idnits 2.17.1 draft-tsuno-syslog-mib-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (April 16, 2017) is 2560 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5426' is mentioned on line 317, but not defined == Missing Reference: 'RFC5425' is mentioned on line 318, but not defined == Missing Reference: 'RFC3195' is mentioned on line 319, but not defined == Missing Reference: 'RFC6012' is mentioned on line 320, but not defined Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Tsunoda 3 Internet-Draft Tohoku Institute of Technology 4 Intended status: Proposed Standard G. Keeni 5 Expires: October 18, 2017 Cyber Solutions Inc. 6 April 16, 2017 8 Syslog Management Information Base 9 draft-tsuno-syslog-mib-04.txt 11 Abstract 13 This memo defines a portion of the Management Information Base (MIB), 14 the SYSLOG-MIB, for use with network management protocols in the 15 Internet community. In particular, the SYSLOG-MIB will be used to 16 monitor and control syslog applications. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on October 18, 2017. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. The Internet-Standard Management Framework . . . . . . . . . 2 53 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 54 3. Managing syslog . . . . . . . . . . . . . . . . . . . . . . . 3 55 4. The MIB Design. . . . . . . . . . . . . . . . . . . . . . . . 4 56 5. The Syslog MIB . . . . . . . . . . . . . . . . . . . . . . . 5 57 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 58 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 59 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 60 9. APPENDIX . . . . . . . . . . . . . . . . . . . . . . . . . . 37 61 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 62 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 63 10.2. Informative References . . . . . . . . . . . . . . . . . 39 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 66 1. The Internet-Standard Management Framework 68 For a detailed overview of the documents that describe the current 69 Internet-Standard Management Framework, please refer to section 7 of 70 RFC 3410 [RFC3410]. 72 Managed objects are accessed via a virtual information store, termed 73 the Management Information Base or MIB. MIB objects are generally 74 accessed through the Simple Network Management Protocol (SNMP). 76 Objects in the MIB are defined using the mechanisms defined in the 77 Structure of Management Information (SMI). This memo specifies a MIB 78 module that is compliant to the SMIv2, which is described in STD 58, 79 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 80 [RFC2580]. 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 84 document are to be interpreted as described in BCP 14, RFC 2119 85 [RFC2119]. 87 2. Background 89 Operating systems, processes and applications, collectively termed 90 "facilities" in the following, generate messages indicating their own 91 status or the occurrence of events. These messages are handled by 92 what has come to be known as the syslog application [RFC5424]. A 93 syslog application sends and/or receives syslog messages. The reader 94 is referred to [RFC5424] for a description of the various roles of a 95 syslog application viz. "sender", "receiver" and "relay". The 96 discussion in this document, in general, applies to a generic syslog 97 application. For special cases the specific role of the syslog 98 application will be mentioned. 100 This document defines a set of managed objects (MOs) that can be used 101 to monitor a group of syslog applications. 103 The SYSLOG-MIB can be used in conjunction with other MIB modules - in 104 particular the Host Resources MIB [RFC2790]. The generic process 105 related matters e.g. control and monitoring for status, resource 106 usage etc. can be serviced by the corresponding entries in the Host 107 Resources MIB. 109 +------+ 110 Syslog message ----->| App1 | 111 +------+ 113 +------+ 114 Syslog message ----->| App2 |------> Syslog message 115 +------+ 117 +------+ 118 | App3 |------> Syslog message 119 +------+ 121 App1: Syslog collector (syslog receiver) 122 App2: Syslog relay (syslog receiver, syslog sender) 123 App3: Syslog originator (syslog sender) 125 Figure 1: Syslog applications modeled by the SYSLOG-MIB 127 The syslog applications modeled by the SYSLOG-MIB are shown in Fig.1. 128 A syslog receiver receives syslog messages. A syslog sender sends 129 syslog messages to other syslog applications. A syslog relay 130 forwards some of the received syslog messages to other syslog 131 applications. A syslog receiver receives a syslog message and 132 processes it. The processing will depend on the internal 133 configuration and may involve relaying the message to one or more 134 syslog applications. Note that a syslog application may have 135 multiple roles. Multiple syslog applications may co-exist on the 136 same host. 138 3. Managing syslog 140 Log messages are expected to be collected, reliably and without 141 interruption. For this, the logging system itself needs to be 142 monitored and managed just like any other component of the ICT 143 infrastructure. 145 The operational information of syslog applications will be a target 146 of syslog monitoring. Running status of related processes, resource 147 usages, and statistics of the number of processed log messages will 148 be monitored. The number of log messages delivered to each 149 destination on a target host will give administrators insight into 150 the operation of the syslog application. 152 Managing syslog will also involve viewing and maintaining the 153 configuration of the underlying syslog applications. 155 4. The MIB Design. 157 The purpose of the SYSLOG-MIB is to allow the monitoring of a group 158 of syslog applications. This requires managed objects representing 159 the following elements. 161 o The configuration and status related details of each syslog 162 application. 164 o The statistics on syslog messages received, processed locally, 165 relayed by each syslog application. 167 The MIB contains three subtrees. 169 o The syslogNotifications subtree defines the set of notifications 170 that will be used to asynchronously report the change of status of 171 a syslog application. 173 o The syslogObjects subtree contains four subtrees. 175 * The syslogControlTable subtree deals with the configuration and 176 control information for a syslog application. 178 * The syslogOperationsTable subtree deals with operations and 179 statistical information about syslog messages sent and/or 180 received by a syslog application. 182 * The syslogPriorityTable subtree deals with the relay 183 configuration parameters pertaining to a syslog application. 185 * The syslogRelayTable deals with the information about the 186 destination of the relayed messages. 188 o The conformance subtree defines the compliance statements. 190 The SYSLOG-MIB module uses textual conventions defined in INET- 191 ADDRESS-MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411] and SYSLOG-TC-MIB 192 [RFC5427]. 194 5. The Syslog MIB 196 SYSLOG-MIB DEFINITIONS ::= BEGIN 198 IMPORTS 199 MODULE-IDENTITY, OBJECT-TYPE, 200 Unsigned32, Counter32, Integer32, mib-2, 201 NOTIFICATION-TYPE 202 FROM SNMPv2-SMI 203 RowStatus, StorageType, 204 TEXTUAL-CONVENTION, TimeStamp 205 FROM SNMPv2-TC 206 InetAddressType, InetAddress, InetPortNumber 207 FROM INET-ADDRESS-MIB 208 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 209 FROM SNMPv2-CONF 210 SyslogFacility, SyslogSeverity 211 FROM SYSLOG-TC-MIB 212 SnmpAdminString 213 FROM SNMP-FRAMEWORK-MIB; 215 syslogMIB MODULE-IDENTITY 216 LAST-UPDATED "201704160000Z" -- 16th April, 2017 217 ORGANIZATION "Cyber Solutions Inc. NetMan Working Group" 218 CONTACT-INFO 219 " Hiroshi Tsunoda 220 Tohoku Institute of Technology 221 35-1, Yagiyama Kasumi-cho 222 Taihaku-ku, Sendai, Japan 982-8577 224 Tel: +81-22-305-3411 225 E-mail: tsuno@m.ieice.org 227 Glenn Mansfield Keeni 228 Postal: Cyber Solutions Inc. 229 6-6-3, Minami Yoshinari 230 Aoba-ku, Sendai, Japan 989-3204. 231 Tel: +81-22-303-4012 232 Fax: +81-22-303-4015 233 E-mail: glenn@cysols.com 235 Support Group E-mail: mibsupport@cysols.com 236 " 238 DESCRIPTION 239 "The MIB module for monitoring syslog applications. 241 A syslog application sends and/or receives syslog messages. 243 The reader is referred to [RFC5424] for a description of 244 the various roles of a syslog application viz. ''sender'', 245 ''receiver'' and ''relay''. The discussion in this 246 document in general applies to a generic syslog application. 247 For special cases the specific role of the syslog 248 application will be mentioned. 250 Copyright (c) 2017 IETF Trust and the persons identified as 251 the document authors. All rights reserved. 253 This document is subject to BCP 78 and the IETF Trust's 254 Legal Provisions Relating to IETF Documents 255 (http://trustee.ietf.org/license-info) 256 in effect on the date of publication of this document. 257 Please review these documents carefully, as they describe 258 your rights and restrictions with respect to this document. 259 " 261 REVISION "201704160000Z" -- 16th April, 2017 262 DESCRIPTION 263 "The initial version, published as RFC XXXX." 265 -- RFC Ed.: replace XXXX with the actual RFC number & remove this 266 -- note 268 ::= { mib-2 YYYY } -- Will be assigned by IANA 270 -- IANA Reg.: Please assign a value for "YYYY" under the 271 -- 'mib-2' subtree and record the assignment in the SMI 272 -- Numbers registry. 274 -- RFC Ed.: When the above assignment has been made, please 275 -- remove the above note 276 -- replace "YYYY" here with the assigned value and 277 -- remove this note. 279 -- ------------------------------------------------------------- 280 -- Textual Conventions 281 -- ------------------------------------------------------------- 282 SyslogRoles ::= TEXTUAL-CONVENTION 283 STATUS current 284 DESCRIPTION 285 "This textual convention enumerates the roles of a 286 syslog application. Note that a syslog application can 287 have multiple roles. 289 " 290 REFERENCE 291 "The Syslog Protocol [RFC5424] sec. 3. 292 " 293 SYNTAX BITS 294 { 295 sender (0), 296 receiver (1), 297 relay (2) 298 } 300 SyslogEncapsulation ::= TEXTUAL-CONVENTION 301 STATUS current 302 DESCRIPTION 303 "This textual convention enumerates the encapsulations 304 of the syslog message that is used between syslog 305 application endpoints. 306 " 307 REFERENCE 308 "Transmission of syslog messages over UDP [RFC5426], 309 TLS Transport Mapping for Syslog [RFC5425], 310 Reliable Delivery for syslog [RFC3195], 311 Datagram Transport Layer Security (DTLS) Transport 312 Mapping for Syslog [RFC6012]. 313 " 314 SYNTAX INTEGER 315 { 316 other (1), 317 none (2), -- [RFC5426] (no encapsulation) 318 tls (3), -- [RFC5425] 319 beep (4), -- [RFC3195] 320 dtls (5) -- [RFC6012] 321 } 323 -- syslogMIB - the main groups 324 -- ------------------------------------------------------------- 326 syslogNotifications OBJECT IDENTIFIER 327 ::= { syslogMIB 0 } 329 syslogObjects OBJECT IDENTIFIER 330 ::= { syslogMIB 1 } 332 syslogConformance OBJECT IDENTIFIER 333 ::= { syslogMIB 2 } 335 -- ------------------------------------------------------------- 336 -- syslog application configuration info table 337 -- ------------------------------------------------------------- 338 syslogControlTable OBJECT-TYPE 339 SYNTAX SEQUENCE OF SyslogControlEntry 340 MAX-ACCESS not-accessible 341 STATUS current 342 DESCRIPTION 343 "A table containing the configuration parameters 344 pertaining to the syslog applications serviced by an 345 SNMP agent. 346 " 347 ::= { syslogObjects 1 } 349 syslogControlEntry OBJECT-TYPE 350 SYNTAX SyslogControlEntry 351 MAX-ACCESS not-accessible 352 STATUS current 353 DESCRIPTION 354 "The configuration parameters pertaining to a syslog 355 application. 356 " 357 INDEX { syslogControlIndex } 358 ::= { syslogControlTable 1 } 360 SyslogControlEntry ::= 361 SEQUENCE { 362 syslogControlIndex 363 Unsigned32, 364 syslogControlDescr 365 SnmpAdminString, 366 syslogControlRoles 367 SyslogRoles, 368 syslogControlBindAddrType 369 InetAddressType, 370 syslogControlBindAddr 371 InetAddress, 372 syslogControlBindPort 373 InetPortNumber, 374 syslogControlEncapsulation 375 SyslogEncapsulation, 376 syslogControlMaxMessageSize 377 Unsigned32, 378 syslogControlConfFileName 379 SnmpAdminString, 380 syslogControlStorageType 381 StorageType, 382 syslogControlRowStatus 383 RowStatus 385 } 387 syslogControlIndex OBJECT-TYPE 388 SYNTAX Unsigned32 (1..2147483647) 389 MAX-ACCESS not-accessible 390 STATUS current 391 DESCRIPTION 392 "The Index that uniquely identifies the syslog 393 application in the syslogControlTable. 394 The value of the index for a syslog application may 395 not be the same across system reboots. Users and 396 applications will need to determine the index of a 397 syslog application after system reboots. 398 " 399 ::= { syslogControlEntry 1 } 401 syslogControlDescr OBJECT-TYPE 402 SYNTAX SnmpAdminString 403 MAX-ACCESS read-create 404 STATUS current 405 DESCRIPTION 406 "A user definable description of the syslog application. 407 This description could be used by syslog management 408 applications e.g. in reports or user interfaces. 409 " 410 ::= { syslogControlEntry 2 } 412 syslogControlRoles OBJECT-TYPE 413 SYNTAX SyslogRoles 414 MAX-ACCESS read-create 415 STATUS current 416 DESCRIPTION 417 "The roles of the syslog application. 418 " 419 ::= { syslogControlEntry 3 } 421 syslogControlBindAddrType OBJECT-TYPE 422 SYNTAX InetAddressType 423 MAX-ACCESS read-create 424 STATUS current 425 DESCRIPTION 426 "The type of Internet address which follows 427 in syslogControlBindAddr. 428 If this syslog application is not a syslog receiver, 429 the value of this object will be 'unknown' (0). 430 " 432 ::= { syslogControlEntry 4 } 434 syslogControlBindAddr OBJECT-TYPE 435 SYNTAX InetAddress 436 MAX-ACCESS read-create 437 STATUS current 438 DESCRIPTION 439 "The specific address the syslog receiver will bind to. 440 The format of the address is specified by the 441 corresponding syslogControlBindAddrType object. 442 If the address is specified in the DNS domain name format 443 [syslogControlBindAddrType = 'dns'], the 444 corresponding IPv4 or IPv6 address obtained at the time 445 of the binding operation by the syslog application, will be 446 used. 447 If this syslog application is not a syslog receiver, the 448 value of this object will be a zero-length string. 449 " 450 ::= { syslogControlEntry 5 } 452 syslogControlBindPort OBJECT-TYPE 453 SYNTAX InetPortNumber 454 MAX-ACCESS read-create 455 STATUS current 456 DESCRIPTION 457 "The port number that this syslog receiver will bind to. 458 If this syslog application is not a syslog receiver the 459 value of this object will be zero. 460 " 461 ::= { syslogControlEntry 6 } 463 syslogControlEncapsulation OBJECT-TYPE 464 SYNTAX SyslogEncapsulation 465 MAX-ACCESS read-create 466 STATUS current 467 DESCRIPTION 468 "The encapsulation that will be used for syslog messages 469 by the syslog receiver. 471 If this syslog application is not a syslog receiver the 472 value of this object will be ''other''. 473 " 474 ::= { syslogControlEntry 7 } 476 syslogControlMaxMessageSize OBJECT-TYPE 477 SYNTAX Unsigned32 478 MAX-ACCESS read-create 479 STATUS current 480 DESCRIPTION 481 "The maximum size of the syslog messages in bytes 482 for this syslog application. 484 A syslog receiver may reject or truncate messages larger 485 than the specified maximum syslog message size. 486 " 487 REFERENCE 488 "The Syslog Protocol [RFC5424] sec. 6.1. 489 " 490 ::= { syslogControlEntry 8 } 492 syslogControlConfFileName OBJECT-TYPE 493 SYNTAX SnmpAdminString 494 MAX-ACCESS read-create 495 STATUS current 496 DESCRIPTION 497 "The full path name of the configuration file where the 498 syslog application's message selection and corresponding 499 action rules will be read from. 500 If the syslog application does not support the specification 501 of a configuration file, the value of this object will 502 be a zero-length string. 503 " 504 DEFVAL { "/etc/syslog.conf" } 505 ::= { syslogControlEntry 9 } 507 syslogControlStorageType OBJECT-TYPE 508 SYNTAX StorageType 509 MAX-ACCESS read-create 510 STATUS current 511 DESCRIPTION 512 "This object defines whether the parameters defined in 513 this row are kept in volatile storage and lost upon 514 reboot or are backed up by non-volatile or permanent 515 storage. 516 Conceptual rows having the value 'permanent' need not 517 allow write-access to any columnar objects in the row. 518 " 519 DEFVAL { nonVolatile } 520 ::= { syslogControlEntry 11 } 522 syslogControlRowStatus OBJECT-TYPE 523 SYNTAX RowStatus 524 MAX-ACCESS read-create 525 STATUS current 526 DESCRIPTION 527 "This object is used to create, modify and delete rows in 528 the syslogControlTable. 529 The value of syslogControlDescr can be changed 530 when this object is in state ''active'' or in 531 ''notInService''. 532 The other objects in a row can be modified only when the 533 value of this object in the corresponding conceptual row 534 is not ''active''. Thus to modify one or more of the 535 objects in this conceptual row, 536 a. change the row status to ''notInService'', 537 b. change the values of the row 538 c. change the row status to ''active'' 539 The syslogControlRowStatus may be changed to 540 ''active'' if all the managed objects in the conceptual 541 row with MAX-ACCESS read-create except 542 syslogControlBindPort and 543 syslogControlEncapsulation have been assigned valid 544 values. 545 " 546 ::= { syslogControlEntry 12 } 548 -- ------------------------------------------------------------- 549 -- syslogOperations 550 -- ------------------------------------------------------------- 551 syslogOperationsTable OBJECT-TYPE 552 SYNTAX SEQUENCE OF SyslogOperationsEntry 553 MAX-ACCESS not-accessible 554 STATUS current 555 DESCRIPTION 556 "A table containing operations information about 557 the syslog applications serviced by an SNMP agent. 558 This table complements the (configuration) information 559 in syslogControlTable . 560 " 561 ::= { syslogObjects 2 } 563 syslogOperationsEntry OBJECT-TYPE 564 SYNTAX SyslogOperationsEntry 565 MAX-ACCESS not-accessible 566 STATUS current 567 DESCRIPTION 568 "The operations information pertaining to a syslog 569 application. 570 " 571 AUGMENTS { syslogControlEntry } 572 ::= { syslogOperationsTable 1 } 574 SyslogOperationsEntry ::= 575 SEQUENCE { 576 syslogOperationsMsgsReceived 577 Counter32, 578 syslogOperationsMsgsTransmitted 579 Counter32, 580 syslogOperationsMsgsRelayed 581 Counter32, 582 syslogOperationsMsgsDropped 583 Counter32, 584 syslogOperationsMsgsMalFormed 585 Counter32, 586 syslogOperationsMsgsDiscarded 587 Counter32, 588 syslogOperationsLastMsgRecdTime 589 TimeStamp, 590 syslogOperationsLastMsgTransmittedTime 591 TimeStamp, 592 syslogOperationsStartTime 593 TimeStamp, 594 syslogOperationsLastError 595 SnmpAdminString, 596 syslogOperationsLastErrorTime 597 TimeStamp, 598 syslogOperationsRunIndex 599 Integer32, 600 syslogOperationsCounterDiscontinuityTime 601 TimeStamp, 602 syslogOperationsStatus 603 INTEGER 604 } 606 syslogOperationsMsgsReceived OBJECT-TYPE 607 SYNTAX Counter32 608 MAX-ACCESS read-only 609 STATUS current 610 DESCRIPTION 611 "The number of messages received by the syslog 612 receiver. This includes messages that were discarded. 613 If this syslog application is not a syslog receiver the 614 value of this object will be zero. 615 Discontinuities in the value of this counter can 616 occur at re-initialization of the management system, 617 and at other times as indicated by the value of 618 syslogOperationsCounterDiscontinuityTime. 619 " 620 ::= { syslogOperationsEntry 1 } 622 syslogOperationsMsgsTransmitted OBJECT-TYPE 623 SYNTAX Counter32 624 MAX-ACCESS read-only 625 STATUS current 626 DESCRIPTION 627 "The number of messages transmitted by the syslog 628 sender. This does not include the messages that could 629 not be queued for transmission by the syslog sender. 630 If this syslog application is not a syslog sender the 631 value of this object will be zero. 632 Discontinuities in the value of this counter can 633 occur at re-initialization of the management system, 634 and at other times as indicated by the value of 635 syslogOperationsCounterDiscontinuityTime. 636 " 637 ::= { syslogOperationsEntry 2 } 639 syslogOperationsMsgsRelayed OBJECT-TYPE 640 SYNTAX Counter32 641 MAX-ACCESS read-only 642 STATUS current 643 DESCRIPTION 644 "The number of messages relayed by the syslog 645 relay to other syslog applications. 646 If this syslog application is not a syslog relay the value 647 of this object will be zero. 648 Discontinuities in the value of this counter can 649 occur at re-initialization of the management system, 650 and at other times as indicated by the value of 651 syslogOperationsCounterDiscontinuityTime. 652 " 653 REFERENCE 654 "The Syslog Protocol [RFC5424] sec. 3. 655 " 656 ::= { syslogOperationsEntry 3 } 658 syslogOperationsMsgsDropped OBJECT-TYPE 659 SYNTAX Counter32 660 MAX-ACCESS read-only 661 STATUS current 662 DESCRIPTION 663 "The number of messages that could not be queued 664 for transmission by the syslog sender. 665 If this syslog application is not a syslog sender the 666 value of this object will be zero. 667 Discontinuities in the value of this counter can 668 occur at re-initialization of the management system, 669 and at other times as indicated by the value of 670 syslogOperationsCounterDiscontinuityTime. 671 " 672 ::= { syslogOperationsEntry 4 } 674 syslogOperationsMsgsMalFormed OBJECT-TYPE 675 SYNTAX Counter32 676 MAX-ACCESS read-only 677 STATUS current 678 DESCRIPTION 679 "The number of messages received by the syslog 680 receiver which had a malformed header. 681 If this syslog application is not a syslog receiver, 682 then this object will have a zero value. 683 Discontinuities in the value of this counter can 684 occur at re-initialization of the management system, 685 and at other times as indicated by the value of 686 syslogOperationsCounterDiscontinuityTime. 687 " 688 REFERENCE 689 "The Syslog Protocol [RFC5424] sec. 6.3. 690 " 691 ::= { syslogOperationsEntry 5 } 693 syslogOperationsMsgsDiscarded OBJECT-TYPE 694 SYNTAX Counter32 695 MAX-ACCESS read-only 696 STATUS current 697 DESCRIPTION 698 "The number of messages that were discarded by the 699 syslog receiver. This will include messages that 700 were discarded because the message size was greater 701 than the system's maximum message size. 702 If this syslog application is not a syslog receiver this 703 object will have a zero value. 704 Discontinuities in the value of this counter can 705 occur at re-initialization of the management system, 706 and at other times as indicated by the value of 707 syslogOperationsCounterDiscontinuityTime. 708 " 709 REFERENCE 710 "The Syslog Protocol [RFC5424] sec. 6.1. 711 " 712 ::= { syslogOperationsEntry 6 } 714 syslogOperationsLastMsgRecdTime OBJECT-TYPE 715 SYNTAX TimeStamp 716 MAX-ACCESS read-only 717 STATUS current 718 DESCRIPTION 719 "The value of sysUpTime when the last message was 720 received by the syslog receiver. 721 If this syslog application is not a syslog receiver or, 722 if no messages have been received by this syslog 723 application, since the last re-initialization of the 724 local SNMP management subsystem, then this object 725 will have a zero value. 726 " 727 ::= { syslogOperationsEntry 7 } 729 syslogOperationsLastMsgTransmittedTime OBJECT-TYPE 730 SYNTAX TimeStamp 731 MAX-ACCESS read-only 732 STATUS current 733 DESCRIPTION 734 "The value of sysUpTime when the last message 735 was transmitted by the syslog sender. 736 If this syslog application is not a syslog sender or, 737 if no messages have been transmitted by this syslog 738 application, since the last re-initialization of the local 739 management subsystem, then this object will have a 740 zero value. 741 " 742 ::= { syslogOperationsEntry 8 } 744 syslogOperationsStartTime OBJECT-TYPE 745 SYNTAX TimeStamp 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "The value of sysUpTime when this syslog application was 750 started. 751 " 752 ::= { syslogOperationsEntry 9 } 754 syslogOperationsLastError OBJECT-TYPE 755 SYNTAX SnmpAdminString 756 MAX-ACCESS read-only 757 STATUS current 758 DESCRIPTION 759 "A description of the last error related to sending, 760 receiving or processing a syslog message that was 761 encountered by this syslog application. 762 If no error has been encountered by this syslog 763 application then the value of this object will be a 764 zero-length string. 766 If no error has been encountered by this syslog 767 application since the last re-initialization of the 768 local management subsystem then the value of this 769 object will be a zero-length string. 770 " 771 ::= { syslogOperationsEntry 10 } 773 syslogOperationsLastErrorTime OBJECT-TYPE 774 SYNTAX TimeStamp 775 MAX-ACCESS read-only 776 STATUS current 777 DESCRIPTION 778 "The value of sysUpTime when the last error was 779 encountered. 780 If no error has been encountered by this syslog 781 application since the last re-initialization of the 782 local management subsystem, then this object will 783 have a zero value. 784 " 785 ::= { syslogOperationsEntry 11 } 787 syslogOperationsRunIndex OBJECT-TYPE 788 SYNTAX Integer32 (0..2147483647) 789 MAX-ACCESS read-only 790 STATUS current 791 DESCRIPTION 792 "If the Host Resources MIB is instantiated on the 793 host then this entry will have the value of the 794 hrSWRunIndex of the corresponding entry in the 795 hrSWRunTable. 796 Note that the hrSWRunIndex is not persistent 797 across system reboots or software restarts. The 798 value of syslogOperationsRunIndex SHOULD 799 reference the latest value of the hrSWRunIndex 800 of the corresponding entry in the hrSWRunTable. 802 The special value of zero indicates that the Host 803 resource MIB is not instantiated. 804 " 805 ::= { syslogOperationsEntry 12 } 807 syslogOperationsCounterDiscontinuityTime OBJECT-TYPE 808 SYNTAX TimeStamp 809 MAX-ACCESS read-only 810 STATUS current 811 DESCRIPTION 812 "The value of sysUpTime on the most recent occasion 813 at which any one or more of this syslog application's 814 counters, viz., counters with OID prefix 815 'syslogOperationsMsgsReceived' or 816 'syslogOperationsMsgsTransmitted' or 817 'syslogOperationsMsgsRelayed' or 818 'syslogOperationsMsgsDropped' or 819 'syslogOperationsMsgsMalFormed' or 820 'syslogOperationsMsgsDiscarded' suffered a 821 discontinuity. 822 If no such discontinuities have occurred since the 823 last re-initialization of the local management 824 subsystem, then this object will have a zero value. 825 " 826 ::= { syslogOperationsEntry 13 } 828 syslogOperationsStatus OBJECT-TYPE 829 SYNTAX INTEGER { 830 unknown (1), 831 started (2), 832 suspended(3), 833 stopped (4) 834 } 835 MAX-ACCESS read-only 836 STATUS current 837 DESCRIPTION 838 "The status of the syslog application. 839 " 840 DEFVAL { unknown } 841 ::= { syslogOperationsEntry 14 } 843 syslogPriorityTable OBJECT-TYPE 844 SYNTAX SEQUENCE OF SyslogPriorityEntry 845 MAX-ACCESS not-accessible 846 STATUS current 847 DESCRIPTION 848 "A table containing the relay configuration 849 parameters pertaining to the syslog applications 850 serviced by an SNMP agent. 851 " 852 ::= { syslogObjects 3 } 854 syslogPriorityEntry OBJECT-TYPE 855 SYNTAX SyslogPriorityEntry 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "The relay configuration parameters pertaining to 860 a syslog application. 862 " 863 INDEX { syslogControlIndex, 864 syslogPriorityFacility, 865 syslogPrioritySeverity } 866 ::= { syslogPriorityTable 1 } 868 SyslogPriorityEntry ::= 869 SEQUENCE { 870 syslogPriorityFacility 871 SyslogFacility, 872 syslogPrioritySeverity 873 SyslogSeverity, 874 syslogPriorityDescr 875 SnmpAdminString, 876 syslogPriorityDestinationIndex 877 Unsigned32, 878 syslogPriorityStorageType 879 StorageType, 880 syslogPriorityRowStatus 881 RowStatus 882 } 884 syslogPriorityFacility OBJECT-TYPE 885 SYNTAX SyslogFacility 886 MAX-ACCESS not-accessible 887 STATUS current 888 DESCRIPTION 889 "The facility value of this entry. 890 " 891 ::= { syslogPriorityEntry 1 } 893 syslogPrioritySeverity OBJECT-TYPE 894 SYNTAX SyslogSeverity 895 MAX-ACCESS not-accessible 896 STATUS current 897 DESCRIPTION 898 "The severity value of this entry. 899 " 900 ::= { syslogPriorityEntry 2 } 902 syslogPriorityDescr OBJECT-TYPE 903 SYNTAX SnmpAdminString 904 MAX-ACCESS read-create 905 STATUS current 906 DESCRIPTION 907 "A textual description of this priority entry. 908 " 909 ::= { syslogPriorityEntry 3 } 911 syslogPriorityDestinationIndex OBJECT-TYPE 912 SYNTAX Unsigned32 913 MAX-ACCESS read-create 914 STATUS current 915 DESCRIPTION 916 "On systems where the priority value in a syslog message 917 indicates the destination to which a syslog message 918 should be relayed, the value of this object will identify 919 the row in syslogRelayTable that contains 920 information about the relay destination to which 921 messages which have the priority value represented by 922 syslogPriorityFacility and syslogPrioritySeverity values 923 of this row will be relayed. 924 A value of 0 will indicate that there is no corresponding 925 row in the syslogRelayTable table. 926 " 927 ::= { syslogPriorityEntry 4 } 929 syslogPriorityStorageType OBJECT-TYPE 930 SYNTAX StorageType 931 MAX-ACCESS read-create 932 STATUS current 933 DESCRIPTION 934 "This object defines whether the parameters defined in 935 this row are kept in volatile storage and lost upon 936 reboot or are backed up by non-volatile or permanent 937 storage. 938 Conceptual rows having the value 'permanent' need not 939 allow write-access to any columnar objects in the row. 940 " 941 DEFVAL { nonVolatile } 942 ::= { syslogPriorityEntry 5 } 944 syslogPriorityRowStatus OBJECT-TYPE 945 SYNTAX RowStatus 946 MAX-ACCESS read-create 947 STATUS current 948 DESCRIPTION 949 "This object is used to create, modify and delete rows 950 in the syslogPriorityTable. 951 The value of syslogPriorityDescr can be changed 952 when this object is in state ''active'' or in 953 ''notInService''. 954 The other objects in a row can be modified only when the 955 value of this object in the corresponding conceptual row 956 is not ''active''. Thus to modify one or more of the 957 objects in this conceptual row, 958 a. change the row status to ''notInService'', 959 b. change the values of the row 960 c. change the row status to ''active'' 961 The syslogPriorityRowStatus may be changed to 962 ''active'' if all the managed objects in the conceptual 963 row with MAX-ACCESS read-create have been assigned valid 964 values. 965 " 966 ::= { syslogPriorityEntry 6 } 968 syslogRelayTable OBJECT-TYPE 969 SYNTAX SEQUENCE OF SyslogRelayEntry 970 MAX-ACCESS not-accessible 971 STATUS current 972 DESCRIPTION 973 "A table containing information for the relay 974 destinations. 975 " 976 ::= { syslogObjects 4 } 978 syslogRelayEntry OBJECT-TYPE 979 SYNTAX SyslogRelayEntry 980 MAX-ACCESS not-accessible 981 STATUS current 982 DESCRIPTION 983 "The information pertaining to a syslog message 984 relay destination. 985 " 986 INDEX { syslogRelayIndex } 987 ::= { syslogRelayTable 1 } 989 SyslogRelayEntry ::= 990 SEQUENCE { 991 syslogRelayIndex 992 Unsigned32, 993 syslogRelayDescr 994 SnmpAdminString, 995 syslogRelayAddrType 996 InetAddressType, 997 syslogRelayAddr 998 InetAddress, 999 syslogRelayPort 1000 InetPortNumber, 1001 syslogRelayEncapsulation 1002 SyslogEncapsulation, 1003 syslogRelayMsgsRelayed 1004 Counter32, 1005 syslogRelayCounterDiscontinuityTime 1006 TimeStamp, 1007 syslogRelayStorageType 1008 StorageType, 1009 syslogRelayRowStatus 1010 RowStatus 1011 } 1013 syslogRelayIndex OBJECT-TYPE 1014 SYNTAX Unsigned32 (1..2147483647) 1015 MAX-ACCESS not-accessible 1016 STATUS current 1017 DESCRIPTION 1018 "The Index that uniquely identifies the syslog 1019 relay in the syslogRelayTable. 1020 The value of the index for a syslog relay may 1021 not be the same across system reboots. Users and 1022 applications will need to determine the index of a 1023 syslog relay after system reboots. 1024 " 1025 ::= { syslogRelayEntry 1 } 1027 syslogRelayDescr OBJECT-TYPE 1028 SYNTAX SnmpAdminString 1029 MAX-ACCESS read-create 1030 STATUS current 1031 DESCRIPTION 1032 "A user definable description of the syslog relay. 1033 This description could be used by syslog management 1034 applications e.g. in reports or in user interfaces. 1035 " 1036 ::= { syslogRelayEntry 2 } 1038 syslogRelayAddrType OBJECT-TYPE 1039 SYNTAX InetAddressType 1040 MAX-ACCESS read-create 1041 STATUS current 1042 DESCRIPTION 1043 "The type of Internet address which follows 1044 in syslogRelayAddr. 1045 " 1046 ::= { syslogRelayEntry 3 } 1048 syslogRelayAddr OBJECT-TYPE 1049 SYNTAX InetAddress 1050 MAX-ACCESS read-create 1051 STATUS current 1052 DESCRIPTION 1053 "The address of the syslog relay . 1055 The format of the address is specified by the 1056 corresponding syslogRelayAddrType object. 1057 If the address is specified in the DNS domain name format 1058 [syslogRelayAddrType = 'dns'], the 1059 corresponding IPv4 or IPv6 address obtained at the time 1060 of the relay operation by the syslog application, will be 1061 used. 1062 " 1063 ::= { syslogRelayEntry 4 } 1065 syslogRelayPort OBJECT-TYPE 1066 SYNTAX InetPortNumber 1067 MAX-ACCESS read-create 1068 STATUS current 1069 DESCRIPTION 1070 "The port number of the syslog relay. 1071 " 1072 ::= { syslogRelayEntry 5 } 1074 syslogRelayEncapsulation OBJECT-TYPE 1075 SYNTAX SyslogEncapsulation 1076 MAX-ACCESS read-create 1077 STATUS current 1078 DESCRIPTION 1079 "The encapsulation that will be used for syslog messages 1080 sent by the syslog sender to the relay destination. 1081 " 1082 ::= { syslogRelayEntry 6 } 1084 syslogRelayMsgsRelayed OBJECT-TYPE 1085 SYNTAX Counter32 1086 MAX-ACCESS read-only 1087 STATUS current 1088 DESCRIPTION 1089 "The number of messages relayed by the syslog 1090 relay to this relay destination. 1091 Discontinuities in the value of this counter can 1092 occur at re-initialization of the management system, 1093 and at other times as indicated by the value of 1094 syslogRelayCounterDiscontinuityTime. 1095 " 1096 REFERENCE 1097 "The Syslog Protocol [RFC5424] sec. 3. 1098 " 1099 ::= { syslogRelayEntry 7 } 1101 syslogRelayCounterDiscontinuityTime OBJECT-TYPE 1102 SYNTAX TimeStamp 1103 MAX-ACCESS read-only 1104 STATUS current 1105 DESCRIPTION 1106 "The value of sysUpTime on the most recent occasion 1107 at which counters with OID prefix 1108 'syslogRelayMsgsRelayed' suffered a 1109 discontinuity. 1110 If no such discontinuities have occurred since the 1111 last re-initialization of the local management 1112 subsystem, then this object will have a zero value. 1113 " 1114 ::= { syslogRelayEntry 8 } 1116 syslogRelayStorageType OBJECT-TYPE 1117 SYNTAX StorageType 1118 MAX-ACCESS read-create 1119 STATUS current 1120 DESCRIPTION 1121 "This object defines whether the parameters defined in 1122 this row are kept in volatile storage and lost upon 1123 reboot or are backed up by non-volatile or permanent 1124 storage. 1125 Conceptual rows having the value 'permanent' need not 1126 allow write-access to any columnar objects in the row. 1127 " 1128 DEFVAL { nonVolatile } 1129 ::= { syslogRelayEntry 9 } 1131 syslogRelayRowStatus OBJECT-TYPE 1132 SYNTAX RowStatus 1133 MAX-ACCESS read-create 1134 STATUS current 1135 DESCRIPTION 1136 "This object is used to create, modify and delete rows 1137 in the syslogRelayTable. 1138 The value of syslogRelayDescr can be changed 1139 when this object is in state ''active'' or in 1140 ''notInService''. 1141 The other objects in a row can be modified only when the 1142 value of this object in the corresponding conceptual row 1143 is not ''active''. Thus to modify one or more of the 1144 objects in this conceptual row, 1145 a. change the row status to ''notInService'', 1146 b. change the values of the row 1147 c. change the row status to ''active'' 1148 The syslogRelayRowStatus may be changed to 1149 ''active'' if all the managed objects in the conceptual 1150 row with MAX-ACCESS read-create have been assigned valid 1151 values. 1152 " 1153 ::= { syslogRelayEntry 10 } 1155 syslogStatusChanged NOTIFICATION-TYPE 1156 OBJECTS { 1157 syslogControlDescr, 1158 syslogControlRoles, 1159 syslogControlBindAddrType, 1160 syslogControlBindAddr, 1161 syslogControlBindPort, 1162 syslogControlEncapsulation, 1163 syslogControlConfFileName, 1164 syslogOperationsStatus 1165 } 1166 STATUS current 1167 DESCRIPTION 1168 "This notification is sent when a syslog application 1169 changes state. For example when the syslog application 1170 starts [syslogOperationsStatus is ''started'' ] 1171 or the syslog application stops [syslogOperationsStatus 1172 is ''suspended'' or ''stopped'']. 1173 The value of syslogOperationsStatus will be the 1174 new status of the syslog application after the change. 1175 The syslog application corresponding to the notification 1176 will be identified by the syslogOperationsIndex 1177 instance identifier of the objects in the notification. 1178 " 1179 ::= { syslogNotifications 1 } 1181 -- ------------------------------------------------------------- 1182 -- Conformance Information 1183 -- ------------------------------------------------------------- 1185 syslogGroups OBJECT IDENTIFIER 1186 ::= { syslogConformance 1 } 1188 syslogCompliances OBJECT IDENTIFIER 1189 ::= { syslogConformance 2 } 1190 -- ------------------------------------------------------------- 1191 -- units of conformance 1192 -- ------------------------------------------------------------- 1194 syslogOperationsGroup OBJECT-GROUP 1195 OBJECTS { 1196 -- syslogOperationsIndex, 1197 syslogOperationsMsgsReceived, 1198 syslogOperationsMsgsTransmitted, 1199 syslogOperationsMsgsRelayed, 1200 syslogOperationsMsgsDropped, 1201 syslogOperationsMsgsMalFormed, 1202 syslogOperationsMsgsDiscarded, 1203 syslogOperationsLastMsgRecdTime, 1204 syslogOperationsLastMsgTransmittedTime, 1205 syslogOperationsStartTime, 1206 syslogOperationsLastError, 1207 syslogOperationsLastErrorTime, 1208 syslogOperationsRunIndex, 1209 syslogOperationsCounterDiscontinuityTime, 1210 syslogOperationsStatus 1211 } 1212 STATUS current 1213 DESCRIPTION 1214 "A collection of objects providing message related 1215 statistics." 1216 ::= { syslogGroups 1} 1217 syslogControlGroup OBJECT-GROUP 1218 OBJECTS { 1219 syslogControlDescr, 1220 syslogControlRoles, 1221 syslogControlBindAddrType, 1222 syslogControlBindAddr, 1223 syslogControlEncapsulation, 1224 syslogControlBindPort, 1225 syslogControlMaxMessageSize, 1226 syslogControlConfFileName, 1227 syslogControlStorageType, 1228 syslogControlRowStatus 1229 } 1230 STATUS current 1231 DESCRIPTION 1232 "A collection of objects representing the run time parameters 1233 for the syslog applications. 1234 " 1235 ::= { syslogGroups 2} 1237 syslogPriorityGroup OBJECT-GROUP 1238 OBJECTS { 1239 syslogPriorityDescr, 1240 syslogPriorityDestinationIndex, 1241 syslogPriorityStorageType, 1242 syslogPriorityRowStatus 1243 } 1244 STATUS current 1245 DESCRIPTION 1246 "A collection of objects representing the priority 1247 groupings of syslog messages. 1248 " 1249 ::= { syslogGroups 3} 1250 syslogRelayGroup OBJECT-GROUP 1251 OBJECTS { 1252 syslogRelayDescr, 1253 syslogRelayAddrType, 1254 syslogRelayAddr, 1255 syslogRelayPort, 1256 syslogRelayEncapsulation, 1257 syslogRelayMsgsRelayed, 1258 syslogRelayCounterDiscontinuityTime, 1259 syslogRelayStorageType, 1260 syslogRelayRowStatus 1261 } 1262 STATUS current 1263 DESCRIPTION 1264 "A collection of objects representing the relay 1265 destinations for syslog messages. 1266 " 1267 ::= { syslogGroups 4} 1269 syslogNotificationGroup NOTIFICATION-GROUP 1270 NOTIFICATIONS { 1271 syslogStatusChanged 1272 } 1273 STATUS current 1274 DESCRIPTION 1275 "A collection of notifications about the operational 1276 state of a syslog application. 1277 " 1278 ::= { syslogGroups 5} 1279 -- ------------------------------------------------------------- 1280 -- compliance statements 1281 -- ------------------------------------------------------------- 1283 syslogFullCompliance1 MODULE-COMPLIANCE 1284 STATUS current 1285 DESCRIPTION 1286 "The compliance statement for SNMP entities which 1287 implement the SYSLOG-MIB with support for writable 1288 objects and notifications. Such an implementation can 1289 be both monitored and configured via SNMP. It can 1290 also send notifications about change in the 1291 operational status of the syslog application. 1292 " 1293 MODULE -- this module 1294 MANDATORY-GROUPS { 1295 syslogNotificationGroup, 1296 syslogOperationsGroup, 1297 syslogControlGroup, 1298 syslogPriorityGroup, 1299 syslogRelayGroup 1300 } 1302 ::= { syslogCompliances 1 } 1304 syslogFullCompliance2 MODULE-COMPLIANCE 1305 STATUS current 1306 DESCRIPTION 1307 "The compliance statement for SNMP entities which 1308 implement the SYSLOG-MIB with support for writable 1309 objects. Such an implementation can 1310 be both monitored and configured via SNMP. 1311 " 1312 MODULE -- this module 1313 MANDATORY-GROUPS { 1314 syslogOperationsGroup, 1315 syslogControlGroup, 1316 syslogPriorityGroup, 1317 syslogRelayGroup 1318 } 1320 ::= { syslogCompliances 2 } 1322 syslogFullCompliance3 MODULE-COMPLIANCE 1323 STATUS current 1324 DESCRIPTION 1325 "The compliance statement for SNMP entities which 1326 implement the SYSLOG-MIB with support for writable 1327 objects but without support for the objects in 1328 syslogPriorityGroup and syslogRelayGroup. Such an 1329 implementation can be both monitored and configured 1330 via SNMP. 1331 " 1332 MODULE -- this module 1333 MANDATORY-GROUPS { 1334 syslogOperationsGroup, 1335 syslogControlGroup 1336 } 1338 ::= { syslogCompliances 3 } 1340 syslogReadOnlyCompliance1 MODULE-COMPLIANCE 1341 STATUS current 1342 DESCRIPTION 1343 "The compliance statement for SNMP entities which 1344 implement the SYSLOG-MIB without support 1345 for read-write (i.e. in read-only mode). It can 1346 also send notifications about change in the 1347 operational status of the syslog application. 1348 " 1349 MODULE -- this module 1350 MANDATORY-GROUPS { 1351 syslogNotificationGroup, 1352 syslogOperationsGroup, 1353 syslogControlGroup, 1354 syslogPriorityGroup, 1355 syslogRelayGroup 1356 } 1358 OBJECT syslogControlDescr 1359 MIN-ACCESS read-only 1360 DESCRIPTION 1361 "Write access is not required. 1362 " 1363 OBJECT syslogControlRoles 1364 MIN-ACCESS read-only 1365 DESCRIPTION 1366 "Write access is not required. 1367 " 1368 OBJECT syslogControlBindAddrType 1369 MIN-ACCESS read-only 1370 DESCRIPTION 1371 "Write access is not required. 1372 " 1373 OBJECT syslogControlBindAddr 1374 MIN-ACCESS read-only 1375 DESCRIPTION 1376 "Write access is not required. 1377 " 1378 OBJECT syslogControlBindPort 1379 MIN-ACCESS read-only 1380 DESCRIPTION 1381 "Write access is not required. 1382 " 1383 OBJECT syslogControlEncapsulation 1384 MIN-ACCESS read-only 1385 DESCRIPTION 1386 "Write access is not required. 1387 " 1388 OBJECT syslogControlMaxMessageSize 1389 MIN-ACCESS read-only 1390 DESCRIPTION 1391 "Write access is not required. 1392 " 1393 OBJECT syslogControlConfFileName 1394 MIN-ACCESS read-only 1395 DESCRIPTION 1396 "Write access is not required. 1397 " 1398 OBJECT syslogControlStorageType 1399 MIN-ACCESS read-only 1400 DESCRIPTION 1401 "Write access is not required. 1402 " 1403 OBJECT syslogControlRowStatus 1404 MIN-ACCESS read-only 1405 DESCRIPTION 1406 "Write access is not required. 1407 " 1409 ::= { syslogCompliances 4 } 1410 syslogReadOnlyCompliance2 MODULE-COMPLIANCE 1411 STATUS current 1412 DESCRIPTION 1413 "The compliance statement for SNMP entities which 1414 implement the SYSLOG-MIB without support 1415 for read-write (i.e. in read-only mode). 1416 " 1417 MODULE -- this module 1418 MANDATORY-GROUPS { 1419 syslogOperationsGroup, 1420 syslogControlGroup, 1421 syslogPriorityGroup, 1422 syslogRelayGroup 1423 } 1425 OBJECT syslogControlDescr 1426 MIN-ACCESS read-only 1427 DESCRIPTION 1428 "Write access is not required. 1429 " 1430 OBJECT syslogControlRoles 1431 MIN-ACCESS read-only 1432 DESCRIPTION 1433 "Write access is not required. 1434 " 1435 OBJECT syslogControlBindAddrType 1436 MIN-ACCESS read-only 1437 DESCRIPTION 1438 "Write access is not required. 1439 " 1440 OBJECT syslogControlBindAddr 1441 MIN-ACCESS read-only 1442 DESCRIPTION 1443 "Write access is not required. 1444 " 1445 OBJECT syslogControlBindPort 1446 MIN-ACCESS read-only 1447 DESCRIPTION 1448 "Write access is not required. 1449 " 1450 OBJECT syslogControlEncapsulation 1451 MIN-ACCESS read-only 1452 DESCRIPTION 1453 "Write access is not required. 1454 " 1455 OBJECT syslogControlMaxMessageSize 1456 MIN-ACCESS read-only 1457 DESCRIPTION 1458 "Write access is not required. 1459 " 1460 OBJECT syslogControlConfFileName 1461 MIN-ACCESS read-only 1462 DESCRIPTION 1463 "Write access is not required. 1464 " 1465 OBJECT syslogControlStorageType 1466 MIN-ACCESS read-only 1467 DESCRIPTION 1468 "Write access is not required. 1469 " 1470 OBJECT syslogControlRowStatus 1471 MIN-ACCESS read-only 1472 DESCRIPTION 1473 "Write access is not required. 1474 " 1475 OBJECT syslogPriorityDescr 1476 MIN-ACCESS read-only 1477 DESCRIPTION 1478 "Write access is not required. 1479 " 1480 OBJECT syslogPriorityDestinationIndex 1481 MIN-ACCESS read-only 1482 DESCRIPTION 1483 "Write access is not required. 1484 " 1485 OBJECT syslogPriorityStorageType 1486 MIN-ACCESS read-only 1487 DESCRIPTION 1488 "Write access is not required. 1489 " 1490 OBJECT syslogPriorityRowStatus 1491 MIN-ACCESS read-only 1492 DESCRIPTION 1493 "Write access is not required. 1494 " 1495 OBJECT syslogRelayDescr 1496 MIN-ACCESS read-only 1497 DESCRIPTION 1498 "Write access is not required. 1499 " 1500 OBJECT syslogRelayAddrType 1501 MIN-ACCESS read-only 1502 DESCRIPTION 1503 "Write access is not required. 1504 " 1505 OBJECT syslogRelayAddr 1506 MIN-ACCESS read-only 1507 DESCRIPTION 1508 "Write access is not required. 1509 " 1510 OBJECT syslogRelayPort 1511 MIN-ACCESS read-only 1512 DESCRIPTION 1513 "Write access is not required. 1514 " 1515 OBJECT syslogRelayEncapsulation 1516 MIN-ACCESS read-only 1517 DESCRIPTION 1518 "Write access is not required. 1519 " 1520 OBJECT syslogRelayStorageType 1521 MIN-ACCESS read-only 1522 DESCRIPTION 1523 "Write access is not required. 1524 " 1525 OBJECT syslogRelayRowStatus 1526 MIN-ACCESS read-only 1527 DESCRIPTION 1528 "Write access is not required. 1529 " 1530 ::= { syslogCompliances 5 } 1532 syslogReadOnlyCompliance3 MODULE-COMPLIANCE 1533 STATUS current 1534 DESCRIPTION 1535 "The compliance statement for SNMP entities which 1536 implement the SYSLOG-MIB without support 1537 for read-write (i.e. in read-only mode) and without 1538 support for the objects in syslogRelayGroup and 1539 syslogPriorityGroup. 1540 " 1541 MODULE -- this module 1542 MANDATORY-GROUPS { 1543 syslogOperationsGroup, 1544 syslogControlGroup 1545 } 1547 OBJECT syslogControlDescr 1548 MIN-ACCESS read-only 1549 DESCRIPTION 1550 "Write access is not required. 1551 " 1552 OBJECT syslogControlRoles 1553 MIN-ACCESS read-only 1554 DESCRIPTION 1555 "Write access is not required. 1556 " 1557 OBJECT syslogControlBindAddrType 1558 MIN-ACCESS read-only 1559 DESCRIPTION 1560 "Write access is not required. 1561 " 1562 OBJECT syslogControlBindAddr 1563 MIN-ACCESS read-only 1564 DESCRIPTION 1565 "Write access is not required. 1566 " 1567 OBJECT syslogControlBindPort 1568 MIN-ACCESS read-only 1569 DESCRIPTION 1570 "Write access is not required. 1571 " 1572 OBJECT syslogControlEncapsulation 1573 MIN-ACCESS read-only 1574 DESCRIPTION 1575 "Write access is not required. 1576 " 1577 OBJECT syslogControlMaxMessageSize 1578 MIN-ACCESS read-only 1579 DESCRIPTION 1580 "Write access is not required. 1581 " 1583 OBJECT syslogControlConfFileName 1584 MIN-ACCESS read-only 1585 DESCRIPTION 1586 "Write access is not required. 1587 " 1588 OBJECT syslogControlStorageType 1589 MIN-ACCESS read-only 1590 DESCRIPTION 1591 "Write access is not required. 1592 " 1593 OBJECT syslogControlRowStatus 1594 MIN-ACCESS read-only 1595 DESCRIPTION 1596 "Write access is not required. 1597 " 1598 ::= { syslogCompliances 6 } 1600 syslogNotificationCompliance MODULE-COMPLIANCE 1601 STATUS current 1602 DESCRIPTION 1603 "The compliance statement for SNMP entities 1604 which implement the SYSLOG-MIB and support 1605 only notifications about change in the 1606 operational status of a syslog application. 1607 " 1608 MODULE -- this module 1609 MANDATORY-GROUPS { 1610 syslogNotificationGroup 1611 } 1613 ::= { syslogCompliances 7 } 1615 END 1617 6. Security Considerations 1619 Syslog plays a very important role in the computer and network 1620 security of an organization. SYSLOG-MIB defines several managed 1621 objects that may be used to monitor, configure and control syslog 1622 applications. As such improper manipulation of the objects 1623 represented by this MIB may lead to an attack on an important 1624 component of the computer and network security infrastructure. The 1625 objects in syslogControlTable, syslogPriorityTable and 1626 syslogRelayTable may be misconfigured to cause syslog messages to be 1627 diverted or lost. 1629 There are a number of management objects defined in this MIB module 1630 with a MAX-ACCESS clause of read-write and/or read-create. Such 1631 objects may be considered sensitive or vulnerable in some network 1632 environments. The support for SET operations in a non-secure 1633 environment without proper protection can have a negative effect on 1634 network operations. These are the tables and objects and their 1635 sensitivity/vulnerability: 1637 o syslogControlTable: The objects in this table describe the 1638 configuration of the syslog applications. It may be misconfigured 1639 to start up a very large number of syslog applications (processes) 1640 and deny the system of its resources. 1642 o syslogControlBindAddr: This object may be misconfigured to bind 1643 syslog application to the wrong address. This will cause messages 1644 to be lost. 1646 o syslogControlBindPort: This object may be misconfigured to bind 1647 syslog application to the wrong service (port). This will cause 1648 messages to be lost. 1650 o syslogControlMaxMessageSize: This message may be misconfigured to 1651 set the wrong MaxMessageSize for the syslog application. It may 1652 cause syslog messages to be lost. 1654 o syslogControlConfFileName: This object may be misconfigured to 1655 start the syslog application with the wrong (rogue) configuration. 1657 o syslogControlStorageType: This object may be misconfigured to set 1658 the wrong storage type. That may cause confusion, operational 1659 errors and/or loss of information. 1661 o syslogPriorityTable: The objects in this table link the priority 1662 value in a syslog message to the entry in the 1663 syslogRelayTable corresponding to the syslog collector to which 1664 the syslog message should be relayed. The table may be 1665 misconfigured to redirect a syslog message to a potentially non- 1666 existent wrong destination and/or to redirect a large number of 1667 messages to a particular syslog collector. 1669 o syslogRelayTable: The rows in this table represent the relays to 1670 which syslog messages will be relayed, depending on the priority 1671 value in the respective syslog messages. The table may be 1672 misconfigured to redirect a syslog message to a potentially non- 1673 existent wrong destination and/or redirect a large number of 1674 messages to a particular syslog collector. 1676 Some of the readable objects in this MIB module (i.e., objects with a 1677 MAX-ACCESS other than not-accessible) may be considered sensitive or 1678 vulnerable in some network environments. It is thus important to 1679 control even GET and/or NOTIFY access to these objects and possibly 1680 to even encrypt the values of these objects when sending them over 1681 the network via SNMP. These are the tables and objects and their 1682 sensitivity/vulnerability: 1684 o syslogOperationsTable: Objects in this table carry sensitive 1685 information. The counters may reveal information about the 1686 deployment and effectiveness of the relevant security systems. 1687 The counters may be analyzed to tell whether the security systems 1688 are able to detect an event or not. 1690 o syslogOperationsLastError: This object may contain sensitive 1691 information e.g. user-id, password, etc. depending on the 1692 implementation of the syslog application. It may reveal details 1693 about the syslog implementation itself, e.g. version, OS, etc. 1695 o syslogPriorityTable: Objects in this table carry sensitive 1696 information. The objects reveal how the syslog messages are 1697 grouped, relayed and/or stored. 1699 o syslogRelayTable: Objects in this table carry sensitive 1700 information. The objects reveal the destination of syslog 1701 messages. 1703 SNMP versions prior to SNMPv3 did not include adequate security. 1704 Even if the network itself is secure (for example by using IPsec), 1705 even then, there is no control as to who on the secure network is 1706 allowed to access and GET/SET (read/change/create/delete) the objects 1707 in this MIB module. 1709 It is RECOMMENDED that implementers consider the security features as 1710 provided by the SNMPv3 framework (see [RFC3410], section 8), 1711 including full support for the SNMPv3 cryptographic mechanisms (for 1712 authentication and privacy). 1714 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1715 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1716 enable cryptographic security. It is then a customer/operator 1717 responsibility to ensure that the SNMP application giving access to 1718 an instance of this MIB module is properly configured to give access 1719 to the objects only to those principals (users) that have legitimate 1720 rights to indeed GET or SET (change/create/delete) them. 1722 7. IANA Considerations 1724 The MIB modules in this document use the following IANA-assigned 1725 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1727 Descriptor OBJECT IDENTIFIER value 1728 ---------- ----------------------- 1730 syslogMIB { mib-2 YYYY } 1732 IANA Reg.: Please assign a value under the 'mib-2' subtree 1733 for the 'syslogMIB' MODULE-IDENTITY and record 1734 the assignment in the SMI Numbers registry. 1736 RFC Ed.: When the above assignments have been made, please 1737 - remove the above note 1738 - replace "YYYY" here with the assigned values and 1739 - remove this note. 1741 8. Acknowledgments 1743 The initial draft of this document was authored by Bruno Pape. The 1744 authors would like to thank Mark Ellison, David Harrington, Mike 1745 MacFaden, Dave T Perkins, Tom Petch, Juergen Schoenwaelder, Rohit M, 1746 Bert Wijnen and members of the WIDE-netman group for their comments 1747 and suggestions. 1749 Funding for the RFC Editor function is provided by the IETF 1750 Administrative Support Activity (IASA). 1752 9. APPENDIX 1754 This section documents the development of the draft. It will be 1755 deleted when the draft becomes an RFC. 1757 Revision History: 1759 This draft is a revision of draft-ietf-syslog-device-mib-17.txt, the 1760 last version of the SyslogMIB draft developed as a SyslogWG work 1761 item. 1763 o Changes from draft-ietf-syslog-device-mib-17.txt to draft-tsuno- 1764 syslog-mib-00.txt 1766 1. Editorial changes only 1768 o Changes from draft-tsuno-syslog-mib-00.txt to draft-tsuno-syslog- 1769 mib-01.txt 1770 1. Added new textual convention for DTLS transport 1772 2. Added text to explain syslogPriorityTable and syslogRelayTable 1774 3. Editorial changes. 1776 o Changes from draft-tsuno-syslog-mib-01.txt to draft-tsuno-syslog- 1777 mib-02.txt 1779 1. Added "Managing syslog" section to clarify the necessity of 1780 this MIB. 1782 o Changes from draft-tsuno-syslog-mib-02.txt to draft-tsuno-syslog- 1783 mib-03.txt 1785 1. Editorial changes only 1787 o Changes from draft-tsuno-syslog-mib-03.txt to draft-tsuno-syslog- 1788 mib-04.txt 1790 1. Editorial changes only 1792 10. References 1794 10.1. Normative References 1796 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1797 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1798 RFC2119, March 1997, 1799 . 1801 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1802 Schoenwaelder, Ed., "Structure of Management Information 1803 Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/ 1804 RFC2578, April 1999, 1805 . 1807 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1808 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 1809 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1810 . 1812 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1813 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1814 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1815 . 1817 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1818 Architecture for Describing Simple Network Management 1819 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1820 DOI 10.17487/RFC3411, December 2002, 1821 . 1823 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1824 Schoenwaelder, "Textual Conventions for Internet Network 1825 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1826 . 1828 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI 1829 10.17487/RFC5424, March 2009, 1830 . 1832 [RFC5427] Keeni, G., "Textual Conventions for Syslog Management", 1833 RFC 5427, DOI 10.17487/RFC5427, March 2009, 1834 . 1836 10.2. Informative References 1838 [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 1839 2790, DOI 10.17487/RFC2790, March 2000, 1840 . 1842 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1843 "Introduction and Applicability Statements for Internet- 1844 Standard Management Framework", RFC 3410, DOI 10.17487/ 1845 RFC3410, December 2002, 1846 . 1848 Authors' Addresses 1850 Hiroshi Tsunoda 1851 Tohoku Institute of Technology 1852 35-1, Yagiyama Kasumi-cho 1853 Taihaku-ku, Sendai 982-8577 1854 Japan 1856 Phone: +81-22-305-3411 1857 Email: tsuno@m.ieice.org 1858 Glenn Mansfield Keeni 1859 Cyber Solutions Inc. 1860 6-6-3 Minami Yoshinari 1861 Aoba-ku, Sendai 989-3204 1862 Japan 1864 Phone: +81-22-303-4012 1865 Email: glenn@cysols.com