draft-ietf-netmod-syslog-model-15.txt   draft-ietf-netmod-syslog-model-16.txt 
NETMOD WG C. Wildes, Ed. NETMOD WG C. Wildes, Ed.
Internet-Draft Cisco Systems Inc. Internet-Draft Cisco Systems Inc.
Intended status: Standards Track K. Koushik, Ed. Intended status: Standards Track K. Koushik, Ed.
Expires: December 07, 2017 Verizon Wireless Expires: February 10, 2018 Verizon Wireless
June 07, 2017 August 11, 2017
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Configuration
draft-ietf-netmod-syslog-model-15 draft-ietf-netmod-syslog-model-16
Abstract Abstract
This document describes a data model for the configuration of syslog. This document defines a YANG data model for the configuration of a
syslog process. It is intended this model be used by vendors who
implement syslog in their systems.
Editorial Note (To be removed by RFC Editor)
This draft contains many placeholder values that need to be replaced
with finalized values at the time of publication. This note
summarizes all of the substitutions that are needed. No other RFC
Editor instructions are specified elsewhere in this document.
Artwork in this document contains shorthand references to drafts in
progress. Please apply the following replacements:
o "xxxx" --> the assigned RFC value for draft-ietf-netconf-keystore
o "yyyy" --> the assigned RFC value for draft-ietf-netconf-tls-
client-server
o "zzzz" --> the assigned RFC value for this draft
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 07, 2017. This Internet-Draft will expire on February 10, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (http://trustee.ietf.org/ Provisions Relating to IETF Documents (http://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
skipping to change at page 1, line 50 skipping to change at page 2, line 19
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 5 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . . 4
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 6
4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 7 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . . 8
4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 7 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . . 8
5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 23 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . . 24
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 25
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
8. Security Considerations . . . . . . . . . . . . . . . . . . . 25 8. Security Considerations . . . . . . . . . . . . . . . . . . . 26
8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 26 8.1. Resource Constraints . . . . . . . . . . . . . . . . . . . 27
8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 26 8.2. Inappropriate Configuration . . . . . . . . . . . . . . . 27
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27
9.1. Normative References . . . . . . . . . . . . . . . . . . . 26 9.1. Normative References . . . . . . . . . . . . . . . . . . . 27
9.2. Informative References . . . . . . . . . . . . . . . . . . 27 9.2. Informative References . . . . . . . . . . . . . . . . . . 28
Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 27 Appendix A. Implementor Guidelines . . . . . . . . . . . . . . . . 28
Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 27 Appendix A.1. Extending Facilities . . . . . . . . . . . . . . 28
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction 1. Introduction
Operating systems, processes and applications generate messages Operating systems, processes and applications generate messages
indicating their own status or the occurrence of events. These indicating their own status or the occurrence of events. These
messages are useful for managing and/or debugging the network and its messages are useful for managing and/or debugging the network and its
services. The BSD syslog protocol is a widely adopted protocol that services. The BSD syslog protocol is a widely adopted protocol that
is used for transmission and processing of the messages. is used for transmission and processing of the message.
Since each process, application and operating system was written Since each process, application and operating system was written
somewhat independently, there is little uniformity to the content of somewhat independently, there is little uniformity to the content of
syslog messages. For this reason, no assumption is made upon the syslog messages. For this reason, no assumption is made upon the
formatting or contents of the messages. The protocol is simply formatting or contents of the messages. The protocol is simply
designed to transport these event messages. No acknowledgement of designed to transport these event messages. No acknowledgement of
the receipt is made. the receipt is made.
Essentially, a syslog process receives messages (from the kernel, Essentially, a syslog process receives messages (from the kernel,
processes, applications or other syslog processes) and processes processes, applications or other syslog processes) and processes
those. The processing involves logging to a local file, displaying them. The processing may involve logging to a local file, and/or
on console, and/or relaying to syslog processes on other machines. displaying on console, and/or relaying to syslog processes on other
The processing is determined by the "facility" that originated the machines. The processing is determined by the "facility" that
message and the "severity" assigned to the message by the facility. originated the message and the "severity" assigned to the message by
the facility.
We are using definitions of syslog protocol from RFC5424 [RFC5424] in We are using definitions of syslog protocol from RFC5424 [RFC5424] in
this RFC. this RFC.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119]. document are to be interpreted as described in RFC2119 [RFC2119] and
RFC8174 [RFC8174].
1.2. Terminology 1.2. Terminology
The term "originator" is defined in [RFC5424]: an "originator" The term "originator" is defined in [RFC5424]: an "originator"
generates syslog content to be carried in a message. generates syslog content to be carried in a message.
The terms "relay" and "collectors" are as defined in [RFC5424]. The term "relay" is defined in [RFC5424]: a "relay" forwards
messages, accepting messages from originators or other relays and
sending them to collectors or other relays
The term "collectors" is defined in [RFC5424]: a "collector" gathers
syslog content for further analysis.
The term "action" refers to the processing that takes place for each
syslog message received.
1.3. Tree Diagrams
A simplified graphical representation of the data models is used in
this document. The meaning of the symbols in these diagrams is as
follows:
o Brackets "[" and "]" enclose list keys.
o Braces "{" and "}" enclose feature names, and indicate that the
named feature must be present for the subtree to be present.
o Abbreviations before data node names: "rw" means configuration
(read-write) and "ro" state data (read-only).
o Symbols after data node names: "?" means an optional node, "!"
means a presence container, and "*" denotes a list and leaf-list.
o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":").
o Ellipsis ("...") stands for contents of subtrees that are not
shown.
2. Problem Statement 2. Problem Statement
This document defines a YANG [RFC6020] configuration data model that This document defines a YANG [RFC7950] configuration data model that
may be used to configure the syslog feature running on a system. may be used to configure the syslog feature running on a system.
YANG models can be used with network management protocols such as YANG models can be used with network management protocols such as
NETCONF [RFC6241] to install, manipulate, and delete the NETCONF [RFC6241] to install, manipulate, and delete the
configuration of network devices. configuration of network devices.
The data model makes use of the YANG "feature" construct which allows The data model makes use of the YANG "feature" construct which allows
implementations to support only those syslog features that lie within implementations to support only those syslog features that lie within
their capabilities. their capabilities.
This module can be used to configure the syslog application This module can be used to configure the syslog application
skipping to change at page 3, line 33 skipping to change at page 4, line 33
3. Design of the Syslog Model 3. Design of the Syslog Model
The syslog model was designed by comparing various syslog features The syslog model was designed by comparing various syslog features
implemented by various vendors' in different implementations. implemented by various vendors' in different implementations.
This draft addresses the common leafs between implementations and This draft addresses the common leafs between implementations and
creates a common model, which can be augmented with proprietary creates a common model, which can be augmented with proprietary
features, if necessary. This model is designed to be very simple for features, if necessary. This model is designed to be very simple for
maximum flexibility. maximum flexibility.
Optional features are used to specify functionality that is present Some optional features are defined in this document to specify
in specific vendor configurations. functionality that is present in specific vendor configurations.
Syslog consists of originators, and collectors. The following
diagram shows syslog messages flowing from an originator, to
collectors where filtering can take place.
Many vendors extend the list of facilities available for logging in Syslog consists of originators and collectors. The following diagram
their implementation. An example is included in Extending Facilities shows syslog messages flowing from an originator, to collectors where
(Appendix A.1). filtering can take place.
Originators Originators
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| Various | | OS | | | | Remote | | Various | | OS | | | | Remote |
| Components | | Kernel | | Line Cards | | Servers | | Components | | Kernel | | Line Cards | | Servers |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| SNMP | | Interface | | Standby | | Syslog | | SNMP | | Interface | | Standby | | Syslog |
| Events | | Events | | Supervisor | | Itself | | Events | | Events | | Supervisor | | Itself |
skipping to change at page 4, line 33 skipping to change at page 5, line 33
| | | | | |
v v v v v v
Collectors Collectors
+----------+ +----------+ +----------------+ +----------+ +----------+ +----------------+
| | | Log | |Remote Relay(s)/| | | | Log | |Remote Relay(s)/|
| Console | | File(s) | |Collector(s) | | Console | | File(s) | |Collector(s) |
+----------+ +----------+ +----------------+ +----------+ +----------+ +----------------+
Figure 1. Syslog Processing Flow Figure 1. Syslog Processing Flow
The leaves in the syslog model "actions" container correspond to each Collectors are configured using the leaves in the syslog model
message collector: "actions" container which correspond to each message collector:
console console
log file(s) log file(s)
remote relay(s)/collector(s) remote relay(s)/collector(s)
Within each action, a selector is used to filter syslog messages. A Within each action, a selector is used to filter syslog messages. A
selector consists of a list of one or more facility-severity matches, selector consists of a list of one or more facility-severity matches,
and, if supported via the select-match feature, an optional regular and, if supported via the select-match feature, an optional regular
expression pattern match that is performed on the SYSLOG-MSG expression pattern match that is performed on the SYSLOG-MSG
[RFC5424] field. [RFC5424] field.
skipping to change at page 5, line 16 skipping to change at page 6, line 16
None is a special case that can be used to disable a filter. When None is a special case that can be used to disable a filter. When
filtering severity, the default comparison is that messages of the filtering severity, the default comparison is that messages of the
specified severity and higher are selected to be logged. This is specified severity and higher are selected to be logged. This is
shown in the model as "default equals-or-higher". This behavior can shown in the model as "default equals-or-higher". This behavior can
be altered if the select-adv-compare feature is enabled to specify a be altered if the select-adv-compare feature is enabled to specify a
compare operation and an action. Compare operations are: "equals" to compare operation and an action. Compare operations are: "equals" to
select messages with this single severity, or "equals-or-higher" to select messages with this single severity, or "equals-or-higher" to
select messages of the specified severity and higher. Actions are select messages of the specified severity and higher. Actions are
used to log the message or block the message from being logged. used to log the message or block the message from being logged.
Many vendors extend the list of facilities available for logging in
their implementation. An example is included in Extending Facilities
(Appendix A.1).
3.1. Syslog Module 3.1. Syslog Module
A simplified graphical representation of the data model is used in A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these diagrams is this document. Please see Section 1.3 for tree diagram notation.
defined in [RFC6087].
module: ietf-syslog module: ietf-syslog
+--rw syslog! +--rw syslog!
+--rw actions +--rw actions
+--rw console! {console-action}? +--rw console! {console-action}?
| +--rw facility-filter | +--rw facility-filter
| +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity]
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? enumeration | | +--rw action? enumeration
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw file {file-action}? +--rw file {file-action}?
| +--rw log-file* [name] | +--rw log-file* [name]
| +--rw name inet:uri | +--rw name inet:uri
| +--rw facility-filter | +--rw facility-filter
| | +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity]
| | | +--rw facility union | | +--rw facility union
| | | +--rw severity union | | +--rw severity union
| | | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | | +--rw compare? enumeration | | +--rw compare? enumeration
| | | +--rw action? enumeration | | +--rw action? enumeration
| | +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}? | +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation | +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}? | +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint32 {file-limit-size}? | +--rw max-file-size? uint32 {file-limit-size}?
| +--rw rollover? uint32 {file-limit-duration}? | +--rw rollover? uint32 {file-limit-duration}?
| +--rw retention? uint32 {file-limit-duration}? | +--rw retention? uint32 {file-limit-duration}?
+--rw remote {remote-action}? +--rw remote {remote-action}?
+--rw destination* [name] +--rw destination* [name]
+--rw name string +--rw name string
+--rw (transport) +--rw (transport)
| +--:(tcp) | +--:(tcp)
| | +--rw tcp | | +--rw tcp
| | +--rw address? inet:host | | +--rw address? inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--:(udp) | +--:(udp)
| | +--rw udp | | +--rw udp
| | +--rw address? inet:host | | +--rw address? inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--:(tls) | +--:(tls)
| +--rw tls | +--rw tls
| +--rw server-auth | +--rw server-auth
| | +--rw trusted-ca-certs? -> /ks:keystore/trusted-certificates/name | | +--rw trusted-ca-certs? -> /ks:keystore/trusted-certificates/name
| | +--rw trusted-server-certs? -> /ks:keystore/trusted-certificates/name | | +--rw trusted-server-certs? -> /ks:keystore/trusted-certificates/name
| +--rw client-auth | +--rw client-auth
| | +--rw (auth-type)? | | +--rw (auth-type)?
| | +--:(certificate) | | +--:(certificate)
| | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name | | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
| +--rw hello-params {tls-client-hello-params-config}? | +--rw hello-params {tls-client-hello-params-config}?
| | +--rw tls-versions | | +--rw tls-versions
| | | +--rw tls-version* identityref | | | +--rw tls-version* identityref
| | +--rw cipher-suites | | +--rw cipher-suites
| | +--rw cipher-suite* identityref | | +--rw cipher-suite* identityref
| +--rw port? inet:port-number | +--rw address? inet:host
+--rw facility-filter | +--rw port? inet:port-number
| +--rw facility-list* [facility severity] +--rw facility-filter
| | +--rw facility union | +--rw facility-list* [facility severity]
| | +--rw severity union | +--rw facility union
| | +--rw advanced-compare {select-adv-compare}? | +--rw severity union
| | +--rw compare? enumeration | +--rw advanced-compare {select-adv-compare}?
| | +--rw action? enumeration | +--rw compare? enumeration
| +--rw pattern-match? string {select-match}? | +--rw action? enumeration
+--rw structured-data? boolean {structured-data}? +--rw pattern-match? string {select-match}?
+--rw facility-override? identityref +--rw structured-data? boolean {structured-data}?
+--rw source-interface? if:interface-ref {remote-source-interface}? +--rw facility-override? identityref
+--rw signing-options! {signed-messages}? +--rw source-interface? if:interface-ref {remote-source-interface}?
+--rw cert-signers +--rw signing-options! {signed-messages}?
+--rw cert-signer* [name] +--rw cert-signers
| +--rw name string +--rw cert-signer* [name]
| +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name | +--rw name string
| +--rw hash-algorithm? enumeration | +--rw certificate? -> /ks:keystore/keys/key/certificates/certificate/name
+--rw cert-initial-repeat? uint32 | +--rw hash-algorithm? enumeration
+--rw cert-resend-delay? uint32 +--rw cert-initial-repeat? uint32
+--rw cert-resend-count? uint32 +--rw cert-resend-delay? uint32
+--rw sig-max-delay? uint32 +--rw cert-resend-count? uint32
+--rw sig-number-resends? uint32 +--rw sig-max-delay? uint32
+--rw sig-resend-delay? uint32 +--rw sig-number-resends? uint32
+--rw sig-resend-count? uint32 +--rw sig-resend-delay? uint32
+--rw sig-resend-count? uint32
Figure 2. ietf-syslog Module Tree Figure 2. ietf-syslog Module Tree
4. Syslog YANG Module 4. Syslog YANG Module
4.1. The ietf-syslog Module 4.1. The ietf-syslog Module
This module imports typedefs from [RFC6021], [RFC7223], [RFC draft This module imports typedefs from [RFC6021], [RFC7223], groupings
ietf-tls-client], and [RFC draft ietf-keystore], and it references from [RFC yyyy], and [RFC xxxx], and it references [RFC5424],
[RFC5424], [RFC5425], [RFC5426], [RFC6587], and [RFC5848]. [RFC5425], [RFC5426], [RFC6587], and [RFC5848].
<CODE BEGINS> file "ietf-syslog.yang" <CODE BEGINS> file "ietf-syslog.yang"
module ietf-syslog { module ietf-syslog {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog; prefix syslog;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference
"RFC 6991: INET Types Model";
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
reference
"RFC 7223: Interfaces Model";
} }
import ietf-tls-client { import ietf-tls-client {
prefix tlsc; prefix tlsc;
reference
"RFC xxxx: Keystore Model";
} }
import ietf-keystore { import ietf-keystore {
prefix ks; prefix ks;
reference
"RFC yyyy: TLS Client and Server Models";
} }
organization "IETF NETMOD (NETCONF Data Modeling Language) organization "IETF
Working Group"; NETMOD (Network Modeling) Working Group";
contact contact
"WG Web: <http://tools.ietf.org/wg/netmod/> "WG Web: <http://tools.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
Editor: Kiran Agrahara Sreenivasa Editor: Kiran Agrahara Sreenivasa
<mailto:kirankoushik.agraharasreenivasa@verizonwireless.com> <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com>
Editor: Clyde Wildes Editor: Clyde Wildes
<mailto:cwildes@cisco.com>"; <mailto:cwildes@cisco.com>";
description description
skipping to change at page 8, line 56 skipping to change at page 10, line 13
the license terms contained in, the Simplified BSD License set the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
'OPTIONAL' in the module text are to be interpreted as described 'OPTIONAL' in the module text are to be interpreted as described
in RFC 2119 (http://tools.ietf.org/html/rfc2119). in RFC 2119 (http://tools.ietf.org/html/rfc2119).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC zzzz
(http://tools.ietf.org/html/rfcXXXX); see the RFC itself for (http://tools.ietf.org/html/rfczzzz); see the RFC itself for
full legal notices."; full legal notices.";
reference reference
"RFC 5424: The Syslog Protocol "RFC 5424: The Syslog Protocol
RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog
RFC 5426: Transmission of Syslog Messages over UDP RFC 5426: Transmission of Syslog Messages over UDP
RFC 6587: Transmission of Syslog Messages over TCP
RFC 5848: Signed Syslog Messages RFC 5848: Signed Syslog Messages
RFC 6587: Transmission of Syslog Messages over TCP
RFC 6991: Common YANG Data Types
RFC 7223: YANG Interface Management
RFC xxxx: Keystore Management RFC xxxx: Keystore Management
RFC xxxx: Transport Layer Security (TLS) Client"; RFC yyyy: Transport Layer Security (TLS) Client";
revision 2017-06-07 { revision 2017-06-07 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC XXXX: Syslog YANG Model"; "RFC XXXX: Syslog YANG Model";
} }
feature console-action { feature console-action {
description description
skipping to change at page 15, line 45 skipping to change at page 17, line 4
type enumeration { type enumeration {
enum log { enum log {
description description
"This enum specifies that if the compare operation is true "This enum specifies that if the compare operation is true
the message will be logged."; the message will be logged.";
} }
enum block { enum block {
description description
"This enum specifies that if the compare operation is true "This enum specifies that if the compare operation is true
the message will not be logged."; the message will not be logged.";
} }
} }
default log; default log;
description description
"The action can be used to spectify if the message should be "The action can be used to spectify if the message should be
logged or blocked based on the outcome of the compare operation."; logged or blocked based on the outcome of the compare operation.";
} }
description description
"This leaf describes additional severity compare operations that can "This container describes additional severity compare operations that can
be used in place of the default severity comparison. The compare leaf be used in place of the default severity comparison. The compare leaf
specifies the type of the compare that is done and the action leaf specifies the type of the compare that is done and the action leaf
specifies the intended result. Example: compare->equals and action-> specifies the intended result. Example: compare->equals and action->
no-match means messages that have a severity that is not equal to the no-match means messages that have a severity that is not equal to the
specified severity will be logged."; specified severity will be logged.";
} }
} }
grouping selector { grouping selector {
description description
skipping to change at page 16, line 44 skipping to change at page 17, line 58
"This enum describes the case where all "This enum describes the case where all
facilities are requested."; facilities are requested.";
} }
} }
} }
description description
"The leaf uniquely identifies a syslog facility."; "The leaf uniquely identifies a syslog facility.";
} }
uses severity-filter; uses severity-filter;
} }
leaf pattern-match { }
if-feature select-match; leaf pattern-match {
type string; if-feature select-match;
description type string;
"This leaf describes a Posix 1003.2 regular expression description
string that can be used to select a syslog message for "This leaf describes a Posix 1003.2 regular expression
logging. The match is performed on the RFC 5424 string that can be used to select a syslog message for
SYSLOG-MSG field."; logging. The match is performed on the RFC 5424
} SYSLOG-MSG field.";
} }
} }
grouping structured-data { grouping structured-data {
description description
"This grouping defines the syslog structured data option "This grouping defines the syslog structured data option
which is used to select the format used to write log which is used to select the format used to write log
messages."; messages.";
leaf structured-data { leaf structured-data {
if-feature structured-data; if-feature structured-data;
skipping to change at page 20, line 16 skipping to change at page 21, line 28
} }
} }
case tls { case tls {
container tls { container tls {
description description
"This container describes the TLS transport options."; "This container describes the TLS transport options.";
reference reference
"RFC 5425: Transport Layer Security (TLS) Transport "RFC 5425: Transport Layer Security (TLS) Transport
Mapping for Syslog "; Mapping for Syslog ";
uses tlsc:tls-client-grouping; uses tlsc:tls-client-grouping;
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of
the remote host. One of the following must be
specified: an ipv4 address, an ipv6 address,
or a host name.";
}
leaf port { leaf port {
type inet:port-number; type inet:port-number;
default 6514; default 6514;
description description
"TCP port 6514 has been allocated as the default "TCP port 6514 has been allocated as the default
port for syslog over TLS."; port for syslog over TLS.";
} }
} }
} }
} }
skipping to change at page 24, line 13 skipping to change at page 25, line 13
5. Usage Examples 5. Usage Examples
Requirement: Requirement:
Enable console logging of syslogs of severity critical Enable console logging of syslogs of severity critical
Here is the example syslog configuration xml: Here is the example syslog configuration xml:
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog"> xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<console> <console>
<selector> <facility-filter>
<facility-list> <facility-list>
<facility>all</facility> <facility>all</facility>
<severity>critical</severity> <severity>critical</severity>
</facility-list> </facility-list>
</selector> </facility-filter>
</console> </console>
</actions> </actions>
</syslog> </syslog>
</config> </config>
Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1 Enable remote logging of syslogs to udp destination 2001:db8:a0b:12f0::1
for facility auth, severity error for facility auth, severity error
<config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0"> <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog" <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"
xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog"> xmlns:syslog="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<remote> <remote>
<destination> <destination>
<name>remote1</name> <name>remote1</name>
<udp> <udp>
<address>2001:db8:a0b:12f0::1</address> <address>2001:db8:a0b:12f0::1</address>
</udp> </udp>
<selector> <facility-filter>
<facility-list> <facility-list>
<facility>auth</facility> <facility>auth</facility>
<severity>error</severity> <severity>error</severity>
</facility-list> </facility-list>
</selector> </facility-filter>
</destination> </destination>
</remote> </remote>
</actions> </actions>
</syslog> </syslog>
</config> </config>
Figure 4. ietf-syslog Examples Figure 4. ietf-syslog Examples
6. Acknowledgements 6. Acknowledgements
skipping to change at page 25, line 40 skipping to change at page 26, line 40
Following the format in RFC 3688, the following registration is Following the format in RFC 3688, the following registration is
requested to be made: requested to be made:
URI: urn:ietf:params:xml:ns:yang:ietf-syslog URI: urn:ietf:params:xml:ns:yang:ietf-syslog
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A, the requested URI is an XML namespace. XML: N/A, the requested URI is an XML namespace.
This document registers a YANG module in the YANG Module Names This document registers a YANG module in the YANG Module Names
registry [RFC6020]. registry [RFC7950].
name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog name: ietf-syslog namespace: urn:ietf:params:xml:ns:yang:ietf-syslog
prefix: ietf-syslog prefix: ietf-syslog
reference: RFC XXXX reference: RFC zzzz
8. Security Considerations 8. Security Considerations
The YANG module defined in this memo is designed to be accessed via The YANG module defined in this document is designed to be accessed
the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the via YANG based management protocols, such as NETCONF [RFC6241] and
secure transport layer and the mandatory-to-implement secure RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
transport is SSH [RFC6242]. The NETCONF access control model implement secure transport layers (e.g., SSH, TLS) with mutual
[RFC6536] provides the means to restrict access for particular authentication.
NETCONF users to a pre-configured subset of all available NETCONF
protocol operations and content.
There are a number of data nodes defined in the YANG module which are The NETCONF access control model (NACM) [RFC6536] provides the means
to restrict access for particular users to a pre-configured subset of
all available protocol operations and content.
There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes may be considered sensitive or vulnerable default). These data nodes may be considered sensitive or vulnerable
in some network environments. Write operations (e.g., <edit-config>) in some network environments. Write operations (e.g., edit-config)
to these data nodes without proper protection can have a negative to these data nodes without proper protection can have a negative
effect on network operations. effect on network operations.
8.1. Resource Constraints 8.1. Resource Constraints
Network administrators must take the time to estimate the appropriate It is the responsibility of the network administrator to ensure that
memory limits caused by the configuration of actions/buffer using the configured message flow does not overwhelm system resources.
buffer-limit-bytes and/or buffer-limit-messages where necessary to
limit the amount of memory used.
Network administrators must take the time to estimate the appropriate Network administrators must take the time to estimate the appropriate
storage capacity caused by the configuration of actions/file using storage capacity caused by the configuration of actions/file using
file-archive attributes to limit storage used. file-archive attributes to limit storage used.
It is the responsibility of the network administrator to ensure that
the configured message flow does not overwhelm system resources.
8.2. Inappropriate Configuration 8.2. Inappropriate Configuration
It is the responsibility of the network administrator to ensure that It is the responsibility of the network administrator to ensure that
the messages are actually going to the intended recipients. the messages are actually going to the intended recipients.
9. References 9. References
9.1. Normative References 9.1. Normative References
[IEEE.1003.1_2013_EDITION]
IEEE, "Standard for Information TechnologyPortable
Operating System Interface (POSIX(R)) Base Specifications,
Issue 7", IEEE 1003.1, 2013 Edition, DOI 10.1109/
ieeestd.2013.6506091, April 2013, <http://
ieeexplore.ieee.org/servlet/opac?punumber=6506089>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, <http://www.rfc-editor.org/info/ RFC2119, March 1997, <http://www.rfc-editor.org/info/
rfc2119>. rfc2119>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI
10.17487/RFC5424, March 2009, <http://www.rfc-editor.org/ 10.17487/RFC5424, March 2009, <http://www.rfc-editor.org/
info/rfc5424>. info/rfc5424>.
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
RFC 5426, DOI 10.17487/RFC5426, March 2009, <http://www RFC 5426, DOI 10.17487/RFC5426, March 2009, <http://www
.rfc-editor.org/info/rfc5426>. .rfc-editor.org/info/rfc5426>.
[RFC5848] Kelsey, J., Callas, J. and A. Clemm, "Signed Syslog [RFC5848] Kelsey, J., Callas, J. and A. Clemm, "Signed Syslog
Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010,
<http://www.rfc-editor.org/info/rfc5848>. <http://www.rfc-editor.org/info/rfc5848>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, <http://www.rfc-
editor.org/info/rfc6020>.
[RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC [RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types", RFC
6021, DOI 10.17487/RFC6021, October 2010, <http://www.rfc- 6021, DOI 10.17487/RFC6021, October 2010, <http://www.rfc-
editor.org/info/rfc6021>. editor.org/info/rfc6021>.
[RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog [RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog
Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April
2012, <http://www.rfc-editor.org/info/rfc6587>. 2012, <http://www.rfc-editor.org/info/rfc6587>.
[RFC7223] Bjorklund, M., "A YANG Data Model for Interface [RFC7223] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 7223, DOI 10.17487/RFC7223, May 2014, Management", RFC 7223, DOI 10.17487/RFC7223, May 2014,
<http://www.rfc-editor.org/info/rfc7223>. <http://www.rfc-editor.org/info/rfc7223>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, <http://www
.rfc-editor.org/info/rfc7950>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <http://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, <http://www.rfc- DOI 10.17487/RFC3688, January 2004, <http://www.rfc-
editor.org/info/rfc3688>. editor.org/info/rfc3688>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J.Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J.Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<http://www.rfc-editor.org/info/rfc6241>. <http://www.rfc-editor.org/info/rfc6241>.
skipping to change at page 28, line 24 skipping to change at page 29, line 24
contact contact
"Example, Inc. "Example, Inc.
Customer Service Customer Service
E-mail: syslog-yang@example.com"; E-mail: syslog-yang@example.com";
description description
"This module contains a collection of vendor-specific YANG type "This module contains a collection of vendor-specific YANG type
definitions for SYSLOG."; definitions for SYSLOG.";
revision 2017-03-13 { revision 2017-08-11 {
description description
"Version 1.0"; "Version 1.0";
reference reference
"Vendor SYSLOG Types: SYSLOG YANG Model"; "Vendor SYSLOG Types: SYSLOG YANG Model";
} }
identity vendor_specific_type_1 { identity vendor_specific_type_1 {
base syslogtypes:syslog-facility; base syslogtypes:syslog-facility;
} }
 End of changes. 47 change blocks. 
173 lines changed or deleted 253 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/