draft-ietf-netmod-syslog-model-11.txt   draft-ietf-netmod-syslog-model-12.txt 
NETMOD WG C. Wildes, Ed. NETMOD WG C. Wildes, Ed.
Internet-Draft K. Koushik, Ed. Internet-Draft K. Koushik, Ed.
Intended status: Standards Track Cisco Systems Inc. Intended status: Standards Track Cisco Systems Inc.
Expires: May 17, 2017 November 13, 2016 Expires: August 16, 2017 February 14, 2017
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Configuration
draft-ietf-netmod-syslog-model-11 draft-ietf-netmod-syslog-model-12
Abstract Abstract
This document describes a data model for the configuration of syslog. This document describes a data model for the configuration of syslog.
Status of This Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 17, 2017. This Internet-Draft will expire on August 16, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (http://trustee.ietf.org/
(http://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2
3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 3 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5
4. Syslog YANG Modules . . . . . . . . . . . . . . . . . . . . . 8 4. Syslog YANG Modules . . . . . . . . . . . . . . . . . . . . . 8
4.1. The ietf-syslog-types Module . . . . . . . . . . . . . . 8 4.1. The ietf-syslog-types Module . . . . . . . . . . . . . . . 8
4.2. The ietf-syslog Module . . . . . . . . . . . . . . . . . 14 4.2. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 14
5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 26 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 25
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 8. Security Considerations . . . . . . . . . . . . . . . . . . . 27
8.1. Resource Constraints . . . . . . . . . . . . . . . . . . 29 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 27
8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 30 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 27
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9.1. Normative References . . . . . . . . . . . . . . . . . . 30 9.1. Normative References . . . . . . . . . . . . . . . . . . . 27
9.2. Informative References . . . . . . . . . . . . . . . . . 30 9.2. Informative References . . . . . . . . . . . . . . . . . . 28
Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . 31 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 28
A.1. Extending Facilities . . . . . . . . . . . . . . . . . . 31 Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction 1. Introduction
Operating systems, processes and applications generate messages Operating systems, processes and applications generate messages
indicating their own status or the occurrence of events. These indicating their own status or the occurrence of events. These
messages are useful for managing and/or debugging the network and its messages are useful for managing and/or debugging the network and its
services. The BSD syslog protocol is a widely adopted protocol that services. The BSD syslog protocol is a widely adopted protocol that
is used for transmission and processing of the messages. is used for transmission and processing of the messages.
Since each process, application and operating system was written Since each process, application and operating system was written
somewhat independently, there is little uniformity to the content of somewhat independently, there is little uniformity to the content of
syslog messages. For this reason, no assumption is made upon the syslog messages. For this reason, no assumption is made upon the
formatting or contents of the messages. The protocol is simply formatting or contents of the messages. The protocol is simply
designed to transport these event messages. No acknowledgement of designed to transport these event messages. No acknowledgement of
the receipt is made. the receipt is made.
Essentially, a syslog process receives messages (from the kernel, Essentially, a syslog process receives messages (from the kernel,
processes, applications or other syslog processes) and processes processes, applications or other syslog processes) and processes
those. The processing involves logging to a local file, displaying those. The processing involves logging to a local file, displaying
on console, user terminal, and/or relaying to syslog processes on on console, and/or relaying to syslog processes on other machines.
other machines. The processing is determined by the "facility" that The processing is determined by the "facility" that originated the
originated the message and the "severity" assigned to the message by message and the "severity" assigned to the message by the facility.
the facility.
We are using definitions of syslog protocol from [RFC5424] in this We are using definitions of syslog protocol from [RFC5424] in this
RFC. RFC.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
skipping to change at page 3, line 46 skipping to change at page 3, line 27
3. Design of the Syslog Model 3. Design of the Syslog Model
The syslog model was designed by comparing various syslog features The syslog model was designed by comparing various syslog features
implemented by various vendors' in different implementations. implemented by various vendors' in different implementations.
This draft addresses the common leafs between implementations and This draft addresses the common leafs between implementations and
creates a common model, which can be augmented with proprietary creates a common model, which can be augmented with proprietary
features, if necessary. The base model is designed to be very simple features, if necessary. The base model is designed to be very simple
for maximum flexibility. for maximum flexibility.
Syslog consists of originators, and collectors. The following digram Optional features are used to specify functionality that is present
shows syslog messages flowing from an originator, to collectors where in specific vendor configurations.
suppression filtering can take place.
Syslog consists of originators, and collectors. The following
diagram shows syslog messages flowing from an originator, to
collectors where filtering can take place.
Many vendors extend the list of facilities available for logging in Many vendors extend the list of facilities available for logging in
their implementation. An example is included in Extending Facilities their implementation. An example is included in Extending Facilities
(Appendix A.1). (Appendix A.1).
Originators Originators
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| Various | | OS | | | | Remote | | Various | | OS | | | | Remote |
| Components | | Kernel | | Line Cards | | Servers | | Components | | Kernel | | Line Cards | | Servers |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
skipping to change at page 4, line 22 skipping to change at page 4, line 22
| SNMP | | Interface | | Standby | | Syslog | | SNMP | | Interface | | Standby | | Syslog |
| Events | | Events | | Supervisor | | Itself | | Events | | Events | | Supervisor | | Itself |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| | | |
+----------------------------------------------------------------+ +----------------------------------------------------------------+
| |
| |
| |
| |
+-----------+------------+--------------+ +-------------+--------------+
| | | | | | |
v v v | v v v
Collectors | Collectors
+----------+ +----------+ +----------+ | +----------+ +----------+ +----------------+
| | | Log | | Log | | | | | Log | |Remote Relay(s)/|
| Console | | Buffer | | File(s) | | | Console | | File(s) | |Collector(s) |
+----------+ +----------+ +----------+ | +----------+ +----------+ +----------------+
|
+-+-------------+
| |
v v
+----------------+ +-----------+
|Remote Relay(s)/| |User |
|Collectors(s) | |Sessions(s)|
+----------------+ +-----------+
Figure 1. Syslog Processing Flow Figure 1. Syslog Processing Flow
The leaves in the base syslog model actions container correspond to The leaves in the base syslog model actions container correspond to
each message collector: each message collector:
console console
log buffer
log file(s) log file(s)
remote relay(s)/collector(s) remote relay(s)/collector(s)
user session(s).
Within each action, a selector is used to filter syslog messages. A Within each action, a selector is used to filter syslog messages. A
selector consists of two parts: one or more facility-severity selector consists of a list of one or more facility-severity matches,
matches, and if supported via the select-match feature, an optional and, if supported via the select-match feature, an optional regular
regular expression pattern match that is performed on the SYSLOG-MSG expression pattern match that is performed on the SYSLOG-MSG field.
field.
The facility is one of a specific syslogtypes:syslog-facility, none, Selector processing (input is syslog message):
or all facilities. None is a special case that can be used to
disable an action. 1. Loop through facility-list
a. Facility match processing - continue to the next entry in
the list if no match
b. Severity compare processing - continue to the next list
entry if no match
c. Match - proceed with the action and exit further processing
2. Process pattern match if specified and if a match proceed with
the action
The facility is one of a specific syslogtypes:syslog-facility, or all
facilities.
The severity is one of syslogtypes:severity, all severities, or none. The severity is one of syslogtypes:severity, all severities, or none.
None is a special case that can be used to disable a facility. When None is a special case that can be used to disable a facility. When
filtering severity, the default comparison is that all messages of filtering severity, the default comparison is that messages of the
the specified severity and higher are logged. This is shown in the specified severity and higher are selected to be logged. This is
model as ?default equals-or-higher?. This behavior can be altered if shown in the model as "default equals-or-higher". This behavior can
the select-sev-compare feature is enabled to specify: ?equals? to be altered if the select-adv-compare feature is enabled to specify a
specify only this single severity; ?not-equals? to ignore that compare operatorn and an action. Compare operations are: "equals"
severity; ?equals-or-higher? to specify all messages of the specified to select messages with this single severity, or "equals-or-higher"
severity and higher. to select messages of the specified severity and higher. Actions are
to log the message or block the message from being logged.
Optional features are used to specified functionality that is present
in specific vendor configurations.
3.1. Syslog Module 3.1. Syslog Module
A simplified graphical representation of the complete data tree is A simplified graphical representation of the complete data tree is
presented here. presented here.
Each node is printed as: Each node is printed as:
<status> <flags> <name> <opts> <type> <if-features> <status> <flags> <name> <opts> <type> <if-features>
<status> is one of: <status> is one of:
+ for current + for current
x for deprecated x for deprecated
o for obsolete o for obsolete
<flags> is one of: <flags> is one of:
rw for configuration data rw for configuration data
ro for non-configuration data ro for non-configuration data
-x for rpcs -x for rpcs
-n for notifications -n for notifications
<name> is the name of the node <name> is the name of the node
(<name>) means that the node is a choice node (<name>) means that the node is a choice node
:(<name>) means that the node is a case node :(<name>) means that the node is a case node
If the node is augmented into the tree from another module, its name If the node is augmented into the tree from another module, its name
is printed as <prefix>:<name>. is printed as <prefix>:<name>.
<opts> is one of: <opts> is one of:
? for an optional leaf or choice ? for an optional leaf or choice
! for a presence container ! for a presence container
* for a leaf-list or list * for a leaf-list or list
[<keys>] for a list's keys [<keys>] for a list's keys
<type> is the name of the type for leafs and leaf-lists <type> is the name of the type for leafs and leaf-lists
If the type is a leafref, the type is printed as "-> TARGET", where If the type is a leafref, the type is printed as "-> TARGET", where
TARGET is either the leafref path, with prefixed removed if possible. TARGET is either the leafref path, with prefixed removed if possible.
<if-features> is the list of features this node depends on, printed <if-features> is the list of features this node depends on, printed
within curly brackets and a question mark "{...}?" within curly brackets and a question mark "{...}?"
module: ietf-syslog
module: ietf-syslog +--rw syslog!
+--rw syslog! +--rw actions
+--rw actions +--rw console! {console-action}?
+--rw console!
| +--rw selector
| +--rw (selector-facility)
| | +--:(facility)
| | | +--rw no-facilities? empty
| | +--:(name)
| | +--rw facility-list* [facility]
| | +--rw facility union
| | +--rw severity union
| | +--rw compare? enumeration {select-sev-compare}?
| +--rw pattern-match? string {select-match}?
+--rw buffer {buffer-action}?
| +--rw selector
| | +--rw (selector-facility)
| | | +--:(facility)
| | | | +--rw no-facilities? empty
| | | +--:(name)
| | | +--rw facility-list* [facility]
| | | +--rw facility union
| | | +--rw severity union
| | | +--rw compare? enumeration {select-sev-compare}?
| | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}?
| +--rw buffer-limit-bytes? uint64 {buffer-limit-bytes}?
| +--rw buffer-limit-messages? uint64 {buffer-limit-messages}?
+--rw file
| +--rw log-file* [name]
| +--rw name inet:uri
| +--rw selector
| | +--rw (selector-facility)
| | | +--:(facility)
| | | | +--rw no-facilities? empty
| | | +--:(name)
| | | +--rw facility-list* [facility]
| | | +--rw facility union
| | | +--rw severity union
| | | +--rw compare? enumeration {select-sev-compare}?
| | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint64 {file-limit-size}?
| +--rw rollover? uint32 {file-limit-duration}?
| +--rw retention? uint16 {file-limit-duration}?
+--rw remote
| +--rw destination* [name]
| +--rw name string
| +--rw (transport)
| | +--:(tcp)
| | | +--rw tcp
| | | +--rw address? inet:host
| | | +--rw port? inet:port-number
| | +--:(udp)
| | +--rw udp
| | +--rw address? inet:host
| | +--rw port? inet:port-number
| +--rw selector
| | +--rw (selector-facility)
| | | +--:(facility)
| | | | +--rw no-facilities? empty
| | | +--:(name)
| | | +--rw facility-list* [facility]
| | | +--rw facility union
| | | +--rw severity union
| | | +--rw compare? enumeration {select-sev-compare}?
| | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}?
| +--rw facility-override? identityref
| +--rw source-interface? if:interface-ref
| +--rw signing-options! {signed-messages}?
| +--rw cert-initial-repeat uint16
| +--rw cert-resend-delay uint16
| +--rw cert-resend-count uint16
| +--rw max-delay uint16
| +--rw number-resends uint16
| +--rw resend-delay uint16
| +--rw resend-count uint16
+--rw session
+--rw all-users!
| +--rw selector | +--rw selector
| +--rw (selector-facility) | +--rw facility-list* [facility severity]
| | +--:(facility) | | +--rw facility union
| | | +--rw no-facilities? empty | | +--rw severity union
| | +--:(name) | | +--rw advanced-compare {select-adv-compare}?
| | +--rw facility-list* [facility] | | +--rw compare? enumeration
| | +--rw facility union | | +--rw action? enumeration
| | +--rw severity union
| | +--rw compare? enumeration {select-sev-compare}?
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw user* [name] +--rw file {file-action}?
+--rw name string | +--rw log-file* [name]
+--rw selector | +--rw name inet:uri
+--rw (selector-facility) | +--rw selector
| +--:(facility) | | +--rw facility-list* [facility severity]
| | +--rw no-facilities? empty | | | +--rw facility union
| +--:(name) | | | +--rw severity union
| +--rw facility-list* [facility] | | | +--rw advanced-compare {select-adv-compare}?
| +--rw facility union | | | +--rw compare? enumeration
| +--rw severity union | | | +--rw action? enumeration
| +--rw compare? enumeration {select-sev-compare}? | | +--rw pattern-match? string {select-match}?
+--rw pattern-match? string {select-match}? | +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint32 {file-limit-size}?
| +--rw rollover? uint32 {file-limit-duration}?
| +--rw retention? uint32 {file-limit-duration}?
+--rw remote {remote-action}?
+--rw destination* [name]
+--rw name string
+--rw (transport)
| +--:(tcp)
| | +--rw tcp
| | +--rw address? inet:host
| | +--rw port? inet:port-number
| +--:(udp)
| +--rw udp
| +--rw address? inet:host
| +--rw port? inet:port-number
+--rw selector
| +--rw facility-list* [facility severity]
| | +--rw facility union
| | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration
| | +--rw action? enumeration
| +--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref
+--rw source-interface? if:interface-ref {remote-source-interface}?
+--rw signing-options! {signed-messages}?
+--rw cert-initial-repeat uint16
+--rw cert-resend-delay uint16
+--rw cert-resend-count uint16
+--rw max-delay uint16
+--rw number-resends uint16
+--rw resend-delay uint16
+--rw resend-count uint16
Figure 2. ietf-syslog Module Tree Figure 2. ietf-syslog Module Tree
4. Syslog YANG Modules 4. Syslog YANG Modules
4.1. The ietf-syslog-types Module 4.1. The ietf-syslog-types Module
This module references [RFC5424]. This module references [RFC5424].
<CODE BEGINS> file "ietf-syslog-types.yang" <CODE BEGINS> file "ietf-syslog-types.yang"
module ietf-syslog-types { module ietf-syslog-types {
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog-types";
prefix syslogtypes; prefix syslogtypes;
organization "IETF NETMOD (NETCONF Data Modeling Language) Working organization "IETF NETMOD (NETCONF Data Modeling Language) Working
Group"; Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
WG Chair: Lou Berger WG Chair: Lou Berger
<mailto:lberger@labn.net> <mailto:lberger@labn.net>
WG Chair: Kent Watsen WG Chair: Kent Watsen
<mailto:kwatsen@juniper.net> <mailto:kwatsen@juniper.net>
Editor: Kiran Agrahara Sreenivasa Editor: Kiran Agrahara Sreenivasa
<mailto:kkoushik@cisco.com> <mailto:kkoushik@cisco.com>
Editor: Clyde Wildes Editor: Clyde Wildes
<mailto:cwildes@cisco.com>"; <mailto:cwildes@cisco.com>";
description description
"This module contains a collection of YANG type definitions for "This module contains a collection of YANG type definitions for
SYSLOG. SYSLOG.
Copyright (c) 2016 IETF Trust and the persons identified as Copyright (c) 2016 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
'OPTIONAL' in the module text are to be interpreted as described 'OPTIONAL' in the module text are to be interpreted as described
in RFC 2119 (http://tools.ietf.org/html/rfc2119). in RFC 2119 (http://tools.ietf.org/html/rfc2119).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(http://tools.ietf.org/html/rfcXXXX); see the RFC itself for (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for
full legal notices."; full legal notices.";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
revision 2016-11-13 { revision 2017-02-14 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC XXXX: SYSLOG YANG Model"; "RFC XXXX: SYSLOG YANG Model";
}
typedef severity { }
type enumeration {
enum "emergency" {
value 0;
description
"The severity level 'Emergency' indicating that the system
is unusable.";
} typedef severity {
enum "alert" { type enumeration {
value 1; enum "emergency" {
description value 0;
"The severity level 'Alert' indicating that an action must be description
taken immediately."; "The severity level 'Emergency' indicating that the system
} is unusable.";
enum "critical" { }
value 2; enum "alert" {
description value 1;
"The severity level 'Critical' indicating a critical condition."; description
} "The severity level 'Alert' indicating that an action must be
enum "error" { taken immediately.";
value 3; }
description enum "critical" {
"The severity level 'Error' indicating an error condition."; value 2;
} description
enum "warning" { "The severity level 'Critical' indicating a critical condition.";
value 4; }
description enum "error" {
"The severity level 'Warning' indicating a warning condition."; value 3;
} description
enum "notice" { "The severity level 'Error' indicating an error condition.";
value 5; }
description enum "warning" {
"The severity level 'Notice' indicating a normal but significant value 4;
condition."; description
} "The severity level 'Warning' indicating a warning condition.";
enum "info" { }
value 6; enum "notice" {
description value 5;
"The severity level 'Info' indicating an informational message."; description
} "The severity level 'Notice' indicating a normal but significant
enum "debug" { condition.";
value 7; }
description enum "info" {
"The severity level 'Debug' indicating a debug-level message."; value 6;
} description
} "The severity level 'Info' indicating an informational message.";
description }
"The definitions for Syslog message severity as per RFC 5424."; enum "debug" {
} value 7;
description
"The severity level 'Debug' indicating a debug-level message.";
}
}
description
"The definitions for Syslog message severity as per RFC 5424.";
}
identity syslog-facility { identity syslog-facility {
description description
"This identity is used as a base for all syslog facilities as "This identity is used as a base for all syslog facilities as
per RFC 5424."; per RFC 5424.";
} }
identity kern {
base syslog-facility;
description
"The facility for kernel messages (0) as defined in RFC 5424.";
}
identity user { identity kern {
base syslog-facility; base syslog-facility;
description description
"The facility for user-level messages (1) as defined in RFC 5424."; "The facility for kernel messages (0) as defined in RFC 5424.";
} }
identity mail { identity user {
base syslog-facility; base syslog-facility;
description description
"The facility for the mail system (2) as defined in RFC 5424."; "The facility for user-level messages (1) as defined in RFC 5424.";
} }
identity daemon { identity mail {
base syslog-facility; base syslog-facility;
description description
"The facility for the system daemons (3) as defined in RFC 5424."; "The facility for the mail system (2) as defined in RFC 5424.";
} }
identity auth { identity daemon {
base syslog-facility; base syslog-facility;
description description
"The facility for security/authorization messages (4) as defined "The facility for the system daemons (3) as defined in RFC 5424.";
in RFC 5424."; }
}
identity syslog { identity auth {
base syslog-facility; base syslog-facility;
description description
"The facility for messages generated internally by syslogd "The facility for security/authorization messages (4) as defined
facility (5) as defined in RFC 5424."; in RFC 5424.";
} }
identity lpr { identity syslog {
base syslog-facility; base syslog-facility;
description description
"The facility for the line printer subsystem (6) as defined in "The facility for messages generated internally by syslogd
RFC 5424."; facility (5) as defined in RFC 5424.";
} }
identity news { identity lpr {
base syslog-facility; base syslog-facility;
description description
"The facility for the network news subsystem (7) as defined in "The facility for the line printer subsystem (6) as defined in
RFC 5424."; RFC 5424.";
} }
identity uucp { identity news {
base syslog-facility; base syslog-facility;
description description
"The facility for the UUCP subsystem (8) as defined in RFC 5424."; "The facility for the network news subsystem (7) as defined in
} RFC 5424.";
identity cron { }
base syslog-facility;
description
"The facility for the clock daemon (9) as defined in RFC 5424.";
}
identity authpriv { identity uucp {
base syslog-facility; base syslog-facility;
description description
"The facility for privileged security/authorization messages (10) "The facility for the UUCP subsystem (8) as defined in RFC 5424.";
as defined in RFC 5424."; }
}
identity ftp { identity cron {
base syslog-facility; base syslog-facility;
description description
"The facility for the FTP daemon (11) as defined in RFC 5424."; "The facility for the clock daemon (9) as defined in RFC 5424.";
} }
identity ntp { identity authpriv {
base syslog-facility; base syslog-facility;
description description
"The facility for the NTP subsystem (12) as defined in RFC 5424."; "The facility for privileged security/authorization messages (10)
} as defined in RFC 5424.";
}
identity audit { identity ftp {
base syslog-facility; base syslog-facility;
description description
"The facility for log audit messages (13) as defined in RFC 5424."; "The facility for the FTP daemon (11) as defined in RFC 5424.";
} }
identity console { identity ntp {
base syslog-facility; base syslog-facility;
description description
"The facility for log alert messages (14) as defined in RFC 5424."; "The facility for the NTP subsystem (12) as defined in RFC 5424.";
} }
identity cron2 { identity audit {
base syslog-facility; base syslog-facility;
description description
"The facility for the second clock daemon (15) as defined in "The facility for log audit messages (13) as defined in RFC 5424.";
RFC 5424."; }
}
identity local0 { identity console {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 0 messages (16) as defined in "The facility for log alert messages (14) as defined in RFC 5424.";
RFC 5424."; }
}
identity local1 { identity cron2 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 1 messages (17) as defined in "The facility for the second clock daemon (15) as defined in
RFC 5424."; RFC 5424.";
} }
identity local2 { identity local0 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 2 messages (18) as defined in "The facility for local use 0 messages (16) as defined in
RFC 5424."; RFC 5424.";
} }
identity local3 { identity local1 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 3 messages (19) as defined in "The facility for local use 1 messages (17) as defined in
RFC 5424."; RFC 5424.";
} }
identity local4 { identity local2 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 4 messages (20) as defined in "The facility for local use 2 messages (18) as defined in
RFC 5424."; RFC 5424.";
} }
identity local5 { identity local3 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 5 messages (21) as defined in "The facility for local use 3 messages (19) as defined in
RFC 5424."; RFC 5424.";
} }
identity local6 {
base syslog-facility;
description
"The facility for local use 6 messages (22) as defined in
RFC 5424.";
}
identity local7 { identity local4 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 7 messages (23) as defined in "The facility for local use 4 messages (20) as defined in
RFC 5424."; RFC 5424.";
} }
}
<CODE ENDS> identity local5 {
base syslog-facility;
description
"The facility for local use 5 messages (21) as defined in
RFC 5424.";
}
identity local6 {
base syslog-facility;
description
"The facility for local use 6 messages (22) as defined in
RFC 5424.";
}
identity local7 {
base syslog-facility;
description
"The facility for local use 7 messages (23) as defined in
RFC 5424.";
}
}
<CODE ENDS>
Figure 3. ietf-syslog-types Module Figure 3. ietf-syslog-types Module
4.2. The ietf-syslog Module 4.2. The ietf-syslog Module
This module imports typedefs from [RFC6021] and [RFC7223], and it This module imports typedefs from [RFC6021] and [RFC7223], and it
references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848].
<CODE BEGINS> file "ietf-syslog.yang" <CODE BEGINS> file "ietf-syslog.yang"
module ietf-syslog { module ietf-syslog {
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog; prefix syslog;
import ietf-inet-types {
prefix inet;
}
import ietf-interfaces { import ietf-inet-types {
prefix if; prefix inet;
} }
import ietf-syslog-types { import ietf-interfaces {
prefix syslogtypes; prefix if;
} }
organization "IETF NETMOD (NETCONF Data Modeling Language) import ietf-syslog-types {
Working Group"; prefix syslogtypes;
contact }
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Lou Berger organization "IETF NETMOD (NETCONF Data Modeling Language)
<mailto:lberger@labn.net> Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
WG Chair: Kent Watsen WG Chair: Lou Berger
<mailto:kwatsen@juniper.net> <mailto:lberger@labn.net>
Editor: Kiran Agrahara Sreenivasa WG Chair: Kent Watsen
<mailto:kkoushik@cisco.com> <mailto:kwatsen@juniper.net>
Editor: Clyde Wildes Editor: Kiran Agrahara Sreenivasa
<mailto:cwildes@cisco.com>"; <mailto:kkoushik@cisco.com>
description
"This module contains a collection of YANG definitions
for syslog configuration.
Copyright (c) 2016 IETF Trust and the persons identified as Editor: Clyde Wildes
authors of the code. All rights reserved. <mailto:cwildes@cisco.com>";
description
"This module contains a collection of YANG definitions
for syslog configuration.
Redistribution and use in source and binary forms, with or Copyright (c) 2016 IETF Trust and the persons identified as
without modification, is permitted pursuant to, and subject to authors of the code. All rights reserved.
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL Redistribution and use in source and binary forms, with or
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and without modification, is permitted pursuant to, and subject to
'OPTIONAL' in the module text are to be interpreted as described the license terms contained in, the Simplified BSD License set
in RFC 2119 (http://tools.ietf.org/html/rfc2119). forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
(http://tools.ietf.org/html/rfcXXXX); see the RFC itself for NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
full legal notices."; 'OPTIONAL' in the module text are to be interpreted as described
in RFC 2119 (http://tools.ietf.org/html/rfc2119).
reference This version of this YANG module is part of RFC XXXX
"RFC 5424: The Syslog Protocol (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for
RFC 5426: Transmission of Syslog Messages over UDP full legal notices.";
RFC 6587: Transmission of Syslog Messages over TCP
RFC 5848: Signed Syslog Messages";
revision 2016-11-13 { reference
description "RFC 5424: The Syslog Protocol
"Initial Revision"; RFC 5426: Transmission of Syslog Messages over UDP
reference RFC 6587: Transmission of Syslog Messages over TCP
"RFC XXXX: Syslog YANG Model"; RFC 5848: Signed Syslog Messages";
}
feature buffer-action { revision 2017-02-14 {
description description
"This feature indicates that the local memory logging buffer "Initial Revision";
action is supported."; reference
"RFC XXXX: Syslog YANG Model";
}
} feature console-action {
description
"This feature indicates that the local console action is
supported.";
}
feature buffer-limit-bytes { feature file-action {
description description
"This feature indicates that the local memory logging buffer "This feature indicates that the local file action is
is limited in size using a limit expressed in bytes."; supported.";
} }
feature buffer-limit-messages { feature file-limit-size {
description description
"This feature indicates that the local memory logging buffer "This feature indicates that file logging resources
is limited in size using a limit expressed in number of log are managed using size and number limits.";
messages."; }
}
feature file-limit-size { feature file-limit-duration {
description description
"This feature indicates that file logging resources "This feature indicates that file logging resources
are managed using size and number limits."; are managed using time based limits.";
} }
feature file-limit-duration { feature remote-action {
description description
"This feature indicates that file logging resources "This feature indicates that the remote server action is
are managed using time based limits."; supported.";
} }
feature select-sev-compare { feature remote-source-interface {
description description
"This feature represents the ability to select messages "This feature indicates that source-interface is supported
using the additional operators equal to, or not equal to supported for the remote-action.";
when comparing the syslog message severity."; }
}
feature select-match { feature select-adv-compare {
description description
"This feature represents the ability to select messages based "This feature represents the ability to select messages
on a Posix 1003.2 regular expression pattern match."; using the additional comparison operators when comparing
} the syslog message severity.";
}
feature structured-data { feature select-match {
description description
"This feature represents the ability to log messages "This feature represents the ability to select messages based
in structured-data format as per RFC 5424."; on a Posix 1003.2 regular expression pattern match.";
} }
feature signed-messages { feature structured-data {
description description
"This feature represents the ability to configure signed "This feature represents the ability to log messages
syslog messages according to RFC 5848."; in structured-data format as per RFC 5424.";
} }
grouping log-severity { feature signed-messages {
description description
"This grouping defines the severity value that is used to "This feature represents the ability to configure signed
select log messages."; syslog messages according to RFC 5848.";
leaf severity { }
type union {
type syslogtypes:severity;
type enumeration {
enum none {
value -2;
description
"This enum describes the case where no severities
are selected.";
}
enum all {
value -1;
description
"This enum describes the case where all severities
are selected.";
}
}
}
mandatory true;
description
"This leaf specifies the syslog message severity. When
severity is specified, the default severity comparison
is all messages of the specified severity and greater are
selected. 'all' is a special case which means all severities
are selected. 'none' is a special case which means that
no selection should occur or disable this filter.";
}
leaf compare {
when '../severity != "all" and
../severity != "none"' {
description
"The compare leaf is not applicable for severity 'all' or
severity 'none'";
}
if-feature select-sev-compare;
type enumeration {
enum equals-or-higher {
description
"This enum specifies all messages of the specified
severity and higher are logged according to the
given log-action";
}
enum equals {
description
"This enum specifies all messages that are for
the specified severity are logged according to the
given log-action";
}
enum not-equals {
description
"This enum specifies all messages that are not for
the specified severity are logged according to the
given log-action";
}
}
default equals-or-higher;
description
"This leaf describes the option to specify how the
severity comparison is performed.";
}
}
grouping selector { grouping severity-filter {
description description
"This grouping defines a syslog selector which is used to "This grouping defines the processing used to select
select log messages for the log-action (console, file, log messages by comparing syslog message severity using
remote, etc). Choose one of the following: the following processing rules:
no-facility - if 'none', do not match.
facility [<facility> <severity>...]"; - if 'all', match.
container selector { - else compare message severity with the specified severity
description according to the default compare rule (all messages of the
"This container describes the log selector parameters specified severity and greater match) or if the
for syslog."; select-adv-compare feature is present, the advance-compare
choice selector-facility { rule.";
mandatory true; leaf severity {
description type union {
"This choice describes the option to specify no type syslogtypes:severity;
facilities, or a specific facility which can be type enumeration {
all for all facilities."; enum none {
case facility { value -2;
description description
"This case specifies no facilities will match when "This enum describes the case where no severities
comparing the syslog message facility. This is a are selected.";
method that can be used to effectively disable a }
particular log-action (buffer, file, etc)."; enum all {
leaf no-facilities { value -1;
type empty; description
description "This enum describes the case where all severities
"This leaf specifies that no facilities are selected are selected.";
for this log-action."; }
} }
} }
case name { mandatory true;
description description
"This case specifies one or more specified facilities "This leaf specifies the syslog message severity.";
will match when comparing the syslog message facility."; }
list facility-list { container advanced-compare {
key facility; when '../severity != "all" and
description ../severity != "none"' {
"This list describes a collection of syslog description
facilities and severities."; "The advanced compare container is not applicable for severity
leaf facility { 'all' or severity 'none'";
type union { }
type identityref { if-feature select-adv-compare;
base syslogtypes:syslog-facility; leaf compare {
} type enumeration {
type enumeration { enum equals {
enum all { description
description "This enum specifies that the severity comparison operation
"This enum describes the case where all will be equals.";
facilities are requested."; }
} enum equals-or-higher {
} description
"This enum specifies that the severity comparison operation
will be equals or higher.";
}
}
default equals-or-higher;
description
"The compare can be used to specify the comparison operator that
should be used to compare the syslog message severity with the
specified severity.";
}
leaf action {
type enumeration {
enum log {
description
"This enum specifies that if the compare operation is true
the message will be logged.";
} }
description enum block {
"The leaf uniquely identifies a syslog facility."; description
} "This enum specifies that if the compare operation is true
uses log-severity; the message will not be logged.";
} }
} }
} default log;
leaf pattern-match { description
if-feature select-match; "The action can be used to spectify if the message should be
type string; logged or blocked based on the outcome of the compare operation.";
description }
"This leaf desribes a Posix 1003.2 regular expression description
string that can be used to select a syslog message for "This leaf describes additional severity compare operations that can
logging. The match is performed on the RFC 5424 be used in place of the default severity comparison. The compare leaf
SYSLOG-MSG field."; specifies the type of the compare that is done and the action leaf
} specifies the intended result. Example: compare->equals and action->
} no-match means messages that have a severity that is not equal to the
} specified severity will be logged.";
}
grouping structured-data { }
description
"This grouping defines the syslog structured data option
which is used to select the format used to write log
messages.";
leaf structured-data {
if-feature structured-data;
type boolean;
default false;
description
"This leaf describes how log messages are written.
If true, messages will be written with one or more
STRUCTURED-DATA elements as per RFC5424; if false,
messages will be written with STRUCTURED-DATA =
NILVALUE.";
}
}
container syslog { grouping selector {
presence "Enables logging."; description
description "This grouping defines a syslog selector which is used to
"This container describes the configuration parameters for select log messages for the log-action (console, file,
syslog."; remote, etc.). Choose one or both of the following:
container actions { facility [<facility> <severity>...]
description pattern-match regular-expression-match-string
"This container describes the log-action parameters If both facility and pattern-match are specified, both must
for syslog."; match in order for a log message to be selected.";
container console { container selector {
presence "Enables logging console configuration"; description
description "This container describes the log selector parameters
"This container describes the configuration parameters for for syslog.";
console logging."; list facility-list {
uses selector; key "facility severity";
} ordered-by user;
container buffer { description
if-feature buffer-action; "This list describes a collection of syslog
description facilities and severities.";
"This container describes the configuration parameters for leaf facility {
local memory buffer logging. The buffer is circular in type union {
nature, so newer messages overwrite older messages after type identityref {
the buffer is filled. The method used to read syslog messages base syslogtypes:syslog-facility;
from the buffer is supplied by the local implementation."; }
uses selector; type enumeration {
uses structured-data; enum all {
leaf buffer-limit-bytes { description
if-feature buffer-limit-bytes; "This enum describes the case where all
type uint64; facilities are requested.";
units "bytes"; }
description }
"This leaf configures the amount of memory (in bytes) that }
will be dedicated to the local memory logging buffer. description
"The leaf uniquely identifies a syslog facility.";
}
uses severity-filter;
}
leaf pattern-match {
if-feature select-match;
type string;
description
"This leaf describes a Posix 1003.2 regular expression
string that can be used to select a syslog message for
logging. The match is performed on the RFC 5424
SYSLOG-MSG field.";
}
}
}
grouping structured-data {
description
"This grouping defines the syslog structured data option
which is used to select the format used to write log
messages.";
leaf structured-data {
if-feature structured-data;
type boolean;
default false;
description
"This leaf describes how log messages are written.
If true, messages will be written with one or more
STRUCTURED-DATA elements as per RFC5424; if false,
messages will be written with STRUCTURED-DATA =
NILVALUE.";
}
}
The default value varies by implementation."; container syslog {
} presence "Enables logging.";
leaf buffer-limit-messages { description
if-feature buffer-limit-messages; "This container describes the configuration parameters for
type uint64; syslog.";
units "log messages"; container actions {
description description
"This leaf configures the number of log messages that "This container describes the log-action parameters
will be dedicated to the local memory logging buffer. for syslog.";
The default value varies by implementation."; container console {
} if-feature console-action;
} presence "Enables logging to the console";
container file { description
description "This container describes the configuration parameters for
"This container describes the configuration parameters for console logging.";
file logging. If file-archive limits are not supplied, it uses selector;
is assumed that the local implementation defined limits will }
be used."; container file {
list log-file { if-feature file-action;
key "name"; description
description "This container describes the configuration parameters for
"This list describes a collection of local logging file logging. If file-archive limits are not supplied, it
files."; is assumed that the local implementation defined limits will
leaf name { be used.";
type inet:uri { list log-file {
pattern 'file:.*'; key "name";
} description
description "This list describes a collection of local logging
"This leaf specifies the name of the log file which files.";
MUST use the uri scheme file:."; leaf name {
} type inet:uri {
uses selector; pattern 'file:.*';
uses structured-data; }
container file-rotation { description
description "This leaf specifies the name of the log file which
"This container describes the configuration MUST use the uri scheme file:.";
parameters for log file rotation.";
leaf number-of-files {
if-feature file-limit-size;
type uint32;
description
"This leaf specifies the maximum number of log
files retained. Specify 1 for implementations
that only support one log file.";
}
leaf max-file-size {
if-feature file-limit-size;
type uint64;
units "megabytes";
description
"This leaf specifies the maximum log file size.";
}
leaf rollover {
if-feature file-limit-duration;
type uint32;
units "minutes";
description
"This leaf specifies the length of time that log
events should be written to a specific log file.
Log events that arrive after the rollover period
cause the current log file to be closed and a new
log file to be opened.";
}
leaf retention {
if-feature file-limit-duration;
type uint16;
units "hours";
description
"This leaf specifies the length of time that
completed/closed log event files should be stored
in the file system before they are deleted.";
}
}
}
}
container remote {
description
"This container describes the configuration parameters for
forwarding syslog messages to remote relays or collectors.";
list destination {
key "name";
description
"This list describes a collection of remote logging
destinations.";
leaf name {
type string;
description
"An arbitrary name for the endpoint to connect to.";
}
choice transport {
mandatory true;
description
"This choice describes the transport option.";
case tcp {
container tcp {
description
"This container describes the TCP transport
options.";
reference
"RFC 6587: Transmission of Syslog Messages over TCP";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must
be specified: an ipv4 address, an ipv6
address, or a host name.";
}
leaf port {
type inet:port-number;
default 514;
description
"This leaf specifies the port number used to
deliver messages to the remote server.";
}
}
}
case udp {
container udp {
description
"This container describes the UDP transport
options.";
reference
"RFC 5426: Transmission of Syslog Messages over UDP";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must be
specified: an ipv4 address, an ipv6 address,
or a host name.";
}
leaf port {
type inet:port-number;
default 514;
description
"This leaf specifies the port number used to
deliver messages to the remote server.";
}
}
}
}
uses selector;
uses structured-data;
leaf facility-override {
type identityref {
base syslogtypes:syslog-facility;
}
description
"If specified, this leaf specifies the facility used
to override the facility in messages delivered to the
remote server.";
}
leaf source-interface {
type if:interface-ref;
description
"This leaf sets the source interface to be used to send
message to the remote syslog server. If not set,
messages sent to a remote syslog server will
contain the IP address of the interface the syslog
message uses to exit the network element";
}
container signing-options {
if-feature signed-messages;
presence
"If present, syslog-signing options is activated.";
description
"This container describes the configuration
parameters for signed syslog messages as described
by RFC 5848.";
reference
"RFC 5848: Signed Syslog Messages";
leaf cert-initial-repeat {
type uint16;
mandatory true;
description
"This leaf specifies the number of times each
Certificate Block should be sent before the first
message is sent.";
}
leaf cert-resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies the maximum time delay in
seconds until resending the Certificate Block.";
}
leaf cert-resend-count {
type uint16;
mandatory true;
description
"This leaf specifies the maximum number of other
syslog messages to send until resending the
Certificate Block.";
}
leaf max-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to generate a new
Signature Block. If this many seconds have
elapsed since the message with the first message
number of the Signature Block was sent, a new
Signature Block should be generated.";
}
leaf number-resends {
type uint16;
mandatory true;
description
"This leaf specifies the number of times a
Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular
when the UDP transport [RFC5426] is used.).";
}
leaf resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on time. If
this many seconds have elapsed since the previous
sending of this Signature Block, resend it.";
}
leaf resend-count {
type uint16;
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on a count.
If this many other syslog messages have been sent
since the previous sending of this Signature
Block, resend it.";
}
}
}
}
container session {
description
"This container describes the configuration parameters for
user CLI session logging configuration.";
container all-users {
presence "Enables logging to all user sessions.";
description
"This container describes the configuration
parameters for all users.";
uses selector;
}
list user {
key "name";
description
"This list describes a collection of user names.";
leaf name {
type string;
description
"This leaf uniquely describes a user name which
is the login name of the user whose session
is to receive log messages.";
}
uses selector;
}
}
}
}
}
<CODE ENDS>
}
uses selector;
uses structured-data;
container file-rotation {
description
"This container describes the configuration
parameters for log file rotation.";
leaf number-of-files {
if-feature file-limit-size;
type uint32;
default 1;
description
"This leaf specifies the maximum number of log
files retained. Specify 1 for implementations
that only support one log file.";
}
leaf max-file-size {
if-feature file-limit-size;
type uint32;
units "megabytes";
description
"This leaf specifies the maximum log file size.";
}
leaf rollover {
if-feature file-limit-duration;
type uint32;
units "minutes";
description
"This leaf specifies the length of time that log
events should be written to a specific log file.
Log events that arrive after the rollover period
cause the current log file to be closed and a new
log file to be opened.";
}
leaf retention {
if-feature file-limit-duration;
type uint32;
units "hours";
description
"This leaf specifies the length of time that
completed/closed log event files should be stored
in the file system before they are deleted.";
}
}
}
}
container remote {
if-feature remote-action;
description
"This container describes the configuration parameters for
forwarding syslog messages to remote relays or collectors.";
list destination {
key "name";
description
"This list describes a collection of remote logging
destinations.";
leaf name {
type string;
description
"An arbitrary name for the endpoint to connect to.";
}
choice transport {
mandatory true;
description
"This choice describes the transport option.";
case tcp {
container tcp {
description
"This container describes the TCP transport
options.";
reference
"RFC 6587: Transmission of Syslog Messages over TCP";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must
be specified: an ipv4 address, an ipv6
address, or a host name.";
}
leaf port {
type inet:port-number;
default 514;
description
"This leaf specifies the port number used to
deliver messages to the remote server.";
}
}
}
case udp {
container udp {
description
"This container describes the UDP transport
options.";
reference
"RFC 5426: Transmission of Syslog Messages over UDP";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must be
specified: an ipv4 address, an ipv6 address,
or a host name.";
}
leaf port {
type inet:port-number;
default 514;
description
"This leaf specifies the port number used to
deliver messages to the remote server.";
}
}
}
}
uses selector;
uses structured-data;
leaf facility-override {
type identityref {
base syslogtypes:syslog-facility;
}
description
"If specified, this leaf specifies the facility used
to override the facility in messages delivered to the
remote server.";
}
leaf source-interface {
if-feature remote-source-interface;
type if:interface-ref;
description
"This leaf sets the source interface to be used to send
message to the remote syslog server. If not set,
messages sent to a remote syslog server will
contain the IP address of the interface the syslog
message uses to exit the network element";
}
container signing-options {
if-feature signed-messages;
presence
"If present, syslog-signing options is activated.";
description
"This container describes the configuration
parameters for signed syslog messages as described
by RFC 5848.";
reference
"RFC 5848: Signed Syslog Messages";
leaf cert-initial-repeat {
type uint16;
mandatory true;
description
"This leaf specifies the number of times each
Certificate Block should be sent before the first
message is sent.";
}
leaf cert-resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies the maximum time delay in
seconds until resending the Certificate Block.";
}
leaf cert-resend-count {
type uint16;
mandatory true;
description
"This leaf specifies the maximum number of other
syslog messages to send until resending the
Certificate Block.";
}
leaf max-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to generate a new
Signature Block. If this many seconds have
elapsed since the message with the first message
number of the Signature Block was sent, a new
Signature Block should be generated.";
}
leaf number-resends {
type uint16;
mandatory true;
description
"This leaf specifies the number of times a
Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular
when the UDP transport [RFC5426] is used.).";
}
leaf resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on time. If
this many seconds have elapsed since the previous
sending of this Signature Block, resend it.";
}
leaf resend-count {
type uint16;
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on a count.
If this many other syslog messages have been sent
since the previous sending of this Signature
Block, resend it.";
}
}
}
}
}
}
}
<CODE ENDS>
Figure 4. ietf-syslog Module Figure 4. ietf-syslog Module
5. Usage Examples 5. Usage Examples
Requirement:
Enable console logging of syslogs of severity critical
Here is the example syslog configuration xml: Requirement:
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> Enable console logging of syslogs of severity critical
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions>
<console>
<selector>
<facility-list>
<facility>all</facility>
<severity>critical</severity>
</facility>
</selector>
</console>
</actions>
</syslog>
</config>
Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 Here is the example syslog configuration xml:
for facility auth, severity error <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions>
<console>
<selector>
<facility-list>
<facility>all</facility>
<severity>critical</severity>
</facility-list>
</selector>
</console>
</actions>
</syslog>
</config>
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" for facility auth, severity error
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<remote> <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
<destination> xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<name>remote1</name> <actions>
<udp> <remote>
<address>2001:db8:a0b:12f0::1</address> <destination>
</udp> <name>remote1</name>
<selector> <udp>
<facility-list> <address>2001:db8:a0b:12f0::1</address>
<facility xmlns:syslogtypes= </udp>
"urn:ietf:params:xml:ns:yang:ietf-syslog-types"> <selector>
syslogtypes:auth</facility> <facility-list>
<severity>error</severity> <facility xmlns:syslogtypes=
<facility> "urn:ietf:params:xml:ns:yang:ietf-syslog-types">
<selector> syslogtypes:auth</facility>
</destination> <severity>error</severity>
</remote> </facility-list>
</actions> </selector>
</syslog> </destination>
</config> </remote>
</actions>
</syslog>
</config>
Figure 5. ietf-syslog Examples Figure 5. ietf-syslog Examples
6. Acknowledgements 6. Acknowledgements
The authors wish to thank the following who commented on this The authors wish to thank the following who commented on this
proposal: proposal:
Andy Bierman
Martin Bjorklund Martin Bjorklund
Alex Campbell
Jim Gibson Jim Gibson
Jeffrey Haas Jeffrey Haas
John Heasley John Heasley
Giles Heron Giles Heron
Lisa Huang Lisa Huang
Mahesh Jethanandani Mahesh Jethanandani
Jeffrey K Lange Jeffrey K Lange
Jan Lindblad Jan Lindblad
Chris Lonvick Chris Lonvick
Tom Petch Tom Petch
skipping to change at page 30, line 7 skipping to change at page 27, line 49
Network administrators must take the time to estimate the appropriate Network administrators must take the time to estimate the appropriate
storage capacity caused by the configuration of actions/file using storage capacity caused by the configuration of actions/file using
file-archive attributes to limit storage used. file-archive attributes to limit storage used.
It is the responsibility of the network administrator to ensure that It is the responsibility of the network administrator to ensure that
the configured message flow does not overwhelm system resources. the configured message flow does not overwhelm system resources.
8.2. Inappropriate Configuration 8.2. Inappropriate Configuration
It is the responsibility of the network admisintrator to ensure that It is the responsibility of the network administrator to ensure that
the messages are actually going to the intended recipients. the messages are actually going to the intended recipients.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
DOI 10.17487/RFC2119, March 1997, RFC2119, March 1997, <http://www.rfc-editor.org/info/
<http://www.rfc-editor.org/info/rfc2119>. rfc2119>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI
DOI 10.17487/RFC5424, March 2009, 10.17487/RFC5424, March 2009, <http://www.rfc-editor.org/
<http://www.rfc-editor.org/info/rfc5424>. info/rfc5424>.
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
RFC 5426, DOI 10.17487/RFC5426, March 2009, RFC 5426, DOI 10.17487/RFC5426, March 2009, <http://www
<http://www.rfc-editor.org/info/rfc5426>. .rfc-editor.org/info/rfc5426>.
[RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog [RFC5848] Kelsey, J., Callas, J. and A. Clemm, "Signed Syslog
Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010,
<http://www.rfc-editor.org/info/rfc5848>. <http://www.rfc-editor.org/info/rfc5848>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010, <http://www.rfc-
<http://www.rfc-editor.org/info/rfc6020>. editor.org/info/rfc6020>.
[RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC
RFC 6021, DOI 10.17487/RFC6021, October 2010, 6021, DOI 10.17487/RFC6021, October 2010, <http://www.rfc-
<http://www.rfc-editor.org/info/rfc6021>. editor.org/info/rfc6021>.
[RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog
Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April
2012, <http://www.rfc-editor.org/info/rfc6587>. 2012, <http://www.rfc-editor.org/info/rfc6587>.
[RFC7223] Bjorklund, M., "A YANG Data Model for Interface [RFC7223] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, Management", RFC 7223, DOI 10.17487/RFC7223, May 2014,
<http://www.rfc-editor.org/info/rfc7223>. <http://www.rfc-editor.org/info/rfc7223>.
9.2. Informative References 9.2. Informative References
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004, <http://www.rfc-
<http://www.rfc-editor.org/info/rfc3688>. editor.org/info/rfc3688>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J.Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<http://www.rfc-editor.org/info/rfc6241>. <http://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<http://www.rfc-editor.org/info/rfc6242>. <http://www.rfc-editor.org/info/rfc6242>.
Appendix A. Implementor Guidelines Appendix A. Implementor Guidelines
A.1. Extending Facilities Appendix A.1. Extending Facilities
Many vendors extend the list of facilities available for logging in Many vendors extend the list of facilities available for logging in
their implementation. Additional facilities may not work with the their implementation. Additional facilities may not work with the
syslog protocol as defined in [RFC5424] and hence such facilities syslog protocol as defined in [RFC5424] and hence such facilities
apply for local syslog-like logging functionality. apply for local syslog-like logging functionality.
The following is an example that shows how additional facilities The following is an example that shows how additional facilities
could be added to the list of available facilities (in this example could be added to the list of available facilities (in this example
two facilities are added): two facilities are added):
module vendor-syslog-types-example { module vendor-syslog-types-example {
skipping to change at page 32, line 41 skipping to change at page 30, line 4
identity vendor_specific_type_1 { identity vendor_specific_type_1 {
base syslogtypes:syslog-facility; base syslogtypes:syslog-facility;
} }
identity vendor_specific_type_2 { identity vendor_specific_type_2 {
base syslogtypes:syslog-facility; base syslogtypes:syslog-facility;
} }
} }
Authors' Addresses Authors' Addresses
Clyde Wildes, editor
Clyde Wildes (editor)
Cisco Systems Inc. Cisco Systems Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
US US
Phone: +1 408 527-2672 Phone: +1 408 527-2672
Email: cwildes@cisco.com Email: cwildes@cisco.com
Kiran Koushik (editor)
Kiran Koushik, editor
Cisco Systems Inc. Cisco Systems Inc.
12515Research Blvd., Building 4 12515Research Blvd., Building 4
Austin, TX 78759 Austin, TX 78759
US US
Phone: +1 512 378-1482 Phone: +1 512 378-1482
Email: kkoushik@cisco.com Email: kkoushik@cisco.com
 End of changes. 110 change blocks. 
1051 lines changed or deleted 962 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/