--- 1/draft-ietf-netmod-syslog-model-14.txt 2017-06-07 14:13:10.423616012 -0700 +++ 2/draft-ietf-netmod-syslog-model-15.txt 2017-06-07 14:13:10.479617352 -0700 @@ -1,40 +1,40 @@ NETMOD WG C. Wildes, Ed. Internet-Draft Cisco Systems Inc. Intended status: Standards Track K. Koushik, Ed. -Expires: September 26, 2017 Verizon Wireless - March 27, 2017 +Expires: December 07, 2017 Verizon Wireless + June 07, 2017 A YANG Data Model for Syslog Configuration - draft-ietf-netmod-syslog-model-14 + draft-ietf-netmod-syslog-model-15 Abstract This document describes a data model for the configuration of syslog. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 26, 2017. + This Internet-Draft will expire on December 07, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights @@ -49,30 +49,30 @@ 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 24 - 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 25 - 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 25 - 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 - 9.1. Normative References . . . . . . . . . . . . . . . . . . . 25 - 9.2. Informative References . . . . . . . . . . . . . . . . . . 26 - Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 26 - Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 26 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 + 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 26 + 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 26 + 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 + 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 + 9.2. Informative References . . . . . . . . . . . . . . . . . . 27 + Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 27 + Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 27 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 1. Introduction Operating systems, processes and applications generate messages indicating their own status or the occurrence of events. These messages are useful for managing and/or debugging the network and its services. The BSD syslog protocol is a widely adopted protocol that is used for transmission and processing of the messages. Since each process, application and operating system was written @@ -269,32 +269,32 @@ | | +--rw facility union | | +--rw severity union | | +--rw advanced-compare {select-adv-compare}? | | +--rw compare? enumeration | | +--rw action? enumeration | +--rw pattern-match? string {select-match}? +--rw structured-data? boolean {structured-data}? +--rw facility-override? identityref +--rw source-interface? if:interface-ref {remote-source-interface}? +--rw signing-options! {signed-messages}? - +--rw cert-sign - | +--rw cert-signers* [name] + +--rw cert-signers + +--rw cert-signer* [name] | +--rw name string | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name - | +--rw cert-hash-function? enumeration - +--rw cert-initial-repeat uint16 - +--rw cert-resend-delay uint16 - +--rw cert-resend-count uint16 - +--rw sig-max-delay uint16 - +--rw sig-number-resends uint16 - +--rw sig-resend-delay uint16 - +--rw sig-resend-count uint16 + | +--rw hash-algorithm? enumeration + +--rw cert-initial-repeat? uint32 + +--rw cert-resend-delay? uint32 + +--rw cert-resend-count? uint32 + +--rw sig-max-delay? uint32 + +--rw sig-number-resends? uint32 + +--rw sig-resend-delay? uint32 + +--rw sig-resend-count? uint32 Figure 2. ietf-syslog Module Tree 4. Syslog YANG Module 4.1. The ietf-syslog Module This module imports typedefs from [RFC6021], [RFC7223], [RFC draft ietf-tls-client], and [RFC draft ietf-keystore], and it references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. @@ -356,21 +356,21 @@ reference "RFC 5424: The Syslog Protocol RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog RFC 5426: Transmission of Syslog Messages over UDP RFC 6587: Transmission of Syslog Messages over TCP RFC 5848: Signed Syslog Messages RFC xxxx: Keystore Management RFC xxxx: Transport Layer Security (TLS) Client"; - revision 2017-03-27 { + revision 2017-06-07 { description "Initial Revision"; reference "RFC XXXX: Syslog YANG Model"; } feature console-action { description "This feature indicates that the local console action is supported."; @@ -994,139 +994,142 @@ container signing-options { if-feature signed-messages; presence "If present, syslog-signing options is activated."; description "This container describes the configuration parameters for signed syslog messages as described by RFC 5848."; reference "RFC 5848: Signed Syslog Messages"; - container cert-sign { + container cert-signers { description - "This container describes the signing certificate - configuration"; - list cert-signers { + "This container describes the signing certificate configuration + for Signature Group 0 which covers the case for administrators + who want all Signature Blocks to be sent to a single destination."; + list cert-signer { key "name"; description "This list describes a collection of syslog message signers."; leaf name { type string; description "This leaf specifies the name of the syslog message signer."; } leaf certificate { type leafref { path "/ks:keystore/ks:keys/ks:key/ks:certificates" + "/ks:certificate/ks:name"; } description - "A certificate to be used for signing syslog messages."; + "This is the certificate that is periodically sent to the remote + receiver. Selection of the certificate also implicitly selects + the private key used to sign the syslog messages."; } - leaf cert-hash-function { + leaf hash-algorithm { type enumeration { enum SHA1 { value 1; description "This enum describes the SHA1 algorithm."; } enum SHA256 { value 2; description "This enum describes the SHA256 algorithm."; } } description "This leaf describes the syslog signer hash algorithm used."; } } - } leaf cert-initial-repeat { - type uint16; - mandatory true; + type uint32; + default 3; description "This leaf specifies the number of times each Certificate Block should be sent before the first message is sent."; } leaf cert-resend-delay { - type uint16; + type uint32; units "seconds"; - mandatory true; + default 3600; description "This leaf specifies the maximum time delay in seconds until resending the Certificate Block."; } leaf cert-resend-count { - type uint16; - mandatory true; + type uint32; + default 0; description "This leaf specifies the maximum number of other syslog messages to send until resending the Certificate Block."; } leaf sig-max-delay { - type uint16; + type uint32; units "seconds"; - mandatory true; + default 60; description "This leaf specifies when to generate a new Signature Block. If this many seconds have elapsed since the message with the first message number of the Signature Block was sent, a new Signature Block should be generated."; } leaf sig-number-resends { - type uint16; - mandatory true; + type uint32; + default 0; description "This leaf specifies the number of times a Signature Block is resent. (It is recommended to select a value of greater than 0 in particular when the UDP transport [RFC5426] is used.)."; } leaf sig-resend-delay { - type uint16; + type uint32; units "seconds"; - mandatory true; + default 5; description "This leaf specifies when to send the next Signature Block transmission based on time. If this many seconds have elapsed since the previous sending of this Signature Block, resend it."; } leaf sig-resend-count { - type uint16; - mandatory true; + type uint32; + default 0; description "This leaf specifies when to send the next Signature Block transmission based on a count. If this many other syslog messages have been sent since the previous sending of this Signature - Block, resend it."; + Block, resend it. A value of 0 means that you + don't resend based on the number of messages."; } } + + } } } } - } } Figure 3. ietf-syslog Module 5. Usage Examples - Requirement: Enable console logging of syslogs of severity critical Here is the example syslog configuration xml: