Internet DRAFT - draft-tsuno-syslog-mib
draft-tsuno-syslog-mib
Network Working Group H. Tsunoda
Internet-Draft Tohoku Institute of Technology
Intended status: Standards Track G. Keeni
Expires: April 21, 2018 Cyber Solutions Inc.
October 18, 2017
Syslog Management Information Base
draft-tsuno-syslog-mib-05.txt
Abstract
This memo defines a portion of the Management Information Base (MIB),
the SYSLOG-MIB, for use with network management protocols in the
Internet community. In particular, the SYSLOG-MIB will be used to
monitor and control syslog applications.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Tsunoda & Keeni Expires April 21, 2018 [Page 1]
�
Internet-Draft syslogMIB October 2017
Table of Contents
1. The Internet-Standard Management Framework . . . . . . . . . 2
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Managing syslog . . . . . . . . . . . . . . . . . . . . . . . 3
4. The MIB Design . . . . . . . . . . . . . . . . . . . . . . . 4
5. The Syslog MIB . . . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37
9. APPENDIX . . . . . . . . . . . . . . . . . . . . . . . . . . 37
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38
10.1. Normative References . . . . . . . . . . . . . . . . . . 38
10.2. Informative References . . . . . . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[RFC2119].
2. Background
Operating systems, processes and applications, collectively termed
"facilities" in the following, generate messages indicating their own
status or the occurrence of events. These messages are handled by
what has come to be known as the syslog application [RFC5424]. A
syslog application sends and/or receives syslog messages. The reader
is referred to [RFC5424] for a description of the various roles of a
syslog application viz. "sender", "receiver" and "relay". The
discussion in this document, in general, applies to a generic syslog
Tsunoda & Keeni Expires April 21, 2018 [Page 2]
�
Internet-Draft syslogMIB October 2017
application. For special cases the specific role of the syslog
application will be mentioned.
This document defines a set of managed objects (MOs) that can be used
to monitor a group of syslog applications.
The SYSLOG-MIB can be used in conjunction with other MIB modules - in
particular the Host Resources MIB [RFC2790]. The generic process
related matters e.g. control and monitoring for status, resource
usage etc. can be serviced by the corresponding entries in the Host
Resources MIB.
+------+
Syslog message ----->| App1 |
+------+
+------+
Syslog message ----->| App2 |------> Syslog message
+------+
+------+
| App3 |------> Syslog message
+------+
App1: Syslog collector (syslog receiver)
App2: Syslog relay (syslog receiver, syslog sender)
App3: Syslog originator (syslog sender)
Figure 1: Syslog applications modeled by the SYSLOG-MIB
The syslog applications modeled by the SYSLOG-MIB are shown in Fig.1.
A syslog receiver receives syslog messages. A syslog sender sends
syslog messages to other syslog applications. A syslog relay
forwards some of the received syslog messages to other syslog
applications. A syslog receiver receives a syslog message and
processes it. The processing will depend on the internal
configuration and may involve relaying the message to one or more
syslog applications. Note that a syslog application may have
multiple roles. Multiple syslog applications may co-exist on the
same host.
3. Managing syslog
Log messages are expected to be collected, reliably and without
interruption. For this, the logging system itself needs to be
monitored and managed just like any other component of the ICT
infrastructure.
Tsunoda & Keeni Expires April 21, 2018 [Page 3]
�
Internet-Draft syslogMIB October 2017
The operational information of syslog applications will be a target
of syslog monitoring. Running status of related processes, resource
usages, and statistics of the number of processed log messages will
be monitored. The number of log messages delivered to each
destination on a target host will give administrators insight into
the operation of the syslog application.
Managing syslog will also involve viewing and maintaining the
configuration of the underlying syslog applications.
4. The MIB Design
The purpose of the SYSLOG-MIB is to allow the monitoring of a group
of syslog applications. This requires managed objects representing
the following elements.
o The configuration and status related details of each syslog
application.
o The statistics on syslog messages received, processed locally,
relayed by each syslog application.
The MIB contains three subtrees.
o The syslogNotifications subtree defines the set of notifications
that will be used to asynchronously report the change of status of
a syslog application.
o The syslogObjects subtree contains four subtrees.
1. The syslogControlTable subtree deals with the configuration
and control information for a syslog application.
2. The syslogOperationsTable subtree deals with operations and
statistical information about syslog messages sent and/or
received by a syslog application.
3. The syslogPriorityTable subtree deals with the relay
configuration parameters pertaining to a syslog application.
4. The syslogRelayTable deals with the information about the
destination of the relayed messages.
o The conformance subtree defines the compliance statements.
The SYSLOG-MIB module uses textual conventions defined in INET-
ADDRESS-MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411] and SYSLOG-TC-MIB
[RFC5427].
Tsunoda & Keeni Expires April 21, 2018 [Page 4]
�
Internet-Draft syslogMIB October 2017
5. The Syslog MIB
SYSLOG-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32, Counter32, Integer32, mib-2,
NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, StorageType,
TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC
InetAddressType, InetAddress, InetPortNumber
FROM INET-ADDRESS-MIB
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
SyslogFacility, SyslogSeverity
FROM SYSLOG-TC-MIB
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
syslogMIB MODULE-IDENTITY
LAST-UPDATED "201710171200Z" -- 17th October, 2017
ORGANIZATION "Cyber Solutions Inc. NetMan Working Group"
CONTACT-INFO
" Hiroshi Tsunoda
Tohoku Institute of Technology
35-1, Yagiyama Kasumi-cho
Taihaku-ku, Sendai, Japan 982-8577
Tel: +81-22-305-3411
E-mail: tsuno@m.ieice.org
Glenn Mansfield Keeni
Postal: Cyber Solutions Inc.
6-6-3, Minami Yoshinari
Aoba-ku, Sendai, Japan 989-3204.
Tel: +81-22-303-4012
Fax: +81-22-303-4015
E-mail: glenn@cysols.com
Support Group E-mail: mibsupport@cysols.com
"
DESCRIPTION
"The MIB module for monitoring syslog applications.
A syslog application sends and/or receives syslog messages.
Tsunoda & Keeni Expires April 21, 2018 [Page 5]
�
Internet-Draft syslogMIB October 2017
The reader is referred to [RFC5424] for a description of
the various roles of a syslog application viz. ''sender'',
''receiver'' and ''relay''. The discussion in this
document in general applies to a generic syslog application.
For special cases the specific role of the syslog
application will be mentioned.
Copyright (c) 2017 IETF Trust and the persons identified as
the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)
in effect on the date of publication of this document.
Please review these documents carefully, as they describe
your rights and restrictions with respect to this document.
"
REVISION "201710171200Z" -- 17th October, 2017
DESCRIPTION
"The initial version, published as RFC XXXX."
-- RFC Ed.: replace XXXX with the actual RFC number & remove this
-- note
::= { mib-2 YYYY } -- Will be assigned by IANA
-- IANA Reg.: Please assign a value for "YYYY" under the
-- 'mib-2' subtree and record the assignment in the SMI
-- Numbers registry.
-- RFC Ed.: When the above assignment has been made, please
-- remove the above note
-- replace "YYYY" here with the assigned value and
-- remove this note.
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
SyslogRoles ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the roles of a
syslog application. Note that a syslog application can
have multiple roles.
Tsunoda & Keeni Expires April 21, 2018 [Page 6]
�
Internet-Draft syslogMIB October 2017
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 3.
"
SYNTAX BITS
{
sender (0),
receiver (1),
relay (2)
}
SyslogEncapsulation ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the encapsulations
of the syslog message that is used between syslog
application endpoints.
"
REFERENCE
"Transmission of syslog messages over UDP [RFC5426],
TLS Transport Mapping for Syslog [RFC5425],
Reliable Delivery for syslog [RFC3195],
Datagram Transport Layer Security (DTLS) Transport
Mapping for Syslog [RFC6012].
"
SYNTAX INTEGER
{
other (1),
none (2), -- [RFC5426] (no encapsulation)
tls (3), -- [RFC5425]
beep (4), -- [RFC3195]
dtls (5) -- [RFC6012]
}
-- syslogMIB - the main groups
-- -------------------------------------------------------------
syslogNotifications OBJECT IDENTIFIER
::= { syslogMIB 0 }
syslogObjects OBJECT IDENTIFIER
::= { syslogMIB 1 }
syslogConformance OBJECT IDENTIFIER
::= { syslogMIB 2 }
-- -------------------------------------------------------------
Tsunoda & Keeni Expires April 21, 2018 [Page 7]
�
Internet-Draft syslogMIB October 2017
-- syslog application configuration info table
-- -------------------------------------------------------------
syslogControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogControlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing the configuration parameters
pertaining to the syslog applications serviced by an
SNMP agent.
"
::= { syslogObjects 1 }
syslogControlEntry OBJECT-TYPE
SYNTAX SyslogControlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The configuration parameters pertaining to a syslog
application.
"
INDEX { syslogControlIndex }
::= { syslogControlTable 1 }
SyslogControlEntry ::=
SEQUENCE {
syslogControlIndex
Unsigned32,
syslogControlDescr
SnmpAdminString,
syslogControlRoles
SyslogRoles,
syslogControlBindAddrType
InetAddressType,
syslogControlBindAddr
InetAddress,
syslogControlBindPort
InetPortNumber,
syslogControlEncapsulation
SyslogEncapsulation,
syslogControlMaxMessageSize
Unsigned32,
syslogControlConfFileName
SnmpAdminString,
syslogControlStorageType
StorageType,
syslogControlRowStatus
RowStatus
Tsunoda & Keeni Expires April 21, 2018 [Page 8]
�
Internet-Draft syslogMIB October 2017
}
syslogControlIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Index that uniquely identifies the syslog
application in the syslogControlTable.
The value of the index for a syslog application may
not be the same across system reboots. Users and
applications will need to determine the index of a
syslog application after system reboots.
"
::= { syslogControlEntry 1 }
syslogControlDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A user definable description of the syslog application.
This description could be used by syslog management
applications e.g. in reports or user interfaces.
"
::= { syslogControlEntry 2 }
syslogControlRoles OBJECT-TYPE
SYNTAX SyslogRoles
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The roles of the syslog application.
"
::= { syslogControlEntry 3 }
syslogControlBindAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogControlBindAddr.
If this syslog application is not a syslog receiver nor
a syslog relay, the value of this object will be
'unknown' (0).
Tsunoda & Keeni Expires April 21, 2018 [Page 9]
�
Internet-Draft syslogMIB October 2017
"
::= { syslogControlEntry 4 }
syslogControlBindAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specific address the syslog receiver will bind to.
The format of the address is specified by the
corresponding syslogControlBindAddrType object.
If the address is specified in the DNS domain name format
[syslogControlBindAddrType = 'dns'], the
corresponding IPv4 or IPv6 address obtained at the time
of the binding operation by the syslog application, will be
used.
If this syslog application is not a syslog receiver nor
a syslog relay, the value of this object will be a
zero-length string.
"
::= { syslogControlEntry 5 }
syslogControlBindPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The port number that this syslog receiver will bind to.
If this syslog application is not a syslog receiver nor
a syslog relay, the value of this object will be zero.
"
::= { syslogControlEntry 6 }
syslogControlEncapsulation OBJECT-TYPE
SYNTAX SyslogEncapsulation
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The encapsulation that will be used for syslog messages
by the syslog receiver.
If this syslog application is not a syslog receiver nor
a syslog relay, the value of this object will be ''other''.
"
::= { syslogControlEntry 7 }
syslogControlMaxMessageSize OBJECT-TYPE
Tsunoda & Keeni Expires April 21, 2018 [Page 10]
�
Internet-Draft syslogMIB October 2017
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The maximum size of the syslog messages in bytes
for this syslog application.
A syslog receiver may reject or truncate messages larger
than the specified maximum syslog message size.
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 6.1.
"
::= { syslogControlEntry 8 }
syslogControlConfFileName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The full path name of the configuration file where the
syslog application's message selection and corresponding
action rules will be read from.
If the syslog application does not support the specification
of a configuration file, the value of this object will
be a zero-length string.
"
DEFVAL { "/etc/syslog.conf" }
::= { syslogControlEntry 9 }
syslogControlStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile or permanent
storage.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
"
DEFVAL { nonVolatile }
::= { syslogControlEntry 11 }
syslogControlRowStatus OBJECT-TYPE
SYNTAX RowStatus
Tsunoda & Keeni Expires April 21, 2018 [Page 11]
�
Internet-Draft syslogMIB October 2017
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create, modify and delete rows in
the syslogControlTable.
The value of syslogControlDescr can be changed
when this object is in state ''active'' or in
''notInService''.
The other objects in a row can be modified only when the
value of this object in the corresponding conceptual row
is not ''active''. Thus to modify one or more of the
objects in this conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The syslogControlRowStatus may be changed to
''active'' if all the managed objects in the conceptual
row with MAX-ACCESS read-create except
syslogControlBindPort and
syslogControlEncapsulation have been assigned valid
values.
"
::= { syslogControlEntry 12 }
-- -------------------------------------------------------------
-- syslogOperations
-- -------------------------------------------------------------
syslogOperationsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogOperationsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing operations information about
the syslog applications serviced by an SNMP agent.
This table complements the (configuration) information
in syslogControlTable .
"
::= { syslogObjects 2 }
syslogOperationsEntry OBJECT-TYPE
SYNTAX SyslogOperationsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The operations information pertaining to a syslog
application.
"
AUGMENTS { syslogControlEntry }
Tsunoda & Keeni Expires April 21, 2018 [Page 12]
�
Internet-Draft syslogMIB October 2017
::= { syslogOperationsTable 1 }
SyslogOperationsEntry ::=
SEQUENCE {
syslogOperationsMsgsReceived
Counter32,
syslogOperationsMsgsTransmitted
Counter32,
syslogOperationsMsgsRelayed
Counter32,
syslogOperationsMsgsDropped
Counter32,
syslogOperationsMsgsMalFormed
Counter32,
syslogOperationsMsgsDiscarded
Counter32,
syslogOperationsLastMsgRecdTime
TimeStamp,
syslogOperationsLastMsgTransmittedTime
TimeStamp,
syslogOperationsStartTime
TimeStamp,
syslogOperationsLastError
SnmpAdminString,
syslogOperationsLastErrorTime
TimeStamp,
syslogOperationsRunIndex
Integer32,
syslogOperationsCounterDiscontinuityTime
TimeStamp,
syslogOperationsStatus
INTEGER
}
syslogOperationsMsgsReceived OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages received by the syslog
receiver. This includes messages that were discarded.
If this syslog application is not a syslog receiver,
the value of this object will be zero.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
Tsunoda & Keeni Expires April 21, 2018 [Page 13]
�
Internet-Draft syslogMIB October 2017
::= { syslogOperationsEntry 1 }
syslogOperationsMsgsTransmitted OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages transmitted by the syslog
sender. This does not include the messages that could
not be queued for transmission by the syslog sender.
If this syslog application is not a syslog sender,
the value of this object will be zero.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
::= { syslogOperationsEntry 2 }
syslogOperationsMsgsRelayed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages relayed by the syslog
relay to other syslog applications.
If this syslog application is not a syslog relay,
the value of this object will be zero.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 3.
"
::= { syslogOperationsEntry 3 }
syslogOperationsMsgsDropped OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that could not be queued
for transmission by the syslog sender.
If this syslog application is not a syslog sender,
the value of this object will be zero.
Discontinuities in the value of this counter can
Tsunoda & Keeni Expires April 21, 2018 [Page 14]
�
Internet-Draft syslogMIB October 2017
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
::= { syslogOperationsEntry 4 }
syslogOperationsMsgsMalFormed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages received by the syslog
receiver which had a malformed header.
If this syslog application is not a syslog receiver,
this object will have a zero value.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 6.3.
"
::= { syslogOperationsEntry 5 }
syslogOperationsMsgsDiscarded OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that were discarded by the
syslog receiver. This will include messages that
were discarded because the message size was greater
than the system's maximum message size.
If this syslog application is not a syslog receiver,
this object will have a zero value.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogOperationsCounterDiscontinuityTime.
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 6.1.
"
::= { syslogOperationsEntry 6 }
syslogOperationsLastMsgRecdTime OBJECT-TYPE
SYNTAX TimeStamp
Tsunoda & Keeni Expires April 21, 2018 [Page 15]
�
Internet-Draft syslogMIB October 2017
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the last message was
received by the syslog receiver.
If this syslog application is not a syslog receiver or,
if no messages have been received by this syslog
application, since the last re-initialization of the
local SNMP management subsystem, then this object
will have a zero value.
"
::= { syslogOperationsEntry 7 }
syslogOperationsLastMsgTransmittedTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the last message
was transmitted by the syslog sender.
If this syslog application is not a syslog sender or,
if no messages have been transmitted by this syslog
application, since the last re-initialization of the local
management subsystem, then this object will have a
zero value.
"
::= { syslogOperationsEntry 8 }
syslogOperationsStartTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when this syslog application was
started.
"
::= { syslogOperationsEntry 9 }
syslogOperationsLastError OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A description of the last error related to sending,
receiving or processing a syslog message that was
encountered by this syslog application.
If no error has been encountered by this syslog
Tsunoda & Keeni Expires April 21, 2018 [Page 16]
�
Internet-Draft syslogMIB October 2017
application then the value of this object will be a
zero-length string.
If no error has been encountered by this syslog
application since the last re-initialization of the
local management subsystem then the value of this
object will be a zero-length string.
"
::= { syslogOperationsEntry 10 }
syslogOperationsLastErrorTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the last error was
encountered.
If no error has been encountered by this syslog
application since the last re-initialization of the
local management subsystem, then this object will
have a zero value.
"
::= { syslogOperationsEntry 11 }
syslogOperationsRunIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the Host Resources MIB is instantiated on the
host then this entry will have the value of the
hrSWRunIndex of the corresponding entry in the
hrSWRunTable.
Note that the hrSWRunIndex is not persistent
across system reboots or software restarts. The
value of syslogOperationsRunIndex SHOULD
reference the latest value of the hrSWRunIndex
of the corresponding entry in the hrSWRunTable.
The special value of zero indicates that the Host
resource MIB is not instantiated.
"
::= { syslogOperationsEntry 12 }
syslogOperationsCounterDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
Tsunoda & Keeni Expires April 21, 2018 [Page 17]
�
Internet-Draft syslogMIB October 2017
DESCRIPTION
"The value of sysUpTime on the most recent occasion
at which any one or more of this syslog application's
counters, viz., counters with OID prefix
'syslogOperationsMsgsReceived' or
'syslogOperationsMsgsTransmitted' or
'syslogOperationsMsgsRelayed' or
'syslogOperationsMsgsDropped' or
'syslogOperationsMsgsMalFormed' or
'syslogOperationsMsgsDiscarded' suffered a
discontinuity.
If no such discontinuities have occurred since the
last re-initialization of the local management
subsystem, then this object will have a zero value.
"
::= { syslogOperationsEntry 13 }
syslogOperationsStatus OBJECT-TYPE
SYNTAX INTEGER {
unknown (1),
started (2),
suspended(3),
stopped (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of the syslog application.
"
DEFVAL { unknown }
::= { syslogOperationsEntry 14 }
syslogPriorityTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing the relay configuration
parameters pertaining to the syslog applications
serviced by an SNMP agent.
"
::= { syslogObjects 3 }
syslogPriorityEntry OBJECT-TYPE
SYNTAX SyslogPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Tsunoda & Keeni Expires April 21, 2018 [Page 18]
�
Internet-Draft syslogMIB October 2017
"The relay configuration parameters pertaining to
a syslog application.
"
INDEX { syslogControlIndex,
syslogPriorityFacility,
syslogPrioritySeverity }
::= { syslogPriorityTable 1 }
SyslogPriorityEntry ::=
SEQUENCE {
syslogPriorityFacility
SyslogFacility,
syslogPrioritySeverity
SyslogSeverity,
syslogPriorityDescr
SnmpAdminString,
syslogPriorityDestinationIndex
Unsigned32,
syslogPriorityStorageType
StorageType,
syslogPriorityRowStatus
RowStatus
}
syslogPriorityFacility OBJECT-TYPE
SYNTAX SyslogFacility
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The facility value of this entry.
"
::= { syslogPriorityEntry 1 }
syslogPrioritySeverity OBJECT-TYPE
SYNTAX SyslogSeverity
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The severity value of this entry.
"
::= { syslogPriorityEntry 2 }
syslogPriorityDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A textual description of this priority entry.
Tsunoda & Keeni Expires April 21, 2018 [Page 19]
�
Internet-Draft syslogMIB October 2017
"
::= { syslogPriorityEntry 3 }
syslogPriorityDestinationIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"On systems where the priority value in a syslog message
indicates the destination to which a syslog message
should be relayed, the value of this object will identify
the row in syslogRelayTable that contains
information about the relay destination to which
messages which have the priority value represented by
syslogPriorityFacility and syslogPrioritySeverity values
of this row will be relayed.
A value of 0 will indicate that there is no corresponding
row in the syslogRelayTable table.
"
::= { syslogPriorityEntry 4 }
syslogPriorityStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile or permanent
storage.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
"
DEFVAL { nonVolatile }
::= { syslogPriorityEntry 5 }
syslogPriorityRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create, modify and delete rows
in the syslogPriorityTable.
The value of syslogPriorityDescr can be changed
when this object is in state ''active'' or in
''notInService''.
The other objects in a row can be modified only when the
value of this object in the corresponding conceptual row
Tsunoda & Keeni Expires April 21, 2018 [Page 20]
�
Internet-Draft syslogMIB October 2017
is not ''active''. Thus to modify one or more of the
objects in this conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The syslogPriorityRowStatus may be changed to
''active'' if all the managed objects in the conceptual
row with MAX-ACCESS read-create have been assigned valid
values.
"
::= { syslogPriorityEntry 6 }
syslogRelayTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogRelayEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing information for the relay
destinations.
"
::= { syslogObjects 4 }
syslogRelayEntry OBJECT-TYPE
SYNTAX SyslogRelayEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information pertaining to a syslog message
relay destination.
"
INDEX { syslogRelayIndex }
::= { syslogRelayTable 1 }
SyslogRelayEntry ::=
SEQUENCE {
syslogRelayIndex
Unsigned32,
syslogRelayDescr
SnmpAdminString,
syslogRelayAddrType
InetAddressType,
syslogRelayAddr
InetAddress,
syslogRelayPort
InetPortNumber,
syslogRelayEncapsulation
SyslogEncapsulation,
Tsunoda & Keeni Expires April 21, 2018 [Page 21]
�
Internet-Draft syslogMIB October 2017
syslogRelayMsgsRelayed
Counter32,
syslogRelayCounterDiscontinuityTime
TimeStamp,
syslogRelayStorageType
StorageType,
syslogRelayRowStatus
RowStatus
}
syslogRelayIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Index that uniquely identifies the syslog
relay in the syslogRelayTable.
The value of the index for a syslog relay may
not be the same across system reboots. Users and
applications will need to determine the index of a
syslog relay after system reboots.
"
::= { syslogRelayEntry 1 }
syslogRelayDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A user definable description of the syslog relay.
This description could be used by syslog management
applications e.g. in reports or in user interfaces.
"
::= { syslogRelayEntry 2 }
syslogRelayAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogRelayAddr.
"
::= { syslogRelayEntry 3 }
syslogRelayAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
Tsunoda & Keeni Expires April 21, 2018 [Page 22]
�
Internet-Draft syslogMIB October 2017
STATUS current
DESCRIPTION
"The address of the syslog relay.
The format of the address is specified by the
corresponding syslogRelayAddrType object.
If the address is specified in the DNS domain name format
[syslogRelayAddrType = 'dns'], the
corresponding IPv4 or IPv6 address obtained at the time
of the relay operation by the syslog application, will be
used.
"
::= { syslogRelayEntry 4 }
syslogRelayPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The port number of the syslog relay.
"
::= { syslogRelayEntry 5 }
syslogRelayEncapsulation OBJECT-TYPE
SYNTAX SyslogEncapsulation
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The encapsulation that will be used for syslog messages
sent by the syslog sender to the relay destination.
"
::= { syslogRelayEntry 6 }
syslogRelayMsgsRelayed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages relayed by the syslog
relay to this relay destination.
Discontinuities in the value of this counter can
occur at re-initialization of the management system,
and at other times as indicated by the value of
syslogRelayCounterDiscontinuityTime.
"
REFERENCE
"The Syslog Protocol [RFC5424] sec. 3.
"
::= { syslogRelayEntry 7 }
Tsunoda & Keeni Expires April 21, 2018 [Page 23]
�
Internet-Draft syslogMIB October 2017
syslogRelayCounterDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime on the most recent occasion
at which counters with OID prefix
'syslogRelayMsgsRelayed' suffered a
discontinuity.
If no such discontinuities have occurred since the
last re-initialization of the local management
subsystem, then this object will have a zero value.
"
::= { syslogRelayEntry 8 }
syslogRelayStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in
this row are kept in volatile storage and lost upon
reboot or are backed up by non-volatile or permanent
storage.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row.
"
DEFVAL { nonVolatile }
::= { syslogRelayEntry 9 }
syslogRelayRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create, modify and delete rows
in the syslogRelayTable.
The value of syslogRelayDescr can be changed
when this object is in state ''active'' or in
''notInService''.
The other objects in a row can be modified only when the
value of this object in the corresponding conceptual row
is not ''active''. Thus to modify one or more of the
objects in this conceptual row,
a. change the row status to ''notInService'',
b. change the values of the row
c. change the row status to ''active''
The syslogRelayRowStatus may be changed to
Tsunoda & Keeni Expires April 21, 2018 [Page 24]
�
Internet-Draft syslogMIB October 2017
''active'' if all the managed objects in the conceptual
row with MAX-ACCESS read-create have been assigned valid
values.
"
::= { syslogRelayEntry 10 }
syslogStatusChanged NOTIFICATION-TYPE
OBJECTS {
syslogControlDescr,
syslogControlRoles,
syslogControlBindAddrType,
syslogControlBindAddr,
syslogControlBindPort,
syslogControlEncapsulation,
syslogControlConfFileName,
syslogOperationsStatus
}
STATUS current
DESCRIPTION
"This notification is sent when a syslog application
changes state. For example when the syslog application
starts [syslogOperationsStatus is ''started'' ]
or the syslog application stops [syslogOperationsStatus
is ''suspended'' or ''stopped''].
The value of syslogOperationsStatus will be the
new status of the syslog application after the change.
The syslog application corresponding to the notification
will be identified by the syslogOperationsIndex
instance identifier of the objects in the notification.
"
::= { syslogNotifications 1 }
-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------
syslogGroups OBJECT IDENTIFIER
::= { syslogConformance 1 }
syslogCompliances OBJECT IDENTIFIER
::= { syslogConformance 2 }
-- -------------------------------------------------------------
-- units of conformance
-- -------------------------------------------------------------
syslogOperationsGroup OBJECT-GROUP
OBJECTS {
-- syslogOperationsIndex,
Tsunoda & Keeni Expires April 21, 2018 [Page 25]
�
Internet-Draft syslogMIB October 2017
syslogOperationsMsgsReceived,
syslogOperationsMsgsTransmitted,
syslogOperationsMsgsRelayed,
syslogOperationsMsgsDropped,
syslogOperationsMsgsMalFormed,
syslogOperationsMsgsDiscarded,
syslogOperationsLastMsgRecdTime,
syslogOperationsLastMsgTransmittedTime,
syslogOperationsStartTime,
syslogOperationsLastError,
syslogOperationsLastErrorTime,
syslogOperationsRunIndex,
syslogOperationsCounterDiscontinuityTime,
syslogOperationsStatus
}
STATUS current
DESCRIPTION
"A collection of objects providing message related
statistics."
::= { syslogGroups 1}
syslogControlGroup OBJECT-GROUP
OBJECTS {
syslogControlDescr,
syslogControlRoles,
syslogControlBindAddrType,
syslogControlBindAddr,
syslogControlEncapsulation,
syslogControlBindPort,
syslogControlMaxMessageSize,
syslogControlConfFileName,
syslogControlStorageType,
syslogControlRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects representing the run time parameters
for the syslog applications.
"
::= { syslogGroups 2}
syslogPriorityGroup OBJECT-GROUP
OBJECTS {
syslogPriorityDescr,
syslogPriorityDestinationIndex,
syslogPriorityStorageType,
syslogPriorityRowStatus
}
STATUS current
Tsunoda & Keeni Expires April 21, 2018 [Page 26]
�
Internet-Draft syslogMIB October 2017
DESCRIPTION
"A collection of objects representing the priority
groupings of syslog messages.
"
::= { syslogGroups 3}
syslogRelayGroup OBJECT-GROUP
OBJECTS {
syslogRelayDescr,
syslogRelayAddrType,
syslogRelayAddr,
syslogRelayPort,
syslogRelayEncapsulation,
syslogRelayMsgsRelayed,
syslogRelayCounterDiscontinuityTime,
syslogRelayStorageType,
syslogRelayRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects representing the relay
destinations for syslog messages.
"
::= { syslogGroups 4}
syslogNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
syslogStatusChanged
}
STATUS current
DESCRIPTION
"A collection of notifications about the operational
state of a syslog application.
"
::= { syslogGroups 5}
-- -------------------------------------------------------------
-- compliance statements
-- -------------------------------------------------------------
syslogFullCompliance1 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB with support for writable
objects and notifications. Such an implementation can
be both monitored and configured via SNMP. It can
also send notifications about change in the
operational status of the syslog application.
Tsunoda & Keeni Expires April 21, 2018 [Page 27]
�
Internet-Draft syslogMIB October 2017
"
MODULE -- this module
MANDATORY-GROUPS {
syslogNotificationGroup,
syslogOperationsGroup,
syslogControlGroup,
syslogPriorityGroup,
syslogRelayGroup
}
::= { syslogCompliances 1 }
syslogFullCompliance2 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB with support for writable
objects. Such an implementation can
be both monitored and configured via SNMP.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogOperationsGroup,
syslogControlGroup,
syslogPriorityGroup,
syslogRelayGroup
}
::= { syslogCompliances 2 }
syslogFullCompliance3 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB with support for writable
objects but without support for the objects in
syslogPriorityGroup and syslogRelayGroup. Such an
implementation can be both monitored and configured
via SNMP.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogOperationsGroup,
syslogControlGroup
}
::= { syslogCompliances 3 }
Tsunoda & Keeni Expires April 21, 2018 [Page 28]
�
Internet-Draft syslogMIB October 2017
syslogReadOnlyCompliance1 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB without support
for read-write (i.e. in read-only mode). It can
also send notifications about change in the
operational status of the syslog application.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogNotificationGroup,
syslogOperationsGroup,
syslogControlGroup,
syslogPriorityGroup,
syslogRelayGroup
}
OBJECT syslogControlDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRoles
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddrType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindPort
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlEncapsulation
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
Tsunoda & Keeni Expires April 21, 2018 [Page 29]
�
Internet-Draft syslogMIB October 2017
OBJECT syslogControlMaxMessageSize
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlConfFileName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
::= { syslogCompliances 4 }
syslogReadOnlyCompliance2 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB without support
for read-write (i.e. in read-only mode).
"
MODULE -- this module
MANDATORY-GROUPS {
syslogOperationsGroup,
syslogControlGroup,
syslogPriorityGroup,
syslogRelayGroup
}
OBJECT syslogControlDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRoles
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddrType
Tsunoda & Keeni Expires April 21, 2018 [Page 30]
�
Internet-Draft syslogMIB October 2017
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindPort
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlEncapsulation
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlMaxMessageSize
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlConfFileName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogPriorityDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogPriorityDestinationIndex
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
Tsunoda & Keeni Expires April 21, 2018 [Page 31]
�
Internet-Draft syslogMIB October 2017
"
OBJECT syslogPriorityStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogPriorityRowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayAddrType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayAddr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayPort
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayEncapsulation
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogRelayRowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
::= { syslogCompliances 5 }
Tsunoda & Keeni Expires April 21, 2018 [Page 32]
�
Internet-Draft syslogMIB October 2017
syslogReadOnlyCompliance3 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities which
implement the SYSLOG-MIB without support
for read-write (i.e. in read-only mode) and without
support for the objects in syslogRelayGroup and
syslogPriorityGroup.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogOperationsGroup,
syslogControlGroup
}
OBJECT syslogControlDescr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRoles
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddrType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindAddr
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlBindPort
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlEncapsulation
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlMaxMessageSize
MIN-ACCESS read-only
DESCRIPTION
Tsunoda & Keeni Expires April 21, 2018 [Page 33]
�
Internet-Draft syslogMIB October 2017
"Write access is not required.
"
OBJECT syslogControlConfFileName
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
OBJECT syslogControlRowStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required.
"
::= { syslogCompliances 6 }
syslogNotificationCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities
which implement the SYSLOG-MIB and support
only notifications about change in the
operational status of a syslog application.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogNotificationGroup
}
::= { syslogCompliances 7 }
END
6. Security Considerations
Syslog plays a very important role in the computer and network
security of an organization. SYSLOG-MIB defines several managed
objects that may be used to monitor, configure and control syslog
applications. As such improper manipulation of the objects
represented by this MIB may lead to an attack on an important
component of the computer and network security infrastructure. The
objects in syslogControlTable, syslogPriorityTable and
Tsunoda & Keeni Expires April 21, 2018 [Page 34]
�
Internet-Draft syslogMIB October 2017
syslogRelayTable may be misconfigured to cause syslog messages to be
diverted or lost.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
o syslogControlTable: The objects in this table describe the
configuration of the syslog applications. It may be misconfigured
to start up a very large number of syslog applications (processes)
and deny the system of its resources.
o syslogControlBindAddr: This object may be misconfigured to bind
syslog application to the wrong address. This will cause messages
to be lost.
o syslogControlBindPort: This object may be misconfigured to bind
syslog application to the wrong service (port). This will cause
messages to be lost.
o syslogControlMaxMessageSize: This message may be misconfigured to
set the wrong MaxMessageSize for the syslog application. It may
cause syslog messages to be lost.
o syslogControlConfFileName: This object may be misconfigured to
start the syslog application with the wrong (rogue) configuration.
o syslogControlStorageType: This object may be misconfigured to set
the wrong storage type. That may cause confusion, operational
errors and/or loss of information.
o syslogPriorityTable: The objects in this table link the priority
value in a syslog message to the entry in the
syslogRelayTable corresponding to the syslog collector to which
the syslog message should be relayed. The table may be
misconfigured to redirect a syslog message to a potentially non-
existent wrong destination and/or to redirect a large number of
messages to a particular syslog collector.
o syslogRelayTable: The rows in this table represent the relays to
which syslog messages will be relayed, depending on the priority
value in the respective syslog messages. The table may be
misconfigured to redirect a syslog message to a potentially non-
Tsunoda & Keeni Expires April 21, 2018 [Page 35]
�
Internet-Draft syslogMIB October 2017
existent wrong destination and/or redirect a large number of
messages to a particular syslog collector.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o syslogOperationsTable: Objects in this table carry sensitive
information. The counters may reveal information about the
deployment and effectiveness of the relevant security systems.
The counters may be analyzed to tell whether the security systems
are able to detect an event or not.
o syslogOperationsLastError: This object may contain sensitive
information e.g. user-id, password, etc. depending on the
implementation of the syslog application. It may reveal details
about the syslog implementation itself, e.g. version, OS, etc.
o syslogPriorityTable: Objects in this table carry sensitive
information. The objects reveal how the syslog messages are
grouped, relayed and/or stored.
o syslogRelayTable: Objects in this table carry sensitive
information. The objects reveal the destination of syslog
messages.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP application giving access to
an instance of this MIB module is properly configured to give access
to the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
Tsunoda & Keeni Expires April 21, 2018 [Page 36]
�
Internet-Draft syslogMIB October 2017
7. IANA Considerations
The MIB modules in this document use the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
syslogMIB { mib-2 YYYY }
IANA Reg.: Please assign a value under the 'mib-2' subtree
for the 'syslogMIB' MODULE-IDENTITY and record
the assignment in the SMI Numbers registry.
RFC Ed.: When the above assignments have been made, please
- remove the above note
- replace "YYYY" here with the assigned values and
- remove this note.
8. Acknowledgments
The initial draft of this document was authored by Bruno Pape. The
authors would like to thank Mark Ellison, David Harrington, Mike
MacFaden, Dave T Perkins, Tom Petch, Juergen Schoenwaelder, Rohit M,
Bert Wijnen and members of the WIDE-netman group for their comments
and suggestions.
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
9. APPENDIX
This section documents the development of the draft. It will be
deleted when the draft becomes an RFC.
Revision History:
This draft is a revision of draft-ietf-syslog-device-mib-17.txt, the
last version of the SyslogMIB draft developed as a SyslogWG work
item.
o Changes from draft-ietf-syslog-device-mib-17.txt to draft-tsuno-
syslog-mib-00.txt
1. Editorial changes only
o Changes from draft-tsuno-syslog-mib-00.txt to draft-tsuno-syslog-
mib-01.txt
Tsunoda & Keeni Expires April 21, 2018 [Page 37]
�
Internet-Draft syslogMIB October 2017
1. Added new textual convention for DTLS transport
2. Added text to explain syslogPriorityTable and syslogRelayTable
3. Editorial changes.
o Changes from draft-tsuno-syslog-mib-01.txt to draft-tsuno-syslog-
mib-02.txt
1. Added "Managing syslog" section to clarify the necessity of
this MIB.
o Changes from draft-tsuno-syslog-mib-02.txt to draft-tsuno-syslog-
mib-03.txt
1. Editorial changes only
o Changes from draft-tsuno-syslog-mib-03.txt to draft-tsuno-syslog-
mib-04.txt
1. Editorial changes only
o Changes from draft-tsuno-syslog-mib-04.txt to draft-tsuno-syslog-
mib-05.txt
1. Revised DESCRIPTION clauses of some objects
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, <https://www.rfc-editor.org/info/
rfc2119>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/
RFC2578, April 1999, <https://www.rfc-editor.org/info/
rfc2578>.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD
58, RFC 2579, DOI 10.17487/RFC2579, April 1999,
<https://www.rfc-editor.org/info/rfc2579>.
Tsunoda & Keeni Expires April 21, 2018 [Page 38]
�
Internet-Draft syslogMIB October 2017
[RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Conformance Statements for SMIv2",
STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999,
<https://www.rfc-editor.org/info/rfc2580>.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
DOI 10.17487/RFC3411, December 2002, <https://www.rfc-
editor.org/info/rfc3411>.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005,
<https://www.rfc-editor.org/info/rfc4001>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI
10.17487/RFC5424, March 2009, <https://www.rfc-
editor.org/info/rfc5424>.
[RFC5427] Keeni, G., "Textual Conventions for Syslog Management",
RFC 5427, DOI 10.17487/RFC5427, March 2009,
<https://www.rfc-editor.org/info/rfc5427>.
10.2. Informative References
[RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC
2790, DOI 10.17487/RFC2790, March 2000, <https://www.rfc-
editor.org/info/rfc2790>.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, DOI 10.17487/
RFC3410, December 2002, <https://www.rfc-editor.org/info/
rfc3410>.
Authors' Addresses
Hiroshi Tsunoda
Tohoku Institute of Technology
35-1, Yagiyama Kasumi-cho
Taihaku-ku, Sendai 982-8577
Japan
Phone: +81-22-305-3411
Email: tsuno@m.ieice.org
Tsunoda & Keeni Expires April 21, 2018 [Page 39]
�
Internet-Draft syslogMIB October 2017
Glenn Mansfield Keeni
Cyber Solutions Inc.
6-6-3 Minami Yoshinari
Aoba-ku, Sendai 989-3204
Japan
Phone: +81-22-303-4012
Email: glenn@cysols.com
Tsunoda & Keeni Expires April 21, 2018 [Page 40]
