idnits 2.17.1 draft-tsuno-syslog-mib-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (October 18, 2017) is 2383 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5426' is mentioned on line 317, but not defined == Missing Reference: 'RFC5425' is mentioned on line 318, but not defined == Missing Reference: 'RFC3195' is mentioned on line 319, but not defined == Missing Reference: 'RFC6012' is mentioned on line 320, but not defined Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group H. Tsunoda 3 Internet-Draft Tohoku Institute of Technology 4 Intended status: Standards Track G. Keeni 5 Expires: April 21, 2018 Cyber Solutions Inc. 6 October 18, 2017 8 Syslog Management Information Base 9 draft-tsuno-syslog-mib-05.txt 11 Abstract 13 This memo defines a portion of the Management Information Base (MIB), 14 the SYSLOG-MIB, for use with network management protocols in the 15 Internet community. In particular, the SYSLOG-MIB will be used to 16 monitor and control syslog applications. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on April 21, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. The Internet-Standard Management Framework . . . . . . . . . 2 53 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 54 3. Managing syslog . . . . . . . . . . . . . . . . . . . . . . . 3 55 4. The MIB Design . . . . . . . . . . . . . . . . . . . . . . . 4 56 5. The Syslog MIB . . . . . . . . . . . . . . . . . . . . . . . 5 57 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 58 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 59 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 60 9. APPENDIX . . . . . . . . . . . . . . . . . . . . . . . . . . 37 61 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 62 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 63 10.2. Informative References . . . . . . . . . . . . . . . . . 39 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 66 1. The Internet-Standard Management Framework 68 For a detailed overview of the documents that describe the current 69 Internet-Standard Management Framework, please refer to section 7 of 70 RFC 3410 [RFC3410]. 72 Managed objects are accessed via a virtual information store, termed 73 the Management Information Base or MIB. MIB objects are generally 74 accessed through the Simple Network Management Protocol (SNMP). 76 Objects in the MIB are defined using the mechanisms defined in the 77 Structure of Management Information (SMI). This memo specifies a MIB 78 module that is compliant to the SMIv2, which is described in STD 58, 79 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 80 [RFC2580]. 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 84 document are to be interpreted as described in BCP 14, RFC 2119 85 [RFC2119]. 87 2. Background 89 Operating systems, processes and applications, collectively termed 90 "facilities" in the following, generate messages indicating their own 91 status or the occurrence of events. These messages are handled by 92 what has come to be known as the syslog application [RFC5424]. A 93 syslog application sends and/or receives syslog messages. The reader 94 is referred to [RFC5424] for a description of the various roles of a 95 syslog application viz. "sender", "receiver" and "relay". The 96 discussion in this document, in general, applies to a generic syslog 97 application. For special cases the specific role of the syslog 98 application will be mentioned. 100 This document defines a set of managed objects (MOs) that can be used 101 to monitor a group of syslog applications. 103 The SYSLOG-MIB can be used in conjunction with other MIB modules - in 104 particular the Host Resources MIB [RFC2790]. The generic process 105 related matters e.g. control and monitoring for status, resource 106 usage etc. can be serviced by the corresponding entries in the Host 107 Resources MIB. 109 +------+ 110 Syslog message ----->| App1 | 111 +------+ 113 +------+ 114 Syslog message ----->| App2 |------> Syslog message 115 +------+ 117 +------+ 118 | App3 |------> Syslog message 119 +------+ 121 App1: Syslog collector (syslog receiver) 122 App2: Syslog relay (syslog receiver, syslog sender) 123 App3: Syslog originator (syslog sender) 125 Figure 1: Syslog applications modeled by the SYSLOG-MIB 127 The syslog applications modeled by the SYSLOG-MIB are shown in Fig.1. 128 A syslog receiver receives syslog messages. A syslog sender sends 129 syslog messages to other syslog applications. A syslog relay 130 forwards some of the received syslog messages to other syslog 131 applications. A syslog receiver receives a syslog message and 132 processes it. The processing will depend on the internal 133 configuration and may involve relaying the message to one or more 134 syslog applications. Note that a syslog application may have 135 multiple roles. Multiple syslog applications may co-exist on the 136 same host. 138 3. Managing syslog 140 Log messages are expected to be collected, reliably and without 141 interruption. For this, the logging system itself needs to be 142 monitored and managed just like any other component of the ICT 143 infrastructure. 145 The operational information of syslog applications will be a target 146 of syslog monitoring. Running status of related processes, resource 147 usages, and statistics of the number of processed log messages will 148 be monitored. The number of log messages delivered to each 149 destination on a target host will give administrators insight into 150 the operation of the syslog application. 152 Managing syslog will also involve viewing and maintaining the 153 configuration of the underlying syslog applications. 155 4. The MIB Design 157 The purpose of the SYSLOG-MIB is to allow the monitoring of a group 158 of syslog applications. This requires managed objects representing 159 the following elements. 161 o The configuration and status related details of each syslog 162 application. 164 o The statistics on syslog messages received, processed locally, 165 relayed by each syslog application. 167 The MIB contains three subtrees. 169 o The syslogNotifications subtree defines the set of notifications 170 that will be used to asynchronously report the change of status of 171 a syslog application. 173 o The syslogObjects subtree contains four subtrees. 175 1. The syslogControlTable subtree deals with the configuration 176 and control information for a syslog application. 178 2. The syslogOperationsTable subtree deals with operations and 179 statistical information about syslog messages sent and/or 180 received by a syslog application. 182 3. The syslogPriorityTable subtree deals with the relay 183 configuration parameters pertaining to a syslog application. 185 4. The syslogRelayTable deals with the information about the 186 destination of the relayed messages. 188 o The conformance subtree defines the compliance statements. 190 The SYSLOG-MIB module uses textual conventions defined in INET- 191 ADDRESS-MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411] and SYSLOG-TC-MIB 192 [RFC5427]. 194 5. The Syslog MIB 196 SYSLOG-MIB DEFINITIONS ::= BEGIN 198 IMPORTS 199 MODULE-IDENTITY, OBJECT-TYPE, 200 Unsigned32, Counter32, Integer32, mib-2, 201 NOTIFICATION-TYPE 202 FROM SNMPv2-SMI 203 RowStatus, StorageType, 204 TEXTUAL-CONVENTION, TimeStamp 205 FROM SNMPv2-TC 206 InetAddressType, InetAddress, InetPortNumber 207 FROM INET-ADDRESS-MIB 208 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 209 FROM SNMPv2-CONF 210 SyslogFacility, SyslogSeverity 211 FROM SYSLOG-TC-MIB 212 SnmpAdminString 213 FROM SNMP-FRAMEWORK-MIB; 215 syslogMIB MODULE-IDENTITY 216 LAST-UPDATED "201710171200Z" -- 17th October, 2017 217 ORGANIZATION "Cyber Solutions Inc. NetMan Working Group" 218 CONTACT-INFO 219 " Hiroshi Tsunoda 220 Tohoku Institute of Technology 221 35-1, Yagiyama Kasumi-cho 222 Taihaku-ku, Sendai, Japan 982-8577 224 Tel: +81-22-305-3411 225 E-mail: tsuno@m.ieice.org 227 Glenn Mansfield Keeni 228 Postal: Cyber Solutions Inc. 229 6-6-3, Minami Yoshinari 230 Aoba-ku, Sendai, Japan 989-3204. 231 Tel: +81-22-303-4012 232 Fax: +81-22-303-4015 233 E-mail: glenn@cysols.com 235 Support Group E-mail: mibsupport@cysols.com 236 " 238 DESCRIPTION 239 "The MIB module for monitoring syslog applications. 241 A syslog application sends and/or receives syslog messages. 243 The reader is referred to [RFC5424] for a description of 244 the various roles of a syslog application viz. ''sender'', 245 ''receiver'' and ''relay''. The discussion in this 246 document in general applies to a generic syslog application. 247 For special cases the specific role of the syslog 248 application will be mentioned. 250 Copyright (c) 2017 IETF Trust and the persons identified as 251 the document authors. All rights reserved. 253 This document is subject to BCP 78 and the IETF Trust's 254 Legal Provisions Relating to IETF Documents 255 (http://trustee.ietf.org/license-info) 256 in effect on the date of publication of this document. 257 Please review these documents carefully, as they describe 258 your rights and restrictions with respect to this document. 259 " 261 REVISION "201710171200Z" -- 17th October, 2017 262 DESCRIPTION 263 "The initial version, published as RFC XXXX." 265 -- RFC Ed.: replace XXXX with the actual RFC number & remove this 266 -- note 268 ::= { mib-2 YYYY } -- Will be assigned by IANA 270 -- IANA Reg.: Please assign a value for "YYYY" under the 271 -- 'mib-2' subtree and record the assignment in the SMI 272 -- Numbers registry. 274 -- RFC Ed.: When the above assignment has been made, please 275 -- remove the above note 276 -- replace "YYYY" here with the assigned value and 277 -- remove this note. 279 -- ------------------------------------------------------------- 280 -- Textual Conventions 281 -- ------------------------------------------------------------- 282 SyslogRoles ::= TEXTUAL-CONVENTION 283 STATUS current 284 DESCRIPTION 285 "This textual convention enumerates the roles of a 286 syslog application. Note that a syslog application can 287 have multiple roles. 289 " 290 REFERENCE 291 "The Syslog Protocol [RFC5424] sec. 3. 292 " 293 SYNTAX BITS 294 { 295 sender (0), 296 receiver (1), 297 relay (2) 298 } 300 SyslogEncapsulation ::= TEXTUAL-CONVENTION 301 STATUS current 302 DESCRIPTION 303 "This textual convention enumerates the encapsulations 304 of the syslog message that is used between syslog 305 application endpoints. 306 " 307 REFERENCE 308 "Transmission of syslog messages over UDP [RFC5426], 309 TLS Transport Mapping for Syslog [RFC5425], 310 Reliable Delivery for syslog [RFC3195], 311 Datagram Transport Layer Security (DTLS) Transport 312 Mapping for Syslog [RFC6012]. 313 " 314 SYNTAX INTEGER 315 { 316 other (1), 317 none (2), -- [RFC5426] (no encapsulation) 318 tls (3), -- [RFC5425] 319 beep (4), -- [RFC3195] 320 dtls (5) -- [RFC6012] 321 } 323 -- syslogMIB - the main groups 324 -- ------------------------------------------------------------- 326 syslogNotifications OBJECT IDENTIFIER 327 ::= { syslogMIB 0 } 329 syslogObjects OBJECT IDENTIFIER 330 ::= { syslogMIB 1 } 332 syslogConformance OBJECT IDENTIFIER 333 ::= { syslogMIB 2 } 335 -- ------------------------------------------------------------- 336 -- syslog application configuration info table 337 -- ------------------------------------------------------------- 338 syslogControlTable OBJECT-TYPE 339 SYNTAX SEQUENCE OF SyslogControlEntry 340 MAX-ACCESS not-accessible 341 STATUS current 342 DESCRIPTION 343 "A table containing the configuration parameters 344 pertaining to the syslog applications serviced by an 345 SNMP agent. 346 " 347 ::= { syslogObjects 1 } 349 syslogControlEntry OBJECT-TYPE 350 SYNTAX SyslogControlEntry 351 MAX-ACCESS not-accessible 352 STATUS current 353 DESCRIPTION 354 "The configuration parameters pertaining to a syslog 355 application. 356 " 357 INDEX { syslogControlIndex } 358 ::= { syslogControlTable 1 } 360 SyslogControlEntry ::= 361 SEQUENCE { 362 syslogControlIndex 363 Unsigned32, 364 syslogControlDescr 365 SnmpAdminString, 366 syslogControlRoles 367 SyslogRoles, 368 syslogControlBindAddrType 369 InetAddressType, 370 syslogControlBindAddr 371 InetAddress, 372 syslogControlBindPort 373 InetPortNumber, 374 syslogControlEncapsulation 375 SyslogEncapsulation, 376 syslogControlMaxMessageSize 377 Unsigned32, 378 syslogControlConfFileName 379 SnmpAdminString, 380 syslogControlStorageType 381 StorageType, 382 syslogControlRowStatus 383 RowStatus 385 } 387 syslogControlIndex OBJECT-TYPE 388 SYNTAX Unsigned32 (1..2147483647) 389 MAX-ACCESS not-accessible 390 STATUS current 391 DESCRIPTION 392 "The Index that uniquely identifies the syslog 393 application in the syslogControlTable. 394 The value of the index for a syslog application may 395 not be the same across system reboots. Users and 396 applications will need to determine the index of a 397 syslog application after system reboots. 398 " 399 ::= { syslogControlEntry 1 } 401 syslogControlDescr OBJECT-TYPE 402 SYNTAX SnmpAdminString 403 MAX-ACCESS read-create 404 STATUS current 405 DESCRIPTION 406 "A user definable description of the syslog application. 407 This description could be used by syslog management 408 applications e.g. in reports or user interfaces. 409 " 410 ::= { syslogControlEntry 2 } 412 syslogControlRoles OBJECT-TYPE 413 SYNTAX SyslogRoles 414 MAX-ACCESS read-create 415 STATUS current 416 DESCRIPTION 417 "The roles of the syslog application. 418 " 419 ::= { syslogControlEntry 3 } 421 syslogControlBindAddrType OBJECT-TYPE 422 SYNTAX InetAddressType 423 MAX-ACCESS read-create 424 STATUS current 425 DESCRIPTION 426 "The type of Internet address which follows 427 in syslogControlBindAddr. 428 If this syslog application is not a syslog receiver nor 429 a syslog relay, the value of this object will be 430 'unknown' (0). 432 " 433 ::= { syslogControlEntry 4 } 435 syslogControlBindAddr OBJECT-TYPE 436 SYNTAX InetAddress 437 MAX-ACCESS read-create 438 STATUS current 439 DESCRIPTION 440 "The specific address the syslog receiver will bind to. 441 The format of the address is specified by the 442 corresponding syslogControlBindAddrType object. 443 If the address is specified in the DNS domain name format 444 [syslogControlBindAddrType = 'dns'], the 445 corresponding IPv4 or IPv6 address obtained at the time 446 of the binding operation by the syslog application, will be 447 used. 448 If this syslog application is not a syslog receiver nor 449 a syslog relay, the value of this object will be a 450 zero-length string. 451 " 452 ::= { syslogControlEntry 5 } 454 syslogControlBindPort OBJECT-TYPE 455 SYNTAX InetPortNumber 456 MAX-ACCESS read-create 457 STATUS current 458 DESCRIPTION 459 "The port number that this syslog receiver will bind to. 460 If this syslog application is not a syslog receiver nor 461 a syslog relay, the value of this object will be zero. 462 " 463 ::= { syslogControlEntry 6 } 465 syslogControlEncapsulation OBJECT-TYPE 466 SYNTAX SyslogEncapsulation 467 MAX-ACCESS read-create 468 STATUS current 469 DESCRIPTION 470 "The encapsulation that will be used for syslog messages 471 by the syslog receiver. 473 If this syslog application is not a syslog receiver nor 474 a syslog relay, the value of this object will be ''other''. 475 " 476 ::= { syslogControlEntry 7 } 478 syslogControlMaxMessageSize OBJECT-TYPE 479 SYNTAX Unsigned32 480 MAX-ACCESS read-create 481 STATUS current 482 DESCRIPTION 483 "The maximum size of the syslog messages in bytes 484 for this syslog application. 486 A syslog receiver may reject or truncate messages larger 487 than the specified maximum syslog message size. 488 " 489 REFERENCE 490 "The Syslog Protocol [RFC5424] sec. 6.1. 491 " 492 ::= { syslogControlEntry 8 } 494 syslogControlConfFileName OBJECT-TYPE 495 SYNTAX SnmpAdminString 496 MAX-ACCESS read-create 497 STATUS current 498 DESCRIPTION 499 "The full path name of the configuration file where the 500 syslog application's message selection and corresponding 501 action rules will be read from. 502 If the syslog application does not support the specification 503 of a configuration file, the value of this object will 504 be a zero-length string. 505 " 506 DEFVAL { "/etc/syslog.conf" } 507 ::= { syslogControlEntry 9 } 509 syslogControlStorageType OBJECT-TYPE 510 SYNTAX StorageType 511 MAX-ACCESS read-create 512 STATUS current 513 DESCRIPTION 514 "This object defines whether the parameters defined in 515 this row are kept in volatile storage and lost upon 516 reboot or are backed up by non-volatile or permanent 517 storage. 518 Conceptual rows having the value 'permanent' need not 519 allow write-access to any columnar objects in the row. 520 " 521 DEFVAL { nonVolatile } 522 ::= { syslogControlEntry 11 } 524 syslogControlRowStatus OBJECT-TYPE 525 SYNTAX RowStatus 526 MAX-ACCESS read-create 527 STATUS current 528 DESCRIPTION 529 "This object is used to create, modify and delete rows in 530 the syslogControlTable. 531 The value of syslogControlDescr can be changed 532 when this object is in state ''active'' or in 533 ''notInService''. 534 The other objects in a row can be modified only when the 535 value of this object in the corresponding conceptual row 536 is not ''active''. Thus to modify one or more of the 537 objects in this conceptual row, 538 a. change the row status to ''notInService'', 539 b. change the values of the row 540 c. change the row status to ''active'' 541 The syslogControlRowStatus may be changed to 542 ''active'' if all the managed objects in the conceptual 543 row with MAX-ACCESS read-create except 544 syslogControlBindPort and 545 syslogControlEncapsulation have been assigned valid 546 values. 547 " 548 ::= { syslogControlEntry 12 } 550 -- ------------------------------------------------------------- 551 -- syslogOperations 552 -- ------------------------------------------------------------- 553 syslogOperationsTable OBJECT-TYPE 554 SYNTAX SEQUENCE OF SyslogOperationsEntry 555 MAX-ACCESS not-accessible 556 STATUS current 557 DESCRIPTION 558 "A table containing operations information about 559 the syslog applications serviced by an SNMP agent. 560 This table complements the (configuration) information 561 in syslogControlTable . 562 " 563 ::= { syslogObjects 2 } 565 syslogOperationsEntry OBJECT-TYPE 566 SYNTAX SyslogOperationsEntry 567 MAX-ACCESS not-accessible 568 STATUS current 569 DESCRIPTION 570 "The operations information pertaining to a syslog 571 application. 572 " 573 AUGMENTS { syslogControlEntry } 574 ::= { syslogOperationsTable 1 } 576 SyslogOperationsEntry ::= 577 SEQUENCE { 578 syslogOperationsMsgsReceived 579 Counter32, 580 syslogOperationsMsgsTransmitted 581 Counter32, 582 syslogOperationsMsgsRelayed 583 Counter32, 584 syslogOperationsMsgsDropped 585 Counter32, 586 syslogOperationsMsgsMalFormed 587 Counter32, 588 syslogOperationsMsgsDiscarded 589 Counter32, 590 syslogOperationsLastMsgRecdTime 591 TimeStamp, 592 syslogOperationsLastMsgTransmittedTime 593 TimeStamp, 594 syslogOperationsStartTime 595 TimeStamp, 596 syslogOperationsLastError 597 SnmpAdminString, 598 syslogOperationsLastErrorTime 599 TimeStamp, 600 syslogOperationsRunIndex 601 Integer32, 602 syslogOperationsCounterDiscontinuityTime 603 TimeStamp, 604 syslogOperationsStatus 605 INTEGER 606 } 608 syslogOperationsMsgsReceived OBJECT-TYPE 609 SYNTAX Counter32 610 MAX-ACCESS read-only 611 STATUS current 612 DESCRIPTION 613 "The number of messages received by the syslog 614 receiver. This includes messages that were discarded. 615 If this syslog application is not a syslog receiver, 616 the value of this object will be zero. 617 Discontinuities in the value of this counter can 618 occur at re-initialization of the management system, 619 and at other times as indicated by the value of 620 syslogOperationsCounterDiscontinuityTime. 621 " 623 ::= { syslogOperationsEntry 1 } 625 syslogOperationsMsgsTransmitted OBJECT-TYPE 626 SYNTAX Counter32 627 MAX-ACCESS read-only 628 STATUS current 629 DESCRIPTION 630 "The number of messages transmitted by the syslog 631 sender. This does not include the messages that could 632 not be queued for transmission by the syslog sender. 633 If this syslog application is not a syslog sender, 634 the value of this object will be zero. 635 Discontinuities in the value of this counter can 636 occur at re-initialization of the management system, 637 and at other times as indicated by the value of 638 syslogOperationsCounterDiscontinuityTime. 639 " 640 ::= { syslogOperationsEntry 2 } 642 syslogOperationsMsgsRelayed OBJECT-TYPE 643 SYNTAX Counter32 644 MAX-ACCESS read-only 645 STATUS current 646 DESCRIPTION 647 "The number of messages relayed by the syslog 648 relay to other syslog applications. 649 If this syslog application is not a syslog relay, 650 the value of this object will be zero. 651 Discontinuities in the value of this counter can 652 occur at re-initialization of the management system, 653 and at other times as indicated by the value of 654 syslogOperationsCounterDiscontinuityTime. 655 " 656 REFERENCE 657 "The Syslog Protocol [RFC5424] sec. 3. 658 " 659 ::= { syslogOperationsEntry 3 } 661 syslogOperationsMsgsDropped OBJECT-TYPE 662 SYNTAX Counter32 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "The number of messages that could not be queued 667 for transmission by the syslog sender. 668 If this syslog application is not a syslog sender, 669 the value of this object will be zero. 670 Discontinuities in the value of this counter can 671 occur at re-initialization of the management system, 672 and at other times as indicated by the value of 673 syslogOperationsCounterDiscontinuityTime. 674 " 675 ::= { syslogOperationsEntry 4 } 677 syslogOperationsMsgsMalFormed OBJECT-TYPE 678 SYNTAX Counter32 679 MAX-ACCESS read-only 680 STATUS current 681 DESCRIPTION 682 "The number of messages received by the syslog 683 receiver which had a malformed header. 684 If this syslog application is not a syslog receiver, 685 this object will have a zero value. 686 Discontinuities in the value of this counter can 687 occur at re-initialization of the management system, 688 and at other times as indicated by the value of 689 syslogOperationsCounterDiscontinuityTime. 690 " 691 REFERENCE 692 "The Syslog Protocol [RFC5424] sec. 6.3. 693 " 694 ::= { syslogOperationsEntry 5 } 696 syslogOperationsMsgsDiscarded OBJECT-TYPE 697 SYNTAX Counter32 698 MAX-ACCESS read-only 699 STATUS current 700 DESCRIPTION 701 "The number of messages that were discarded by the 702 syslog receiver. This will include messages that 703 were discarded because the message size was greater 704 than the system's maximum message size. 705 If this syslog application is not a syslog receiver, 706 this object will have a zero value. 707 Discontinuities in the value of this counter can 708 occur at re-initialization of the management system, 709 and at other times as indicated by the value of 710 syslogOperationsCounterDiscontinuityTime. 711 " 712 REFERENCE 713 "The Syslog Protocol [RFC5424] sec. 6.1. 714 " 715 ::= { syslogOperationsEntry 6 } 717 syslogOperationsLastMsgRecdTime OBJECT-TYPE 718 SYNTAX TimeStamp 719 MAX-ACCESS read-only 720 STATUS current 721 DESCRIPTION 722 "The value of sysUpTime when the last message was 723 received by the syslog receiver. 724 If this syslog application is not a syslog receiver or, 725 if no messages have been received by this syslog 726 application, since the last re-initialization of the 727 local SNMP management subsystem, then this object 728 will have a zero value. 729 " 730 ::= { syslogOperationsEntry 7 } 732 syslogOperationsLastMsgTransmittedTime OBJECT-TYPE 733 SYNTAX TimeStamp 734 MAX-ACCESS read-only 735 STATUS current 736 DESCRIPTION 737 "The value of sysUpTime when the last message 738 was transmitted by the syslog sender. 739 If this syslog application is not a syslog sender or, 740 if no messages have been transmitted by this syslog 741 application, since the last re-initialization of the local 742 management subsystem, then this object will have a 743 zero value. 744 " 745 ::= { syslogOperationsEntry 8 } 747 syslogOperationsStartTime OBJECT-TYPE 748 SYNTAX TimeStamp 749 MAX-ACCESS read-only 750 STATUS current 751 DESCRIPTION 752 "The value of sysUpTime when this syslog application was 753 started. 754 " 755 ::= { syslogOperationsEntry 9 } 757 syslogOperationsLastError OBJECT-TYPE 758 SYNTAX SnmpAdminString 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION 762 "A description of the last error related to sending, 763 receiving or processing a syslog message that was 764 encountered by this syslog application. 765 If no error has been encountered by this syslog 766 application then the value of this object will be a 767 zero-length string. 768 If no error has been encountered by this syslog 769 application since the last re-initialization of the 770 local management subsystem then the value of this 771 object will be a zero-length string. 772 " 773 ::= { syslogOperationsEntry 10 } 775 syslogOperationsLastErrorTime OBJECT-TYPE 776 SYNTAX TimeStamp 777 MAX-ACCESS read-only 778 STATUS current 779 DESCRIPTION 780 "The value of sysUpTime when the last error was 781 encountered. 782 If no error has been encountered by this syslog 783 application since the last re-initialization of the 784 local management subsystem, then this object will 785 have a zero value. 786 " 787 ::= { syslogOperationsEntry 11 } 789 syslogOperationsRunIndex OBJECT-TYPE 790 SYNTAX Integer32 (0..2147483647) 791 MAX-ACCESS read-only 792 STATUS current 793 DESCRIPTION 794 "If the Host Resources MIB is instantiated on the 795 host then this entry will have the value of the 796 hrSWRunIndex of the corresponding entry in the 797 hrSWRunTable. 798 Note that the hrSWRunIndex is not persistent 799 across system reboots or software restarts. The 800 value of syslogOperationsRunIndex SHOULD 801 reference the latest value of the hrSWRunIndex 802 of the corresponding entry in the hrSWRunTable. 804 The special value of zero indicates that the Host 805 resource MIB is not instantiated. 806 " 807 ::= { syslogOperationsEntry 12 } 809 syslogOperationsCounterDiscontinuityTime OBJECT-TYPE 810 SYNTAX TimeStamp 811 MAX-ACCESS read-only 812 STATUS current 813 DESCRIPTION 814 "The value of sysUpTime on the most recent occasion 815 at which any one or more of this syslog application's 816 counters, viz., counters with OID prefix 817 'syslogOperationsMsgsReceived' or 818 'syslogOperationsMsgsTransmitted' or 819 'syslogOperationsMsgsRelayed' or 820 'syslogOperationsMsgsDropped' or 821 'syslogOperationsMsgsMalFormed' or 822 'syslogOperationsMsgsDiscarded' suffered a 823 discontinuity. 824 If no such discontinuities have occurred since the 825 last re-initialization of the local management 826 subsystem, then this object will have a zero value. 827 " 828 ::= { syslogOperationsEntry 13 } 830 syslogOperationsStatus OBJECT-TYPE 831 SYNTAX INTEGER { 832 unknown (1), 833 started (2), 834 suspended(3), 835 stopped (4) 836 } 837 MAX-ACCESS read-only 838 STATUS current 839 DESCRIPTION 840 "The status of the syslog application. 841 " 842 DEFVAL { unknown } 843 ::= { syslogOperationsEntry 14 } 845 syslogPriorityTable OBJECT-TYPE 846 SYNTAX SEQUENCE OF SyslogPriorityEntry 847 MAX-ACCESS not-accessible 848 STATUS current 849 DESCRIPTION 850 "A table containing the relay configuration 851 parameters pertaining to the syslog applications 852 serviced by an SNMP agent. 853 " 854 ::= { syslogObjects 3 } 856 syslogPriorityEntry OBJECT-TYPE 857 SYNTAX SyslogPriorityEntry 858 MAX-ACCESS not-accessible 859 STATUS current 860 DESCRIPTION 861 "The relay configuration parameters pertaining to 862 a syslog application. 863 " 864 INDEX { syslogControlIndex, 865 syslogPriorityFacility, 866 syslogPrioritySeverity } 867 ::= { syslogPriorityTable 1 } 869 SyslogPriorityEntry ::= 870 SEQUENCE { 871 syslogPriorityFacility 872 SyslogFacility, 873 syslogPrioritySeverity 874 SyslogSeverity, 875 syslogPriorityDescr 876 SnmpAdminString, 877 syslogPriorityDestinationIndex 878 Unsigned32, 879 syslogPriorityStorageType 880 StorageType, 881 syslogPriorityRowStatus 882 RowStatus 883 } 885 syslogPriorityFacility OBJECT-TYPE 886 SYNTAX SyslogFacility 887 MAX-ACCESS not-accessible 888 STATUS current 889 DESCRIPTION 890 "The facility value of this entry. 891 " 892 ::= { syslogPriorityEntry 1 } 894 syslogPrioritySeverity OBJECT-TYPE 895 SYNTAX SyslogSeverity 896 MAX-ACCESS not-accessible 897 STATUS current 898 DESCRIPTION 899 "The severity value of this entry. 900 " 901 ::= { syslogPriorityEntry 2 } 903 syslogPriorityDescr OBJECT-TYPE 904 SYNTAX SnmpAdminString 905 MAX-ACCESS read-create 906 STATUS current 907 DESCRIPTION 908 "A textual description of this priority entry. 910 " 911 ::= { syslogPriorityEntry 3 } 913 syslogPriorityDestinationIndex OBJECT-TYPE 914 SYNTAX Unsigned32 915 MAX-ACCESS read-create 916 STATUS current 917 DESCRIPTION 918 "On systems where the priority value in a syslog message 919 indicates the destination to which a syslog message 920 should be relayed, the value of this object will identify 921 the row in syslogRelayTable that contains 922 information about the relay destination to which 923 messages which have the priority value represented by 924 syslogPriorityFacility and syslogPrioritySeverity values 925 of this row will be relayed. 926 A value of 0 will indicate that there is no corresponding 927 row in the syslogRelayTable table. 928 " 929 ::= { syslogPriorityEntry 4 } 931 syslogPriorityStorageType OBJECT-TYPE 932 SYNTAX StorageType 933 MAX-ACCESS read-create 934 STATUS current 935 DESCRIPTION 936 "This object defines whether the parameters defined in 937 this row are kept in volatile storage and lost upon 938 reboot or are backed up by non-volatile or permanent 939 storage. 940 Conceptual rows having the value 'permanent' need not 941 allow write-access to any columnar objects in the row. 942 " 943 DEFVAL { nonVolatile } 944 ::= { syslogPriorityEntry 5 } 946 syslogPriorityRowStatus OBJECT-TYPE 947 SYNTAX RowStatus 948 MAX-ACCESS read-create 949 STATUS current 950 DESCRIPTION 951 "This object is used to create, modify and delete rows 952 in the syslogPriorityTable. 953 The value of syslogPriorityDescr can be changed 954 when this object is in state ''active'' or in 955 ''notInService''. 956 The other objects in a row can be modified only when the 957 value of this object in the corresponding conceptual row 958 is not ''active''. Thus to modify one or more of the 959 objects in this conceptual row, 960 a. change the row status to ''notInService'', 961 b. change the values of the row 962 c. change the row status to ''active'' 963 The syslogPriorityRowStatus may be changed to 964 ''active'' if all the managed objects in the conceptual 965 row with MAX-ACCESS read-create have been assigned valid 966 values. 967 " 968 ::= { syslogPriorityEntry 6 } 970 syslogRelayTable OBJECT-TYPE 971 SYNTAX SEQUENCE OF SyslogRelayEntry 972 MAX-ACCESS not-accessible 973 STATUS current 974 DESCRIPTION 975 "A table containing information for the relay 976 destinations. 977 " 978 ::= { syslogObjects 4 } 980 syslogRelayEntry OBJECT-TYPE 981 SYNTAX SyslogRelayEntry 982 MAX-ACCESS not-accessible 983 STATUS current 984 DESCRIPTION 985 "The information pertaining to a syslog message 986 relay destination. 987 " 988 INDEX { syslogRelayIndex } 989 ::= { syslogRelayTable 1 } 991 SyslogRelayEntry ::= 992 SEQUENCE { 993 syslogRelayIndex 994 Unsigned32, 995 syslogRelayDescr 996 SnmpAdminString, 997 syslogRelayAddrType 998 InetAddressType, 999 syslogRelayAddr 1000 InetAddress, 1001 syslogRelayPort 1002 InetPortNumber, 1003 syslogRelayEncapsulation 1004 SyslogEncapsulation, 1006 syslogRelayMsgsRelayed 1007 Counter32, 1008 syslogRelayCounterDiscontinuityTime 1009 TimeStamp, 1010 syslogRelayStorageType 1011 StorageType, 1012 syslogRelayRowStatus 1013 RowStatus 1014 } 1016 syslogRelayIndex OBJECT-TYPE 1017 SYNTAX Unsigned32 (1..2147483647) 1018 MAX-ACCESS not-accessible 1019 STATUS current 1020 DESCRIPTION 1021 "The Index that uniquely identifies the syslog 1022 relay in the syslogRelayTable. 1023 The value of the index for a syslog relay may 1024 not be the same across system reboots. Users and 1025 applications will need to determine the index of a 1026 syslog relay after system reboots. 1027 " 1028 ::= { syslogRelayEntry 1 } 1030 syslogRelayDescr OBJECT-TYPE 1031 SYNTAX SnmpAdminString 1032 MAX-ACCESS read-create 1033 STATUS current 1034 DESCRIPTION 1035 "A user definable description of the syslog relay. 1036 This description could be used by syslog management 1037 applications e.g. in reports or in user interfaces. 1038 " 1039 ::= { syslogRelayEntry 2 } 1041 syslogRelayAddrType OBJECT-TYPE 1042 SYNTAX InetAddressType 1043 MAX-ACCESS read-create 1044 STATUS current 1045 DESCRIPTION 1046 "The type of Internet address which follows 1047 in syslogRelayAddr. 1048 " 1049 ::= { syslogRelayEntry 3 } 1051 syslogRelayAddr OBJECT-TYPE 1052 SYNTAX InetAddress 1053 MAX-ACCESS read-create 1054 STATUS current 1055 DESCRIPTION 1056 "The address of the syslog relay. 1057 The format of the address is specified by the 1058 corresponding syslogRelayAddrType object. 1059 If the address is specified in the DNS domain name format 1060 [syslogRelayAddrType = 'dns'], the 1061 corresponding IPv4 or IPv6 address obtained at the time 1062 of the relay operation by the syslog application, will be 1063 used. 1064 " 1065 ::= { syslogRelayEntry 4 } 1067 syslogRelayPort OBJECT-TYPE 1068 SYNTAX InetPortNumber 1069 MAX-ACCESS read-create 1070 STATUS current 1071 DESCRIPTION 1072 "The port number of the syslog relay. 1073 " 1074 ::= { syslogRelayEntry 5 } 1076 syslogRelayEncapsulation OBJECT-TYPE 1077 SYNTAX SyslogEncapsulation 1078 MAX-ACCESS read-create 1079 STATUS current 1080 DESCRIPTION 1081 "The encapsulation that will be used for syslog messages 1082 sent by the syslog sender to the relay destination. 1083 " 1084 ::= { syslogRelayEntry 6 } 1086 syslogRelayMsgsRelayed OBJECT-TYPE 1087 SYNTAX Counter32 1088 MAX-ACCESS read-only 1089 STATUS current 1090 DESCRIPTION 1091 "The number of messages relayed by the syslog 1092 relay to this relay destination. 1093 Discontinuities in the value of this counter can 1094 occur at re-initialization of the management system, 1095 and at other times as indicated by the value of 1096 syslogRelayCounterDiscontinuityTime. 1097 " 1098 REFERENCE 1099 "The Syslog Protocol [RFC5424] sec. 3. 1100 " 1101 ::= { syslogRelayEntry 7 } 1103 syslogRelayCounterDiscontinuityTime OBJECT-TYPE 1104 SYNTAX TimeStamp 1105 MAX-ACCESS read-only 1106 STATUS current 1107 DESCRIPTION 1108 "The value of sysUpTime on the most recent occasion 1109 at which counters with OID prefix 1110 'syslogRelayMsgsRelayed' suffered a 1111 discontinuity. 1112 If no such discontinuities have occurred since the 1113 last re-initialization of the local management 1114 subsystem, then this object will have a zero value. 1115 " 1116 ::= { syslogRelayEntry 8 } 1118 syslogRelayStorageType OBJECT-TYPE 1119 SYNTAX StorageType 1120 MAX-ACCESS read-create 1121 STATUS current 1122 DESCRIPTION 1123 "This object defines whether the parameters defined in 1124 this row are kept in volatile storage and lost upon 1125 reboot or are backed up by non-volatile or permanent 1126 storage. 1127 Conceptual rows having the value 'permanent' need not 1128 allow write-access to any columnar objects in the row. 1129 " 1130 DEFVAL { nonVolatile } 1131 ::= { syslogRelayEntry 9 } 1133 syslogRelayRowStatus OBJECT-TYPE 1134 SYNTAX RowStatus 1135 MAX-ACCESS read-create 1136 STATUS current 1137 DESCRIPTION 1138 "This object is used to create, modify and delete rows 1139 in the syslogRelayTable. 1140 The value of syslogRelayDescr can be changed 1141 when this object is in state ''active'' or in 1142 ''notInService''. 1143 The other objects in a row can be modified only when the 1144 value of this object in the corresponding conceptual row 1145 is not ''active''. Thus to modify one or more of the 1146 objects in this conceptual row, 1147 a. change the row status to ''notInService'', 1148 b. change the values of the row 1149 c. change the row status to ''active'' 1150 The syslogRelayRowStatus may be changed to 1151 ''active'' if all the managed objects in the conceptual 1152 row with MAX-ACCESS read-create have been assigned valid 1153 values. 1154 " 1155 ::= { syslogRelayEntry 10 } 1157 syslogStatusChanged NOTIFICATION-TYPE 1158 OBJECTS { 1159 syslogControlDescr, 1160 syslogControlRoles, 1161 syslogControlBindAddrType, 1162 syslogControlBindAddr, 1163 syslogControlBindPort, 1164 syslogControlEncapsulation, 1165 syslogControlConfFileName, 1166 syslogOperationsStatus 1167 } 1168 STATUS current 1169 DESCRIPTION 1170 "This notification is sent when a syslog application 1171 changes state. For example when the syslog application 1172 starts [syslogOperationsStatus is ''started'' ] 1173 or the syslog application stops [syslogOperationsStatus 1174 is ''suspended'' or ''stopped'']. 1175 The value of syslogOperationsStatus will be the 1176 new status of the syslog application after the change. 1177 The syslog application corresponding to the notification 1178 will be identified by the syslogOperationsIndex 1179 instance identifier of the objects in the notification. 1180 " 1181 ::= { syslogNotifications 1 } 1183 -- ------------------------------------------------------------- 1184 -- Conformance Information 1185 -- ------------------------------------------------------------- 1187 syslogGroups OBJECT IDENTIFIER 1188 ::= { syslogConformance 1 } 1190 syslogCompliances OBJECT IDENTIFIER 1191 ::= { syslogConformance 2 } 1192 -- ------------------------------------------------------------- 1193 -- units of conformance 1194 -- ------------------------------------------------------------- 1196 syslogOperationsGroup OBJECT-GROUP 1197 OBJECTS { 1198 -- syslogOperationsIndex, 1199 syslogOperationsMsgsReceived, 1200 syslogOperationsMsgsTransmitted, 1201 syslogOperationsMsgsRelayed, 1202 syslogOperationsMsgsDropped, 1203 syslogOperationsMsgsMalFormed, 1204 syslogOperationsMsgsDiscarded, 1205 syslogOperationsLastMsgRecdTime, 1206 syslogOperationsLastMsgTransmittedTime, 1207 syslogOperationsStartTime, 1208 syslogOperationsLastError, 1209 syslogOperationsLastErrorTime, 1210 syslogOperationsRunIndex, 1211 syslogOperationsCounterDiscontinuityTime, 1212 syslogOperationsStatus 1213 } 1214 STATUS current 1215 DESCRIPTION 1216 "A collection of objects providing message related 1217 statistics." 1218 ::= { syslogGroups 1} 1219 syslogControlGroup OBJECT-GROUP 1220 OBJECTS { 1221 syslogControlDescr, 1222 syslogControlRoles, 1223 syslogControlBindAddrType, 1224 syslogControlBindAddr, 1225 syslogControlEncapsulation, 1226 syslogControlBindPort, 1227 syslogControlMaxMessageSize, 1228 syslogControlConfFileName, 1229 syslogControlStorageType, 1230 syslogControlRowStatus 1231 } 1232 STATUS current 1233 DESCRIPTION 1234 "A collection of objects representing the run time parameters 1235 for the syslog applications. 1236 " 1237 ::= { syslogGroups 2} 1239 syslogPriorityGroup OBJECT-GROUP 1240 OBJECTS { 1241 syslogPriorityDescr, 1242 syslogPriorityDestinationIndex, 1243 syslogPriorityStorageType, 1244 syslogPriorityRowStatus 1245 } 1246 STATUS current 1247 DESCRIPTION 1248 "A collection of objects representing the priority 1249 groupings of syslog messages. 1250 " 1251 ::= { syslogGroups 3} 1252 syslogRelayGroup OBJECT-GROUP 1253 OBJECTS { 1254 syslogRelayDescr, 1255 syslogRelayAddrType, 1256 syslogRelayAddr, 1257 syslogRelayPort, 1258 syslogRelayEncapsulation, 1259 syslogRelayMsgsRelayed, 1260 syslogRelayCounterDiscontinuityTime, 1261 syslogRelayStorageType, 1262 syslogRelayRowStatus 1263 } 1264 STATUS current 1265 DESCRIPTION 1266 "A collection of objects representing the relay 1267 destinations for syslog messages. 1268 " 1269 ::= { syslogGroups 4} 1271 syslogNotificationGroup NOTIFICATION-GROUP 1272 NOTIFICATIONS { 1273 syslogStatusChanged 1274 } 1275 STATUS current 1276 DESCRIPTION 1277 "A collection of notifications about the operational 1278 state of a syslog application. 1279 " 1280 ::= { syslogGroups 5} 1281 -- ------------------------------------------------------------- 1282 -- compliance statements 1283 -- ------------------------------------------------------------- 1285 syslogFullCompliance1 MODULE-COMPLIANCE 1286 STATUS current 1287 DESCRIPTION 1288 "The compliance statement for SNMP entities which 1289 implement the SYSLOG-MIB with support for writable 1290 objects and notifications. Such an implementation can 1291 be both monitored and configured via SNMP. It can 1292 also send notifications about change in the 1293 operational status of the syslog application. 1295 " 1296 MODULE -- this module 1297 MANDATORY-GROUPS { 1298 syslogNotificationGroup, 1299 syslogOperationsGroup, 1300 syslogControlGroup, 1301 syslogPriorityGroup, 1302 syslogRelayGroup 1303 } 1305 ::= { syslogCompliances 1 } 1307 syslogFullCompliance2 MODULE-COMPLIANCE 1308 STATUS current 1309 DESCRIPTION 1310 "The compliance statement for SNMP entities which 1311 implement the SYSLOG-MIB with support for writable 1312 objects. Such an implementation can 1313 be both monitored and configured via SNMP. 1314 " 1315 MODULE -- this module 1316 MANDATORY-GROUPS { 1317 syslogOperationsGroup, 1318 syslogControlGroup, 1319 syslogPriorityGroup, 1320 syslogRelayGroup 1321 } 1323 ::= { syslogCompliances 2 } 1325 syslogFullCompliance3 MODULE-COMPLIANCE 1326 STATUS current 1327 DESCRIPTION 1328 "The compliance statement for SNMP entities which 1329 implement the SYSLOG-MIB with support for writable 1330 objects but without support for the objects in 1331 syslogPriorityGroup and syslogRelayGroup. Such an 1332 implementation can be both monitored and configured 1333 via SNMP. 1334 " 1335 MODULE -- this module 1336 MANDATORY-GROUPS { 1337 syslogOperationsGroup, 1338 syslogControlGroup 1339 } 1341 ::= { syslogCompliances 3 } 1343 syslogReadOnlyCompliance1 MODULE-COMPLIANCE 1344 STATUS current 1345 DESCRIPTION 1346 "The compliance statement for SNMP entities which 1347 implement the SYSLOG-MIB without support 1348 for read-write (i.e. in read-only mode). It can 1349 also send notifications about change in the 1350 operational status of the syslog application. 1351 " 1352 MODULE -- this module 1353 MANDATORY-GROUPS { 1354 syslogNotificationGroup, 1355 syslogOperationsGroup, 1356 syslogControlGroup, 1357 syslogPriorityGroup, 1358 syslogRelayGroup 1359 } 1361 OBJECT syslogControlDescr 1362 MIN-ACCESS read-only 1363 DESCRIPTION 1364 "Write access is not required. 1365 " 1366 OBJECT syslogControlRoles 1367 MIN-ACCESS read-only 1368 DESCRIPTION 1369 "Write access is not required. 1370 " 1371 OBJECT syslogControlBindAddrType 1372 MIN-ACCESS read-only 1373 DESCRIPTION 1374 "Write access is not required. 1375 " 1376 OBJECT syslogControlBindAddr 1377 MIN-ACCESS read-only 1378 DESCRIPTION 1379 "Write access is not required. 1380 " 1381 OBJECT syslogControlBindPort 1382 MIN-ACCESS read-only 1383 DESCRIPTION 1384 "Write access is not required. 1385 " 1386 OBJECT syslogControlEncapsulation 1387 MIN-ACCESS read-only 1388 DESCRIPTION 1389 "Write access is not required. 1390 " 1392 OBJECT syslogControlMaxMessageSize 1393 MIN-ACCESS read-only 1394 DESCRIPTION 1395 "Write access is not required. 1396 " 1397 OBJECT syslogControlConfFileName 1398 MIN-ACCESS read-only 1399 DESCRIPTION 1400 "Write access is not required. 1401 " 1402 OBJECT syslogControlStorageType 1403 MIN-ACCESS read-only 1404 DESCRIPTION 1405 "Write access is not required. 1406 " 1407 OBJECT syslogControlRowStatus 1408 MIN-ACCESS read-only 1409 DESCRIPTION 1410 "Write access is not required. 1411 " 1413 ::= { syslogCompliances 4 } 1414 syslogReadOnlyCompliance2 MODULE-COMPLIANCE 1415 STATUS current 1416 DESCRIPTION 1417 "The compliance statement for SNMP entities which 1418 implement the SYSLOG-MIB without support 1419 for read-write (i.e. in read-only mode). 1420 " 1421 MODULE -- this module 1422 MANDATORY-GROUPS { 1423 syslogOperationsGroup, 1424 syslogControlGroup, 1425 syslogPriorityGroup, 1426 syslogRelayGroup 1427 } 1429 OBJECT syslogControlDescr 1430 MIN-ACCESS read-only 1431 DESCRIPTION 1432 "Write access is not required. 1433 " 1434 OBJECT syslogControlRoles 1435 MIN-ACCESS read-only 1436 DESCRIPTION 1437 "Write access is not required. 1438 " 1439 OBJECT syslogControlBindAddrType 1440 MIN-ACCESS read-only 1441 DESCRIPTION 1442 "Write access is not required. 1443 " 1444 OBJECT syslogControlBindAddr 1445 MIN-ACCESS read-only 1446 DESCRIPTION 1447 "Write access is not required. 1448 " 1449 OBJECT syslogControlBindPort 1450 MIN-ACCESS read-only 1451 DESCRIPTION 1452 "Write access is not required. 1453 " 1454 OBJECT syslogControlEncapsulation 1455 MIN-ACCESS read-only 1456 DESCRIPTION 1457 "Write access is not required. 1458 " 1459 OBJECT syslogControlMaxMessageSize 1460 MIN-ACCESS read-only 1461 DESCRIPTION 1462 "Write access is not required. 1463 " 1464 OBJECT syslogControlConfFileName 1465 MIN-ACCESS read-only 1466 DESCRIPTION 1467 "Write access is not required. 1468 " 1469 OBJECT syslogControlStorageType 1470 MIN-ACCESS read-only 1471 DESCRIPTION 1472 "Write access is not required. 1473 " 1474 OBJECT syslogControlRowStatus 1475 MIN-ACCESS read-only 1476 DESCRIPTION 1477 "Write access is not required. 1478 " 1479 OBJECT syslogPriorityDescr 1480 MIN-ACCESS read-only 1481 DESCRIPTION 1482 "Write access is not required. 1483 " 1484 OBJECT syslogPriorityDestinationIndex 1485 MIN-ACCESS read-only 1486 DESCRIPTION 1487 "Write access is not required. 1489 " 1490 OBJECT syslogPriorityStorageType 1491 MIN-ACCESS read-only 1492 DESCRIPTION 1493 "Write access is not required. 1494 " 1495 OBJECT syslogPriorityRowStatus 1496 MIN-ACCESS read-only 1497 DESCRIPTION 1498 "Write access is not required. 1499 " 1500 OBJECT syslogRelayDescr 1501 MIN-ACCESS read-only 1502 DESCRIPTION 1503 "Write access is not required. 1504 " 1505 OBJECT syslogRelayAddrType 1506 MIN-ACCESS read-only 1507 DESCRIPTION 1508 "Write access is not required. 1509 " 1510 OBJECT syslogRelayAddr 1511 MIN-ACCESS read-only 1512 DESCRIPTION 1513 "Write access is not required. 1514 " 1515 OBJECT syslogRelayPort 1516 MIN-ACCESS read-only 1517 DESCRIPTION 1518 "Write access is not required. 1519 " 1520 OBJECT syslogRelayEncapsulation 1521 MIN-ACCESS read-only 1522 DESCRIPTION 1523 "Write access is not required. 1524 " 1525 OBJECT syslogRelayStorageType 1526 MIN-ACCESS read-only 1527 DESCRIPTION 1528 "Write access is not required. 1529 " 1530 OBJECT syslogRelayRowStatus 1531 MIN-ACCESS read-only 1532 DESCRIPTION 1533 "Write access is not required. 1534 " 1535 ::= { syslogCompliances 5 } 1537 syslogReadOnlyCompliance3 MODULE-COMPLIANCE 1538 STATUS current 1539 DESCRIPTION 1540 "The compliance statement for SNMP entities which 1541 implement the SYSLOG-MIB without support 1542 for read-write (i.e. in read-only mode) and without 1543 support for the objects in syslogRelayGroup and 1544 syslogPriorityGroup. 1545 " 1546 MODULE -- this module 1547 MANDATORY-GROUPS { 1548 syslogOperationsGroup, 1549 syslogControlGroup 1550 } 1552 OBJECT syslogControlDescr 1553 MIN-ACCESS read-only 1554 DESCRIPTION 1555 "Write access is not required. 1556 " 1557 OBJECT syslogControlRoles 1558 MIN-ACCESS read-only 1559 DESCRIPTION 1560 "Write access is not required. 1561 " 1562 OBJECT syslogControlBindAddrType 1563 MIN-ACCESS read-only 1564 DESCRIPTION 1565 "Write access is not required. 1566 " 1567 OBJECT syslogControlBindAddr 1568 MIN-ACCESS read-only 1569 DESCRIPTION 1570 "Write access is not required. 1571 " 1572 OBJECT syslogControlBindPort 1573 MIN-ACCESS read-only 1574 DESCRIPTION 1575 "Write access is not required. 1576 " 1577 OBJECT syslogControlEncapsulation 1578 MIN-ACCESS read-only 1579 DESCRIPTION 1580 "Write access is not required. 1581 " 1582 OBJECT syslogControlMaxMessageSize 1583 MIN-ACCESS read-only 1584 DESCRIPTION 1585 "Write access is not required. 1586 " 1587 OBJECT syslogControlConfFileName 1588 MIN-ACCESS read-only 1589 DESCRIPTION 1590 "Write access is not required. 1591 " 1592 OBJECT syslogControlStorageType 1593 MIN-ACCESS read-only 1594 DESCRIPTION 1595 "Write access is not required. 1596 " 1597 OBJECT syslogControlRowStatus 1598 MIN-ACCESS read-only 1599 DESCRIPTION 1600 "Write access is not required. 1601 " 1602 ::= { syslogCompliances 6 } 1604 syslogNotificationCompliance MODULE-COMPLIANCE 1605 STATUS current 1606 DESCRIPTION 1607 "The compliance statement for SNMP entities 1608 which implement the SYSLOG-MIB and support 1609 only notifications about change in the 1610 operational status of a syslog application. 1611 " 1612 MODULE -- this module 1613 MANDATORY-GROUPS { 1614 syslogNotificationGroup 1615 } 1617 ::= { syslogCompliances 7 } 1619 END 1621 6. Security Considerations 1623 Syslog plays a very important role in the computer and network 1624 security of an organization. SYSLOG-MIB defines several managed 1625 objects that may be used to monitor, configure and control syslog 1626 applications. As such improper manipulation of the objects 1627 represented by this MIB may lead to an attack on an important 1628 component of the computer and network security infrastructure. The 1629 objects in syslogControlTable, syslogPriorityTable and 1630 syslogRelayTable may be misconfigured to cause syslog messages to be 1631 diverted or lost. 1633 There are a number of management objects defined in this MIB module 1634 with a MAX-ACCESS clause of read-write and/or read-create. Such 1635 objects may be considered sensitive or vulnerable in some network 1636 environments. The support for SET operations in a non-secure 1637 environment without proper protection can have a negative effect on 1638 network operations. These are the tables and objects and their 1639 sensitivity/vulnerability: 1641 o syslogControlTable: The objects in this table describe the 1642 configuration of the syslog applications. It may be misconfigured 1643 to start up a very large number of syslog applications (processes) 1644 and deny the system of its resources. 1646 o syslogControlBindAddr: This object may be misconfigured to bind 1647 syslog application to the wrong address. This will cause messages 1648 to be lost. 1650 o syslogControlBindPort: This object may be misconfigured to bind 1651 syslog application to the wrong service (port). This will cause 1652 messages to be lost. 1654 o syslogControlMaxMessageSize: This message may be misconfigured to 1655 set the wrong MaxMessageSize for the syslog application. It may 1656 cause syslog messages to be lost. 1658 o syslogControlConfFileName: This object may be misconfigured to 1659 start the syslog application with the wrong (rogue) configuration. 1661 o syslogControlStorageType: This object may be misconfigured to set 1662 the wrong storage type. That may cause confusion, operational 1663 errors and/or loss of information. 1665 o syslogPriorityTable: The objects in this table link the priority 1666 value in a syslog message to the entry in the 1667 syslogRelayTable corresponding to the syslog collector to which 1668 the syslog message should be relayed. The table may be 1669 misconfigured to redirect a syslog message to a potentially non- 1670 existent wrong destination and/or to redirect a large number of 1671 messages to a particular syslog collector. 1673 o syslogRelayTable: The rows in this table represent the relays to 1674 which syslog messages will be relayed, depending on the priority 1675 value in the respective syslog messages. The table may be 1676 misconfigured to redirect a syslog message to a potentially non- 1677 existent wrong destination and/or redirect a large number of 1678 messages to a particular syslog collector. 1680 Some of the readable objects in this MIB module (i.e., objects with a 1681 MAX-ACCESS other than not-accessible) may be considered sensitive or 1682 vulnerable in some network environments. It is thus important to 1683 control even GET and/or NOTIFY access to these objects and possibly 1684 to even encrypt the values of these objects when sending them over 1685 the network via SNMP. These are the tables and objects and their 1686 sensitivity/vulnerability: 1688 o syslogOperationsTable: Objects in this table carry sensitive 1689 information. The counters may reveal information about the 1690 deployment and effectiveness of the relevant security systems. 1691 The counters may be analyzed to tell whether the security systems 1692 are able to detect an event or not. 1694 o syslogOperationsLastError: This object may contain sensitive 1695 information e.g. user-id, password, etc. depending on the 1696 implementation of the syslog application. It may reveal details 1697 about the syslog implementation itself, e.g. version, OS, etc. 1699 o syslogPriorityTable: Objects in this table carry sensitive 1700 information. The objects reveal how the syslog messages are 1701 grouped, relayed and/or stored. 1703 o syslogRelayTable: Objects in this table carry sensitive 1704 information. The objects reveal the destination of syslog 1705 messages. 1707 SNMP versions prior to SNMPv3 did not include adequate security. 1708 Even if the network itself is secure (for example by using IPsec), 1709 even then, there is no control as to who on the secure network is 1710 allowed to access and GET/SET (read/change/create/delete) the objects 1711 in this MIB module. 1713 It is RECOMMENDED that implementers consider the security features as 1714 provided by the SNMPv3 framework (see [RFC3410], section 8), 1715 including full support for the SNMPv3 cryptographic mechanisms (for 1716 authentication and privacy). 1718 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1719 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1720 enable cryptographic security. It is then a customer/operator 1721 responsibility to ensure that the SNMP application giving access to 1722 an instance of this MIB module is properly configured to give access 1723 to the objects only to those principals (users) that have legitimate 1724 rights to indeed GET or SET (change/create/delete) them. 1726 7. IANA Considerations 1728 The MIB modules in this document use the following IANA-assigned 1729 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1731 Descriptor OBJECT IDENTIFIER value 1732 ---------- ----------------------- 1734 syslogMIB { mib-2 YYYY } 1736 IANA Reg.: Please assign a value under the 'mib-2' subtree 1737 for the 'syslogMIB' MODULE-IDENTITY and record 1738 the assignment in the SMI Numbers registry. 1740 RFC Ed.: When the above assignments have been made, please 1741 - remove the above note 1742 - replace "YYYY" here with the assigned values and 1743 - remove this note. 1745 8. Acknowledgments 1747 The initial draft of this document was authored by Bruno Pape. The 1748 authors would like to thank Mark Ellison, David Harrington, Mike 1749 MacFaden, Dave T Perkins, Tom Petch, Juergen Schoenwaelder, Rohit M, 1750 Bert Wijnen and members of the WIDE-netman group for their comments 1751 and suggestions. 1753 Funding for the RFC Editor function is provided by the IETF 1754 Administrative Support Activity (IASA). 1756 9. APPENDIX 1758 This section documents the development of the draft. It will be 1759 deleted when the draft becomes an RFC. 1761 Revision History: 1763 This draft is a revision of draft-ietf-syslog-device-mib-17.txt, the 1764 last version of the SyslogMIB draft developed as a SyslogWG work 1765 item. 1767 o Changes from draft-ietf-syslog-device-mib-17.txt to draft-tsuno- 1768 syslog-mib-00.txt 1770 1. Editorial changes only 1772 o Changes from draft-tsuno-syslog-mib-00.txt to draft-tsuno-syslog- 1773 mib-01.txt 1774 1. Added new textual convention for DTLS transport 1776 2. Added text to explain syslogPriorityTable and syslogRelayTable 1778 3. Editorial changes. 1780 o Changes from draft-tsuno-syslog-mib-01.txt to draft-tsuno-syslog- 1781 mib-02.txt 1783 1. Added "Managing syslog" section to clarify the necessity of 1784 this MIB. 1786 o Changes from draft-tsuno-syslog-mib-02.txt to draft-tsuno-syslog- 1787 mib-03.txt 1789 1. Editorial changes only 1791 o Changes from draft-tsuno-syslog-mib-03.txt to draft-tsuno-syslog- 1792 mib-04.txt 1794 1. Editorial changes only 1796 o Changes from draft-tsuno-syslog-mib-04.txt to draft-tsuno-syslog- 1797 mib-05.txt 1799 1. Revised DESCRIPTION clauses of some objects 1801 10. References 1803 10.1. Normative References 1805 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1806 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1807 RFC2119, March 1997, . 1810 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1811 Schoenwaelder, Ed., "Structure of Management Information 1812 Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/ 1813 RFC2578, April 1999, . 1816 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1817 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 1818 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1819 . 1821 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1822 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1823 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1824 . 1826 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1827 Architecture for Describing Simple Network Management 1828 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1829 DOI 10.17487/RFC3411, December 2002, . 1832 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1833 Schoenwaelder, "Textual Conventions for Internet Network 1834 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1835 . 1837 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI 1838 10.17487/RFC5424, March 2009, . 1841 [RFC5427] Keeni, G., "Textual Conventions for Syslog Management", 1842 RFC 5427, DOI 10.17487/RFC5427, March 2009, 1843 . 1845 10.2. Informative References 1847 [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 1848 2790, DOI 10.17487/RFC2790, March 2000, . 1851 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1852 "Introduction and Applicability Statements for Internet- 1853 Standard Management Framework", RFC 3410, DOI 10.17487/ 1854 RFC3410, December 2002, . 1857 Authors' Addresses 1859 Hiroshi Tsunoda 1860 Tohoku Institute of Technology 1861 35-1, Yagiyama Kasumi-cho 1862 Taihaku-ku, Sendai 982-8577 1863 Japan 1865 Phone: +81-22-305-3411 1866 Email: tsuno@m.ieice.org 1867 Glenn Mansfield Keeni 1868 Cyber Solutions Inc. 1869 6-6-3 Minami Yoshinari 1870 Aoba-ku, Sendai 989-3204 1871 Japan 1873 Phone: +81-22-303-4012 1874 Email: glenn@cysols.com