 1086 leaf address { 1087 type inet:host; 1088 description 1089 "The leaf uniquely specifies the address of 1090 the remote host. One of the following must be 1091 specified: an ipv4 address, an ipv6 address, 1092 or a host name."; 1093 } 1094 leaf port { 1095 type inet:port-number; 1096 default 514; 1097 description 1098 "This leaf specifies the port number used to 1099 deliver messages to the remote server."; 1100 } 1101 } 1102 } 1103 } 1104 uses selector; 1105 uses structured-data; 1106 leaf facility-override { 1107 type identityref { 1108 base syslogtypes:syslog-facility; 1109 } 1110 description 1111 "If specified, this leaf specifies the facility used 1112 to override the facility in messages delivered to the 1113 remote server."; 1114 } 1115 leaf source-interface { 1116 type if:interface-ref; 1117 description 1118 "This leaf sets the source interface to be used to send 1119 message to the remote syslog server. If not set, 1120 messages sent to a remote syslog server will 1121 contain the IP address of the interface the syslog 1122 message uses to exit the network element"; 1123 } 1124 container signing-options { 1125 if-feature signed-messages; 1126 presence 1127 "If present, syslog-signing options is activated."; 1128 description 1129 "This container describes the configuration 1130 parameters for signed syslog messages as described 1131 by RFC 5848."; 1132 reference 1133 "RFC 5848: Signed Syslog Messages"; 1134 leaf cert-initial-repeat { 1135 type uint16; 1136 mandatory true; 1137 description 1138 "This leaf specifies the number of times each 1139 Certificate Block should be sent before the first 1140 message is sent."; 1141 } 1142 leaf cert-resend-delay { 1143 type uint16; 1144 units "seconds"; 1145 mandatory true; 1146 description 1147 "This leaf specifies the maximum time delay in 1148 seconds until resending the Certificate Block."; 1149 } 1150 leaf cert-resend-count { 1151 type uint16; 1152 mandatory true; 1153 description 1154 "This leaf specifies the maximum number of other 1155 syslog messages to send until resending the 1156 Certificate Block."; 1157 } 1158 leaf max-delay { 1159 type uint16; 1160 units "seconds"; 1161 mandatory true; 1162 description 1163 "This leaf specifies when to generate a new 1164 Signature Block. If this many seconds have 1165 elapsed since the message with the first message 1166 number of the Signature Block was sent, a new 1167 Signature Block should be generated."; 1168 } 1169 leaf number-resends { 1170 type uint16; 1171 mandatory true; 1172 description 1173 "This leaf specifies the number of times a 1174 Signature Block is resent. (It is recommended to 1175 select a value of greater than 0 in particular 1176 when the UDP transport [RFC5426] is used.)."; 1177 } 1178 leaf resend-delay { 1179 type uint16; 1180 units "seconds"; 1181 mandatory true; 1182 description 1183 "This leaf specifies when to send the next 1184 Signature Block transmission based on time. If 1185 this many seconds have elapsed since the previous 1186 sending of this Signature Block, resend it."; 1187 } 1188 leaf resend-count { 1189 type uint16; 1190 mandatory true; 1191 description 1192 "This leaf specifies when to send the next 1193 Signature Block transmission based on a count. 1194 If this many other syslog messages have been sent 1195 since the previous sending of this Signature 1196 Block, resend it."; 1197 } 1198 } 1199 } 1200 } 1201 container session { 1202 description 1203 "This container describes the configuration parameters for 1204 user CLI session logging configuration."; 1205 container all-users { 1206 presence "Enables logging to all user sessions."; 1207 description 1208 "This container describes the configuration 1209 parameters for all users."; 1210 uses selector; 1211 } 1212 list user { 1213 key "name"; 1214 description 1215 "This list describes a collection of user names."; 1216 leaf name { 1217 type string; 1218 description 1219 "This leaf uniquely describes a user name which 1220 is the login name of the user whose session 1221 is to receive log messages."; 1222 } 1223 uses selector; 1224 } 1225 } 1226 } 1227 } 1228 } 1229 1231 Figure 4. ietf-syslog Module 1233 5. Usage Examples 1234 Requirement: 1235 Enable console logging of syslogs of severity critical 1237 Here is the example syslog configuration xml: 1238 1239 1241 1242 1243 1244 1245 all 1246 critical 1247 1248 1249 1250 1251 1252 1254 Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 1255 for facility auth, severity error 1257 1258 1260 1261 1262 1263 remote1 1264 1265
2001:db8:a0b:12f0::1
1266 1267 1268 1269 1271 syslogtypes:auth 1272 error 1273 1274 1275 1276 1277 1278 1279 1281 Figure 5. ietf-syslog Examples 1283 6. Acknowledgements 1285 The authors wish to thank the following who commented on this 1286 proposal: 1288 Martin Bjorklund 1289 Jim Gibson 1290 Jeffrey Haas 1291 John Heasley 1292 Giles Heron 1293 Lisa Huang 1294 Mahesh Jethanandani 1295 Jeffrey K Lange 1296 Jan Lindblad 1297 Chris Lonvick 1298 Tom Petch 1299 Juergen Schoenwaelder 1300 Phil Shafer 1301 Jason Sterne 1302 Peter Van Horne 1303 Bert Wijnen 1304 Aleksandr Zhdankin 1306 7. IANA Considerations 1308 This document registers two URIs in the IETF XML registry [RFC3688]. 1310 Following the format in RFC 3688, the following registration is 1311 requested to be made: 1313 URI: urn:ietf:params:xml:ns:yang:ietf-syslog-types 1315 Registrant Contact: The IESG. 1317 XML: N/A, the requested URI is an XML namespace. 1319 This document registers a YANG module in the YANG Module Names 1320 registry [RFC6020]. 1322 name: ietf-syslog-types namespace: urn:ietf:params:xml:ns:yang:ietf- 1323 syslog-types 1325 prefix: ietf-syslog-types reference: RFC XXXX 1327 Following the format in RFC 3688, the following registration is 1328 requested to be made: 1330 URI: urn:ietf:params:xml:ns:yang:ietf-syslog 1331 Registrant Contact: The IESG. 1333 XML: N/A, the requested URI is an XML namespace. 1335 This document registers a YANG module in the YANG Module Names 1336 registry [RFC6020]. 1338 name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog 1340 prefix: ietf-syslog 1342 reference: RFC XXXX 1344 8. Security Considerations 1346 The YANG module defined in this memo is designed to be accessed via 1347 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1348 secure transport layer and the mandatory-to-implement secure 1349 transport is SSH [RFC6242]. The NETCONF access control model 1350 [RFC6536] provides the means to restrict access for particular 1351 NETCONF users to a pre-configured subset of all available NETCONF 1352 protocol operations and content. 1354 There are a number of data nodes defined in the YANG module which are 1355 writable/creatable/deletable (i.e., config true, which is the 1356 default). These data nodes may be considered sensitive or vulnerable 1357 in some network environments. Write operations (e.g., ) 1358 to these data nodes without proper protection can have a negative 1359 effect on network operations. 1361 8.1. Resource Constraints 1363 Network administrators must take the time to estimate the appropriate 1364 memory limits caused by the configuration of actions/buffer using 1365 buffer-limit-bytes and/or buffer-limit-messages where necessary to 1366 limit the amount of memory used. 1368 Network administrators must take the time to estimate the appropriate 1369 storage capacity caused by the configuration of actions/file using 1370 file-archive attributes to limit storage used. 1372 It is the responsibility of the network administrator to ensure that 1373 the configured message flow does not overwhelm system resources. 1375 8.2. Inappropriate Configuration 1377 It is the responsibility of the network admisintrator to ensure that 1378 the messages are actually going to the intended recipients. 1380 9. References 1382 9.1. Normative References 1384 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1385 Requirement Levels", BCP 14, RFC 2119, 1386 DOI 10.17487/RFC2119, March 1997, 1387 . 1389 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 1390 DOI 10.17487/RFC5424, March 2009, 1391 . 1393 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", 1394 RFC 5426, DOI 10.17487/RFC5426, March 2009, 1395 . 1397 [RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog 1398 Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, 1399 . 1401 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1402 the Network Configuration Protocol (NETCONF)", RFC 6020, 1403 DOI 10.17487/RFC6020, October 2010, 1404 . 1406 [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", 1407 RFC 6021, DOI 10.17487/RFC6021, October 2010, 1408 . 1410 [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog 1411 Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April 1412 2012, . 1414 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1415 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1416 . 1418 9.2. Informative References 1420 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1421 DOI 10.17487/RFC3688, January 2004, 1422 . 1424 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1425 and A. Bierman, Ed., "Network Configuration Protocol 1426 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1427 . 1429 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1430 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1431 . 1433 Appendix A. Implementor Guidelines 1435 A.1. Extending Facilities 1437 Many vendors extend the list of facilities available for logging in 1438 their implementation. Additional facilities may not work with the 1439 syslog protocol as defined in [RFC5424] and hence such facilities 1440 apply for local syslog-like logging functionality. 1442 The following is an example that shows how additional facilities 1443 could be added to the list of available facilities (in this example 1444 two facilities are added): 1446 module vendor-syslog-types-example { 1447 namespace "urn:vendor:params:xml:ns:yang:vendor-syslog-types"; 1448 prefix vendor-syslogtypes; 1450 import ietf-syslog-types { 1451 prefix syslogtypes; 1452 } 1454 organization "Example, Inc."; 1455 contact 1456 "Example, Inc. 1457 Customer Service 1459 E-mail: syslog-yang@example.com"; 1461 description 1462 "This module contains a collection of vendor-specific YANG type 1463 definitions for SYSLOG."; 1465 revision 2016-11-13 { 1466 description 1467 "Version 1.0"; 1468 reference 1469 "Vendor SYSLOG Types: SYSLOG YANG Model"; 1470 } 1472 identity vendor_specific_type_1 { 1473 base syslogtypes:syslog-facility; 1474 } 1476 identity vendor_specific_type_2 { 1477 base syslogtypes:syslog-facility; 1478 } 1479 } 1481 Authors' Addresses 1483 Clyde Wildes (editor) 1484 Cisco Systems Inc. 1485 170 West Tasman Drive 1486 San Jose, CA 95134 1487 US 1489 Phone: +1 408 527-2672 1490 Email: cwildes@cisco.com 1491 Kiran Koushik (editor) 1492 Cisco Systems Inc. 1493 12515Research Blvd., Building 4 1494 Austin, TX 78759 1495 US 1497 Phone: +1 512 378-1482 1498 Email: kkoushik@cisco.com