idnits 2.17.1
draft-wildes-netmod-syslog-model-05.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
== The page length should not exceed 58 lines per page, but there was 12
longer pages, the longest (page 5) being 199 lines
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack separate sections for Informative/Normative
References. All references will be assumed normative when checking for
downward references.
** There are 33 instances of too long lines in the document, the longest
one being 30 characters in excess of 72.
== There are 1 instance of lines with non-RFC2606-compliant FQDNs in the
document.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 193 has weird spacing: '...acility ide...'
== Line 221 has weird spacing: '...acility ide...'
== Line 250 has weird spacing: '...acility ide...'
== Line 285 has weird spacing: '...acility ide...'
== Line 327 has weird spacing: '...acility ide...'
== (5 more instances...)
-- The document date (Oct 27, 2014) is 3462 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Unused Reference: 'RFC5424' is defined on line 1218, but no explicit
reference was found in the text
== Unused Reference: 'RFC5848' is defined on line 1223, but no explicit
reference was found in the text
** Obsolete normative reference: RFC 3164 (Obsoleted by RFC 5424)
** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341)
Summary: 4 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETMOD WG Clyde Wildes
3 Internet-Draft Cisco Systems
4 Intended status: Informational Agrahara Kiran Koushik
5 Expires: April 27, 2015 Brocade Communication Systems
6 Oct 27, 2014
8 SYSLOG YANG model
9 draft-wildes-netmod-syslog-model-05
11 Abstract
13 This document describes a data model for Syslog
14 protocol which is used to convey event notification messages.
16 Status of This Memo
18 This Internet-Draft is submitted in full conformance with the
19 provisions of BCP 78 and BCP 79.
21 Internet-Drafts are working documents of the Internet Engineering
22 Task Force (IETF). Note that other groups may also distribute
23 working documents as Internet-Drafts. The list of current Internet-
24 Drafts is at http://datatracker.ietf.org/drafts/current/.
26 Internet-Drafts are draft documents valid for a maximum of six months
27 and may be updated, replaced, or obsoleted by other documents at any
28 time. It is inappropriate to use Internet-Drafts as reference
29 material or to cite them other than as "work in progress."
31 This Internet-Draft will expire on April 27, 2015.
33 Copyright Notice
35 Copyright (c) 2014 IETF Trust and the persons identified as the
36 document authors. All rights reserved.
38 This document is subject to BCP 78 and the IETF Trust's Legal
39 Provisions Relating to IETF Documents
40 (http://trustee.ietf.org/license-info) in effect on the date of
41 publication of this document. Please review these documents
42 carefully, as they describe your rights and restrictions with respect
43 to this document. Code Components extracted from this document must
44 include Simplified BSD License text as described in Section 4.e of
45 the Trust Legal Provisions and are provided without warranty as
46 described in the Simplified BSD License.
48 Table of Contents
50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
51 1.1. Definitions and Acronyms . . . . . . . . . . . . . . . . 3
52 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
53 3. Design of the SYSLOG Model . . . . . . . . . . . . . . . . . 3
54 3.1. SYSLOG Module . . . . . . . . . . . . . . . . . . . . . . 4
55 4. SYSLOG YANG Models . . . . . . . . . . . . . . . . . . . . . 6
56 4.1. SYSLOG TYPES Module . . . . . . . . . . . . . . . . . . . 6
57 4.2. SYSLOG module . . . . . . . . . . . . . . . . . . . . . . 10
58 4.3. A SYSLOG Example . . . . . . . . . . . . . . . . . . . . 18
59 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 19
60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 19
61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
62 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
63 9. Change log [RFC Editor: Please remove] . . . . . . . . . . . 20
64 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
67 1. Introduction
69 Operating systems, processes and applications generate messages
70 indicating their own status or the occurence of events. These
71 messages are useful for managing and/or debugging the network and its
72 services. The BSD Syslog protocol is a widely adopted protocol that
73 is used for transmission and processing of the messages.
75 Since each process, application and operating system was
76 written somewhat independently, there is little uniformity to the
77 content of Syslog messages. For this reason, no assumption is made
78 upon the formatting or contents of the messages. The protocol is
79 simply designed to transport these event messages. No
80 acknowledgement of the receipt is made.
82 Essentially, a Syslog process receives messages (from the kernel,
83 processes, applications or other Syslog processes) and processes
84 those. The processing involves logging to a local file, displaying on
85 console, user terminal, and/or relaying to syslog processes on other
86 machines. The processing is determined by the "facility" that
87 originated the message and the "severity" assigned to the message by
88 the facility.
90 We are using definitions of Syslog protocol from [RFC3164] in this
91 draft.
93 1.1. Definitions and Acronyms
95 IP: Internet Protocol
97 IPv4: Internet Protocol version 4
99 IPv6: Internet Protocol version 6
101 UDP: User Datagram Protocol
103 VRF: Virtual Routing and Forwarding
105 2. Problem Statement
107 This document defines a YANG [RFC6020] configuration data model that
108 may be used to monitor and control one or more syslog processes running
109 on a system. YANG models can be used with network management
110 agents such as NETCONF [RFC6241] to install, manipulate, and delete
111 the configuration of network devices.
113 This module makes use of the YANG "feature" construct which allows
114 implementations to support only those Syslog features that lie
115 within their capabilities.
117 3. Design of the SYSLOG Model
119 The syslog model was designed by comparing various syslog features
120 implemented by various vendors' in different implementations.
122 This draft addresses the common leafs between all vendors and creates
123 a common model, which can be augmented with proprietary features, if
124 necessary. The base model is designed to be very simple for maximum
125 flexibility.
127 Syslog consists of message producers, a group level suppression filter,
128 and message distributors. The following digram shows syslog messages
129 flowing from a message producer, through the group level suppression
130 filter, and if passed by the group filter to message distributors where
131 further suppression filtering can take place.
133 Message Producers
134 +-------------+ +-------------+ +-------------+ +-------------+
135 | Various | | OS | | | | Remote |
136 | Components | | Kernel | | Line Cards | | Servers |
137 +-------------+ +-------------+ +-------------+ +-------------+
139 +-------------+ +-------------+ +-------------+ +-------------+
140 | SNMP | | Interface | | Standby | | Syslog |
141 | Events | | Events | | Supervisor | | Itself |
142 +-------------+ +-------------+ +-------------+ +-------------+
144 | |
145 +----------------------------------------------------------------+
146 |
147 |
148 v
150 Group Level Suppression
151 +------------------------------+
152 | Filter by message facility |
153 | and message severity |
154 +------------------------------+
155 |
156 |
157 |
158 +-----+---------+----------------+-----------------+
159 | | | |
160 v v v v
162 Message Distributors
163 +-------------+ +-------------+ +-------------+ +-------------+
164 | | | | | User | | Remote |
165 | Console | | Log File(s) | | Terminals | | Servers |
166 +-------------+ +-------------+ +-------------+ +-------------+
168 The leaves in the base syslog model correspond to the group level
169 suppression filter and each message distributor:
170 - console
171 - log file(s)
172 - user terminals
173 - remote server(s).
175 Optional features are used to specified fields that are not present in
176 all vendor configurations.
178 3.1. SYSLOG Module
179 module: ietf-syslog
180 +--rw syslog
181 +--rw global-logging-action {global-logging-action}?
182 | +--rw (logging-level-scope)?
183 | | +--:(logging-facility-all)
184 | | | +--rw (logging-severity-scope)?
185 | | | +--:(logging-severity-all)
186 | | | | +--rw all? empty
187 | | | +--:(logging-severity)
188 | | | +--rw severity? syslogtypes:Severity
189 | | +--:(logging-facility-none)
190 | | | +--rw none? empty
191 | | +--:(logging-facility)
192 | | +--rw logging-facilities* [facility]
193 | | +--rw facility identityref
194 | | +--rw (logging-severity-scope)?
195 | | +--:(logging-severity-all)
196 | | | +--rw all? empty
197 | | +--:(logging-severity)
198 | | +--rw severity? syslogtypes:Severity
199 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
200 | | +--rw (logging-severity-operator)?
201 | | +--:(default)
202 | | | +--rw default? empty
203 | | +--:(equals)
204 | | | +--rw equals? empty
205 | | +--:(not-equals)
206 | | +--rw not-equals? empty
207 | +--rw logging-match-processing {selector-match-processing-config}?
208 | +--rw pattern-match? string
209 +--rw console-logging-action
210 | +--rw (logging-level-scope)?
211 | | +--:(logging-facility-all)
212 | | | +--rw (logging-severity-scope)?
213 | | | +--:(logging-severity-all)
214 | | | | +--rw all? empty
215 | | | +--:(logging-severity)
216 | | | +--rw severity? syslogtypes:Severity
217 | | +--:(logging-facility-none)
218 | | | +--rw none? empty
219 | | +--:(logging-facility)
220 | | +--rw logging-facilities* [facility]
221 | | +--rw facility identityref
222 | | +--rw (logging-severity-scope)?
223 | | +--:(logging-severity-all)
224 | | | +--rw all? empty
225 | | +--:(logging-severity)
226 | | +--rw severity? syslogtypes:Severity
227 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
228 | | +--rw (logging-severity-operator)?
229 | | +--:(default)
230 | | | +--rw default? empty
231 | | +--:(equals)
232 | | | +--rw equals? empty
233 | | +--:(not-equals)
234 | | +--rw not-equals? empty
235 | +--rw logging-match-processing {selector-match-processing-config}?
236 | +--rw pattern-match? string
237 +--rw file-logging-action
238 | +--rw file-name inet:uri
239 | +--rw (logging-level-scope)?
240 | | +--:(logging-facility-all)
241 | | | +--rw (logging-severity-scope)?
242 | | | +--:(logging-severity-all)
243 | | | | +--rw all? empty
244 | | | +--:(logging-severity)
245 | | | +--rw severity? syslogtypes:Severity
246 | | +--:(logging-facility-none)
247 | | | +--rw none? empty
248 | | +--:(logging-facility)
249 | | +--rw logging-facilities* [facility]
250 | | +--rw facility identityref
251 | | +--rw (logging-severity-scope)?
252 | | +--:(logging-severity-all)
253 | | | +--rw all? empty
254 | | +--:(logging-severity)
255 | | +--rw severity? syslogtypes:Severity
256 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
257 | | +--rw (logging-severity-operator)?
258 | | +--:(default)
259 | | | +--rw default? empty
260 | | +--:(equals)
261 | | | +--rw equals? empty
262 | | +--:(not-equals)
263 | | +--rw not-equals? empty
264 | +--rw logging-match-processing {selector-match-processing-config}?
265 | | +--rw pattern-match? string
266 | +--rw file-logging-structured-data? boolean {file-logging-structured-data}?
267 | +--rw file-logging-archive {file-logging-archive-config}?
268 | +--rw file-number? uint32
269 | +--rw file-size? uint32
270 | +--rw file-permission? enumeration
271 +--rw remote-logging-action
272 | +--rw remote-logging-destination* [destination]
273 | +--rw destination inet:host
274 | +--rw (logging-level-scope)?
275 | | +--:(logging-facility-all)
276 | | | +--rw (logging-severity-scope)?
277 | | | +--:(logging-severity-all)
278 | | | | +--rw all? empty
279 | | | +--:(logging-severity)
280 | | | +--rw severity? syslogtypes:Severity
281 | | +--:(logging-facility-none)
282 | | | +--rw none? empty
283 | | +--:(logging-facility)
284 | | +--rw logging-facilities* [facility]
285 | | +--rw facility identityref
286 | | +--rw (logging-severity-scope)?
287 | | +--:(logging-severity-all)
288 | | | +--rw all? empty
289 | | +--:(logging-severity)
290 | | +--rw severity? syslogtypes:Severity
291 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
292 | | +--rw (logging-severity-operator)?
293 | | +--:(default)
294 | | | +--rw default? empty
295 | | +--:(equals)
296 | | | +--rw equals? empty
297 | | +--:(not-equals)
298 | | +--rw not-equals? empty
299 | +--rw logging-match-processing {selector-match-processing-config}?
300 | | +--rw pattern-match? string
301 | +--rw destination-facility? identityref
302 | +--rw source-interface? if:interface-ref
303 | +--rw vrf-name? string {remote-logging-use-vrf}?
304 | +--rw syslog-sign! {signed-messages-config}?
305 | +--rw certInitialRepeat? uint16
306 | +--rw certResendDelay? uint16
307 | +--rw certResendCount? uint16
308 | +--rw sigMaxDelay? uint16
309 | +--rw sigNumberResends? uint16
310 | +--rw sigResendDelay? uint16
311 | +--rw sigResendCount? uint16
312 +--rw terminal-logging-action
313 +--rw (user-scope)?
314 +--:(all-users)
315 | +--rw all-users
316 | +--rw (logging-level-scope)?
317 | | +--:(logging-facility-all)
318 | | | +--rw (logging-severity-scope)?
319 | | | +--:(logging-severity-all)
320 | | | | +--rw all? empty
321 | | | +--:(logging-severity)
322 | | | +--rw severity? syslogtypes:Severity
323 | | +--:(logging-facility-none)
324 | | | +--rw none? empty
325 | | +--:(logging-facility)
326 | | +--rw logging-facilities* [facility]
327 | | +--rw facility identityref
328 | | +--rw (logging-severity-scope)?
329 | | +--:(logging-severity-all)
330 | | | +--rw all? empty
331 | | +--:(logging-severity)
332 | | +--rw severity? syslogtypes:Severity
333 | +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
334 | | +--rw (logging-severity-operator)?
335 | | +--:(default)
336 | | | +--rw default? empty
337 | | +--:(equals)
338 | | | +--rw equals? empty
339 | | +--:(not-equals)
340 | | +--rw not-equals? empty
341 | +--rw logging-match-processing {selector-match-processing-config}?
342 | +--rw pattern-match? string
343 +--:(per-user) {terminal-facility-user-logging-config}?
344 +--rw user-name* [uname]
345 +--rw uname string
346 +--rw (logging-level-scope)?
347 | +--:(logging-facility-all)
348 | | +--rw (logging-severity-scope)?
349 | | +--:(logging-severity-all)
350 | | | +--rw all? empty
351 | | +--:(logging-severity)
352 | | +--rw severity? syslogtypes:Severity
353 | +--:(logging-facility-none)
354 | | +--rw none? empty
355 | +--:(logging-facility)
356 | +--rw logging-facilities* [facility]
357 | +--rw facility identityref
358 | +--rw (logging-severity-scope)?
359 | +--:(logging-severity-all)
360 | | +--rw all? empty
361 | +--:(logging-severity)
362 | +--rw severity? syslogtypes:Severity
363 +--rw logging-advanced-level-processing {selector-advanced-level-processing-config}?
364 | +--rw (logging-severity-operator)?
365 | +--:(default)
366 | | +--rw default? empty
367 | +--:(equals)
368 | | +--rw equals? empty
369 | +--:(not-equals)
370 | +--rw not-equals? empty
371 +--rw logging-match-processing {selector-match-processing-config}?
372 +--rw pattern-match? string
374 4. SYSLOG YANG Models
376 4.1. SYSLOG-TYPES module
378 module ietf-syslog-types {
379 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types";
380 prefix syslogtypes;
382 organization "IETF NETMOD (NETCONF Data Modeling Language) Working
383 Group";
384 contact
385 "WG Web:
386 WG List:
388 WG Chair: Juergen Schoenwaelder
389
391 WG Chair: Tom Nadeau
392
394 Editor: Clyde Wildes
395
397 Editor: Agrahara Kiran Koushik
398 ";
399 description
400 "This module contains a collection of YANG type definitions for
401 SYSLOG.";
403 revision 2014-10-24 {
404 description
405 "syslog-model-04 Revision";
406 reference
407 "This model references RFC 5424 - The Syslog Protocol,
408 and RFC 5848 - Signed Syslog Messages.";
409 }
411 typedef Severity {
412 type enumeration {
413 enum "emergency" {
414 value 0;
415 description
416 "Emergency Level Msg";
417 }
418 enum "alert" {
419 value 1;
420 description
421 "Alert Level Msg";
422 }
423 enum "critical" {
424 value 2;
425 description
426 "Critical Level Msg";
427 }
428 enum "error" {
429 value 3;
430 description
431 "Error Level Msg";
432 }
433 enum "warning" {
434 value 4;
435 description
436 "Warning Level Msg";
437 }
438 enum "notice" {
439 value 5;
440 description
441 "Notification Level Msg";
442 }
443 enum "info" {
444 value 6;
445 description
446 "Informational Level Msg";
447 }
448 enum "debug" {
449 value 7;
450 description
451 "Debugging Level Msg";
452 }
453 }
454 description
455 "The definitions for Syslog message severity.";
456 }
458 identity syslog-facility {
459 description
460 "The base identity to represent syslog facilities";
461 }
463 identity kern {
464 base syslog-facility;
465 description
466 "The facility for kernel messages as defined in RFC 5424.";
467 }
469 identity user {
470 base syslog-facility;
471 description
472 "The facility for user-level messages as defined in RFC 5424.";
473 }
475 identity mail {
476 base syslog-facility;
477 description
478 "The facility for the mail system as defined in RFC 5424.";
479 }
481 identity daemon {
482 base syslog-facility;
483 description
484 "The facility for the system daemons as defined in RFC 5424.";
485 }
487 identity auth {
488 base syslog-facility;
489 description
490 "The facility for security/authorization messages as defined
491 in RFC 5424.";
492 }
494 identity syslog {
495 base syslog-facility;
496 description
497 "The facility for messages generated internally by syslogd
498 facility as defined in RFC 5424.";
499 }
501 identity lpr {
502 base syslog-facility;
503 description
504 "The facility for the line printer subsystem as defined in
505 RFC 5424.";
506 }
508 identity news {
509 base syslog-facility;
510 description
511 "The facility for the network news subsystem as defined in
512 RFC 5424.";
513 }
515 identity uucp {
516 base syslog-facility;
517 description
518 "The facility for the UUCP subsystem as defined in RFC 5424.";
519 }
521 identity cron {
522 base syslog-facility;
523 description
524 "The facility for the clock daemon as defined in RFC 5424.";
525 }
527 identity authpriv {
528 base syslog-facility;
529 description
530 "The facility for privileged security/authorization messages
531 as defined in RFC 5424.";
532 }
534 identity ftp {
535 base syslog-facility;
536 description
537 "The facility for the FTP daemon as defined in RFC 5424.";
538 }
539 identity ntp {
540 base syslog-facility;
541 description
542 "The facility for the NTP subsystem as defined in RFC 5424.";
543 }
545 identity audit {
546 base syslog-facility;
547 description
548 "The facility for log audit messages as defined in RFC 5424.";
549 }
551 identity console {
552 base syslog-facility;
553 description
554 "The facility for log alert messages as defined in RFC 5424.";
555 }
557 identity cron2 {
558 base syslog-facility;
559 description
560 "The facility for the second clock daemon as defined in
561 RFC 5424.";
562 }
564 identity local0 {
565 base syslog-facility;
566 description
567 "The facility for local use 0 messages as defined in
568 RFC 5424.";
569 }
571 identity local1 {
572 base syslog-facility;
573 description
574 "The facility for local use 1 messages as defined in
575 RFC 5424.";
576 }
578 identity local2 {
579 base syslog-facility;
580 description
581 "The facility for local use 2 messages as defined in
582 RFC 5424.";
583 }
585 identity local3 {
586 base syslog-facility;
587 description
588 "The facility for local use 3 messages as defined in
589 RFC 5424.";
590 }
592 identity local4 {
593 base syslog-facility;
594 description
595 "The facility for local use 4 messages as defined in
596 RFC 5424.";
597 }
598 identity local5 {
599 base syslog-facility;
600 description
601 "The facility for local use 5 messages as defined in
602 RFC 5424.";
603 }
605 identity local6 {
606 base syslog-facility;
607 description
608 "The facility for local use 6 messages as defined in
609 RFC 5424.";
610 }
612 identity local7 {
613 base syslog-facility;
614 description
615 "The facility for local use 7 messages as defined in
616 RFC 5424.";
617 }
618 }
620 4.2. SYSLOG module
622 module ietf-syslog {
623 namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
624 prefix syslog;
626 import ietf-inet-types {
627 prefix inet;
628 }
630 import ietf-interfaces {
631 prefix if;
632 }
634 import ietf-syslog-types {
635 prefix syslogtypes;
636 }
638 organization "IETF NETMOD (NETCONF Data Modeling Language) Working
639 Group";
640 contact
641 "WG Web:
642 WG List:
644 WG Chair: Juergen Schoenwaelder
645
647 WG Chair: Tom Nadeau
648
650 Editor: Clyde Wildes
651
653 Editor: Agrahara Kiran Koushik
654 ";
656 description
657 "This module contains a collection of YANG definitions
658 for Syslog configuration.";
660 revision 2014-10-24 {
661 description
662 "syslog-model-04 Revision";
663 reference
664 "This model references RFC 5424 - The Syslog Protocol,
665 and RFC 5848 - Signed Syslog Messages.";
666 }
668 feature global-logging-action {
669 description
670 "This feature represents the ability to suppress log
671 messages on the global level.";
672 }
674 feature file-logging-structured-data {
675 description
676 "This feature represents the ability to log messages
677 to a file in structured-data format as per RFC 5424.";
678 }
680 feature file-logging-archive-config {
681 description
682 "This feature represents the ability to archive log files.";
683 }
685 feature remote-logging-use-vrf {
686 description
687 "This feature allows remote logging of messages to a
688 particular VRF.";
689 }
691 feature terminal-facility-user-logging-config {
692 description
693 "This feature represents the ability to adjust
694 log message settings for individual terminal users.";
695 }
697 feature selector-advanced-level-processing-config {
698 description
699 "This feature represents the ability to select messages
700 using the additional operators equal to, or not equal to
701 when comparing the Syslog message severity.";
702 }
704 feature selector-match-processing-config {
705 description
706 "This feature represents the ability to select messages based
707 on a Posix 1003.2 regular expression pattern match.";
708 }
710 feature signed-messages-config {
711 description
712 "This feature represents the ability to configure signed
713 syslog messages according to RFC 5848.";
714 }
715 grouping syslog-severity {
716 description
717 "This grouping defines the Syslog severity which is used to
718 filter log messages. Choose one of the following:
719 logging-severity-all
720 logging-severity ";
721 choice logging-severity-scope {
722 description
723 "This choice describes the option to specify all severities
724 or a specific severity.";
725 case logging-severity-all {
726 description
727 "This case specifies all severities.";
728 leaf all {
729 type empty;
730 description
731 "This leaf specifies that all severities participate in
732 the filtering of Syslog messages.";
733 }
734 }
735 case logging-severity {
736 description
737 "This case specifies a specific severity to participate
738 in the filtering of Syslog messages.";
739 leaf severity {
740 type syslogtypes:Severity;
741 description
742 "This leaf specifies the Syslog message severity.";
743 }
744 }
745 }
746 }
748 grouping syslog-selector {
749 description
750 "This grouping defines a Syslog selector which is used to
751 filter log messages for the given action in which the
752 selector appears. Choose one of the following:
753 logging-facility-all
754 logging-facility-none
755 logging-facility [ ...]
756 Additional severity comparison operations are available
757 using the logging-advanced-level-processing container. If
758 the logging-advanced-level-processing container is not
759 present all messages of the specified severity and higher
760 are logged according to the given action.";
761 choice logging-level-scope {
762 description
763 "This choice describes the option to specify all
764 facilities, no facilities, or a specific facility.";
765 case logging-facility-all {
766 description
767 "This case specifies all facilities will match when
768 comparing the Syslog message facility.";
769 uses syslog-severity;
770 }
771 case logging-facility-none {
772 description
773 "This case specifies no facilities will match when
774 comparing the Syslog message facility. This is a method
775 that can be used to turn an action off.";
776 leaf none {
777 type empty;
778 description
779 "This leaf specifies that no facilities participate in the
780 filtering of Syslog messages for this action.";
781 }
782 }
783 case logging-facility {
784 description
785 "This case specifies one or more specified facilities
786 will match when comparing the Syslog message facility.";
787 list logging-facilities {
788 key "facility";
789 description
790 "This list describes a collection of Syslog facilities
791 and severities.";
792 leaf facility {
793 type identityref {
794 base syslogtypes:syslog-facility;
795 }
796 description
797 "The leaf uniquely identifies a Syslog facility.";
798 }
799 uses syslog-severity;
800 }
801 }
802 }
803 container logging-advanced-level-processing {
804 if-feature selector-advanced-level-processing-config;
805 description
806 "This container describes the configuration parameters for
807 advanced Syslog selector severity comparison.";
808 choice logging-severity-operator {
809 description
810 "This choice describes the option to specify how the
811 severity comparison is performed.";
812 case default {
813 description
814 "All messages of the specified severity and higher are
815 logged according to the given action";
816 leaf default {
817 type empty;
818 description
819 "This leaf specifies the default behavior.";
820 }
821 }
822 case equals {
823 description
824 "All messages of the specified severity are logged
825 according to the given action";
826 leaf equals {
827 type empty;
828 description
829 "This leaf specifies all messages for the speicified
830 severity.";
831 }
832 }
833 case not-equals {
834 description
835 "All messages that are not of the specified severity are
836 logged according to the given action";
837 leaf not-equals {
838 type empty;
839 description
840 "This leaf specifies all messages that are not for the
841 speicified severity.";
842 }
843 }
844 }
845 }
846 container logging-match-processing {
847 if-feature selector-match-processing-config;
848 description
849 "This container describes the configuration parameters for
850 matching Syslog messages using a regular expression pattern
851 match.";
852 leaf pattern-match {
853 type string;
854 description
855 "This leaf describes a Posix 1003.2 regular expression
856 string that can be used to select a Syslog message for
857 logging.";
858 }
859 }
860 }
862 container syslog {
863 config true;
864 description
865 "This container describes the configuration parameters for
866 Syslog.";
867 container global-logging-action {
868 if-feature global-logging-action;
869 description
870 "This container describes the configuration parameters for
871 global logging. Global logging represents the ability to
872 perform global log message suppression.";
873 uses syslog-selector;
874 }
875 container console-logging-action {
876 description
877 "This container describes the configuration parameters for
878 console logging.";
879 uses syslog-selector;
880 }
881 container file-logging-action {
882 description
883 "This container describes the configuration parameters for
884 file logging.";
885 leaf file-name {
886 type inet:uri;
887 mandatory true;
888 description
889 "This leaf specifies the name of the log file.";
890 }
891 uses syslog-selector;
892 leaf file-logging-structured-data {
893 if-feature file-logging-structured-data;
894 type boolean;
895 description
896 "This leaf describes how log messages are written to the
897 log file. If set messages will be written in structured-
898 data format; if not set messages will be written in
899 standard message format.";
900 }
901 container file-logging-archive {
902 if-feature file-logging-archive-config;
903 description
904 "This container describes the configuration parameters for
905 log file archiving.";
906 leaf file-number {
907 type uint32;
908 description
909 "This leaf specifies the maximum number of log files
910 retained.";
911 }
912 leaf file-size {
913 type uint32;
914 description
915 "This leaf specifies the maximum log file size.";
916 }
917 leaf file-permission {
918 type enumeration {
919 enum world-readable {
920 value 1;
921 description
922 "This enum specifies that the log files
923 are readable by world.";
924 }
925 enum no-world-readable {
926 value 2;
927 description
928 "This enum specifies that the log files
929 are not readable by world.";
930 }
931 }
932 description
933 "This leaf describes who can read log files";
934 }
935 }
936 }
937 container remote-logging-action {
938 description
939 "This container describes the configuration parameters for
940 remote logging.";
941 list remote-logging-destination {
942 key "destination";
943 description
944 "This list describes a collection of remote logging
945 destinations.";
946 leaf destination {
947 type inet:host;
948 mandatory true;
949 description
950 "The leaf uniquely specifies the address of the
951 remote host. One of the following must be specified:
952 an ipv4 address, an ipv6 address, or a host name.";
953 }
954 uses syslog-selector;
955 leaf destination-facility {
956 type identityref {
957 base syslogtypes:syslog-facility;
958 }
959 description
960 "This leaf specifies the facility used in messages
961 delivered to the remote server.";
962 }
963 leaf source-interface {
964 type if:interface-ref;
965 description
966 "This leaf sets the source interface for the remote
967 Syslog server. Either the interface name or the
968 interface IP address can be specified.";
969 }
970 leaf vrf-name {
971 if-feature remote-logging-use-vrf;
972 type string;
973 description
974 "This leaf specifies the name of the virtual routing
975 facility (VRF).";
976 }
977 container syslog-sign {
978 if-feature signed-messages-config;
979 presence
980 "If present, syslog-sign is activated.";
981 description
982 "This container describes the configuration parameters
983 for signed syslog messages as described by RFC 5848.";
984 leaf certInitialRepeat {
985 type uint16;
986 description
987 "This leaf specifies the number of times each
988 Certificate Block should be sent before the first
989 message is sent.";
990 }
991 leaf certResendDelay {
992 type uint16;
993 description
994 "This leaf specifies the maximum time delay in seconds
995 until resending the Certificate Block.";
996 }
997 leaf certResendCount {
998 type uint16;
999 description
1000 "This leaf specifies the maximum number of other
1001 syslog messages to send until resending the
1002 Certificate Block.";
1003 }
1004 leaf sigMaxDelay {
1005 type uint16;
1006 description
1007 "This leaf specifies when to generate a new Signature
1008 Block. If this many seconds have elapsed since the
1009 message with the first message number of the
1010 Signature Block was sent, a new Signature Block
1011 should be generated.";
1012 }
1013 leaf sigNumberResends {
1014 type uint16;
1015 description
1016 "This leaf specifies the number of times a Signature
1017 Block is resent. (It is recommended to select a value
1018 of greater than 0 in particular when the UDP
1019 transport [RFC5426] is used.).";
1020 }
1021 leaf sigResendDelay {
1022 type uint16;
1023 description
1024 "This leaf specifies when to send the next Signature
1025 Block transmission based on time. If this many
1026 seconds have elapsed since the previous sending of
1027 this Signature Block, resend it.";
1028 }
1029 leaf sigResendCount {
1030 type uint16;
1031 description
1032 "This leaf specifies when to send the next Signature
1033 Block transmission based on a count. If this many
1034 other syslog messages have been sent since the
1035 previous sending of this Signature Block, resend it.";
1036 }
1037 }
1038 }
1039 }
1040 container terminal-logging-action {
1041 description
1042 "This container describes the configuration parameters for
1043 the terminal logging configuration.";
1044 choice user-scope {
1045 description
1046 "This choice describes the option to specify all users
1047 or a specific user. The all users case implies that
1048 messages will be sent to all terminals";
1049 case all-users {
1050 description
1051 "This case specifies all users.";
1052 container all-users {
1053 description
1054 "This container describes the configuration parameters
1055 for all users.";
1056 uses syslog-selector;
1057 }
1058 }
1059 case per-user {
1060 if-feature terminal-facility-user-logging-config;
1061 description
1062 "This case specifies a specific user.";
1063 list user-name {
1064 key "uname";
1065 description
1066 "This list describes a collection of user names.";
1067 leaf uname {
1068 type string;
1069 description
1070 "This leaf uniquely describes a user name.";
1071 }
1072 uses syslog-selector;
1073 }
1074 }
1075 }
1076 }
1077 }
1078 }
1079 4.3. A SYSLOG Example
1081 Requirement:
1082 Enable global logging of two facilities:
1083 kern - severity critical(1)
1084 auth - severity error(3)
1086 Enable console logging of syslogs of severity
1087 critical(1)
1089 Here is the example syslog configuration xml:
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099 kerncritical
1100
1101
1102 autherror
1103
1104
1105
1106 critical
1107
1108
1109
1110
1111
1113
1114
1115
1116
1118 5. Implementation Status
1120 [Note to RFC Editor: Please remove this section before publication.]
1122 This section records the status of known implementations of the Syslog
1123 YANG model at the time of posting of this Internet-Draft.
1125 Cisco Systems, Inc. has implemented the proposed IETF Syslog model
1126 for the Nexus 7000 NXOS OS as a prototype, together with an
1127 augmentation model for operating system specific Syslog configuration
1128 features.
1130 Five leaves were implemented in the base IETF model and three leaves
1131 were implemented in the NXOS specific augmentation model as follows:
1133 Leaf XPATH Sample NXOS CLI Command(s)
1135 syslog:global-logging-action logging level cron 2
1136 syslog:console-logging-action logging console 1
1137 syslog:file-logging-action logging logfile mylog.log 2 4096
1138 syslog:terminal-logging-action logging monitor 2
1139 syslog:remote-logging-action *logging server server.cisco.com 2
1140 facility user use-vrf management
1141 *logging source-interface loopback 0
1142 cisco-syslog:logging-timestamp-config logging timestamp milli-seconds
1143 cisco-syslog:origin-id-cfg logging origin-id string abcdef
1144 cisco-syslog:module-logging logging module 1
1146 *The "logging server" and "logging source-interface" commands were
1147 combined into one base model leaf.
1149 The description of implementations in this section is intended to assist
1150 the IETF in its decision processes in progressing drafts to RFCs.
1152 6. Security Considerations
1154 The YANG module defined in this memo is designed to be accessed via
1155 the NETCONF protocol [RFC6241]. The lowest NETCONF layer
1156 is the secure transport layer and the mandatory-to-implement secure
1157 transport is SSH [RFC6242]. The NETCONF access control
1158 model [RFC6536] provides the means to restrict access for
1159 particular NETCONF users to a pre-configured subset of all available
1160 NETCONF protocol operations and content.
1162 There are a number of data nodes defined in the YANG module which are
1163 writable/creatable/deletable (i.e., config true, which is the
1164 default). These data nodes may be considered sensitive or vulnerable
1165 in some network environments. Write operations (e.g., )
1166 to these data nodes without proper protection can have a negative
1167 effect on network operations.
1169 TBD: List specific Subtrees and data nodes and their sensitivity/
1170 vulnerability.
1172 7. IANA Considerations
1174 This document registers a URI in the IETF XML registry [RFC3688]
1175 [RFC3688]. Following the format in RFC 3688, the following
1176 registration is requested to be made:
1178 URI: urn:ietf:params:xml:ns:yang:syslog
1180 Registrant Contact: The IESG.
1182 XML: N/A, the requested URI is an XML namespace.
1184 This document registers a YANG module in the YANG Module Names
1185 registry [RFC6020].
1187 name: syslog namespace: urn:ietf:params:xml:ns:yang:syslog
1188 prefix: syslog reference: RFC XXXX
1190 8. Acknowledgements
1192 The authors wish to thank the following who provided feedback during the
1193 writing of this document:
1195 Alexander Clemm
1196 Jim Gibson
1197 Jeffrey Haas
1198 John Heasley
1199 Giles Heron
1200 Lisa Huang
1201 Jeffrey K Lange
1202 Chris Lonvick
1203 Juergen Schoenwaelder
1204 Peter Van Horne
1205 Bert Wijnen
1206 Aleksandr Zhdankin
1208 9. Change log [RFC Editor: Please remove]
1210 10. References
1212 [RFC3164] Lonvick, C., "The BSD syslog Protocol", BCP 81, RFC 3164,
1213 August 2001.
1215 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1216 April 2704.
1218 [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009
1220 [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
1221 RFC 5426, March 2009
1223 [RFC5848] Kelsey, J., Callas, J., Clemm, A., "Signed Syslog Messages",
1224 RFC 5848, May 2010.
1226 [RFC6020] Bjorklund, M., "YANG - A Data Modeling Language for the
1227 Network Configuration Protocol (NETCONF)", RFC 6020,
1228 October 2010.
1230 [RFC6241] Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
1231 Bierman, "Network Configuration Protocol (NETCONF)", RFC
1232 6241, June 2011.
1234 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
1235 Shell (SSH)", RFC 6242, June 2011.
1237 [RFC6536] Bierman, A., Bjorklund, M., "Network Configuration Protocol
1238 (NETCONF) Access Control Model", RFC 6536, March 2012.
1240 [Posix 1003.2] IEEE, "1003.2-1992 - IEEE Standard for Information
1241 Technology--Portable Operating System Interfaces
1242 (POSIX(R))--Part 2: Shell and Utilities", Posix 1003.2, 1992
1244 Authors' Addresses
1246 Clyde Wildes
1247 Cisco Systems Inc.
1249 Email: cwildes@cisco.com
1251 Kiran Agrahara Sreenivasa
1252 Brocade Communications Systems
1254 Email: kkoushik@brocade.com