draft-ietf-netmod-syslog-model-13.txt   draft-ietf-netmod-syslog-model-14.txt 
NETMOD WG C. Wildes, Ed. NETMOD WG C. Wildes, Ed.
Internet-Draft Cisco Systems Inc. Internet-Draft Cisco Systems Inc.
Intended status: Standards Track K. Koushik, Ed. Intended status: Standards Track K. Koushik, Ed.
Expires: September 12, 2017 Verizon Wireless Expires: September 26, 2017 Verizon Wireless
March 13, 2017 March 27, 2017
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Configuration
draft-ietf-netmod-syslog-model-13 draft-ietf-netmod-syslog-model-14
Abstract Abstract
This document describes a data model for the configuration of syslog. This document describes a data model for the configuration of syslog.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 12, 2017. This Internet-Draft will expire on September 26, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/ Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 7 skipping to change at page 2, line 7
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5
4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7
4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7
5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 21 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
8. Security Considerations . . . . . . . . . . . . . . . . . . . 23 8. Security Considerations . . . . . . . . . . . . . . . . . . . 24
8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 24 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 25
8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 24 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 25
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9.1. Normative References . . . . . . . . . . . . . . . . . . . 24 9.1. Normative References . . . . . . . . . . . . . . . . . . . 25
9.2. Informative References . . . . . . . . . . . . . . . . . . 25 9.2. Informative References . . . . . . . . . . . . . . . . . . 26
Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 25 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 26
Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 25 Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
Operating systems, processes and applications generate messages Operating systems, processes and applications generate messages
indicating their own status or the occurrence of events. These indicating their own status or the occurrence of events. These
messages are useful for managing and/or debugging the network and its messages are useful for managing and/or debugging the network and its
services. The BSD syslog protocol is a widely adopted protocol that services. The BSD syslog protocol is a widely adopted protocol that
is used for transmission and processing of the messages. is used for transmission and processing of the messages.
Since each process, application and operating system was written Since each process, application and operating system was written
skipping to change at page 2, line 42 skipping to change at page 2, line 42
designed to transport these event messages. No acknowledgement of designed to transport these event messages. No acknowledgement of
the receipt is made. the receipt is made.
Essentially, a syslog process receives messages (from the kernel, Essentially, a syslog process receives messages (from the kernel,
processes, applications or other syslog processes) and processes processes, applications or other syslog processes) and processes
those. The processing involves logging to a local file, displaying those. The processing involves logging to a local file, displaying
on console, and/or relaying to syslog processes on other machines. on console, and/or relaying to syslog processes on other machines.
The processing is determined by the "facility" that originated the The processing is determined by the "facility" that originated the
message and the "severity" assigned to the message by the facility. message and the "severity" assigned to the message by the facility.
We are using definitions of syslog protocol from RFC 5424 [RFC5424] We are using definitions of syslog protocol from RFC5424 [RFC5424] in
in this RFC. this RFC.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC2119 [RFC2119].
1.2. Terminology 1.2. Terminology
The term "originator" is defined in [RFC 5424]: an "originator" The term "originator" is defined in [RFC5424]: an "originator"
generates syslog content to be carried in a message. generates syslog content to be carried in a message.
The terms "relay" and "collectors" are as defined in [RFC 5424]. The terms "relay" and "collectors" are as defined in [RFC5424].
2. Problem Statement 2. Problem Statement
This document defines a YANG [RFC6020] configuration data model that This document defines a YANG [RFC6020] configuration data model that
may be used to configure the syslog feature running on a system. may be used to configure the syslog feature running on a system.
YANG models can be used with network management protocols such as YANG models can be used with network management protocols such as
NETCONF [RFC6241] to install, manipulate, and delete the NETCONF [RFC6241] to install, manipulate, and delete the
configuration of network devices. configuration of network devices.
The data model makes use of the YANG "feature" construct which allows The data model makes use of the YANG "feature" construct which allows
implementations to support only those syslog features that lie within implementations to support only those syslog features that lie within
their capabilities. their capabilities.
This module can be used to configure the syslog application This module can be used to configure the syslog application
conceptual layers [RFC5424] as implemented on the target system. conceptual layers as implemented on the target system.
3. Design of the Syslog Model 3. Design of the Syslog Model
The syslog model was designed by comparing various syslog features The syslog model was designed by comparing various syslog features
implemented by various vendors' in different implementations. implemented by various vendors' in different implementations.
This draft addresses the common leafs between implementations and This draft addresses the common leafs between implementations and
creates a common model, which can be augmented with proprietary creates a common model, which can be augmented with proprietary
features, if necessary. This model is designed to be very simple for features, if necessary. This model is designed to be very simple for
maximum flexibility. maximum flexibility.
skipping to change at page 4, line 50 skipping to change at page 4, line 50
Within each action, a selector is used to filter syslog messages. A Within each action, a selector is used to filter syslog messages. A
selector consists of a list of one or more facility-severity matches, selector consists of a list of one or more facility-severity matches,
and, if supported via the select-match feature, an optional regular and, if supported via the select-match feature, an optional regular
expression pattern match that is performed on the SYSLOG-MSG expression pattern match that is performed on the SYSLOG-MSG
[RFC5424] field. [RFC5424] field.
A syslog message is processed if: A syslog message is processed if:
There is an element of facility-list (F, S) where There is an element of facility-list (F, S) where
the message facility matches F (if it is present) the message facility matches F (if it is present)
and the message severity matches S (if it is present) and the message severity matches S (if it is present)
or the message text matches the regex pattern (if it is present) or the message text matches the regex pattern (if it is present)
The facility is one of a specific syslog-facility, or all facilities. The facility is one of a specific syslog-facility, or all facilities.
The severity is one of type syslog-severity, all severities, or none. The severity is one of type syslog-severity, all severities, or none.
None is a special case that can be used to disable a filter. When None is a special case that can be used to disable a filter. When
filtering severity, the default comparison is that messages of the filtering severity, the default comparison is that messages of the
specified severity and higher are selected to be logged. This is specified severity and higher are selected to be logged. This is
shown in the model as "default equals-or-higher". This behavior can shown in the model as "default equals-or-higher". This behavior can
be altered if the select-adv-compare feature is enabled to specify a be altered if the select-adv-compare feature is enabled to specify a
skipping to change at page 6, line 9 skipping to change at page 6, line 9
3.1. Syslog Module 3.1. Syslog Module
A simplified graphical representation of the data model is used in A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these diagrams is this document. The meaning of the symbols in these diagrams is
defined in [RFC6087]. defined in [RFC6087].
module: ietf-syslog module: ietf-syslog
+--rw syslog! +--rw syslog!
+--rw actions +--rw actions
+--rw console! {console-action}? +--rw console! {console-action}?
| +--rw selector | +--rw facility-filter
| +--rw facility-list* [facility severity] | +--rw facility-list* [facility severity]
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? enumeration | | +--rw action? enumeration
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw file {file-action}? +--rw file {file-action}?
| +--rw log-file* [name] | +--rw log-file* [name]
| +--rw name inet:uri | +--rw name inet:uri
| +--rw selector | +--rw facility-filter
| | +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity]
| | | +--rw facility union | | | +--rw facility union
| | | +--rw severity union | | | +--rw severity union
| | | +--rw advanced-compare {select-adv-compare}? | | | +--rw advanced-compare {select-adv-compare}?
| | | +--rw compare? enumeration | | | +--rw compare? enumeration
| | | +--rw action? enumeration | | | +--rw action? enumeration
| | +--rw pattern-match? string {select-match}? | | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}? | +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation | +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}? | +--rw number-of-files? uint32 {file-limit-size}?
skipping to change at page 6, line 43 skipping to change at page 6, line 43
| +--rw retention? uint32 {file-limit-duration}? | +--rw retention? uint32 {file-limit-duration}?
+--rw remote {remote-action}? +--rw remote {remote-action}?
+--rw destination* [name] +--rw destination* [name]
+--rw name string +--rw name string
+--rw (transport) +--rw (transport)
| +--:(tcp) | +--:(tcp)
| | +--rw tcp | | +--rw tcp
| | +--rw address? inet:host | | +--rw address? inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--:(udp) | +--:(udp)
| +--rw udp | | +--rw udp
| +--rw address? inet:host | | +--rw address? inet:host
| +--rw port? inet:port-number | | +--rw port? inet:port-number
+--rw selector | +--:(tls)
| +--rw tls
| +--rw server-auth
| | +--rw trusted-ca-certs? -> /ks:keystore/trusted-certificates/name
| | +--rw trusted-server-certs? -> /ks:keystore/trusted-certificates/name
| +--rw client-auth
| | +--rw (auth-type)?
| | +--:(certificate)
| | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
| +--rw hello-params {tls-client-hello-params-config}?
| | +--rw tls-versions
| | | +--rw tls-version* identityref
| | +--rw cipher-suites
| | +--rw cipher-suite* identityref
| +--rw port? inet:port-number
+--rw facility-filter
| +--rw facility-list* [facility severity] | +--rw facility-list* [facility severity]
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? enumeration | | +--rw action? enumeration
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}? +--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref +--rw facility-override? identityref
+--rw source-interface? if:interface-ref {remote-source-interface}? +--rw source-interface? if:interface-ref {remote-source-interface}?
+--rw signing-options! {signed-messages}? +--rw signing-options! {signed-messages}?
+--rw cert-sign
| +--rw cert-signers* [name]
| +--rw name string
| +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
| +--rw cert-hash-function? enumeration
+--rw cert-initial-repeat uint16 +--rw cert-initial-repeat uint16
+--rw cert-resend-delay uint16 +--rw cert-resend-delay uint16
+--rw cert-resend-count uint16 +--rw cert-resend-count uint16
+--rw sig-max-delay uint16 +--rw sig-max-delay uint16
+--rw sig-number-resends uint16 +--rw sig-number-resends uint16
+--rw sig-resend-delay uint16 +--rw sig-resend-delay uint16
+--rw sig-resend-count uint16 +--rw sig-resend-count uint16
Figure 2. ietf-syslog Module Tree Figure 2. ietf-syslog Module Tree
4. Syslog YANG Module 4. Syslog YANG Module
4.1. The ietf-syslog Module 4.1. The ietf-syslog Module
This module imports typedefs from [RFC6021] and [RFC7223], and it This module imports typedefs from [RFC6021], [RFC7223], [RFC draft
references [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. ietf-tls-client], and [RFC draft ietf-keystore], and it references
[RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848].
<CODE BEGINS> file "ietf-syslog.yang" <CODE BEGINS> file "ietf-syslog.yang"
module ietf-syslog { module ietf-syslog {
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog; prefix syslog;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
} }
import ietf-tls-client {
prefix tlsc;
}
import ietf-keystore {
prefix ks;
}
organization "IETF NETMOD (NETCONF Data Modeling Language) organization "IETF NETMOD (NETCONF Data Modeling Language)
Working Group"; Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
Editor: Kiran Agrahara Sreenivasa Editor: Kiran Agrahara Sreenivasa
<mailto:kkoushik@cisco.com> <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com>
Editor: Clyde Wildes Editor: Clyde Wildes
<mailto:cwildes@cisco.com>"; <mailto:cwildes@cisco.com>";
description description
"This module contains a collection of YANG definitions "This module contains a collection of YANG definitions
for syslog configuration. for syslog configuration.
Copyright (c) 2016 IETF Trust and the persons identified as Copyright (c) 2016 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
skipping to change at page 8, line 54 skipping to change at page 9, line 8
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
'OPTIONAL' in the module text are to be interpreted as described 'OPTIONAL' in the module text are to be interpreted as described
in RFC 2119 (http://tools.ietf.org/html/rfc2119). in RFC 2119 (http://tools.ietf.org/html/rfc2119).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(http://tools.ietf.org/html/rfcXXXX); see the RFC itself for (http://tools.ietf.org/html/rfcXXXX); see the RFC itself for
full legal notices."; full legal notices.";
reference reference
"RFC 5424: The Syslog Protocol "RFC 5424: The Syslog Protocol
RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog
RFC 5426: Transmission of Syslog Messages over UDP RFC 5426: Transmission of Syslog Messages over UDP
RFC 6587: Transmission of Syslog Messages over TCP RFC 6587: Transmission of Syslog Messages over TCP
RFC 5848: Signed Syslog Messages"; RFC 5848: Signed Syslog Messages
RFC xxxx: Keystore Management
RFC xxxx: Transport Layer Security (TLS) Client";
revision 2017-03-13 { revision 2017-03-27 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC XXXX: Syslog YANG Model"; "RFC XXXX: Syslog YANG Model";
} }
feature console-action { feature console-action {
description description
"This feature indicates that the local console action is "This feature indicates that the local console action is
supported."; supported.";
skipping to change at page 15, line 54 skipping to change at page 16, line 11
specifies the type of the compare that is done and the action leaf specifies the type of the compare that is done and the action leaf
specifies the intended result. Example: compare->equals and action-> specifies the intended result. Example: compare->equals and action->
no-match means messages that have a severity that is not equal to the no-match means messages that have a severity that is not equal to the
specified severity will be logged."; specified severity will be logged.";
} }
} }
grouping selector { grouping selector {
description description
"This grouping defines a syslog selector which is used to "This grouping defines a syslog selector which is used to
select log messages for the log-action (console, file, select log messages for the log-actions (console, file,
remote, etc.). Choose one or both of the following: remote, etc.). Choose one or both of the following:
facility [<facility> <severity>...] facility [<facility> <severity>...]
pattern-match regular-expression-match-string pattern-match regular-expression-match-string
If both facility and pattern-match are specified, both must If both facility and pattern-match are specified, both must
match in order for a log message to be selected."; match in order for a log message to be selected.";
container selector { container facility-filter {
description description
"This container describes the log selector parameters "This container describes the syslog filter parameters.";
for syslog.";
list facility-list { list facility-list {
key "facility severity"; key "facility severity";
ordered-by user; ordered-by user;
description description
"This list describes a collection of syslog "This list describes a collection of syslog
facilities and severities."; facilities and severities.";
leaf facility { leaf facility {
type union { type union {
type identityref { type identityref {
base syslog-facility; base syslog-facility;
skipping to change at page 19, line 48 skipping to change at page 20, line 4
the remote host. One of the following must be the remote host. One of the following must be
specified: an ipv4 address, an ipv6 address, specified: an ipv4 address, an ipv6 address,
or a host name."; or a host name.";
} }
leaf port { leaf port {
type inet:port-number; type inet:port-number;
default 514; default 514;
description description
"This leaf specifies the port number used to "This leaf specifies the port number used to
deliver messages to the remote server."; deliver messages to the remote server.";
}
}
}
case tls {
container tls {
description
"This container describes the TLS transport options.";
reference
"RFC 5425: Transport Layer Security (TLS) Transport
Mapping for Syslog ";
uses tlsc:tls-client-grouping;
leaf port {
type inet:port-number;
default 6514;
description
"TCP port 6514 has been allocated as the default
port for syslog over TLS.";
} }
} }
} }
} }
uses selector; uses selector;
uses structured-data; uses structured-data;
leaf facility-override { leaf facility-override {
type identityref { type identityref {
base syslog-facility; base syslog-facility;
} }
skipping to change at page 20, line 29 skipping to change at page 20, line 57
container signing-options { container signing-options {
if-feature signed-messages; if-feature signed-messages;
presence presence
"If present, syslog-signing options is activated."; "If present, syslog-signing options is activated.";
description description
"This container describes the configuration "This container describes the configuration
parameters for signed syslog messages as described parameters for signed syslog messages as described
by RFC 5848."; by RFC 5848.";
reference reference
"RFC 5848: Signed Syslog Messages"; "RFC 5848: Signed Syslog Messages";
container cert-sign {
description
"This container describes the signing certificate
configuration";
list cert-signers {
key "name";
description
"This list describes a collection of syslog message
signers.";
leaf name {
type string;
description
"This leaf specifies the name of the syslog message
signer.";
}
leaf certificate {
type leafref {
path "/ks:keystore/ks:keys/ks:key/ks:certificates"
+ "/ks:certificate/ks:name";
}
description
"A certificate to be used for signing syslog messages.";
}
leaf cert-hash-function {
type enumeration {
enum SHA1 {
value 1;
description
"This enum describes the SHA1 algorithm.";
}
enum SHA256 {
value 2;
description
"This enum describes the SHA256 algorithm.";
}
}
description
"This leaf describes the syslog signer hash
algorithm used.";
}
}
}
leaf cert-initial-repeat { leaf cert-initial-repeat {
type uint16; type uint16;
mandatory true; mandatory true;
description description
"This leaf specifies the number of times each "This leaf specifies the number of times each
Certificate Block should be sent before the first Certificate Block should be sent before the first
message is sent."; message is sent.";
} }
leaf cert-resend-delay { leaf cert-resend-delay {
type uint16; type uint16;
 End of changes. 26 change blocks. 
39 lines changed or deleted 129 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/