Internet Draft            Notification Log MIB           25 January 1999


                          Notification Log MIB

                            25 January 1999

                 draft-ietf-disman-notif-log-mib-08.txt

                              Bob Stewart
                          Cisco Systems, Inc.
                           bstewart@cisco.com





                          Status of this Memo

This document is an Internet-Draft.  Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups.  Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as ``work in progress.''

To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe),
ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim),
ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).

Distribution of this document is unlimited. Please send comments to the
Distributed Management Working Group, <disman@nexen.com>.


Copyright Notice

Copyright (C) The Internet Society (199).  All Rights Reserved.











Expires 25 January 1999+6 months                                [Page 1]


Internet Draft            Notification Log MIB           25 January 1999


1.  Abstract

This memo defines an experimental portion of the Management Information
Base (MIB) for use with network management protocols in the Internet
community.  In particular, it describes managed objects used for logging
SNMP Notifications.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.


2.  The SNMP Management Framework

The SNMP Management Framework presently consists of five major
components:

    o   An overall architecture, described in RFC 2271 [1].

    o   Mechanisms for describing and naming objects and events for the
        purpose of management. The first version of this Structure of
        Management Information (SMI) is called SMIv1 and described in
        RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version,
        called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC
        1904 [7].

    o   Message protocols for transferring management information. The
        first version of the SNMP message protocol is called SNMPv1 and
        described in RFC 1157 [8]. A second version of the SNMP message
        protocol, which is not an Internet standards track protocol, is
        called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10].
        The third version of the message protocol is called SNMPv3 and
        described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12].

    o   Protocol operations for accessing management information. The
        first set of protocol operations and associated PDU formats is
        described in RFC 1157 [8]. A second set of protocol operations
        and associated PDU formats is described in RFC 1905 [13].

    o   A set of fundamental applications described in RFC 2273 [14] and
        the view-based access control mechanism described in RFC 2275
        [15].

Managed objects are accessed via a virtual information store, termed the
Management Information Base or MIB.  Objects in the MIB are defined





Expires 25 January 1999+6 months                                [Page 2]


Internet Draft            Notification Log MIB           25 January 1999


using the mechanisms defined in the SMI.

This memo specifies a MIB module that is compliant to the SMIv2. A MIB
conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.


3.  Overview

Systems that support SNMP often need a mechanism for recording
Notification information as a hedge against lost Notifications, whether
those are Traps or Informs [13] that exceed retransmission limits (to
consider SNMPv1, see [16]).  This MIB therefore provides common
infrastructure for other MIBs in the form of a local logging function.
It is intended primarily for senders of Notifications but could be used
also by receivers.

Given the Notification Log MIB, individual MIBs bear less responsibility
to record the transient information associated with an event against the
possibility that the Notification message is lost, and applications can
poll the log to know that they have not missed important Notifications
or to suspect that they might have.


3.1.  Environment

The overall environmental concerns for the MIB are:

    o   SNMP Engines and Contexts

    o   Security


3.1.1.  SNMP Engines and Contexts

As described in the SNMP architecture [1], a given system may support
multiple SNMP engines operating independently of one another, each with
its own SNMP engine identification.  Furthermore, within the purview of
a given engine there may be multiple named management contexts





Expires 25 January 1999+6 months                                [Page 3]


Internet Draft            Notification Log MIB           25 January 1999


supporting overlapping or disjoint sets of MIB objects and
Notifications.  Thus, understanding a particular Notification requires
knowing the SNMP engine and management context from whence it came.

The simplest system may have only one SNMP engine, and the simplest
engine may support only one context.  In these cases, knowledge of the
engine ID and context name can be assumed and need not be explicit.

In a given implementation, an instance of the Notification Log MIB may
be confined to a single engine or context or may combine information
from multiple engines or contexts, allowing for the full range of
exclusive or inclusive contents.

To provide the necessary source information for a logged Notification,
the MIB includes objects to record that Notification's source SNMP
engine ID and management context name.  In the case where such
information can be assumed, the related object need not be instantiated,
thus allowing the simplest implemenetation for the simplest system.


3.1.2.  Security

Security for Notifications is awkward since access control for the
objects in the Notification can be checked only where the Notification
is created.  Thus such checking is possible only for locally-generated
Notifications, and even then only when security credentials are
available.

For the purpose of this discussion, "security credentials" means the
input values for the abstract service interface function isAccessAllowed
[1] and using those credentials means conceptually using that function
to see that those credentials allow access to the MIB objects in
question, operating as for a Notification Originator in [14].

The Notification Log MIB has the notion of a "named log."  By using
hierarchically structured log names and view-based access control [15] a
network administrator can provide different access for different users.
When an application creates a named log the security credentials of the
creator stay associated with that log.

Hierarchically structured names encode groupings of names within the
name string, starting from the left so that they work well with
instance-level, view-based access control [15], for example:

        ops





Expires 25 January 1999+6 months                                [Page 4]


Internet Draft            Notification Log MIB           25 January 1999


        ops-admin
        ops-oper
        ops-oper-senior
        ops-oper-junior

Network security managers designing such a naming policy should use
punctuation (as in the example) to avoid the problem of a lower level
name inadvertently running together with the next higher level name.

A managed system with fewer resources may not allow the creation of
named logs, providing only the default, null-named log.  Such a log has
no implicit security credentials for Notification object access control
and Notifications are put into it with no further checking.

When putting locally-generated Notifications into a named log, the
managed system uses the security credentials associated with that log
and applies the same access control rules as described for a
Notification Originator in [14].

When putting remotely-generated Notifications into a named log or any
Notifications into the default, null-named log, the managed system does
not apply access control to the Notifications.  In those cases the
security of the information in the log is left to the normal, overall
access control for the log itself.


3.2.  Structure

The MIB has the following sections:

    o   Configuration -- control over how much the log can hold and what
        Notifications are to be logged.

    o   Statistics -- indications of logging activity.

    o   Log -- the Notifications themselves.


3.2.1.  Configuration

The configuration section contains objects to manage resource use by the
MIB.

This section also contains a table to specify what logs exist and how
they operate.  Deciding which Notifications are to be logged depends on





Expires 25 January 1999+6 months                                [Page 5]


Internet Draft            Notification Log MIB           25 January 1999


filters defined in the the snmpNotifyFilterTable in the standard SNMP
Notification MIB [14] identified by the initial index
(snmpNotifyFilterName) from that table.


3.2.2.  Statistics

The statistics section contains counters for Notifications logged and
discarded, supplying a means to understand the results of log capacity
configuration and resource problems.


3.2.3.  Log

The log contains the Notifications and the objects that came in their
variable binding list, indexed by an integer that reflects when the
entry was made.  An application that wants to collect all logged
Notifications or to know if it may have missed any can keep track of the
highest index it has retrieved and start from there on its next poll,
checking sysUpTime for a discontinuity that would have reset the index
and perhaps have lost entries.

Variables are in a table indexed by Notification index and variable
index within that Notification.  The values are kept as a "discriminated
union," with one value object per variable.  Exactly which value object
is instantiated depends on the SNMP data type of the variable, with a
separate object of appropriate type for each distinct SNMP data type.

An application can thus reconstruct the information from the
Notification PDU from what is recorded in the log.


3.3.  Example

Following is an example configuration of a named log for logging only
linkUp and linkDown Notifications.

In nlmConfigLogTable:

    nlmConfigLogFilterName."links"      = "link-status"
    nlmConfigLogEntryLimit."links"      = 0
    nlmConfigLogAdminStatus."links"     = enabled
    nlmConfigLogOperStatus."links"      = operational
    nlmConfigLogStorageType."links"     = nonVolatile
    nlmConfigLogEntryStatus."links"     = active





Expires 25 January 1999+6 months                                [Page 6]


Internet Draft            Notification Log MIB           25 January 1999


Note that snmpTraps is:

    iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.5

Or numerically:

    1.3.6.1.6.3.1.1.5

And linkDown is snmpTraps.3 and linkUp is snmpTraps.4.

So to allow the two Notifications in snmpNotifyFilterTable:

    snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.3 = ''H
    snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.3 = include
    snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.3
        = nonVolatile
    snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.3
        = active

    snmpNotifyFilterMask.11."link-status".1.3.6.1.6.3.1.1.5.4 = ''H
    snmpNotifyFilterType.11."link-status".1.3.6.1.6.3.1.1.5.4 = include
    snmpNotifyFilterStorageType.11."link-status".1.3.6.1.6.3.1.1.5.4
        = nonVolatile
    snmpNotifyFilterRowStatus.11."link-status".1.3.6.1.6.3.1.1.5.4
        = active

























Expires 25 January 1999+6 months                                [Page 7]


Internet Draft            Notification Log MIB           25 January 1999


4.  Definitions

NOTIFICATION-LOG-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    experimental, Integer32, Unsigned32,
    TimeTicks, Counter32, Counter64,
    IpAddress, Opaque                   FROM SNMPv2-SMI
    TimeStamp, DateAndTime,
    StorageType, RowStatus              FROM SNMPv2-TC
    SnmpAdminString, SnmpEngineID       FROM SNMP-FRAMEWORK-MIB
    MODULE-COMPLIANCE, OBJECT-GROUP     FROM SNMPv2-CONF;

notificationLogMIB MODULE-IDENTITY
    LAST-UPDATED "9901251700Z"
    ORGANIZATION "IETF Distributed Management Working Group"
    CONTACT-INFO "Bob Stewart
                  Cisco Systems, Inc.
                  170 West Tasman Drive,
                  San Jose CA 95134-1706.
                  Phone: +1 408 526 4527
                  Email: bstewart@cisco.com"
    DESCRIPTION
        "The MIB module for logging SNMP Notifications, that is, Traps
        and Informs."
    ::= { experimental xx }


notificationLogMIBObjects OBJECT IDENTIFIER ::= { notificationLogMIB 1 }

nlmConfig       OBJECT IDENTIFIER ::= { notificationLogMIBObjects 1 }
nlmStats        OBJECT IDENTIFIER ::= { notificationLogMIBObjects 2 }
nlmLog          OBJECT IDENTIFIER ::= { notificationLogMIBObjects 3 }

--
-- Configuration Section
--

nlmConfigGlobalEntryLimit OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The maximum number of notification entries that can be held





Expires 25 January 1999+6 months                                [Page 8]


Internet Draft            Notification Log MIB           25 January 1999


        in nlmLogTable for all nlmLogNames added together.  A particular
        setting does not guarantee that much data can be held.

        If an application changes the limit while there are Notifications
        in the log, the oldest Notifications are discarded to bring the log
        down to the new limit.

        A value of 0 means no limit."
    DEFVAL { 0 }
    ::= { nlmConfig 1 }

nlmConfigGlobalAgeOut OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The number of minutes a Notification may rest in a log before it
        is automatically removed.

        If an application changes the time Notifications older than the new
        time are discarded to meet the new time.

        A value of 0 means no age out."
    DEFVAL { 1440 }  -- 24 hours
    ::= { nlmConfig 2 }


--
-- Basic Log Configuration Table
--

nlmConfigLogTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF NlmConfigLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of logging control entries."
    ::= { nlmConfig 3 }

nlmConfigLogEntry OBJECT-TYPE
    SYNTAX      NlmConfigLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION





Expires 25 January 1999+6 months                                [Page 9]


Internet Draft            Notification Log MIB           25 January 1999


        "A logging control entry.  Depending on the entry's storage type
        entries may be supplied by the system or created and deleted by
        applications using nlmConfigLogEntryStatus."
    INDEX      { nlmLogName }
    ::= { nlmConfigLogTable 1 }

NlmConfigLogEntry ::= SEQUENCE {
    nlmLogName                  SnmpAdminString,
    nlmConfigLogFilterName      SnmpAdminString,
    nlmConfigLogEntryLimit      Unsigned32,
    nlmConfigLogAdminStatus     INTEGER,
    nlmConfigLogOperStatus      INTEGER,
    nlmConfigLogStorageType     StorageType,
    nlmConfigLogEntryStatus     RowStatus
    }

nlmLogName OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE(0..32))
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The name of the log.

        An implementation may allow multiple named logs, up to some
        implementation-specific limit (which may be none).  A
        zero-length log name is reserved for creation and deletion by
        the managed system, and is used as the default log name by
        systems that do not support named logs."
    ::= { nlmConfigLogEntry 1 }

nlmConfigLogFilterName OBJECT-TYPE
    SYNTAX     SnmpAdminString (SIZE(0..32))
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "A value of snmpNotifyFilterProfileName as used as an index into
        the snmpNotifyFilterTable in the SNMP Notification MIB, specifying
        the locally or remotely originated Notifications to be filtered out
        and not logged in this log.

        A zero-length value or a name that does not identify an existing
        entry in snmpNotifyFilterTable indicate no Notifications are to be
        logged in this log."
    DEFVAL { ''H }
    ::= { nlmConfigLogEntry 2 }





Expires 25 January 1999+6 months                               [Page 10]


Internet Draft            Notification Log MIB           25 January 1999


nlmConfigLogEntryLimit OBJECT-TYPE
    SYNTAX     Unsigned32
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The maximum number of notification entries that can be held in
        nlmLogTable for this named log.  A particular setting does not
        guarantee that much data can be held.

        If an application changes the limit while there are Notifications
        in the log, the oldest Notifications are discarded to bring the log
        down to the new limit.

        A value of 0 indicates no limit."
    DEFVAL { 0 }
    ::= { nlmConfigLogEntry 3 }

nlmConfigLogAdminStatus OBJECT-TYPE
    SYNTAX     INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "Control to enable or disable the log without otherwise disturbing
        the log's entry."
    DEFVAL { enabled }
    ::= { nlmConfigLogEntry 4 }

nlmConfigLogOperStatus OBJECT-TYPE
    SYNTAX     INTEGER { disabled(1), operational(2), noFilter(3) }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "The operational status of this log:

                disabled        administratively disabled

                operational     administratively enabled and working

                noFilter        administratively enabled but either
                                nlmConfigLogFilterName is zero lengh
                                or does not name an existing entry in
                                snmpNotifyFilterTable"
    ::= { nlmConfigLogEntry 5 }

nlmConfigLogStorageType OBJECT-TYPE





Expires 25 January 1999+6 months                               [Page 11]


Internet Draft            Notification Log MIB           25 January 1999


    SYNTAX     StorageType
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "The storage type of this conceptual row."
    ::= { nlmConfigLogEntry 6 }

nlmConfigLogEntryStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "Control for creating and deleting entries.  Entries may be
        modified while active.

        For non-null-named logs, the managed system records the security
        credentials from the request that sets nlmConfigLogStatus
        to 'active' and uses that identity to apply access control to
        the objects in the Notification to decide if that Notification
        may be logged."
    ::= { nlmConfigLogEntry 7 }

--
-- Statistics Section
--

nlmStatsGlobalNotificationsLogged OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "notifications"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of Notifications put in the nlmLogTable.  This counts
        a Notification once for each log entry, so a Notification put into
        multiple logs is counted multiple times."
    ::= { nlmStats 1 }

nlmStatsGlobalNotificationsBumped OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "notifications"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of log entries discarded to make room for a new entry
        due to lack of resources or the value of nlmConfigGlobalEntryLimit





Expires 25 January 1999+6 months                               [Page 12]


Internet Draft            Notification Log MIB           25 January 1999


        or nlmConfigLogEntryLimit.  This does not include entries discarded
        due to the value of nlmConfigGlobalAgeOut."
    ::= { nlmStats 2 }

--
-- Log Statistics Table
--

nlmStatsLogTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF NlmStatsLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of Notification log statistics entries."
    ::= { nlmStats 3 }

nlmStatsLogEntry OBJECT-TYPE
    SYNTAX      NlmStatsLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A Notification log statistics entry."
    AUGMENTS { nlmConfigLogEntry }
    ::= { nlmStatsLogTable 1 }

NlmStatsLogEntry ::= SEQUENCE {
    nlmStatsLogNotificationsLogged      Counter32,
    nlmStatsLogNotificationsBumped      Counter32
}

nlmStatsLogNotificationsLogged OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "notifications"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of Notifications put in this named log."
    ::= { nlmStatsLogEntry 1 }

nlmStatsLogNotificationsBumped OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "notifications"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION





Expires 25 January 1999+6 months                               [Page 13]


Internet Draft            Notification Log MIB           25 January 1999


        "The number of log entries discarded from this named log to make
        room for a new entry due to lack of resources or the value of
        nlmConfigGlobalEntryLimit or nlmConfigLogEntryLimit.  This does not
        include entries discarded due to the value of
        nlmConfigGlobalAgeOut."
    ::= { nlmStatsLogEntry 2 }


--
-- Log Section
--

--
-- Log Table
--

nlmLogTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF NlmLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of Notification log entries.

        It is an implementation-specific matter whether entries in this
        table are preserved across initializations of the management
        system.  In general one would expect that they are not.

        Note that keeping entries across initializations of the
        management system leads to some confusion with counters and
        TimeStamps, since both of those are based on sysUptime, which
        resets on management initialization.  In this situation,
        counters apply only after the reset and nmLogTime for entries
        made before the reset is set to 0."
    ::= { nlmLog 1 }

nlmLogEntry OBJECT-TYPE
    SYNTAX      NlmLogEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A Notification log entry.

        Entries appear in this table when Notifications occur and pass
        filtering by nlmConfigLogFilterName and access control.  They are
        removed to make way for new entries due to lack of resources or





Expires 25 January 1999+6 months                               [Page 14]


Internet Draft            Notification Log MIB           25 January 1999


        the values of nlmConfigGlobalEntryLimit, nlmConfigGlobalAgeOut, or
        nlmConfigLogEntryLimit.

        If adding an entry would exceed nlmConfigGlobalEntryLimit or system
        resources in general, the oldest entry in any log is removed to
        make room for the new one.

        If adding an entry would exceed nlmConfigLogEntryLimit the oldest
        entry in that log is removed to make room for the new one.

        Before the managed system puts a locally-generated Notification
        into a non-null-named log it assures that the creator of the log
        has access to the information in the Notification.  If not it
        does not log that Notification in that log."
    INDEX       { nlmLogName, nlmLogIndex }
    ::= { nlmLogTable 1 }

NlmLogEntry ::= SEQUENCE {
    nlmLogIndex                 Unsigned32,
    nlmLogTime                  TimeStamp,
    nlmLogDateAndTime           DateAndTime,
    nlmLogEngineID              SnmpEngineID,
    nlmLogContextName           SnmpAdminString,
    nlmLogVariables             Unsigned32,
    nlmLogNotificationID        OBJECT IDENTIFIER
}

nlmLogIndex OBJECT-TYPE
    SYNTAX     Unsigned32 (1..4294967295)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "A monotonically increasing integer for the sole purpose of
        indexing entries within the named log.  When it reaches the
        maximum value, an extremely unlikely event, the agent wraps the
        value back to 1 and may flush existing entries."
    ::= { nlmLogEntry 1 }

nlmLogTime OBJECT-TYPE
    SYNTAX      TimeStamp
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value of sysUpTime when the entry occurred.  If the entry
        occurred before the most recent management system initialization





Expires 25 January 1999+6 months                               [Page 15]


Internet Draft            Notification Log MIB           25 January 1999


        this object value is zero."
    ::= { nlmLogEntry 2 }

nlmLogDateAndTime OBJECT-TYPE
    SYNTAX      DateAndTime
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The local date and time when the entry was logged, instantiated
        only by systems that have date and time capability."
    ::= { nlmLogEntry 3 }

nlmLogEngineID OBJECT-TYPE
    SYNTAX      SnmpEngineID
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The identification of the SNMP engine at which the Notification
        originated.

        If the log can contain Notifications from only one engine
        or the Trap is from an SNMPv1 system, this object is not
        instantiated."
    ::= { nlmLogEntry 4 }

nlmLogContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The name of the SNMP MIB context from which the Notification came.
        For SNMPv1 Traps this is the community string from the Trap.

        If the Notification's source SNMP engine is known not to support
        multiple contexts, this object is not instantiated."
    ::= { nlmLogEntry 5 }

nlmLogVariables OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The number of variables in nlmLogVariableTable for this
        Notification."
    ::= { nlmLogEntry 6 }





Expires 25 January 1999+6 months                               [Page 16]


Internet Draft            Notification Log MIB           25 January 1999


nlmLogNotificationID OBJECT-TYPE
    SYNTAX      OBJECT IDENTIFIER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The NOTIFICATION-TYPE object identifer of the Notification that
        occurred."
    ::= { nlmLogEntry 7 }

--
-- Log Variable Table
--

nlmLogVariableTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF NlmLogVariableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A table of variables to go with Notification log entries."
    ::= { nlmLog 2 }

nlmLogVariableEntry OBJECT-TYPE
    SYNTAX      NlmLogVariableEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A Notification log entry variable.

        Entries appear in this table when there are variables in
        the varbind list of a Notification in nlmLogTable."
    INDEX       { nlmLogName, nlmLogIndex, nlmLogVariableIndex }
    ::= { nlmLogVariableTable 1 }

NlmLogVariableEntry ::= SEQUENCE {
    nlmLogVariableIndex                 Unsigned32,
    nlmLogVariableID                    OBJECT IDENTIFIER,
    nlmLogVariableValueType             INTEGER,
    nlmLogVariableCounter32Val          Counter32,
    nlmLogVariableUnsigned32Val         Unsigned32,
    nlmLogVariableTimeTicksVal          TimeTicks,
    nlmLogVariableInteger32Val          Integer32,
    nlmLogVariableOctetStringVal        OCTET STRING,
    nlmLogVariableIpAddressVal          IpAddress,
    nlmLogVariableOidVal                OBJECT IDENTIFIER,
    nlmLogVariableCounter64Val          Counter64,





Expires 25 January 1999+6 months                               [Page 17]


Internet Draft            Notification Log MIB           25 January 1999


    nlmLogVariableOpaqueVal             Opaque
}

nlmLogVariableIndex OBJECT-TYPE
    SYNTAX     Unsigned32 (1..4294967295)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "A monotonically increasing integer, starting at 1 for a given
        nlmLogIndex, for indexing variables within the logged
        Notification."
    ::= { nlmLogVariableEntry 1 }

nlmLogVariableID OBJECT-TYPE
        SYNTAX     OBJECT IDENTIFIER
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
                "The variable's object identifier."
        ::= { nlmLogVariableEntry 2 }

nlmLogVariableValueType OBJECT-TYPE
    SYNTAX      INTEGER { counter32(1), unsigned32(2), timeTicks(3),
                          integer32(4), ipAddress(5), octetString(6),
                          objectId(7), counter64(8), opaque(9) }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The type of the value.  One and only one of the value
        objects that follow is instantiated, based on this type."
    ::= { nlmLogVariableEntry 3 }

nlmLogVariableCounter32Val OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'counter32'."
    ::= { nlmLogVariableEntry 4 }

nlmLogVariableUnsigned32Val OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION





Expires 25 January 1999+6 months                               [Page 18]


Internet Draft            Notification Log MIB           25 January 1999


        "The value when nlmLogVariableType is 'unsigned32'."
    ::= { nlmLogVariableEntry 5 }

nlmLogVariableTimeTicksVal OBJECT-TYPE
    SYNTAX      TimeTicks
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'timeTicks'."
    ::= { nlmLogVariableEntry 6 }

nlmLogVariableInteger32Val OBJECT-TYPE
    SYNTAX      Integer32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'integer32'."
    ::= { nlmLogVariableEntry 7 }

nlmLogVariableOctetStringVal OBJECT-TYPE
    SYNTAX      OCTET STRING
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'octetString'."
    ::= { nlmLogVariableEntry 8 }

nlmLogVariableIpAddressVal OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'ipAddress'."
    ::= { nlmLogVariableEntry 9 }

nlmLogVariableOidVal OBJECT-TYPE
    SYNTAX      OBJECT IDENTIFIER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'objectId'."
    ::= { nlmLogVariableEntry 10 }

nlmLogVariableCounter64Val OBJECT-TYPE
    SYNTAX      Counter64





Expires 25 January 1999+6 months                               [Page 19]


Internet Draft            Notification Log MIB           25 January 1999


    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'counter64'."
    ::= { nlmLogVariableEntry 11 }

nlmLogVariableOpaqueVal OBJECT-TYPE
    SYNTAX      Opaque
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The value when nlmLogVariableType is 'opaque'."
    ::= { nlmLogVariableEntry 12 }


--
-- Conformance
--

notificationLogMIBConformance OBJECT IDENTIFIER ::=
    { notificationLogMIB 3 }
notificationLogMIBCompliances OBJECT IDENTIFIER ::=
    { notificationLogMIBConformance 1 }
notificationLogMIBGroups      OBJECT IDENTIFIER ::=
    { notificationLogMIBConformance 2 }

-- Compliance

notificationLogMIBCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
                "The compliance statement for entities which implement
                the Notification Log MIB."
        MODULE  -- this module
                MANDATORY-GROUPS {
                        notificationLogConfigGroup,
                        notificationLogStatsGroup,
                        notificationLogLogGroup
                }

        OBJECT nlmConfigGlobalEntryLimit
            SYNTAX Unsigned32 (0..4294967295)
            MIN-ACCESS read-only
            DESCRIPTION
                "Implementations may choose a limit and not allow it to be





Expires 25 January 1999+6 months                               [Page 20]


Internet Draft            Notification Log MIB           25 January 1999


                changed or may enforce an upper or lower bound on the
                limit."

        OBJECT nlmConfigLogEntryLimit
            SYNTAX Unsigned32 (0..4294967295)
            MIN-ACCESS read-only
            DESCRIPTION
                "Implementations may choose a limit and not allow it to be
                changed or may enforce an upper or lower bound on the
                limit."

        OBJECT nlmConfigLogEntryStatus
            MIN-ACCESS read-only
            DESCRIPTION
                "Implementations may not allow the creation of named logs."

        GROUP notificationLogDateGroup
            DESCRIPTION
                "This group is mandatory on systems that keep wall clock
                date and time and not implemented on systems that do not."

        ::= { notificationLogMIBCompliances 1 }

-- Units of Conformance

notificationLogConfigGroup OBJECT-GROUP
        OBJECTS {
                nlmConfigGlobalEntryLimit,
                nlmConfigGlobalAgeOut,
                nlmConfigLogFilterName,
                nlmConfigLogEntryLimit,
                nlmConfigLogAdminStatus,
                nlmConfigLogOperStatus,
                nlmConfigLogStorageType,
                nlmConfigLogEntryStatus
        }
        STATUS current
        DESCRIPTION
                "Notification log configuration management."
        ::= { notificationLogMIBGroups 1 }

notificationLogStatsGroup OBJECT-GROUP
        OBJECTS {
                nlmStatsGlobalNotificationsLogged,
                nlmStatsGlobalNotificationsBumped,





Expires 25 January 1999+6 months                               [Page 21]


Internet Draft            Notification Log MIB           25 January 1999


                nlmStatsLogNotificationsLogged,
                nlmStatsLogNotificationsBumped
        }
        STATUS current
        DESCRIPTION
                "Notification log statistics."
        ::= { notificationLogMIBGroups 2 }

notificationLogLogGroup OBJECT-GROUP
        OBJECTS {
                nlmLogTime,
                nlmLogEngineID,
                nlmLogContextName,
                nlmLogVariables,
                nlmLogNotificationID,

                nlmLogVariableID,
                nlmLogVariableValueType,
                nlmLogVariableCounter32Val,
                nlmLogVariableUnsigned32Val,
                nlmLogVariableTimeTicksVal,
                nlmLogVariableInteger32Val,
                nlmLogVariableOctetStringVal,
                nlmLogVariableIpAddressVal,
                nlmLogVariableOidVal,
                nlmLogVariableCounter64Val,
                nlmLogVariableOpaqueVal
        }
        STATUS current
        DESCRIPTION
                "Notification log data."
        ::= { notificationLogMIBGroups 3 }

notificationLogDateGroup OBJECT-GROUP
        OBJECTS {
                nlmLogDateAndTime
        }
        STATUS current
        DESCRIPTION
                "Conditionally mandatory notification log data."
        ::= { notificationLogMIBGroups 4 }

END







Expires 25 January 1999+6 months                               [Page 22]


Internet Draft            Notification Log MIB           25 January 1999


5.  Intellectual Property

The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to pertain
to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights.  Information on the IETF's
procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11.  Copies of claims of
rights made available for publication and any assurances of licenses to
be made available, or the result of an attempt made to obtain a general
license or permission for the use of such proprietary rights by
implementors or users of this specification can be obtained from the
IETF Secretariat.



































Expires 25 January 1999+6 months                               [Page 23]


Internet Draft            Notification Log MIB           25 January 1999


6.  References

[1]  Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
     Describing SNMP Management Frameworks", RFC 2271, Cabletron
     Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research,
     January 1998.

[2]  Rose, M. and K. McCloghrie, "Structure and Identification of
     Management Information for TCP/IP-based Internets", RFC 1155,
     Performance Systems International, Hughes LAN Systems, May 1990.

[3]  Rose, M. and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
     Performance Systems International, Hughes LAN Systems, March 1991.

[4]  M. Rose, "A Convention for Defining Traps for use with the SNMP",
     RFC 1215, Performance Systems International, March 1991.

[5]  Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Structure of
     Management Information for Version 2 of the Simple Network
     Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco
     Systems, Inc., Dover Beach Consulting, Inc., International Network
     Services, January 1996.

[6]  Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Textual
     Conventions for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[7]  Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Conformance
     Statements for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[8]  Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network
     Management Protocol", RFC 1157, SNMP Research, Performance Systems
     International, Performance Systems International, MIT Laboratory
     for Computer Science, May 1990.

[9]  Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction
     to Community-based SNMPv2", RFC 1901, SNMP Research, Inc., Cisco
     Systems, Inc., Dover Beach Consulting, Inc., International Network
     Services, January 1996.






Expires 25 January 1999+6 months                               [Page 24]


Internet Draft            Notification Log MIB           25 January 1999


[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport
     Mappings for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message
     Processing and Dispatching for the Simple Network Management
     Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems,
     Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998.

[12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for
     version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
     2274, IBM T. J. Watson Research, January 1998.

[13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol
     Operations for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC
     2273, SNMP Research, Inc., Secure Computing Corporation, Cisco
     Systems, January 1998

[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
     Control Model (VACM) for the Simple Network Management Protocol
     (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc.,
     Cisco Systems, Inc., January 1998.

[16] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Coexistence
     between Version 1 and version 2 of the Internet-standard Network
     Management Framework", RFC 1903, SNMP Research, Inc., Cisco
     Systems, Inc., Dover Beach Consulting, Inc., International Network
     Services, January 1996.















Expires 25 January 1999+6 months                               [Page 25]


Internet Draft            Notification Log MIB           25 January 1999


7.  Security Considerations

Security issues are discussed in the overview.


8.  Author's Address

     Bob Stewart
     Cisco Systems, Inc.
     170 West Tasman Drive
     San Jose, CA 95134-1706
     U.S.A.

     Phone: +1 408 526 4527
     Email: bstewart@cisco.com



































Expires 25 January 1999+6 months                               [Page 26]


Internet Draft            Notification Log MIB           25 January 1999


9.  Full Copyright Statement

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works.  However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the  purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
























Expires 25 January 1999+6 months                               [Page 27]


Internet Draft            Notification Log MIB           25 January 1999


Table of Contents


1 Abstract ........................................................    2
2 The SNMP Management Framework ...................................    2
3 Overview ........................................................    3
3.1 Environment ...................................................    3
3.1.1 SNMP Engines and Contexts ...................................    3
3.1.2 Security ....................................................    4
3.2 Structure .....................................................    5
3.2.1 Configuration ...............................................    5
3.2.2 Statistics ..................................................    6
3.2.3 Log .........................................................    6
3.3 Example .......................................................    6
4 Definitions .....................................................    8
5 Intellectual Property ...........................................   23
6 References ......................................................   24
7 Security Considerations .........................................   26
8 Author's Address ................................................   26
9 Full Copyright Statement ........................................   27






























Expires 25 January 1999+6 months                               [Page 28]