draft-ietf-netmod-syslog-model-22.txt   draft-ietf-netmod-syslog-model-23.txt 
NETMOD WG C. Wildes, Ed. NETMOD WG C. Wildes, Ed.
Internet-Draft Cisco Systems Inc. Internet-Draft Cisco Systems Inc.
Intended status: Standards Track K. Koushik, Ed. Intended status: Standards Track K. Koushik, Ed.
Expires: August 25, 2018 Verizon Wireless Expires: September 2, 2018 Verizon Wireless
February 21, 2018 March 01, 2018
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Configuration
draft-ietf-netmod-syslog-model-22 draft-ietf-netmod-syslog-model-23
Abstract Abstract
This document defines a YANG data model for the configuration of a This document defines a YANG data model for the configuration of a
syslog process. It is intended this model be used by vendors who syslog process. It is intended this model be used by vendors who
implement syslog in their systems. implement syslog in their systems.
The YANG model in this document conforms to the Network Management The YANG model in this document conforms to the Network Management
Datastore Architecture defined in [draft-ietf-netmod-revised- Datastore Architecture defined in [draft-ietf-netmod-revised-
datastores]. datastores].
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 25, 2018. This Internet-Draft will expire on September 2, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. NDMA Compliance . . . . . . . . . . . . . . . . . . . . . 3 1.3. NDMA Compliance . . . . . . . . . . . . . . . . . . . . . 3
1.4. Editorial Note (To be removed by RFC) Editor) . . . . . . 3 1.4. Editorial Note (To be removed by RFC Editor) . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 4 3. Design of the Syslog Model . . . . . . . . . . . . . . . . . 4
3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Syslog Module . . . . . . . . . . . . . . . . . . . . . . 6
4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . 8 4. Syslog YANG Module . . . . . . . . . . . . . . . . . . . . . 8
4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . 8 4.1. The ietf-syslog Module . . . . . . . . . . . . . . . . . 8
5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 27 5. Usage Examples . . . . . . . . . . . . . . . . . . . . . . . 27
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 27
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 28 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 28
7.2. The YANG Module Names Registry . . . . . . . . . . . . . 28 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 28
skipping to change at page 3, line 40 skipping to change at page 3, line 40
The term "action" refers to the processing that takes place for each The term "action" refers to the processing that takes place for each
syslog message received. syslog message received.
1.3. NDMA Compliance 1.3. NDMA Compliance
The YANG model in this document conforms to the Network Management The YANG model in this document conforms to the Network Management
Datastore Architecture defined in I-D.ietf-netmod-revised-datastores Datastore Architecture defined in I-D.ietf-netmod-revised-datastores
[I-D.ietf-netmod-revised-datastores]. [I-D.ietf-netmod-revised-datastores].
1.4. Editorial Note (To be removed by RFC) Editor) 1.4. Editorial Note (To be removed by RFC Editor)
This document contains many placeholder values that need to be This document contains many placeholder values that need to be
replaced with finalized values at the time of publication. This note replaced with finalized values at the time of publication. This note
summarizes all of the substitutions that are needed. No other RFC summarizes all of the substitutions that are needed. No other RFC
Editor instructions are specified elsewhere in this document. Editor instructions are specified elsewhere in this document.
Artwork in this document contains shorthand references to drafts in Artwork in this document contains shorthand references to drafts in
progress. Please apply the following replacements: progress. Please apply the following replacements:
o "I-D.ietf-netconf-keystore" --> the assigned RFC value for draft- o "I-D.ietf-netconf-keystore" --> the assigned RFC value for draft-
ietf-netconf-keystore ietf-netconf-keystore
o "I-D.ietf-netconf-tls-client-server" --> the assigned RFC value o "I-D.ietf-netconf-tls-client-server" --> the assigned RFC value
for draft-ietf-netconf-tls-client-server for draft-ietf-netconf-tls-client-server
o "zzzz" --> the assigned RFC value for this draft o "zzzz" --> the assigned RFC value for this draft
o draft-ietf-netmod-revised-datastores --> the assigned RFC value o I-D.ietf-netmod-revised-datastores --> the assigned RFC value for
for I-D.ietf-netmod-revised-datastores draft-ietf-netmod-revised-datastores
2. Problem Statement 2. Problem Statement
This document defines a YANG [RFC7950] configuration data model that This document defines a YANG [RFC7950] configuration data model that
may be used to configure the syslog feature running on a system. may be used to configure the syslog feature running on a system.
YANG models can be used with network management protocols such as YANG models can be used with network management protocols such as
NETCONF [RFC6241] to install, manipulate, and delete the NETCONF [RFC6241] to install, manipulate, and delete the
configuration of network devices. configuration of network devices.
The data model makes use of the YANG "feature" construct which allows The data model makes use of the YANG "feature" construct which allows
skipping to change at page 8, line 51 skipping to change at page 8, line 51
4. Syslog YANG Module 4. Syslog YANG Module
4.1. The ietf-syslog Module 4.1. The ietf-syslog Module
This module imports typedefs from [RFC7223], groupings from This module imports typedefs from [RFC7223], groupings from
[I-D.ietf-netconf-keystore], and [I-D.ietf-netconf-keystore], and
[I-D.ietf-netconf-tls-client-server], and it references [RFC5424], [I-D.ietf-netconf-tls-client-server], and it references [RFC5424],
[RFC5425], [RFC5426], and [RFC5848] and [Std-1003.1-2008]. [RFC5425], [RFC5426], and [RFC5848] and [Std-1003.1-2008].
<CODE BEGINS> file "ietf-syslog@2018-02-21.yang" <CODE BEGINS> file "ietf-syslog@2018-03-01.yang"
module ietf-syslog { module ietf-syslog {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog; prefix syslog;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference reference
"RFC 6991: INET Types Model"; "RFC 6991: INET Types Model";
skipping to change at page 10, line 24 skipping to change at page 10, line 24
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
'OPTIONAL' in the module text are to be interpreted as 'OPTIONAL' in the module text are to be interpreted as
described in RFC 2119 (http://tools.ietf.org/html/rfc2119). described in RFC 2119 (http://tools.ietf.org/html/rfc2119).
This version of this YANG module is part of RFC zzzz This version of this YANG module is part of RFC zzzz
(http://tools.ietf.org/html/rfczzzz); see the RFC itself for (http://tools.ietf.org/html/rfczzzz); see the RFC itself for
full legal notices."; full legal notices.";
revision 2018-02-21 { revision 2018-03-01 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC zzzz: Syslog YANG Model"; "RFC zzzz: Syslog YANG Model";
} }
feature console-action { feature console-action {
description description
"This feature indicates that the local console action is "This feature indicates that the local console action is
supported."; supported.";
skipping to change at page 27, line 10 skipping to change at page 27, line 10
} }
<CODE ENDS> <CODE ENDS>
Figure 3. ietf-syslog Module Figure 3. ietf-syslog Module
5. Usage Examples 5. Usage Examples
Requirement: Requirement:
Enable console logging of syslogs of severity critical Enable console logging of syslogs of severity critical
Here is the example syslog configuration xml:
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<console> <console>
<facility-filter> <facility-filter>
<facility-list> <facility-list>
<facility>all</facility> <facility>all</facility>
<severity>critical</severity> <severity>critical</severity>
</facility-list> </facility-list>
</facility-filter> </facility-filter>
</console> </console>
</actions> </actions>
</syslog> </syslog>
Enable remote logging of syslogs to udp destination Enable remote logging of syslogs to udp destination
2001:db8:a0b:12f0::1 for facility auth, severity error foo.example.com for facility auth, severity error
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<remote> <remote>
<destination> <destination>
<name>remote1</name> <name>remote1</name>
<udp> <udp>
<address>2001:db8:a0b:12f0::1</address> <address>foo.example.com</address>
</udp> </udp>
<facility-filter> <facility-filter>
<facility-list> <facility-list>
<facility>auth</facility> <facility>auth</facility>
<severity>error</severity> <severity>error</severity>
</facility-list> </facility-list>
</facility-filter> </facility-filter>
</destination> </destination>
</remote> </remote>
</actions> </actions>
skipping to change at page 28, line 43 skipping to change at page 28, line 43
reference: RFC zzzz reference: RFC zzzz
8. Security Considerations 8. Security Considerations
The YANG module defined in this document is designed to be accessed The YANG module defined in this document is designed to be accessed
via YANG based management protocols, such as NETCONF [RFC6241] and via YANG based management protocols, such as NETCONF [RFC6241] and
RESTCONF [RFC8040]. Both of these protocols have mandatory-to- RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
implement secure transport layers (e.g., SSH, TLS) with mutual implement secure transport layers (e.g., SSH, TLS) with mutual
authentication. authentication.
The NETCONF access control model (NACM) [RFC6536] provides the means The NETCONF access control model (NACM) [RFC6536] provides the means
to restrict access for particular users to a pre-configured subset of to restrict access for particular users to a pre-configured subset of
all available protocol operations and content. all available protocol operations and content.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., config true, which is the
default). These data nodes should be considered sensitive or default). These data nodes should be considered sensitive or
vulnerable in all network environments. Write operations (e.g., vulnerable in all network environments. Write operations (e.g.,
edit-config) to these data nodes without proper protection can have a edit-config) to these data nodes without proper protection can have a
negative effect on network operations and on network security. negative effect on network operations and on network security.
 End of changes. 12 change blocks. 
14 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/