idnits 2.17.1 draft-ietf-netmod-syslog-model-20.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 09, 2018) is 2267 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-netconf-keystore' is defined on line 1340, but no explicit reference was found in the text == Outdated reference: A later version (-35) exists of draft-ietf-netconf-keystore-04 == Outdated reference: A later version (-41) exists of draft-ietf-netconf-tls-client-server-05 == Outdated reference: A later version (-06) exists of draft-ietf-netmod-yang-tree-diagrams-05 ** Obsolete normative reference: RFC 7223 (Obsoleted by RFC 8343) ** Obsolete normative reference: RFC 7895 (Obsoleted by RFC 8525) -- Obsolete informational reference (is this intentional?): RFC 6536 (Obsoleted by RFC 8341) Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETMOD WG C. Wildes, Ed. 3 Internet-Draft Cisco Systems Inc. 4 Intended status: Standards Track K. Koushik, Ed. 5 Expires: August 13, 2018 Verizon Wireless 6 February 09, 2018 8 A YANG Data Model for Syslog Configuration 9 draft-ietf-netmod-syslog-model-20 11 Abstract 13 This document defines a YANG data model for the configuration of a 14 syslog process. It is intended this model be used by vendors who 15 implement syslog in their systems. 17 Editorial Note (To be removed by RFC Editor) 19 This draft contains many placeholder values that need to be replaced 20 with finalized values at the time of publication. This note 21 summarizes all of the substitutions that are needed. No other RFC 22 Editor instructions are specified elsewhere in this document. 24 Artwork in this document contains shorthand references to drafts in 25 progress. Please apply the following replacements: 27 o "I-D.ietf-netconf-keystore" --> the assigned RFC value for draft- 28 ietf-netconf-keystore 30 o "I-D.ietf-netconf-tls-client-server" --> the assigned RFC value 31 for draft-ietf-netconf-tls-client-server 33 o "zzzz" --> the assigned RFC value for this draft 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at https://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 50 This Internet-Draft will expire on August 13, 2018. 52 Copyright Notice 54 Copyright (c) 2018 IETF Trust and the persons identified as the 55 document authors. All rights reserved. 57 This document is subject to BCP 78 and the IETF Trust's Legal 58 Provisions Relating to IETF Documents 59 (https://trustee.ietf.org/license-info) in effect on the date of 60 publication of this document. Please review these documents 61 carefully, as they describe your rights and restrictions with respect 62 to this document. Code Components extracted from this document must 63 include Simplified BSD License text as described in Section 4.e of 64 the Trust Legal Provisions and are provided without warranty as 65 described in the Simplified BSD License. 67 Table of Contents 69 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 70 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 71 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 73 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 4 74 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 6 75 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . 8 76 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . 8 77 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 27 78 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 79 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 80 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 28 81 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 28 82 8. Security Considerations . . . . . . . . . . . . . . . . . . . 28 83 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 29 84 9.1. Normative References . . . . . . . . . . . . . . . . . . 29 85 9.2. Informative References . . . . . . . . . . . . . . . . . 30 86 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . 32 87 A.1. Extending Facilities . . . . . . . . . . . . . . . . . . 32 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 90 1. Introduction 92 Operating systems, processes and applications generate messages 93 indicating their own status or the occurrence of events. These 94 messages are useful for managing and/or debugging the network and its 95 services. The BSD syslog protocol is a widely adopted protocol that 96 is used for transmission and processing of the message. 98 Since each process, application and operating system was written 99 somewhat independently, there is little uniformity to the content of 100 syslog messages. For this reason, no assumption is made upon the 101 formatting or contents of the messages. The protocol is simply 102 designed to transport these event messages. No acknowledgement of 103 the receipt is made. 105 Essentially, a syslog process receives messages (from the kernel, 106 processes, applications or other syslog processes) and processes 107 them. The processing may involve logging to a local file, and/or 108 displaying on console, and/or relaying to syslog processes on other 109 machines. The processing is determined by the "facility" that 110 originated the message and the "severity" assigned to the message by 111 the facility. 113 We are using definitions of syslog protocol from [RFC5424] in this 114 RFC. 116 1.1. Requirements Language 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 120 "OPTIONAL" in this document are to be interpreted as described in BCP 121 14 [RFC2119] [RFC8174] when, and only when, they appear in all 122 capitals, as shown here. 124 1.2. Terminology 126 The term "originator" is defined in [RFC5424]: an "originator" 127 generates syslog content to be carried in a message. 129 The term "relay" is defined in [RFC5424]: a "relay" forwards 130 messages, accepting messages from originators or other relays and 131 sending them to collectors or other relays 133 The term "collectors" is defined in [RFC5424]: a "collector" gathers 134 syslog content for further analysis. 136 The term "action" refers to the processing that takes place for each 137 syslog message received. 139 2. Problem Statement 141 This document defines a YANG [RFC7950] configuration data model that 142 may be used to configure the syslog feature running on a system. 143 YANG models can be used with network management protocols such as 144 NETCONF [RFC6241] to install, manipulate, and delete the 145 configuration of network devices. 147 The data model makes use of the YANG "feature" construct which allows 148 implementations to support only those syslog features that lie within 149 their capabilities. 151 This module can be used to configure the syslog application 152 conceptual layers as implemented on the target system. 154 3. Design of the Syslog Model 156 The syslog model was designed by comparing various syslog features 157 implemented by various vendors' in different implementations. 159 This draft addresses the common leafs between implementations and 160 creates a common model, which can be augmented with proprietary 161 features, if necessary. This model is designed to be very simple for 162 maximum flexibility. 164 Some optional features are defined in this document to specify 165 functionality that is present in specific vendor configurations. 167 Syslog consists of originators and collectors. The following diagram 168 shows syslog messages flowing from originators, to collectors where 169 filtering can take place. 171 Originators 172 +-------------+ +-------------+ +-------------+ +-------------+ 173 | Various | | OS | | | | Remote | 174 | Components | | Kernel | | Line Cards | | Servers | 175 +-------------+ +-------------+ +-------------+ +-------------+ 177 +-------------+ +-------------+ +-------------+ +-------------+ 178 | SNMP | | Interface | | Standby | | Syslog | 179 | Events | | Events | | Supervisor | | Itself | 180 +-------------+ +-------------+ +-------------+ +-------------+ 182 | | 183 +----------------------------------------------------------------+ 184 | 185 | 186 | 187 | 188 +-------------+--------------+ 189 | | | 190 v v v 191 Collectors 192 +----------+ +----------+ +----------------+ 193 | | | Log | |Remote Relay(s)/| 194 | Console | | File(s) | |Collector(s) | 195 +----------+ +----------+ +----------------+ 197 Figure 1. Syslog Processing Flow 199 Collectors are configured using the leaves in the syslog model 200 "actions" container which correspond to each message collector: 202 console 204 log file(s) 206 remote relay(s)/collector(s) 208 Within each action, a selector is used to filter syslog messages. A 209 selector consists of a list of one or more facility-severity matches, 210 and, if supported via the select-match feature, an optional regular 211 expression pattern match that is performed on the [RFC5424] field. 213 A syslog message is processed if: 215 There is an element of facility-list (F, S) where 216 the message facility matches F 217 and the message severity matches S 218 and/or the message text matches the regex pattern (if it 219 is present) 221 The facility is one of a specific syslog-facility, or all facilities. 223 The severity is one of type syslog-severity, all severities, or none. 224 None is a special case that can be used to disable a filter. When 225 filtering severity, the default comparison is that messages of the 226 specified severity and higher are selected to be logged. This is 227 shown in the model as "default equals-or-higher". This behavior can 228 be altered if the select-adv-compare feature is enabled to specify a 229 compare operation and an action. Compare operations are: "equals" to 230 select messages with this single severity, or "equals-or-higher" to 231 select messages of the specified severity and higher. Actions are 232 used to log the message or block the message from being logged. 234 Many vendors extend the list of facilities available for logging in 235 their implementation. An example is included in Extending Facilities 236 (Appendix A.1). 238 3.1. Syslog Module 240 A simplified graphical representation of the data model is used in 241 this document. Please see [I-D.ietf-netmod-yang-tree-diagrams] for 242 tree diagram notation. 244 module: ietf-syslog 245 +--rw syslog! 246 +--rw actions 247 +--rw console! {console-action}? 248 | +--rw facility-filter 249 | | +--rw facility-list* [facility severity] 250 | | +--rw facility union 251 | | +--rw severity union 252 | | +--rw advanced-compare {select-adv-compare}? 253 | | +--rw compare? enumeration 254 | | +--rw action? enumeration 255 | +--rw pattern-match? string {select-match}? 256 +--rw file {file-action}? 257 | +--rw log-file* [name] 258 | +--rw name inet:uri 259 | +--rw facility-filter 260 | | +--rw facility-list* [facility severity] 261 | | +--rw facility union 262 | | +--rw severity union 263 | | +--rw advanced-compare {select-adv-compare}? 264 | | +--rw compare? enumeration 265 | | +--rw action? enumeration 266 | +--rw pattern-match? string {select-match}? 267 | +--rw structured-data? boolean {structured-data}? 268 | +--rw file-rotation 269 | +--rw number-of-files? uint32 {file-limit-size}? 270 | +--rw max-file-size? uint32 {file-limit-size}? 271 | +--rw rollover? uint32 272 | | {file-limit-duration}? 273 | +--rw retention? uint32 274 | {file-limit-duration}? 275 +--rw remote {remote-action}? 276 +--rw destination* [name] 277 +--rw name string 278 +--rw (transport) 279 | +--:(udp) 280 | | +--rw udp 281 | | +--rw address? inet:host 282 | | +--rw port? inet:port-number 283 | +--:(tls) 284 | +--rw tls 285 | +--rw address? inet:host 286 | +--rw port? inet:port-number 287 | +--rw client-auth 288 | | +--rw (auth-type)? 289 | | +--:(certificate) 290 | | +--rw certificate? leafref 291 | +--rw server-auth 292 | | +--rw pinned-ca-certs? leafref 293 | | +--rw pinned-server-certs? leafref 294 | +--rw hello-params 295 | {tls-client-hello-params-config}? 296 | +--rw tls-versions 297 | | +--rw tls-version* identityref 298 | +--rw cipher-suites 299 | +--rw cipher-suite* identityref 300 +--rw facility-filter 301 | +--rw facility-list* [facility severity] 302 | +--rw facility union 303 | +--rw severity union 304 | +--rw advanced-compare {select-adv-compare}? 305 | +--rw compare? enumeration 306 | +--rw action? enumeration 307 +--rw pattern-match? string {select-match}? 308 +--rw structured-data? boolean {structured-data}? 309 +--rw facility-override? identityref 310 +--rw source-interface? if:interface-ref 311 | {remote-source-interface}? 312 +--rw signing! {signed-messages}? 313 +--rw cert-signers 314 +--rw cert-signer* [name] 315 | +--rw name string 316 | +--rw cert 317 | | +--rw algorithm? 318 | | | identityref 319 | | +--rw private-key? 320 | | | union 321 | | +--rw public-key? 322 | | | binary 323 | | +---x generate-private-key 324 | | | +---w input 325 | | | +---w algorithm? 326 | | | identityref 327 | | +--rw certificates 328 | | | +--rw certificate* [name] 329 | | | +--rw name string 330 | | | +--rw value? binary 331 | | +---x generate-certificate-signing-request 332 | | +---w input 333 | | | +---w subject binary 334 | | | +---w attributes? binary 335 | | +--ro output 336 | | +--ro certificate-signing-request 337 | | binary 338 | +--rw hash-algorithm? enumeration 339 +--rw cert-initial-repeat? uint32 340 +--rw cert-resend-delay? uint32 341 +--rw cert-resend-count? uint32 342 +--rw sig-max-delay? uint32 343 +--rw sig-number-resends? uint32 344 +--rw sig-resend-delay? uint32 345 +--rw sig-resend-count? uint32 347 Figure 2. ietf-syslog Module Tree 349 4. Syslog YANG Module 351 4.1. The ietf-syslog Module 353 This module imports typedefs from [RFC7223], groupings from [I- 354 D.ietf-netconf-keystore], and [I-D.ietf-netconf-tls-client-server], 355 and it references [RFC5424], [RFC5425], [RFC5426], and [RFC5848] and 356 [Std-1003.1-2008]. 358 file "ietf-syslog@2018-02-09.yang" 359 module ietf-syslog { 360 yang-version 1.1; 362 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; 363 prefix syslog; 365 import ietf-inet-types { 366 prefix inet; 367 reference 368 "RFC 6991: INET Types Model"; 369 } 371 import ietf-interfaces { 372 prefix if; 373 reference 374 "RFC 7223: Interfaces Model"; 375 } 377 import ietf-tls-client { 378 prefix tlsc; 379 reference 380 "I-D.ietf-netconf-tls-client-server: 381 TLS Client and Server Models"; 382 } 384 import ietf-keystore { 385 prefix ks; 386 reference 387 "I-D.ietf-netconf-keystore: Keystore Model"; 388 } 390 organization 391 "IETF NETMOD (Network Modeling) Working Group"; 393 contact 394 "WG Web: 395 WG List: 397 Editor: Kiran Agrahara Sreenivasa 398 401 Editor: Clyde Wildes 402 "; 403 description 404 "This module contains a collection of YANG definitions 405 for syslog configuration. 407 Copyright (c) 2018 IETF Trust and the persons identified as 408 authors of the code. All rights reserved. 410 Redistribution and use in source and binary forms, with or 411 without modification, is permitted pursuant to, and subject to 412 the license terms contained in, the Simplified BSD License set 413 forth in Section 4.c of the IETF Trust's Legal Provisions 414 Relating to IETF Documents 415 (http://trustee.ietf.org/license-info). 417 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 418 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 419 'OPTIONAL' in the module text are to be interpreted as 420 described in RFC 2119 (http://tools.ietf.org/html/rfc2119). 422 This version of this YANG module is part of RFC zzzz 423 (http://tools.ietf.org/html/rfczzzz); see the RFC itself for 424 full legal notices."; 426 revision 2018-02-09 { 427 description 428 "Initial Revision"; 429 reference 430 "RFC zzzz: Syslog YANG Model"; 431 } 433 feature console-action { 434 description 435 "This feature indicates that the local console action is 436 supported."; 437 } 439 feature file-action { 440 description 441 "This feature indicates that the local file action is 442 supported."; 443 } 445 feature file-limit-size { 446 description 447 "This feature indicates that file logging resources 448 are managed using size and number limits."; 449 } 451 feature file-limit-duration { 452 description 453 "This feature indicates that file logging resources 454 are managed using time based limits."; 456 } 458 feature remote-action { 459 description 460 "This feature indicates that the remote server action is 461 supported."; 462 } 464 feature remote-source-interface { 465 description 466 "This feature indicates that source-interface is supported 467 supported for the remote-action."; 468 } 470 feature select-adv-compare { 471 description 472 "This feature represents the ability to select messages 473 using the additional comparison operators when comparing 474 the syslog message severity."; 475 } 477 feature select-match { 478 description 479 "This feature represents the ability to select messages 480 based on a Posix 1003.2 regular expression pattern match."; 481 } 483 feature structured-data { 484 description 485 "This feature represents the ability to log messages 486 in structured-data format."; 487 reference 488 "RFC 5424: The Syslog Protocol"; 489 } 491 feature signed-messages { 492 description 493 "This feature represents the ability to configure signed 494 syslog messages."; 495 reference 496 "RFC 5848: Signed Syslog Messages"; 497 } 499 typedef syslog-severity { 500 type enumeration { 501 enum "emergency" { 502 value 0; 503 description 504 "The severity level 'Emergency' indicating that the 505 system is unusable."; 506 } 507 enum "alert" { 508 value 1; 509 description 510 "The severity level 'Alert' indicating that an action 511 must be taken immediately."; 512 } 513 enum "critical" { 514 value 2; 515 description 516 "The severity level 'Critical' indicating a critical 517 condition."; 518 } 519 enum "error" { 520 value 3; 521 description 522 "The severity level 'Error' indicating an error 523 condition."; 524 } 525 enum "warning" { 526 value 4; 527 description 528 "The severity level 'Warning' indicating a warning 529 condition."; 530 } 531 enum "notice" { 532 value 5; 533 description 534 "The severity level 'Notice' indicating a normal but 535 significant condition."; 536 } 537 enum "info" { 538 value 6; 539 description 540 "The severity level 'Info' indicating an informational 541 message."; 542 } 543 enum "debug" { 544 value 7; 545 description 546 "The severity level 'Debug' indicating a debug-level 547 message."; 548 } 549 } 550 description 551 "The definitions for Syslog message severity."; 553 reference 554 "RFC 5424: The Syslog Protocol"; 555 } 557 identity syslog-facility { 558 description 559 "This identity is used as a base for all syslog facilities."; 560 reference 561 "RFC 5424: The Syslog Protocol"; 562 } 564 identity kern { 565 base syslog-facility; 566 description 567 "The facility for kernel messages (0)."; 568 reference 569 "RFC 5424: The Syslog Protocol"; 570 } 572 identity user { 573 base syslog-facility; 574 description 575 "The facility for user-level messages (1)."; 576 reference 577 "RFC 5424: The Syslog Protocol"; 578 } 580 identity mail { 581 base syslog-facility; 582 description 583 "The facility for the mail system (2)."; 584 reference 585 "RFC 5424: The Syslog Protocol"; 586 } 588 identity daemon { 589 base syslog-facility; 590 description 591 "The facility for the system daemons (3)."; 592 reference 593 "RFC 5424: The Syslog Protocol"; 594 } 596 identity auth { 597 base syslog-facility; 598 description 599 "The facility for security/authorization messages (4)."; 600 reference 601 "RFC 5424: The Syslog Protocol"; 602 } 604 identity syslog { 605 base syslog-facility; 606 description 607 "The facility for messages generated internally by syslogd 608 facility (5)."; 609 reference 610 "RFC 5424: The Syslog Protocol"; 611 } 613 identity lpr { 614 base syslog-facility; 615 description 616 "The facility for the line printer subsystem (6)."; 617 reference 618 "RFC 5424: The Syslog Protocol"; 619 } 621 identity news { 622 base syslog-facility; 623 description 624 "The facility for the network news subsystem (7)."; 625 reference 626 "RFC 5424: The Syslog Protocol"; 627 } 629 identity uucp { 630 base syslog-facility; 631 description 632 "The facility for the UUCP subsystem (8)."; 633 reference 634 "RFC 5424: The Syslog Protocol"; 635 } 637 identity cron { 638 base syslog-facility; 639 description 640 "The facility for the clock daemon (9)."; 641 reference 642 "RFC 5424: The Syslog Protocol"; 643 } 645 identity authpriv { 646 base syslog-facility; 647 description 648 "The facility for privileged security/authorization messages 649 (10)."; 650 reference 651 "RFC 5424: The Syslog Protocol"; 652 } 654 identity ftp { 655 base syslog-facility; 656 description 657 "The facility for the FTP daemon (11)."; 658 reference 659 "RFC 5424: The Syslog Protocol"; 660 } 662 identity ntp { 663 base syslog-facility; 664 description 665 "The facility for the NTP subsystem (12)."; 666 reference 667 "RFC 5424: The Syslog Protocol"; 668 } 670 identity audit { 671 base syslog-facility; 672 description 673 "The facility for log audit messages (13)."; 674 reference 675 "RFC 5424: The Syslog Protocol"; 676 } 678 identity console { 679 base syslog-facility; 680 description 681 "The facility for log alert messages (14)."; 682 reference 683 "RFC 5424: The Syslog Protocol"; 684 } 686 identity cron2 { 687 base syslog-facility; 688 description 689 "The facility for the second clock daemon (15)."; 690 reference 691 "RFC 5424: The Syslog Protocol"; 692 } 694 identity local0 { 695 base syslog-facility; 696 description 697 "The facility for local use 0 messages (16)."; 698 reference 699 "RFC 5424: The Syslog Protocol"; 700 } 702 identity local1 { 703 base syslog-facility; 704 description 705 "The facility for local use 1 messages (17)."; 706 reference 707 "RFC 5424: The Syslog Protocol"; 708 } 710 identity local2 { 711 base syslog-facility; 712 description 713 "The facility for local use 2 messages (18)."; 714 reference 715 "RFC 5424: The Syslog Protocol"; 716 } 718 identity local3 { 719 base syslog-facility; 720 description 721 "The facility for local use 3 messages (19)."; 722 reference 723 "RFC 5424: The Syslog Protocol"; 724 } 726 identity local4 { 727 base syslog-facility; 728 description 729 "The facility for local use 4 messages (20)."; 730 reference 731 "RFC 5424: The Syslog Protocol"; 732 } 734 identity local5 { 735 base syslog-facility; 736 description 737 "The facility for local use 5 messages (21)."; 738 reference 739 "RFC 5424: The Syslog Protocol"; 740 } 742 identity local6 { 743 base syslog-facility; 744 description 745 "The facility for local use 6 messages (22)."; 746 reference 747 "RFC 5424: The Syslog Protocol"; 748 } 750 identity local7 { 751 base syslog-facility; 752 description 753 "The facility for local use 7 messages (23)."; 754 reference 755 "RFC 5424: The Syslog Protocol"; 756 } 758 grouping severity-filter { 759 description 760 "This grouping defines the processing used to select 761 log messages by comparing syslog message severity using 762 the following processing rules: 763 - if 'none', do not match. 764 - if 'all', match. 765 - else compare message severity with the specified severity 766 according to the default compare rule (all messages of the 767 specified severity and greater match) or if the 768 select-adv-compare feature is present, the advance-compare 769 rule."; 770 leaf severity { 771 type union { 772 type syslog-severity; 773 type enumeration { 774 enum none { 775 value 2147483647; 776 description 777 "This enum describes the case where no severities 778 are selected."; 779 } 780 enum all { 781 value -2147483648; 782 description 783 "This enum describes the case where all severities 784 are selected."; 785 } 786 } 787 } 788 mandatory true; 789 description 790 "This leaf specifies the syslog message severity."; 791 } 792 container advanced-compare { 793 when '../severity != "all" and 794 ../severity != "none"' { 795 description 796 "The advanced compare container is not applicable for 797 severity 'all' or severity 'none'"; 798 } 799 if-feature select-adv-compare; 800 leaf compare { 801 type enumeration { 802 enum equals { 803 description 804 "This enum specifies that the severity comparison 805 operation will be equals."; 806 } 807 enum equals-or-higher { 808 description 809 "This enum specifies that the severity comparison 810 operation will be equals or higher."; 811 } 812 } 813 default equals-or-higher; 814 description 815 "The compare can be used to specify the comparison 816 operator that should be used to compare the syslog message 817 severity with the specified severity."; 818 } 819 leaf action { 820 type enumeration { 821 enum log { 822 description 823 "This enum specifies that if the compare operation is 824 true the message will be logged."; 825 } 826 enum block { 827 description 828 "This enum specifies that if the compare operation is 829 true the message will not be logged."; 830 } 831 } 832 default log; 833 description 834 "The action can be used to spectify if the message should 835 be logged or blocked based on the outcome of the compare 836 operation."; 837 } 838 description 839 "This container describes additional severity compare 840 operations that can be used in place of the default 841 severity comparison. The compare leaf specifies the type of 842 the compare that is done and the action leaf specifies the 843 intended result. 844 Example: compare->equals and action->no-match means 845 messages that have a severity that is not equal to the 846 specified severity will be logged."; 847 } 848 } 850 grouping selector { 851 description 852 "This grouping defines a syslog selector which is used to 853 select log messages for the log-actions (console, file, 854 remote, etc.). Choose one or both of the following: 855 facility [ ...] 856 pattern-match regular-expression-match-string 857 If both facility and pattern-match are specified, both must 858 match in order for a log message to be selected."; 859 container facility-filter { 860 description 861 "This container describes the syslog filter parameters."; 862 list facility-list { 863 key "facility severity"; 864 ordered-by user; 865 description 866 "This list describes a collection of syslog 867 facilities and severities."; 868 leaf facility { 869 type union { 870 type identityref { 871 base syslog-facility; 872 } 873 type enumeration { 874 enum all { 875 description 876 "This enum describes the case where all 877 facilities are requested."; 878 } 879 } 880 } 881 description 882 "The leaf uniquely identifies a syslog facility."; 883 } 884 uses severity-filter; 885 } 886 } 887 leaf pattern-match { 888 if-feature select-match; 889 type string; 890 description 891 "This leaf describes a Posix 1003.2 regular expression 892 string that can be used to select a syslog message for 893 logging. The match is performed on the SYSLOG-MSG field."; 894 reference 895 "RFC 5424: The Syslog Protocol 896 Std-1003.1-2008 Regular Expressions"; 897 } 898 } 900 grouping structured-data { 901 description 902 "This grouping defines the syslog structured data option 903 which is used to select the format used to write log 904 messages."; 905 leaf structured-data { 906 if-feature structured-data; 907 type boolean; 908 default false; 909 description 910 "This leaf describes how log messages are written. 911 If true, messages will be written with one or more 912 STRUCTURED-DATA elements; if false, messages will be 913 written with STRUCTURED-DATA = NILVALUE."; 914 reference 915 "RFC 5424: The Syslog Protocol"; 916 } 917 } 919 container syslog { 920 presence "Enables logging."; 921 description 922 "This container describes the configuration parameters for 923 syslog."; 924 container actions { 925 description 926 "This container describes the log-action parameters 927 for syslog."; 928 container console { 929 if-feature console-action; 930 presence "Enables logging to the console"; 931 description 932 "This container describes the configuration parameters 933 for console logging."; 934 uses selector; 935 } 936 container file { 937 if-feature file-action; 938 description 939 "This container describes the configuration parameters for 940 file logging. If file-archive limits are not supplied, it 941 is assumed that the local implementation defined limits 942 will be used."; 943 list log-file { 944 key "name"; 945 description 946 "This list describes a collection of local logging 947 files."; 948 leaf name { 949 type inet:uri { 950 pattern 'file:.*'; 951 } 952 description 953 "This leaf specifies the name of the log file which 954 MUST use the uri scheme file:."; 955 } 956 uses selector; 957 uses structured-data; 958 container file-rotation { 959 description 960 "This container describes the configuration 961 parameters for log file rotation."; 962 leaf number-of-files { 963 if-feature file-limit-size; 964 type uint32; 965 default 1; 966 description 967 "This leaf specifies the maximum number of log 968 files retained. Specify 1 for implementations 969 that only support one log file."; 970 } 971 leaf max-file-size { 972 if-feature file-limit-size; 973 type uint32; 974 units "megabytes"; 975 description 976 "This leaf specifies the maximum log file size."; 977 } 978 leaf rollover { 979 if-feature file-limit-duration; 980 type uint32; 981 units "minutes"; 982 description 983 "This leaf specifies the length of time that log 984 events should be written to a specific log file. 986 Log events that arrive after the rollover period 987 cause the current log file to be closed and a new 988 log file to be opened."; 989 } 990 leaf retention { 991 if-feature file-limit-duration; 992 type uint32; 993 units "hours"; 994 description 995 "This leaf specifies the length of time that 996 completed/closed log event files should be stored 997 in the file system before they are deleted."; 998 } 999 } 1000 } 1001 } 1002 container remote { 1003 if-feature remote-action; 1004 description 1005 "This container describes the configuration parameters 1006 for forwarding syslog messages to remote relays or 1007 collectors."; 1008 list destination { 1009 key "name"; 1010 description 1011 "This list describes a collection of remote logging 1012 destinations."; 1013 leaf name { 1014 type string; 1015 description 1016 "An arbitrary name for the endpoint to connect to."; 1017 } 1018 choice transport { 1019 mandatory true; 1020 description 1021 "This choice describes the transport option."; 1022 case udp { 1023 container udp { 1024 description 1025 "This container describes the UDP transport 1026 options."; 1027 reference 1028 "RFC 5426: Transmission of Syslog Messages over 1029 UDP"; 1030 leaf address { 1031 type inet:host; 1032 description 1033 "The leaf uniquely specifies the address of 1034 the remote host. One of the following must be 1035 specified: an ipv4 address, an ipv6 address, 1036 or a host name."; 1037 } 1038 leaf port { 1039 type inet:port-number; 1040 default 514; 1041 description 1042 "This leaf specifies the port number used to 1043 deliver messages to the remote server."; 1044 } 1045 } 1046 } 1047 case tls { 1048 container tls { 1049 description 1050 "This container describes the TLS transport 1051 options."; 1052 reference 1053 "RFC 5425: Transport Layer Security (TLS) 1054 Transport Mapping for Syslog "; 1055 leaf address { 1056 type inet:host; 1057 description 1058 "The leaf uniquely specifies the address of 1059 the remote host. One of the following must be 1060 specified: an ipv4 address, an ipv6 address, 1061 or a host name."; 1062 } 1063 leaf port { 1064 type inet:port-number; 1065 default 6514; 1066 description 1067 "TCP port 6514 has been allocated as the default 1068 port for syslog over TLS."; 1069 } 1070 uses tlsc:tls-client-grouping; 1071 } 1072 } 1073 } 1074 uses selector; 1075 uses structured-data; 1076 leaf facility-override { 1077 type identityref { 1078 base syslog-facility; 1079 } 1080 description 1081 "If specified, this leaf specifies the facility used 1082 to override the facility in messages delivered to 1083 the remote server."; 1084 } 1085 leaf source-interface { 1086 if-feature remote-source-interface; 1087 type if:interface-ref; 1088 description 1089 "This leaf sets the source interface to be used to 1090 send messages to the remote syslog server. If not 1091 set, messages sent to a remote syslog server will 1092 contain the IP address of the interface the syslog 1093 message uses to exit the network element"; 1094 } 1095 container signing { 1096 if-feature signed-messages; 1097 presence 1098 "If present, syslog-signing options is activated."; 1099 description 1100 "This container describes the configuration 1101 parameters for signed syslog messages."; 1102 reference 1103 "RFC 5848: Signed Syslog Messages"; 1104 container cert-signers { 1105 description 1106 "This container describes the signing certificate 1107 configuration for Signature Group 0 which covers 1108 the case for administrators who want all Signature 1109 Blocks to be sent to a single destination."; 1110 list cert-signer { 1111 key "name"; 1112 description 1113 "This list describes a collection of syslog 1114 message signers."; 1115 leaf name { 1116 type string; 1117 description 1118 "This leaf specifies the name of the syslog 1119 message signer."; 1120 } 1121 container cert { 1122 uses ks:private-key-grouping; 1123 uses ks:certificate-grouping; 1124 description 1125 "This is the certificate that is periodically 1126 sent to the remote receiver. Selection of the 1127 certificate also implicitly selects the private 1128 key used to sign the syslog messages."; 1129 } 1130 leaf hash-algorithm { 1131 type enumeration { 1132 enum SHA1 { 1133 value 1; 1134 description 1135 "This enum describes the SHA1 algorithm."; 1136 } 1137 enum SHA256 { 1138 value 2; 1139 description 1140 "This enum describes the SHA256 algorithm."; 1141 } 1142 } 1143 description 1144 "This leaf describes the syslog signer hash 1145 algorithm used."; 1146 } 1147 } 1148 leaf cert-initial-repeat { 1149 type uint32; 1150 default 3; 1151 description 1152 "This leaf specifies the number of times each 1153 Certificate Block should be sent before the first 1154 message is sent."; 1155 } 1156 leaf cert-resend-delay { 1157 type uint32; 1158 units "seconds"; 1159 default 3600; 1160 description 1161 "This leaf specifies the maximum time delay in 1162 seconds until resending the Certificate Block."; 1163 } 1164 leaf cert-resend-count { 1165 type uint32; 1166 default 0; 1167 description 1168 "This leaf specifies the maximum number of other 1169 syslog messages to send until resending the 1170 Certificate Block."; 1171 } 1172 leaf sig-max-delay { 1173 type uint32; 1174 units "seconds"; 1175 default 60; 1176 description 1177 "This leaf specifies when to generate a new 1178 Signature Block. If this many seconds have 1179 elapsed since the message with the first message 1180 number of the Signature Block was sent, a new 1181 Signature Block should be generated."; 1182 } 1183 leaf sig-number-resends { 1184 type uint32; 1185 default 0; 1186 description 1187 "This leaf specifies the number of times a 1188 Signature Block is resent. (It is recommended to 1189 select a value of greater than 0 in particular 1190 when the UDP transport RFC 5426 is used.)."; 1191 } 1192 leaf sig-resend-delay { 1193 type uint32; 1194 units "seconds"; 1195 default 5; 1196 description 1197 "This leaf specifies when to send the next 1198 Signature Block transmission based on time. If 1199 this many seconds have elapsed since the previous 1200 sending of this Signature Block, resend it."; 1201 } 1202 leaf sig-resend-count { 1203 type uint32; 1204 default 0; 1205 description 1206 "This leaf specifies when to send the next 1207 Signature Block transmission based on a count. 1208 If this many other syslog messages have been 1209 sent since the previous sending of this 1210 Signature Block, resend it. A value of 0 means 1211 that you don't resend based on the number of 1212 messages."; 1213 } 1214 } 1215 } 1216 } 1217 } 1218 } 1219 } 1220 } 1221 1223 Figure 3. ietf-syslog Module 1225 5. Usage Examples 1227 Requirement: 1228 Enable console logging of syslogs of severity critical 1230 Here is the example syslog configuration xml: 1231 1232 1233 1234 1235 1236 all 1237 critical 1238 1239 1240 1241 1242 1244 Enable remote logging of syslogs to udp destination 1245 2001:db8:a0b:12f0::1 for facility auth, severity error 1247 1248 1249 1250 1251 remote1 1252 1253
foo.eample.com
1254 1255 1256 1257 auth 1258 error 1259 1260 1261 1262 1263 1264 1266 Figure 4. ietf-syslog Examples 1268 6. Acknowledgements 1270 The authors wish to thank the following who commented on this 1271 proposal: 1273 Andy Bierman, Martin Bjorklund, Alex Campbell, Alex Clemm, Jim 1274 Gibson, Jeffrey Haas, John Heasley, Giles Heron, Lisa Huang, Mahesh 1275 Jethanandani, Jeffrey K Lange, Jan Lindblad, Chris Lonvick, Tom 1276 Petch, Juergen Schoenwaelder, Phil Shafer, Jason Sterne, Peter Van 1277 Horne, Kent Watsen, Bert Wijnen, Dale R Worley, Aleksandr Zhdankin 1279 7. IANA Considerations 1281 7.1. The IETF XML Registry 1283 This document registers one URI in the IETF XML registry [RFC3688]. 1284 Following the format in [RFC3688], the following registration is 1285 requested: 1287 URI: urn:ietf:params:xml:ns:yang:ietf-syslog 1288 Registrant Contact: The IESG. 1289 XML: N/A, the requested URI is an XML namespace. 1291 7.2. The YANG Module Names Registry 1293 This document registers one YANG module in the YANG Module Names 1294 registry [RFC7895]. Following the format in [RFC7950], the following 1295 registration is requested: 1297 name: ietf-syslog 1298 namespace: urn:ietf:params:xml:ns:yang:ietf-syslog 1299 prefix: ietf-syslog 1300 reference: RFC zzzz 1302 8. Security Considerations 1304 The YANG module defined in this document is designed to be accessed 1305 via YANG based management protocols, such as NETCONF [RFC6241] and 1306 RESTCONF [RFC8040]. Both of these protocols have mandatory-to- 1307 implement secure transport layers (e.g., SSH, TLS) with mutual 1308 authentication. 1310 The NETCONF access control model (NACM) [RFC6536] provides the means 1311 to restrict access for particular users to a pre-configured subset of 1312 all available protocol operations and content. 1314 There are a number of data nodes defined in this YANG module that are 1315 writable/creatable/deletable (i.e., config true, which is the 1316 default). These data nodes may be considered sensitive or vulnerable 1317 in some network environments. Write operations (e.g., edit-config) 1318 to these data nodes without proper protection can have a negative 1319 effect on network operations. These are the subtrees and data nodes 1320 and their sensitivity/vulnerability: 1322 facility-filter/pattern-match: When writing this node, 1323 implementations MUST ensure that the regular expression pattern 1324 match is not constructed to cause a regular expression denial 1325 of service attack due to a pattern that causes the regular 1326 expression implementation to work very slowly (exponentially 1327 related to input size). 1329 Some of the readable data nodes in this YANG module may be considered 1330 sensitive or vulnerable in some network environments. It is thus 1331 important to control read access (e.g., via get, get-config, or 1332 notification) to these data nodes. 1334 There are no RPC operations defined in this YANG module. 1336 9. References 1338 9.1. Normative References 1340 [I-D.ietf-netconf-keystore] 1341 Watsen, K., "YANG Data Model for a "Keystore" Mechanism", 1342 draft-ietf-netconf-keystore-04 (work in progress), October 1343 2017. 1345 [I-D.ietf-netconf-tls-client-server] 1346 Watsen, K. and G. Wu, "YANG Groupings for TLS Clients and 1347 TLS Servers", draft-ietf-netconf-tls-client-server-05 1348 (work in progress), October 2017. 1350 [I-D.ietf-netmod-yang-tree-diagrams] 1351 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 1352 ietf-netmod-yang-tree-diagrams-05 (work in progress), 1353 January 2018. 1355 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1356 Requirement Levels", BCP 14, RFC 2119, 1357 DOI 10.17487/RFC2119, March 1997, 1358 . 1360 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, 1361 DOI 10.17487/RFC5424, March 2009, 1362 . 1364 [RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed., 1365 "Transport Layer Security (TLS) Transport Mapping for 1366 Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009, 1367 . 1369 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", 1370 RFC 5426, DOI 10.17487/RFC5426, March 2009, 1371 . 1373 [RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog 1374 Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, 1375 . 1377 [RFC7223] Bjorklund, M., "A YANG Data Model for Interface 1378 Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, 1379 . 1381 [RFC7895] Bierman, A., Bjorklund, M., and K. Watsen, "YANG Module 1382 Library", RFC 7895, DOI 10.17487/RFC7895, June 2016, 1383 . 1385 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1386 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1387 . 1389 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1390 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1391 May 2017, . 1393 [Std-1003.1-2008] 1394 The Open Group, ""Chapter 9: Regular Expressions". The 1395 Open Group Base Specifications Issue 6, IEEE Std 1396 1003.1-2008, 2016 Edition.", September 2016, 1397 . 1399 9.2. Informative References 1401 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1402 DOI 10.17487/RFC3688, January 2004, 1403 . 1405 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1406 and A. Bierman, Ed., "Network Configuration Protocol 1407 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1408 . 1410 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1411 Protocol (NETCONF) Access Control Model", RFC 6536, 1412 DOI 10.17487/RFC6536, March 2012, 1413 . 1415 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1416 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1417 . 1419 Appendix A. Implementor Guidelines 1421 A.1. Extending Facilities 1423 Many vendors extend the list of facilities available for logging in 1424 their implementation. Additional facilities may not work with the 1425 syslog protocol as defined in [RFC5424] and hence such facilities 1426 apply for local syslog-like logging functionality. 1428 The following is an example that shows how additional facilities 1429 could be added to the list of available facilities (in this example 1430 two facilities are added): 1432 module example-vendor-syslog-types { 1433 namespace "http://example.com/ns/vendor-syslog-types"; 1434 prefix vendor-syslogtypes; 1436 import ietf-syslog { 1437 prefix syslogtypes; 1438 } 1440 organization "Example, Inc."; 1441 contact 1442 "Example, Inc. 1443 Customer Service 1445 E-mail: syslog-yang@example.com"; 1447 description 1448 "This module contains a collection of vendor-specific YANG type 1449 definitions for SYSLOG."; 1451 revision 2017-08-11 { 1452 description 1453 "Version 1.0"; 1454 reference 1455 "Vendor SYSLOG Types: SYSLOG YANG Model"; 1456 } 1458 identity vendor_specific_type_1 { 1459 base syslogtypes:syslog-facility; 1460 description 1461 "Adding vendor specific type 1 to syslog-facility"; 1462 } 1464 identity vendor_specific_type_2 { 1465 base syslogtypes:syslog-facility; 1466 description 1467 "Adding vendor specific type 2 to syslog-facility"; 1468 } 1469 } 1471 Authors' Addresses 1472 Clyde Wildes (editor) 1473 Cisco Systems Inc. 1474 170 West Tasman Drive 1475 San Jose, CA 95134 1476 US 1478 Phone: +1 408 527-2672 1479 EMail: cwildes@cisco.com 1481 Kiran Koushik (editor) 1482 Verizon Wireless 1483 500 W Dove Rd. 1484 Southlake, TX 76092 1485 US 1487 Phone: +1 512 650-0210 1488 EMail: kirankoushik.agraharasreenivasa@verizonwireless.com