| draft-ietf-netmod-syslog-model-14.txt | draft-ietf-netmod-syslog-model-15.txt | |||
|---|---|---|---|---|
| NETMOD WG C. Wildes, Ed. | NETMOD WG C. Wildes, Ed. | |||
| Internet-Draft Cisco Systems Inc. | Internet-Draft Cisco Systems Inc. | |||
| Intended status: Standards Track K. Koushik, Ed. | Intended status: Standards Track K. Koushik, Ed. | |||
| Expires: September 26, 2017 Verizon Wireless | Expires: December 07, 2017 Verizon Wireless | |||
| March 27, 2017 | June 07, 2017 | |||
| A YANG Data Model for Syslog Configuration | A YANG Data Model for Syslog Configuration | |||
| draft-ietf-netmod-syslog-model-14 | draft-ietf-netmod-syslog-model-15 | |||
| Abstract | Abstract | |||
| This document describes a data model for the configuration of syslog. | This document describes a data model for the configuration of syslog. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 26, 2017. | This Internet-Draft will expire on December 07, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (http://trustee.ietf.org/ | Provisions Relating to IETF Documents (http://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 9 ¶ | skipping to change at page 2, line 9 ¶ | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 | 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 | 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 | 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 | |||
| 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23 | 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 24 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 | |||
| 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 25 | 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 26 | |||
| 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 25 | 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 26 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 25 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 26 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 27 | |||
| Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 26 | Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 27 | |||
| Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 26 | Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 27 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 1. Introduction | 1. Introduction | |||
| Operating systems, processes and applications generate messages | Operating systems, processes and applications generate messages | |||
| indicating their own status or the occurrence of events. These | indicating their own status or the occurrence of events. These | |||
| messages are useful for managing and/or debugging the network and its | messages are useful for managing and/or debugging the network and its | |||
| services. The BSD syslog protocol is a widely adopted protocol that | services. The BSD syslog protocol is a widely adopted protocol that | |||
| is used for transmission and processing of the messages. | is used for transmission and processing of the messages. | |||
| Since each process, application and operating system was written | Since each process, application and operating system was written | |||
| skipping to change at page 7, line 19 ¶ | skipping to change at page 7, line 19 ¶ | |||
| | | +--rw facility union | | | +--rw facility union | |||
| | | +--rw severity union | | | +--rw severity union | |||
| | | +--rw advanced-compare {select-adv-compare}? | | | +--rw advanced-compare {select-adv-compare}? | |||
| | | +--rw compare? enumeration | | | +--rw compare? enumeration | |||
| | | +--rw action? enumeration | | | +--rw action? enumeration | |||
| | +--rw pattern-match? string {select-match}? | | +--rw pattern-match? string {select-match}? | |||
| +--rw structured-data? boolean {structured-data}? | +--rw structured-data? boolean {structured-data}? | |||
| +--rw facility-override? identityref | +--rw facility-override? identityref | |||
| +--rw source-interface? if:interface-ref {remote-source-interface}? | +--rw source-interface? if:interface-ref {remote-source-interface}? | |||
| +--rw signing-options! {signed-messages}? | +--rw signing-options! {signed-messages}? | |||
| +--rw cert-sign | +--rw cert-signers | |||
| | +--rw cert-signers* [name] | +--rw cert-signer* [name] | |||
| | +--rw name string | | +--rw name string | |||
| | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name | | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name | |||
| | +--rw cert-hash-function? enumeration | | +--rw hash-algorithm? enumeration | |||
| +--rw cert-initial-repeat uint16 | +--rw cert-initial-repeat? uint32 | |||
| +--rw cert-resend-delay uint16 | +--rw cert-resend-delay? uint32 | |||
| +--rw cert-resend-count uint16 | +--rw cert-resend-count? uint32 | |||
| +--rw sig-max-delay uint16 | +--rw sig-max-delay? uint32 | |||
| +--rw sig-number-resends uint16 | +--rw sig-number-resends? uint32 | |||
| +--rw sig-resend-delay uint16 | +--rw sig-resend-delay? uint32 | |||
| +--rw sig-resend-count uint16 | +--rw sig-resend-count? uint32 | |||
| Figure 2. ietf-syslog Module Tree | Figure 2. ietf-syslog Module Tree | |||
| 4. Syslog YANG Module | 4. Syslog YANG Module | |||
| 4.1. The ietf-syslog Module | 4.1. The ietf-syslog Module | |||
| This module imports typedefs from [RFC6021], [RFC7223], [RFC draft | This module imports typedefs from [RFC6021], [RFC7223], [RFC draft | |||
| ietf-tls-client], and [RFC draft ietf-keystore], and it references | ietf-tls-client], and [RFC draft ietf-keystore], and it references | |||
| [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. | [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. | |||
| skipping to change at page 9, line 15 ¶ | skipping to change at page 9, line 15 ¶ | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol | "RFC 5424: The Syslog Protocol | |||
| RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog | RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog | |||
| RFC 5426: Transmission of Syslog Messages over UDP | RFC 5426: Transmission of Syslog Messages over UDP | |||
| RFC 6587: Transmission of Syslog Messages over TCP | RFC 6587: Transmission of Syslog Messages over TCP | |||
| RFC 5848: Signed Syslog Messages | RFC 5848: Signed Syslog Messages | |||
| RFC xxxx: Keystore Management | RFC xxxx: Keystore Management | |||
| RFC xxxx: Transport Layer Security (TLS) Client"; | RFC xxxx: Transport Layer Security (TLS) Client"; | |||
| revision 2017-03-27 { | revision 2017-06-07 { | |||
| description | description | |||
| "Initial Revision"; | "Initial Revision"; | |||
| reference | reference | |||
| "RFC XXXX: Syslog YANG Model"; | "RFC XXXX: Syslog YANG Model"; | |||
| } | } | |||
| feature console-action { | feature console-action { | |||
| description | description | |||
| "This feature indicates that the local console action is | "This feature indicates that the local console action is | |||
| supported."; | supported."; | |||
| skipping to change at page 20, line 57 ¶ | skipping to change at page 20, line 57 ¶ | |||
| container signing-options { | container signing-options { | |||
| if-feature signed-messages; | if-feature signed-messages; | |||
| presence | presence | |||
| "If present, syslog-signing options is activated."; | "If present, syslog-signing options is activated."; | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for signed syslog messages as described | parameters for signed syslog messages as described | |||
| by RFC 5848."; | by RFC 5848."; | |||
| reference | reference | |||
| "RFC 5848: Signed Syslog Messages"; | "RFC 5848: Signed Syslog Messages"; | |||
| container cert-sign { | container cert-signers { | |||
| description | description | |||
| "This container describes the signing certificate | "This container describes the signing certificate configuration | |||
| configuration"; | for Signature Group 0 which covers the case for administrators | |||
| list cert-signers { | who want all Signature Blocks to be sent to a single destination."; | |||
| list cert-signer { | ||||
| key "name"; | key "name"; | |||
| description | description | |||
| "This list describes a collection of syslog message | "This list describes a collection of syslog message | |||
| signers."; | signers."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "This leaf specifies the name of the syslog message | "This leaf specifies the name of the syslog message | |||
| signer."; | signer."; | |||
| } | } | |||
| leaf certificate { | leaf certificate { | |||
| type leafref { | type leafref { | |||
| path "/ks:keystore/ks:keys/ks:key/ks:certificates" | path "/ks:keystore/ks:keys/ks:key/ks:certificates" | |||
| + "/ks:certificate/ks:name"; | + "/ks:certificate/ks:name"; | |||
| } | } | |||
| description | description | |||
| "A certificate to be used for signing syslog messages."; | "This is the certificate that is periodically sent to the remote | |||
| receiver. Selection of the certificate also implicitly selects | ||||
| the private key used to sign the syslog messages."; | ||||
| } | } | |||
| leaf cert-hash-function { | leaf hash-algorithm { | |||
| type enumeration { | type enumeration { | |||
| enum SHA1 { | enum SHA1 { | |||
| value 1; | value 1; | |||
| description | description | |||
| "This enum describes the SHA1 algorithm."; | "This enum describes the SHA1 algorithm."; | |||
| } | } | |||
| enum SHA256 { | enum SHA256 { | |||
| value 2; | value 2; | |||
| description | description | |||
| "This enum describes the SHA256 algorithm."; | "This enum describes the SHA256 algorithm."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "This leaf describes the syslog signer hash | "This leaf describes the syslog signer hash | |||
| algorithm used."; | algorithm used."; | |||
| } | } | |||
| } | } | |||
| leaf cert-initial-repeat { | ||||
| type uint32; | ||||
| default 3; | ||||
| description | ||||
| "This leaf specifies the number of times each | ||||
| Certificate Block should be sent before the first | ||||
| message is sent."; | ||||
| } | ||||
| leaf cert-resend-delay { | ||||
| type uint32; | ||||
| units "seconds"; | ||||
| default 3600; | ||||
| description | ||||
| "This leaf specifies the maximum time delay in | ||||
| seconds until resending the Certificate Block."; | ||||
| } | ||||
| leaf cert-resend-count { | ||||
| type uint32; | ||||
| default 0; | ||||
| description | ||||
| "This leaf specifies the maximum number of other | ||||
| syslog messages to send until resending the | ||||
| Certificate Block."; | ||||
| } | ||||
| leaf sig-max-delay { | ||||
| type uint32; | ||||
| units "seconds"; | ||||
| default 60; | ||||
| description | ||||
| "This leaf specifies when to generate a new | ||||
| Signature Block. If this many seconds have | ||||
| elapsed since the message with the first message | ||||
| number of the Signature Block was sent, a new | ||||
| Signature Block should be generated."; | ||||
| } | ||||
| leaf sig-number-resends { | ||||
| type uint32; | ||||
| default 0; | ||||
| description | ||||
| "This leaf specifies the number of times a | ||||
| Signature Block is resent. (It is recommended to | ||||
| select a value of greater than 0 in particular | ||||
| when the UDP transport [RFC5426] is used.)."; | ||||
| } | ||||
| leaf sig-resend-delay { | ||||
| type uint32; | ||||
| units "seconds"; | ||||
| default 5; | ||||
| description | ||||
| "This leaf specifies when to send the next | ||||
| Signature Block transmission based on time. If | ||||
| this many seconds have elapsed since the previous | ||||
| sending of this Signature Block, resend it."; | ||||
| } | ||||
| leaf sig-resend-count { | ||||
| type uint32; | ||||
| default 0; | ||||
| description | ||||
| "This leaf specifies when to send the next | ||||
| Signature Block transmission based on a count. | ||||
| If this many other syslog messages have been sent | ||||
| since the previous sending of this Signature | ||||
| Block, resend it. A value of 0 means that you | ||||
| don't resend based on the number of messages."; | ||||
| } | ||||
| } | } | |||
| leaf cert-initial-repeat { | ||||
| type uint16; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies the number of times each | ||||
| Certificate Block should be sent before the first | ||||
| message is sent."; | ||||
| } | ||||
| leaf cert-resend-delay { | ||||
| type uint16; | ||||
| units "seconds"; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies the maximum time delay in | ||||
| seconds until resending the Certificate Block."; | ||||
| } | ||||
| leaf cert-resend-count { | ||||
| type uint16; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies the maximum number of other | ||||
| syslog messages to send until resending the | ||||
| Certificate Block."; | ||||
| } | ||||
| leaf sig-max-delay { | ||||
| type uint16; | ||||
| units "seconds"; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies when to generate a new | ||||
| Signature Block. If this many seconds have | ||||
| elapsed since the message with the first message | ||||
| number of the Signature Block was sent, a new | ||||
| Signature Block should be generated."; | ||||
| } | ||||
| leaf sig-number-resends { | ||||
| type uint16; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies the number of times a | ||||
| Signature Block is resent. (It is recommended to | ||||
| select a value of greater than 0 in particular | ||||
| when the UDP transport [RFC5426] is used.)."; | ||||
| } | ||||
| leaf sig-resend-delay { | ||||
| type uint16; | ||||
| units "seconds"; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies when to send the next | ||||
| Signature Block transmission based on time. If | ||||
| this many seconds have elapsed since the previous | ||||
| sending of this Signature Block, resend it."; | ||||
| } | ||||
| leaf sig-resend-count { | ||||
| type uint16; | ||||
| mandatory true; | ||||
| description | ||||
| "This leaf specifies when to send the next | ||||
| Signature Block transmission based on a count. | ||||
| If this many other syslog messages have been sent | ||||
| since the previous sending of this Signature | ||||
| Block, resend it."; | ||||
| } | ||||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| Figure 3. ietf-syslog Module | Figure 3. ietf-syslog Module | |||
| 5. Usage Examples | 5. Usage Examples | |||
| Requirement: | Requirement: | |||
| Enable console logging of syslogs of severity critical | Enable console logging of syslogs of severity critical | |||
| Here is the example syslog configuration xml: | Here is the example syslog configuration xml: | |||
| <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> | <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
| <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" | <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" | |||
| xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog"> | xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog"> | |||
| <actions> | <actions> | |||
| <console> | <console> | |||
| <selector> | <selector> | |||
| End of changes. 14 change blocks. | ||||
| 99 lines changed or deleted | 102 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||