draft-ietf-netmod-syslog-model-14.txt   draft-ietf-netmod-syslog-model-15.txt 
NETMOD WG C. Wildes, Ed. NETMOD WG C. Wildes, Ed.
Internet-Draft Cisco Systems Inc. Internet-Draft Cisco Systems Inc.
Intended status: Standards Track K. Koushik, Ed. Intended status: Standards Track K. Koushik, Ed.
Expires: September 26, 2017 Verizon Wireless Expires: December 07, 2017 Verizon Wireless
March 27, 2017 June 07, 2017
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Configuration
draft-ietf-netmod-syslog-model-14 draft-ietf-netmod-syslog-model-15
Abstract Abstract
This document describes a data model for the configuration of syslog. This document describes a data model for the configuration of syslog.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 26, 2017. This Internet-Draft will expire on December 07, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/ Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 9 skipping to change at page 2, line 9
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5
4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7
4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7
5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
8. Security Considerations . . . . . . . . . . . . . . . . . . . 24 8. Security Considerations . . . . . . . . . . . . . . . . . . . 25
8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 25 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 26
8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 25 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 26
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.1. Normative References . . . . . . . . . . . . . . . . . . . 25 9.1. Normative References . . . . . . . . . . . . . . . . . . . 26
9.2. Informative References . . . . . . . . . . . . . . . . . . 26 9.2. Informative References . . . . . . . . . . . . . . . . . . 27
Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 26 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 27
Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 26 Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28
1. Introduction 1. Introduction
Operating systems, processes and applications generate messages Operating systems, processes and applications generate messages
indicating their own status or the occurrence of events. These indicating their own status or the occurrence of events. These
messages are useful for managing and/or debugging the network and its messages are useful for managing and/or debugging the network and its
services. The BSD syslog protocol is a widely adopted protocol that services. The BSD syslog protocol is a widely adopted protocol that
is used for transmission and processing of the messages. is used for transmission and processing of the messages.
Since each process, application and operating system was written Since each process, application and operating system was written
skipping to change at page 7, line 19 skipping to change at page 7, line 19
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? enumeration | | +--rw action? enumeration
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}? +--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref +--rw facility-override? identityref
+--rw source-interface? if:interface-ref {remote-source-interface}? +--rw source-interface? if:interface-ref {remote-source-interface}?
+--rw signing-options! {signed-messages}? +--rw signing-options! {signed-messages}?
+--rw cert-sign +--rw cert-signers
| +--rw cert-signers* [name] +--rw cert-signer* [name]
| +--rw name string | +--rw name string
| +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
| +--rw cert-hash-function? enumeration | +--rw hash-algorithm? enumeration
+--rw cert-initial-repeat uint16 +--rw cert-initial-repeat? uint32
+--rw cert-resend-delay uint16 +--rw cert-resend-delay? uint32
+--rw cert-resend-count uint16 +--rw cert-resend-count? uint32
+--rw sig-max-delay uint16 +--rw sig-max-delay? uint32
+--rw sig-number-resends uint16 +--rw sig-number-resends? uint32
+--rw sig-resend-delay uint16 +--rw sig-resend-delay? uint32
+--rw sig-resend-count uint16 +--rw sig-resend-count? uint32
Figure 2. ietf-syslog Module Tree Figure 2. ietf-syslog Module Tree
4. Syslog YANG Module 4. Syslog YANG Module
4.1. The ietf-syslog Module 4.1. The ietf-syslog Module
This module imports typedefs from [RFC6021], [RFC7223], [RFC draft This module imports typedefs from [RFC6021], [RFC7223], [RFC draft
ietf-tls-client], and [RFC draft ietf-keystore], and it references ietf-tls-client], and [RFC draft ietf-keystore], and it references
[RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. [RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848].
skipping to change at page 9, line 15 skipping to change at page 9, line 15
reference reference
"RFC 5424: The Syslog Protocol "RFC 5424: The Syslog Protocol
RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog
RFC 5426: Transmission of Syslog Messages over UDP RFC 5426: Transmission of Syslog Messages over UDP
RFC 6587: Transmission of Syslog Messages over TCP RFC 6587: Transmission of Syslog Messages over TCP
RFC 5848: Signed Syslog Messages RFC 5848: Signed Syslog Messages
RFC xxxx: Keystore Management RFC xxxx: Keystore Management
RFC xxxx: Transport Layer Security (TLS) Client"; RFC xxxx: Transport Layer Security (TLS) Client";
revision 2017-03-27 { revision 2017-06-07 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC XXXX: Syslog YANG Model"; "RFC XXXX: Syslog YANG Model";
} }
feature console-action { feature console-action {
description description
"This feature indicates that the local console action is "This feature indicates that the local console action is
supported."; supported.";
skipping to change at page 20, line 57 skipping to change at page 20, line 57
container signing-options { container signing-options {
if-feature signed-messages; if-feature signed-messages;
presence presence
"If present, syslog-signing options is activated."; "If present, syslog-signing options is activated.";
description description
"This container describes the configuration "This container describes the configuration
parameters for signed syslog messages as described parameters for signed syslog messages as described
by RFC 5848."; by RFC 5848.";
reference reference
"RFC 5848: Signed Syslog Messages"; "RFC 5848: Signed Syslog Messages";
container cert-sign { container cert-signers {
description description
"This container describes the signing certificate "This container describes the signing certificate configuration
configuration"; for Signature Group 0 which covers the case for administrators
list cert-signers { who want all Signature Blocks to be sent to a single destination.";
list cert-signer {
key "name"; key "name";
description description
"This list describes a collection of syslog message "This list describes a collection of syslog message
signers."; signers.";
leaf name { leaf name {
type string; type string;
description description
"This leaf specifies the name of the syslog message "This leaf specifies the name of the syslog message
signer."; signer.";
} }
leaf certificate { leaf certificate {
type leafref { type leafref {
path "/ks:keystore/ks:keys/ks:key/ks:certificates" path "/ks:keystore/ks:keys/ks:key/ks:certificates"
+ "/ks:certificate/ks:name"; + "/ks:certificate/ks:name";
} }
description description
"A certificate to be used for signing syslog messages."; "This is the certificate that is periodically sent to the remote
receiver. Selection of the certificate also implicitly selects
the private key used to sign the syslog messages.";
} }
leaf cert-hash-function { leaf hash-algorithm {
type enumeration { type enumeration {
enum SHA1 { enum SHA1 {
value 1; value 1;
description description
"This enum describes the SHA1 algorithm."; "This enum describes the SHA1 algorithm.";
} }
enum SHA256 { enum SHA256 {
value 2; value 2;
description description
"This enum describes the SHA256 algorithm."; "This enum describes the SHA256 algorithm.";
} }
} }
description description
"This leaf describes the syslog signer hash "This leaf describes the syslog signer hash
algorithm used."; algorithm used.";
} }
} }
leaf cert-initial-repeat {
type uint32;
default 3;
description
"This leaf specifies the number of times each
Certificate Block should be sent before the first
message is sent.";
}
leaf cert-resend-delay {
type uint32;
units "seconds";
default 3600;
description
"This leaf specifies the maximum time delay in
seconds until resending the Certificate Block.";
}
leaf cert-resend-count {
type uint32;
default 0;
description
"This leaf specifies the maximum number of other
syslog messages to send until resending the
Certificate Block.";
}
leaf sig-max-delay {
type uint32;
units "seconds";
default 60;
description
"This leaf specifies when to generate a new
Signature Block. If this many seconds have
elapsed since the message with the first message
number of the Signature Block was sent, a new
Signature Block should be generated.";
}
leaf sig-number-resends {
type uint32;
default 0;
description
"This leaf specifies the number of times a
Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular
when the UDP transport [RFC5426] is used.).";
}
leaf sig-resend-delay {
type uint32;
units "seconds";
default 5;
description
"This leaf specifies when to send the next
Signature Block transmission based on time. If
this many seconds have elapsed since the previous
sending of this Signature Block, resend it.";
}
leaf sig-resend-count {
type uint32;
default 0;
description
"This leaf specifies when to send the next
Signature Block transmission based on a count.
If this many other syslog messages have been sent
since the previous sending of this Signature
Block, resend it. A value of 0 means that you
don't resend based on the number of messages.";
}
} }
leaf cert-initial-repeat {
type uint16;
mandatory true;
description
"This leaf specifies the number of times each
Certificate Block should be sent before the first
message is sent.";
}
leaf cert-resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies the maximum time delay in
seconds until resending the Certificate Block.";
}
leaf cert-resend-count {
type uint16;
mandatory true;
description
"This leaf specifies the maximum number of other
syslog messages to send until resending the
Certificate Block.";
}
leaf sig-max-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to generate a new
Signature Block. If this many seconds have
elapsed since the message with the first message
number of the Signature Block was sent, a new
Signature Block should be generated.";
}
leaf sig-number-resends {
type uint16;
mandatory true;
description
"This leaf specifies the number of times a
Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular
when the UDP transport [RFC5426] is used.).";
}
leaf sig-resend-delay {
type uint16;
units "seconds";
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on time. If
this many seconds have elapsed since the previous
sending of this Signature Block, resend it.";
}
leaf sig-resend-count {
type uint16;
mandatory true;
description
"This leaf specifies when to send the next
Signature Block transmission based on a count.
If this many other syslog messages have been sent
since the previous sending of this Signature
Block, resend it.";
}
} }
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 3. ietf-syslog Module Figure 3. ietf-syslog Module
5. Usage Examples 5. Usage Examples
Requirement: Requirement:
Enable console logging of syslogs of severity critical Enable console logging of syslogs of severity critical
Here is the example syslog configuration xml: Here is the example syslog configuration xml:
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog"> xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<console> <console>
<selector> <selector>
 End of changes. 14 change blocks. 
99 lines changed or deleted 102 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/