Network Working Group Glenn Mansfield Keeni
INTERNET-DRAFT Cyber Solutions Inc.
Expires: July 2, 2003 B. Pape
Enterasys Networks
January 3, 2003
Syslog MIB
<draft-ietf-syslog-device-mib-03.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 2, 2003.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This memo provides a MIB module that can be used to monitor and manage
syslog processes. In addition it defines objects that allow the
collection of statistics related to the generation of syslog messages.
And finally it provides a means for controlling the messages that
individual applications on a device will generate.
Expires: July 2, 2003 [Page 1]
Internet Draft January 3, 2003
Table of Contents
1. The SNMP Management Framework .................. 3
2. Background ..................................... 3
3. The MIB Design ................................. 4
4. The Syslog MIB ................................. 6
5. Intellectual Property Notice ...................42
6 Acknowledgments ................................42
7. Security Considerations ........................42
8. References .....................................44
9. Full Copyright Statement .......................47
10. Authors Address ................................48
Expires: July 2, 2003 [Page 2]
Internet Draft January 3, 2003
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
This document defines a portion of the Management Information Base
(MIB) for use with management protocols in the Internet community.
In particular, this document describes managed objects used for
configuring and monitoring syslog processes that handle syslog
messages.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[RFC2119].
2. Background
Operating systems, processes and applications generate messages
indicating their own status or the occurance of events. These
messages are useful for managing and/or debugging the network and its
services. The BSD Syslog protocol is a widely adopted protocol that
is used for transmission and processing of the messages.
Essentially, a syslog process receive messages (from the kernel,
processes, applications or other syslog processes) and processes
those. The processing involves logging to a local file, displaying on
console, user terminal, and/or relaying to syslog processes on other
machines. The processing is determined by the "facility" that
originated the message and the "severity" assigned to the message by
the facility.
This document defines a generic MIB that may be used to monitor and
control one or more syslog processes running on a system.
Expires: July 2, 2003 [Page 3]
Internet Draft January 3, 2003
/
+------+ /
| SP-1 |------> SP-R1
/+------+ \
Facility-1-->| /
-->| / +------+ /
Facility-N-->|+---| SP-2 |------> SP-R2
-->| \ +------+ \
SyslogHost-N-->| \
\+------+ /
| SP-N |------> SP-RN
+------+ \
\
Facility: Facility originating the message (locally)
SyslogHost: Remote SyslogHost relaying a message
SP: Syslog Process
Fig.1 Syslog Process Model
The syslog process modelled by the MIB is shown in Fig.1. One or more
syslog processes running on a system receive syslog messages from the
local facilities and from other syslog processes on other hosts. The
syslog process receives the message and processes it depending on the
processing mandated for the facility and severity of the message in
its local message-process configuration table.
3. The MIB Design.
The purpose of the SyslogMIB is to allow the monitoring and control of
the syslog process(es) on a system. This requires MOs representing
o Statistics on messages, received, processed locally, relayed,
o Syslog system wide parameters that are available to all syslog
processes.
o Syslog run time parameters for each syslog process e.g.
- maximum message size,
- sockets and/or type of transport, port numbers on which
the process will listen for messages, etc.
- etc.
o Rules for selecting messages and applying the corresponding
specified actions for each syslog process
The MIB comprises of four groups
o The syslogSystem group handles the system wide parameters
Expires: July 2, 2003 [Page 4]
Internet Draft January 3, 2003
that applies to all the syslog processes served by the
SNMP agent.
o The syslog process group consisting of the
- syslogStatsTable which deals with statistical information about
the syslog processes.
- syslogParamsTable for monitoring and controlling syslog
processes. It contains MOs representing the run-time parameters
of the syslog processes.
o The syslog control group which handles the definition of the rules
for message selection and action(s) that will be carried out on
the selected message. The tables in this group represent the rules
that would generally be present in the syslog.conf file of
traditional syslogd process.
The control group consists of
- a syslogCtlSelectionTable which defines the message selection
rule.
- several action tables viz.
+ syslogCtlLogActionTable defining the logging actions
+ syslogCtlUserActionTable defining the users on whose console
the message will need to be displayed.
+ syslogCtlFwdActionTable defining destinations to which
a message will be forwarded
o The conformance group that defines the compliance statements.
Expires: July 2, 2003 [Page 5]
Internet Draft January 3, 2003
4. The Syslog MIB
SYSLOG-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32, Counter32, Integer32, mib-2
FROM SNMPv2-SMI
RowStatus, TEXTUAL-CONVENTION, TimeStamp, TruthValue,
StorageType
FROM SNMPv2-TC
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
syslogMIB MODULE-IDENTITY
LAST-UPDATED "200212252343Z" -- Wed December 25 23:43 GMT 2002
ORGANIZATION "IETF Syslog Working Group"
CONTACT-INFO
" Glenn Mansfield Keeni
Postal: Cyber Solutions Inc.
6-6-3, Minami Yoshinari
Aoba-ku, Sendai, Japan 989-3204.
Tel: +81-22-303-4012
Fax: +81-22-303-4015
E-mail: glenn@cysols.com
"
DESCRIPTION
"The MIB module pertaining to the reception and processing
of Syslog compatible messages."
REVISION "200303030000Z" -- Mon March 03 00:00 GMT 2003
DESCRIPTION
"Fixing of nits in descriptions, addition of references,
addition of the following MOs
syslogProcMsgsIllFormed Counter32,
syslogProcStartTime TimeStamp,
syslogProcLastError Integer32,
syslogProcLastErrorTime TimeStamp,
syslogParamsStorageType StorageType,
syslogCtlFwdActionSrcAddrType InetAddressType,
syslogCtlFwdActionSrcAddr InetAddress,
added enumeration ''suspended(2)'' to
Expires: July 2, 2003 [Page 6]
Internet Draft January 3, 2003
syslogParamsProcessStatus.
"
REVISION "200212252343Z" -- Wed December 25 23:43 GMT 2002
DESCRIPTION
"Radical revision of the MIB structure and design."
REVISION "200206061841Z" -- Thu Jun 6 18:41 GMT 2002
DESCRIPTION
"The initial version of this MIB module."
::= { mib-2 999999 } -- Will be assigned by IANA
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
SyslogFacility ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the facilities
that originate syslog messages.
The value noMap(24) indicates that the appropriate
facility will be provided by the individual applications
on the managed entity. If this option is not available
on a particular entity attempt set the facillity to this
value will fail with an error-status of wrongValue."
REFERENCE
"The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 1).
"
SYNTAX INTEGER {
kernel (0), -- kernel messages
user (1), -- user-level messages
mail (2), -- mail system
daemon (3), -- system daemons
auth (4), -- authorization messages
syslog (5), -- messages generated by syslogd
lpr (6), -- line printer subsystem
news (7), -- network news subsystem
uucp (8), -- UUCP subsystem
cron (9), -- clock daemon
authPriv (10),-- authorization messages
-- (private)
ftp (11),-- ftp daemon
ntp (12),-- NTP subsystem
security (13),-- security subsystems
-- (firewalling, etc.)
console (14),-- /dev/console output
Expires: July 2, 2003 [Page 7]
Internet Draft January 3, 2003
local0 (16),
local1 (17),
local2 (18),
local3 (19),
local4 (20),
local5 (21),
local6 (22),
local7 (23),
noMap (99)
}
SyslogSeverity ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the severity levels
of syslog messages. The syslog protocol uses the values
0 (emergency), to 7 (debug)."
REFERENCE
"The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 2)
"
SYNTAX INTEGER {
emergency (0), -- system is unusable
alert (1), -- action must be taken
-- immediately
critical (2), -- critical conditions
error (3), -- error conditions
warning (4), -- warning conditions
notice (5), -- normal but significant
-- condition
info (6), -- informational
debug (7), -- debug-level messages
other (99) -- None of the above
}
Expires: July 2, 2003 [Page 8]
Internet Draft January 3, 2003
SyslogSeverityCompOP ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The operator that will be applied to the severity
in before the selection for an action takes place.
"
SYNTAX INTEGER {
none (1),
greaterThanOrEqual (2),
lessThanOrEqual (3),
greaterThan (4),
lessThan (5),
notGreaterThanOrEqual (6),
notLessThanOrEqual (7),
notGreaterThan (8),
notLessThan (9),
equal (10),
notEqual (11)
}
SyslogTransport ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The Transport that will be used to send and/or
receive messages.
"
REFERENCE
"The The BSD syslog Protocol RFC 3164 Sec. 2.
"
SYNTAX INTEGER {
any (1),
udp (2),
tcp (3)
}
SyslogService ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The service name or port number that will be used to
send and/or receive messages.
The special name ''any'' is reserved. It denotes
all ports and is applicable only in the context of
message reception.
In case the service name is given, and it is not ''any'',
the service name must resolve to a port number on the
local host.
"
SYNTAX OCTET STRING (SIZE (0..255))
Expires: July 2, 2003 [Page 9]
Internet Draft January 3, 2003
-- -------------------------------------------------------------
-- syslogMIB - the main groups
-- -------------------------------------------------------------
syslogSystem OBJECT IDENTIFIER
::= { syslogMIB 1 }
syslogProc OBJECT IDENTIFIER
::= { syslogMIB 2 }
syslogControl OBJECT IDENTIFIER
::= { syslogMIB 3 }
-- -------------------------------------------------------------
-- syslogSystem
-- -------------------------------------------------------------
-- The system wide parameters
syslogDefaultTransport OBJECT-TYPE
SYNTAX SyslogTransport
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default transport that a syslog process will use
to send syslog messages.
"
REFERENCE
"The BSD syslog Protocol RFC 3164 Sec. 2.
"
DEFVAL {udp}
::= { syslogSystem 1 }
syslogDefaultService OBJECT-TYPE
SYNTAX SyslogService
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default service name or port number that a syslog
process will use to send syslog messages.
"
REFERENCE
"The BSD syslog Protocol RFC 3164 Sec. 2.
"
DEFVAL { "514" }
::= { syslogSystem 2 }
Expires: July 2, 2003 [Page 10]
Internet Draft January 3, 2003
syslogDefaultFacility OBJECT-TYPE
SYNTAX SyslogFacility
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default syslog facility that will be added to syslog
messages when the message needs to be relayed and does not
have priority specified.
"
::= { syslogSystem 3 }
syslogDefaultSeverity OBJECT-TYPE
SYNTAX SyslogSeverity
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The default syslog severity that will be added to syslog
messages when the message needs to be relayed and does not
have priority specified.
"
::= { syslogSystem 4 }
syslogMaxMessageSize OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The the maximum size of the syslog messages in bytes.
"
DEFVAL { 1024 }
::= { syslogSystem 5 }
-- -------------------------------------------------------------
-- syslogProc
-- -------------------------------------------------------------
syslogProcTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogProcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing information about the syslog processes
serviced by an SNMP agent.
"
::= { syslogProc 1 }
Expires: July 2, 2003 [Page 11]
Internet Draft January 3, 2003
syslogProcEntry OBJECT-TYPE
SYNTAX SyslogProcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information pertaining to a syslog process.
"
INDEX { syslogProcIndex }
::= { syslogProcTable 1 }
SyslogProcEntry ::=
SEQUENCE {
syslogProcIndex
Integer32,
syslogProcMsgsReceived
Counter32,
syslogProcMsgsRelayed
Counter32,
syslogProcMsgsDropped
Counter32,
syslogProcMsgsIllFormed
Counter32,
syslogProcMsgsIgnored
Counter32,
syslogProcMsgsRejected
Counter32,
syslogProcLastMsgRecdTime
TimeStamp,
syslogProcLastMsgDeliveredTime
TimeStamp,
syslogProcStartTime
TimeStamp,
syslogProcLastError
Integer32,
syslogProcLastErrorTime
TimeStamp
}
-- option for allowed peers needs to be added
Expires: July 2, 2003 [Page 12]
Internet Draft January 3, 2003
syslogProcIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Index that uniquely identifies the syslog process in the
syslogProcess table.
"
::= { syslogProcEntry 1 }
syslogProcMsgsReceived OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages received by the syslog
process. This includes messages that were ignored.
"
::= { syslogProcEntry 2 }
syslogProcMsgsRelayed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages relayed by the syslog
process to other syslog processes.
"
::= { syslogProcEntry 3 }
syslogProcMsgsDropped OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that could not be relayed
(could not be queued for transmitting)."
::= { syslogProcEntry 4 }
Expires: July 2, 2003 [Page 13]
Internet Draft January 3, 2003
syslogProcMsgsIllFormed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that were rejected by the
syslog process because these were badly formed.
"
::= { syslogProcEntry 5 }
syslogProcMsgsIgnored OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that were not processed by the
syslog process because the message did not meet
the specification of 'allowed specifications' ( either
the program name or the priority level of the message
or both did not match any selection specified
for this process in the syslogCtlSelectionTable).
"
::= { syslogProcEntry 6 }
syslogProcMsgsRejected OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of messages that were rejected by the
syslog process because the messsage was from a host/service
that did not match any selection specified for this process
in the syslogCtlSelectionTable and was not on the allowed
host/services list.
"
::= { syslogProcEntry 7 }
syslogProcLastMsgRecdTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local time when the last message was received
by the syslog process locally or from a remote
syslog process.
"
::= { syslogProcEntry 8 }
Expires: July 2, 2003 [Page 14]
Internet Draft January 3, 2003
syslogProcLastMsgDeliveredTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local time when the last message was delivered
by the syslog process.
"
::= { syslogProcEntry 9 }
syslogProcStartTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local time when this process was started.
"
::= { syslogProcEntry 10 }
syslogProcLastError OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The last error that was encountered by this process.
"
::= { syslogProcEntry 11 }
syslogProcLastErrorTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The local time when the last error was encountered.
"
::= { syslogProcEntry 12 }
syslogParamsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogParamsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing information about the parameters
that control the syslog processes.
"
::= { syslogProc 2 }
Expires: July 2, 2003 [Page 15]
Internet Draft January 3, 2003
syslogParamsEntry OBJECT-TYPE
SYNTAX SyslogParamsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The parameters pertaining to a syslog process."
INDEX { syslogProcIndex }
::= { syslogParamsTable 1 }
SyslogParamsEntry ::=
SEQUENCE {
syslogParamsProcDescr
SnmpAdminString,
syslogParamsBindAddrType
InetAddressType,
syslogParamsBindAddr
InetAddress,
syslogParamsSendToAllAddresses
TruthValue,
syslogParamsCompression
INTEGER,
syslogParamsConfFileName
SnmpAdminString,
syslogParamsFacilityTranslation
INTEGER,
syslogParamsPIDFileName
SnmpAdminString,
syslogParamsDNSLookup
INTEGER,
syslogParamsSeverityCompOP
SyslogSeverityCompOP,
syslogParamsSecuritySpecs
INTEGER,
syslogParamsProcessStatus
INTEGER,
syslogParamsStorageType
StorageType,
syslogParamsRowStatus
RowStatus
}
Expires: July 2, 2003 [Page 16]
Internet Draft January 3, 2003
syslogParamsProcDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A user definable description of the syslog process.
"
::= { syslogParamsEntry 1 }
syslogParamsBindAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogParamsBindAddr.
"
::= { syslogParamsEntry 2 }
syslogParamsBindAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The specific IP address or hostname the syslog process will
bind to. If a hostname is specified, the IPv4 or IPv6 address
which corresponds to will be used.
"
::= { syslogParamsEntry 3 }
syslogParamsSendToAllAddresses OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If the destination host, for a message to be forwarded,
has more than one A or AAAA record process, Send the
message to all the addresses (true) else send to only
one of the addresses.
"
DEFVAL { false }
::= { syslogParamsEntry 4 }
Expires: July 2, 2003 [Page 17]
Internet Draft January 3, 2003
syslogParamsCompression OBJECT-TYPE
SYNTAX INTEGER {
off (1),
offIfPipe (2),
on (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If 'off', disable the compression of repeated instances
of the same line into a single line of the form ``last
message repeated N times''.
If 'offIfPipe' disable the compression when the output
is a pipe to another program. Otherwise the compression
is enabled.
"
DEFVAL { on }
::= { syslogParamsEntry 5 }
syslogParamsConfFileName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The fullpath name of the configuration file where the
syslog process's message selection and corresponding action
rules will be read from.
Data is loaded from this file into the syslogCtlSelectionTable
and the syslogCtlLogActionTable.
If the objects loaded from the file specified by this object
have an access level of read-create this file MUST be
be writable so that modifications to the corresponding objects,
if any, will be effected in this file.
If the system does not support the specification of a
configuration file this field will not be accessible.
"
DEFVAL { "/etc/syslog.conf" }
::= { syslogParamsEntry 6 }
Expires: July 2, 2003 [Page 18]
Internet Draft January 3, 2003
syslogParamsFacilityTranslation OBJECT-TYPE
SYNTAX INTEGER {
off (1),
on (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If off, disable Disable the translation of messages received
with facility ``kern'' to facility ``user''. Usually the
``kern'' facility is reserved for messages read directly from
/dev/klog.
"
DEFVAL { on }
::= { syslogParamsEntry 7 }
syslogParamsPIDFileName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The fullpath name of the file where the syslog process ID
will be recorded.
In case the system does not support the feature of recording
syslog's process ID - this object will not be accessible.
"
DEFVAL { "/etc/syslog.pid" }
::= { syslogParamsEntry 8 }
syslogParamsDNSLookup OBJECT-TYPE
SYNTAX INTEGER {
useLocalCache (1),
doNotUseLocalCache (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If doNotUseLocalCache is on, fresh DNS lookups will
be carried out everytime a hostname is encountered.
Else, DNS lookups will be carried it only once for
each hostname.
"
DEFVAL { useLocalCache }
::= { syslogParamsEntry 9 }
Expires: July 2, 2003 [Page 19]
Internet Draft January 3, 2003
syslogParamsSeverityCompOP OBJECT-TYPE
SYNTAX SyslogSeverityCompOP
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The default value of the operator that should apply
to the syslogCtlSelectionSeverity in before the
selection takes place.
"
DEFVAL { greaterThanOrEqual }
::= { syslogParamsEntry 10 }
syslogParamsSecuritySpecs OBJECT-TYPE
SYNTAX INTEGER {
none (0),
doNotRecvFromRemoteHosts (1),
doNotOpenNetworkSockets (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If doNotRecvFromRemoteHosts is selected then the
corresponding syslog process will receive messages from
remote hosts.
If doNotOpenNetworkSockets is selected then the syslog
process will not receive from or forward to remote hosts.
"
DEFVAL { none }
::= { syslogParamsEntry 11 }
syslogParamsProcessStatus OBJECT-TYPE
SYNTAX INTEGER {
unknown (0),
started (1),
suspended(2),
stopped (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of the process.
The status of the process can be controlled by setting
this object to the appropriate value.
''started'' indicates that the process should be started
if it is not already running.
''suspended'' indicates that the process should be suspended
if it is running.
''stopped'' indicates that the process should be stopped
Expires: July 2, 2003 [Page 20]
Internet Draft January 3, 2003
if it is running.
The following are the allowed state changes
started -> suspended
started -> stopped
suspended -> started
suspended -> stopped
Attempts to carry out any other state changes will result in
in an error.
The status can be set to ''started'' only when the rowStatus of
the corresponding conceptual row is ''valid''.
"
DEFVAL { unknown }
::= { syslogParamsEntry 12 }
syslogParamsStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether the parameters defined in this
row are kept in volatile storage and lost upon reboot or
are backed up by non-volatile (permanent) storage.
"
::= { syslogParamsEntry 13 }
syslogParamsRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create, modify and delete rows in
the syslogParamsTable.
Objects in a row can be modified only when the value of this
object in the corresponding conceptual row is not ''active''.
Thus to modify the one or more of the objects in this
conceptual row,
a. change the row status to ''invalid'', causing its deletion
b. create a new conceptual row with the desired values.
"
::= { syslogParamsEntry 14 }
Expires: July 2, 2003 [Page 21]
Internet Draft January 3, 2003
syslogAllowedHostsTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogAllowedHostsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing information about the Hosts
from which messages will be accepted (rejected).
"
::= { syslogProc 3 }
syslogAllowedHostsEntry OBJECT-TYPE
SYNTAX SyslogAllowedHostsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The host information."
INDEX { syslogProcIndex }
::= { syslogAllowedHostsTable 1 }
SyslogAllowedHostsEntry ::=
SEQUENCE {
syslogAllowedHostsAddressType
InetAddressType,
syslogAllowedHostsAddress
InetAddress,
syslogAllowedHostsMaskLen
Integer32,
syslogAllowedHostsTransport
SyslogTransport,
syslogAllowedHostsPort
SyslogService,
syslogAllowedHostsRowStatus
RowStatus
}
syslogAllowedHostsAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogAllowedHostsAddress.
"
::= { syslogAllowedHostsEntry 1 }
Expires: July 2, 2003 [Page 22]
Internet Draft January 3, 2003
syslogAllowedHostsAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP address or hostname specification of the host from
which the syslog process will accept messages.
"
::= { syslogAllowedHostsEntry 2 }
syslogAllowedHostsMaskLen OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If the syslogAllowedHostsAddressType is ipv4(1), ipv6(2)
this object represents the number of bits that will be
taken into account when the address of the originating
is being compared with syslogAllowedHostsAddress.
The default value of this MO will be the length of the
corresponding syslogAllowedHostsAddress.
If the syslogAllowedHostsAddressType is not ipv4(1) or
ipv6(2) this object is not used.
"
::= { syslogAllowedHostsEntry 3 }
syslogAllowedHostsTransport OBJECT-TYPE
SYNTAX SyslogTransport
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Transport specification that will be used to decide
whether the messsage will be accepted from a host or
not.
"
DEFVAL { udp }
::= { syslogAllowedHostsEntry 4 }
Expires: July 2, 2003 [Page 23]
Internet Draft January 3, 2003
syslogAllowedHostsPort OBJECT-TYPE
SYNTAX SyslogService
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Port specification that will be used to decide
whether the messsage will be accepted from a host or
not.
"
DEFVAL { "any" }
::= { syslogAllowedHostsEntry 5 }
syslogAllowedHostsRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogAllowedHostsTable.
"
::= { syslogAllowedHostsEntry 6 }
-- -------------------------------------------------------------
-- syslogControl
-- -------------------------------------------------------------
-- This group defines the rules for message selection and the
-- action that will be carried out on the selected messages.
-- The tables in this group represent the rules that would
-- generally be present in the syslog.conf
-- syslogCtlSelectionTable:
-- This table defines the message selection rules for an action
-- Each row maps a part of the "selector" field in the syslogd.conf
-- that is traditionally input to the syslogd process
syslogCtlSelectionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogCtlSelectionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table which defines the rules for selection of
syslog messages for some specified actions.
"
::= { syslogControl 1 }
Expires: July 2, 2003 [Page 24]
Internet Draft January 3, 2003
syslogCtlSelectionEntry OBJECT-TYPE
SYNTAX SyslogCtlSelectionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Defines the information to generate syslog messages to
an aggregating agent or collector.
Entries within this table with an access level of read-
create MUST be considered non-volatile and MUST be
maintained across entity resets."
INDEX { syslogProcIndex, syslogCtlActionIndex,
syslogCtlSelectionIndex }
::= { syslogCtlSelectionTable 1 }
SyslogCtlSelectionEntry ::=
SEQUENCE {
syslogCtlActionIndex
Integer32,
syslogCtlSelectionIndex
Integer32,
syslogCtlSelectionDescr
SnmpAdminString,
syslogCtlSelectionHostNameIncl
INTEGER,
syslogCtlSelectionHostname
SnmpAdminString,
syslogCtlSelectionProgNameIncl
INTEGER,
syslogCtlSelectionProgName
SnmpAdminString,
syslogCtlSelectionPriorityIncl
INTEGER,
syslogCtlSelectionFacility
SyslogFacility,
syslogCtlSelectionSeverity
SyslogSeverity,
syslogCtlSelectionSeverityCompOP
SyslogSeverityCompOP,
syslogCtlSelectionRowStatus
RowStatus
}
Expires: July 2, 2003 [Page 25]
Internet Draft January 3, 2003
syslogCtlActionIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index that uniquely identifies an action group in
the Table.
"
::= { syslogCtlSelectionEntry 1 }
syslogCtlSelectionIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index that uniquely identifies the row within the
set of rows belonging to the same action group.
"
::= { syslogCtlSelectionEntry 2 }
syslogCtlSelectionDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A description of the Selection
"
::= { syslogCtlSelectionEntry 3 }
syslogCtlSelectionHostNameIncl OBJECT-TYPE
SYNTAX INTEGER {
included (1),
excluded (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether the corresponding instance of
syslogCtlSelectionHostName define a hostname which
is included or excluded from the selection for the
action.
"
DEFVAL { included }
::= { syslogCtlSelectionEntry 4 }
Expires: July 2, 2003 [Page 26]
Internet Draft January 3, 2003
syslogCtlSelectionHostname OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The hostname represented by the row. An asterisk indicates all
hosts.
"
DEFVAL { "*" }
::= { syslogCtlSelectionEntry 5 }
syslogCtlSelectionProgNameIncl OBJECT-TYPE
SYNTAX INTEGER {
included (1),
excluded (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether the corresponding instance of
syslogCtlSelectionProgName define a program name
which is included or excluded from the selection
for the action.
"
DEFVAL { included }
::= { syslogCtlSelectionEntry 6 }
syslogCtlSelectionProgName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The program name represented by the row. An asterisk
indicates all hosts.
"
DEFVAL { "*" }
::= { syslogCtlSelectionEntry 7 }
Expires: July 2, 2003 [Page 27]
Internet Draft January 3, 2003
syslogCtlSelectionPriorityIncl OBJECT-TYPE
SYNTAX INTEGER {
included (1),
excluded (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates whether the corresponding instances of
syslogCtlSelectionFacility and syslogCtlSelectionSeverity
define a priority which is included or excluded
from the selection for the action.
"
DEFVAL { included }
::= { syslogCtlSelectionEntry 8 }
syslogCtlSelectionFacility OBJECT-TYPE
SYNTAX SyslogFacility
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The facility represented by the row.
"
::= { syslogCtlSelectionEntry 9 }
syslogCtlSelectionSeverityCompOP OBJECT-TYPE
SYNTAX SyslogSeverityCompOP
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Represents the operator that should apply to the
syslogCtlSelectionSeverity MO before the selection takes
place.
"
DEFVAL { greaterThanOrEqual }
::= { syslogCtlSelectionEntry 10 }
syslogCtlSelectionSeverity OBJECT-TYPE
SYNTAX SyslogSeverity
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The severity represented by the row.
"
::= { syslogCtlSelectionEntry 11 }
Expires: July 2, 2003 [Page 28]
Internet Draft January 3, 2003
syslogCtlSelectionRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogCtlSelectionTable.
"
::= { syslogCtlSelectionEntry 12 }
-- -------------------------------------------------------------
-- syslogCtlActionTable
-- -------------------------------------------------------------
-- This table defines the Logging action for a selection from
-- syslogCtlSelectionTable (group of rows having the same
-- syslogCtlActionIndex).
syslogCtlLogActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogCtlLogActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing Syslog LogAction Entries."
::= { syslogControl 2 }
syslogCtlLogActionEntry OBJECT-TYPE
SYNTAX SyslogCtlLogActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Defines the information to generate syslog messages to
an aggregating agent or collector.
Entries within this table with an access level of read-
create MUST be considered non-volatile and MUST be
maintained across entity resets."
INDEX { syslogProcIndex, syslogCtlActionIndex}
::= { syslogCtlLogActionTable 1 }
SyslogCtlLogActionEntry ::=
SEQUENCE {
syslogCtlLogActionFileName
SnmpAdminString,
syslogCtlLogActionRowStatus
RowStatus
}
Expires: July 2, 2003 [Page 29]
Internet Draft January 3, 2003
syslogCtlLogActionFileName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The fullpath name of the file in which the message
will be logged.
This file should be existing before the syslog process
attempts to append messages to it.
"
::= { syslogCtlLogActionEntry 1 }
syslogCtlLogActionRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogCtlLogTable."
::= { syslogCtlLogActionEntry 2 }
-- -------------------------------------------------------------
-- syslogUserActionTable
-- -------------------------------------------------------------
-- This table defines the user notification action for a selection
-- from syslogCtlSelectionTable (group of rows having the same
-- syslogCtlActionIndex).
syslogCtlUserActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogCtlUserActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing list of users to whom a notification
will be sent (by displaying the message on the users'
console, if the user is logged in.
"
::= { syslogControl 3 }
Expires: July 2, 2003 [Page 30]
Internet Draft January 3, 2003
syslogCtlUserActionEntry OBJECT-TYPE
SYNTAX SyslogCtlUserActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A user to whom the message should be notified.
"
INDEX { syslogProcIndex, syslogCtlActionIndex,
syslogCtlUserActionIndex}
::= { syslogCtlUserActionTable 1 }
SyslogCtlUserActionEntry ::=
SEQUENCE {
syslogCtlUserActionIndex
Unsigned32,
syslogCtlUserActionUserID
SnmpAdminString,
syslogCtlUserActionRowStatus
RowStatus
}
syslogCtlUserActionIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index to uniquely identify the userID among the
group of userIDs.
"
::= { syslogCtlUserActionEntry 1 }
syslogCtlUserActionUserID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The userid of the user to whom the message will be
displayed on the console if, the user is logged in.
Note: the userid ''*'' denotes all users.
"
::= { syslogCtlUserActionEntry 2 }
Expires: July 2, 2003 [Page 31]
Internet Draft January 3, 2003
syslogCtlUserActionRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogCtlUserActionTable.
"
::= { syslogCtlUserActionEntry 3 }
-- -------------------------------------------------------------
-- syslogCtlFwdAction Table
-- -------------------------------------------------------------
-- Each row in this table defines a destination to which the
-- message will be forwarded
syslogCtlFwdActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogCtlFwdActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing Syslog collector information."
::= { syslogControl 4 }
syslogCtlFwdActionEntry OBJECT-TYPE
SYNTAX SyslogCtlFwdActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Defines the information pertaining to a syslog collector
to which a syslog messages will be relayed.
Entries within this table with an access level of read-
create MUST be considered non-volatile and MUST be
maintained across entity resets."
INDEX { syslogProcIndex, syslogCtlActionIndex,
syslogCtlFwdActionIndex }
::= { syslogCtlFwdActionTable 1 }
Expires: July 2, 2003 [Page 32]
Internet Draft January 3, 2003
SyslogCtlFwdActionEntry ::=
SEQUENCE {
syslogCtlFwdActionIndex
Unsigned32,
syslogCtlFwdActionDescr
SnmpAdminString,
syslogCtlFwdActionSrcAddrType
InetAddressType,
syslogCtlFwdActionSrcAddr
InetAddress,
syslogCtlFwdActionDstAddrType
InetAddressType,
syslogCtlFwdActionDstAddr
InetAddress,
syslogCtlFwdActionTransport
SyslogTransport,
syslogCtlFwdActionPort
SyslogService,
syslogCtlFwdActionFacility
SyslogFacility,
syslogCtlFwdActionSeverity
SyslogSeverity,
syslogCtlFwdActionRowStatus
RowStatus
}
syslogCtlFwdActionIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique identifier for this syslogForwardAction entry."
::= { syslogCtlFwdActionEntry 1 }
syslogCtlFwdActionDescr OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Administratively assigned textual description of this
syslogForwardAction."
::= { syslogCtlFwdActionEntry 2 }
Expires: July 2, 2003 [Page 33]
Internet Draft January 3, 2003
syslogCtlFwdActionSrcAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogCtlFwdActionSrcAddr.
"
::= { syslogCtlFwdActionEntry 3 }
syslogCtlFwdActionSrcAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Internet address that will be used as the source
address in the message to the collector.
The type of the address is specified in the preceeding
syslogCtlFwdActionSrcAddrType object.
The use of DNS domain names is discouraged, and agent
support for them is optional. Deciding when, and how
often, to resolve them is an issue. Not resolving them
often enough could lead to loss synchronization with
the associated entry in the DNS server, and resolving
them too often might lead to significant overhead
during critical network events.
"
::= { syslogCtlFwdActionEntry 4 }
syslogCtlFwdActionDstAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Internet address which follows
in syslogCtlFwdActionDstAddr.
"
::= { syslogCtlFwdActionEntry 5 }
Expires: July 2, 2003 [Page 34]
Internet Draft January 3, 2003
syslogCtlFwdActionDstAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Internet address for the Syslog message collector.
The type of the address is specified in the preceeding
syslogCtlFwdActionAddrDstType object.
The use of DNS domain names is discouraged, and agent
support for them is optional. Deciding when, and how
often, to resolve them is an issue. Not resolving them
often enough could lead to loss synchronization with
the associated entry in the DNS server, and resolving
them too often might lead to significant overhead
during critical network events.
"
::= { syslogCtlFwdActionEntry 6 }
syslogCtlFwdActionTransport OBJECT-TYPE
SYNTAX SyslogTransport
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Transport that will be used to forward the message.
"
DEFVAL { udp }
::= { syslogCtlFwdActionEntry 7 }
syslogCtlFwdActionPort OBJECT-TYPE
SYNTAX SyslogService
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The port number on the destination to which the
syslog message will be forwarded over the transport
specified by syslogCtlFwdActionTransport.
"
DEFVAL { "514" }
::= { syslogCtlFwdActionEntry 8 }
Expires: July 2, 2003 [Page 35]
Internet Draft January 3, 2003
syslogCtlFwdActionFacility OBJECT-TYPE
SYNTAX SyslogFacility
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The syslog facility code that will added to messages forwarded
to this collector, if, a priority level is not defined in the
received message.
"
::= { syslogCtlFwdActionEntry 9 }
syslogCtlFwdActionSeverity OBJECT-TYPE
SYNTAX SyslogSeverity
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The syslog severity code that will added to messages forwarded
to this collector, if, a priority level is not defined in the
received message.
"
::= { syslogCtlFwdActionEntry 10 }
syslogCtlFwdActionRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogCtlFwdActionTable.
"
::= { syslogCtlFwdActionEntry 11 }
-- -------------------------------------------------------------
-- syslogPipeActionTable
-- -------------------------------------------------------------
-- This table defines the 'pipe' action for a selection
-- from syslogCtlSelectionTable (group of rows having the same
-- syslogCtlActionIndex).
-- The selected message is piped to the command given in
-- the corresponding syslogCtlPipeActionCmd
Expires: July 2, 2003 [Page 36]
Internet Draft January 3, 2003
syslogCtlPipeActionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SyslogCtlPipeActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing commands to which selected messages
will be piped.
"
::= { syslogControl 5 }
syslogCtlPipeActionEntry OBJECT-TYPE
SYNTAX SyslogCtlPipeActionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A user to whom the message should be notified.
"
INDEX { syslogProcIndex, syslogCtlActionIndex}
::= { syslogCtlPipeActionTable 1 }
SyslogCtlPipeActionEntry ::=
SEQUENCE {
syslogCtlPipeActionCmd
SnmpAdminString,
syslogCtlPipeActionRowStatus
RowStatus
}
syslogCtlPipeActionCmd OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The command to which the selected message will be
piped.
"
::= { syslogCtlPipeActionEntry 1 }
syslogCtlPipeActionRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create and delete rows in the
syslogCtlPipeActionTable.
"
::= { syslogCtlPipeActionEntry 2 }
Expires: July 2, 2003 [Page 37]
Internet Draft January 3, 2003
-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------
syslogConformance OBJECT IDENTIFIER
::= { syslogMIB 4 }
syslogGroups OBJECT IDENTIFIER
::= { syslogConformance 1 }
syslogCompliances OBJECT IDENTIFIER
::= { syslogConformance 2 }
-- -------------------------------------------------------------
-- units of conformance
-- -------------------------------------------------------------
syslogSystemGroup OBJECT-GROUP
OBJECTS {
syslogDefaultTransport,
syslogDefaultService,
syslogDefaultFacility,
syslogDefaultSeverity,
syslogMaxMessageSize
}
STATUS current
DESCRIPTION
"A collection of objects providing system-wide
parameters for syslog processes.
"
::= { syslogGroups 1}
Expires: July 2, 2003 [Page 38]
Internet Draft January 3, 2003
syslogStatsGroup OBJECT-GROUP
OBJECTS {
-- syslogProcIndex,
syslogProcMsgsReceived,
syslogProcMsgsRelayed,
syslogProcMsgsDropped,
syslogProcMsgsIllFormed,
syslogProcMsgsIgnored,
syslogProcMsgsRejected,
syslogProcLastMsgRecdTime,
syslogProcLastMsgDeliveredTime,
syslogProcStartTime,
syslogProcLastError,
syslogProcLastErrorTime
}
STATUS current
DESCRIPTION
"A collection of objects providing message related
statistics."
::= { syslogGroups 2}
syslogParamsGroup OBJECT-GROUP
OBJECTS {
syslogParamsProcDescr,
syslogParamsBindAddrType,
syslogParamsBindAddr,
syslogParamsSendToAllAddresses,
syslogParamsCompression,
syslogParamsConfFileName,
syslogParamsFacilityTranslation,
syslogParamsPIDFileName,
syslogParamsDNSLookup,
syslogParamsSeverityCompOP,
syslogParamsSecuritySpecs,
syslogParamsProcessStatus,
syslogParamsStorageType,
syslogParamsRowStatus,
syslogAllowedHostsAddressType,
syslogAllowedHostsAddress,
syslogAllowedHostsMaskLen,
syslogAllowedHostsTransport,
syslogAllowedHostsPort,
syslogAllowedHostsRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects representing the run time parameters
for the syslog processes.
Expires: July 2, 2003 [Page 39]
Internet Draft January 3, 2003
"
::= { syslogGroups 3}
syslogControlGroup OBJECT-GROUP
OBJECTS {
syslogCtlSelectionDescr,
syslogCtlSelectionHostNameIncl,
syslogCtlSelectionHostname,
syslogCtlSelectionProgNameIncl,
syslogCtlSelectionProgName,
syslogCtlSelectionPriorityIncl,
syslogCtlSelectionFacility,
syslogCtlSelectionSeverity,
syslogCtlSelectionSeverityCompOP,
syslogCtlSelectionRowStatus,
syslogCtlLogActionFileName,
syslogCtlLogActionRowStatus,
syslogCtlUserActionUserID,
syslogCtlUserActionRowStatus,
syslogCtlFwdActionDescr,
syslogCtlFwdActionSrcAddrType,
syslogCtlFwdActionSrcAddr,
syslogCtlFwdActionDstAddrType,
syslogCtlFwdActionDstAddr,
syslogCtlFwdActionTransport,
syslogCtlFwdActionPort,
syslogCtlFwdActionFacility,
syslogCtlFwdActionSeverity,
syslogCtlFwdActionRowStatus,
syslogCtlPipeActionCmd,
syslogCtlPipeActionRowStatus
}
STATUS current
DESCRIPTION
"A collection of objects that represent the rules that
describe how a message will be selected, and the action(s)
that will be carried out on the selected message.
"
::= { syslogGroups 4}
Expires: July 2, 2003 [Page 40]
Internet Draft January 3, 2003
-- -------------------------------------------------------------
-- compliance statements
-- -------------------------------------------------------------
syslogCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for an agent implememting the
syslog MIB.
"
MODULE -- this module
MANDATORY-GROUPS {
syslogStatsGroup
}
GROUP syslogSystemGroup
DESCRIPTION
"The syslogSystemGroup group is mandatory only for
agents which support monitoring and control of the
syslog system wide parameters.
If only monitoring is supported then the corresponding
objects must have access read-only.
"
GROUP syslogParamsGroup
DESCRIPTION
"The syslogParamsGroup group is mandatory only for
agents which support monitoring and/or control of
syslog processes.
If only monitoring is supported then the corresponding
objects must have access read-only.
"
GROUP syslogControlGroup
DESCRIPTION
"The syslogControlGroup group is mandatory only for
agents which support monitoring and/or control of
the rules that describe how a message will be selected
and, the action(s) that will be carried out on the
selected message.
If only monitoring is supported then the corresponding
objects must have access read-only.
"
::= { syslogCompliances 1 }
END
Expires: July 2, 2003 [Page 41]
Internet Draft January 3, 2003
5. Intellectual Property Notice
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
6. Acknowledgments
The authors would like to thank David Harrington, Mark Ellison, Mike
MacFaden, Dave T Perkins and members of the WIDE-netman group for their
comments and suggestions.
7. Security Considerations
Syslog plays a very important role in the computer and network
security of an organization. SyslogMIB defines several managed
objects that may be used to monitor configure and control syslog
processes. As such improper manipulation of the objects represented
by this MIB may lead to an attack on an important component of the
computer and network security infrastructure. The objects in
syslogParamsTable, syslogAllowedHostsTable, syslogCtlSelectionTable,
syslogCtlLogActionTable, syslogCtlUserActionTable
syslogCtlFwdActionTable, syslogCtlPipeActionTable may be
misconfigured to cause syslog messages to be diverted, lost or result
in a DoS attack on a user or service. There are a number of
management objects defined in this MIB module with a MAX-ACCESS
clause of read-write and/or read-create. Such objects may be
considered sensitive or vulnerable in some network environments. The
support for SET operations in a non-secure environment without proper
protection can have a negative effect on network operations. These
are the tables and objects and their sensitivity/vulnerability:
o syslogParamsTable: the objects in this table describe the
Expires: July 2, 2003 [Page 42]
Internet Draft January 3, 2003
configuration of the syslog processes. The syslogParamsProcessStatus
may be used to start stop or suspend the syslog process itself.
o syslogAllowedHostsTable: the objects in this table describe the hosts
from which syslog messages will be accepted. Improper configuration may
lead to loss of messages from an important source or a flood of messages
from a, potentially rogue, source.
o syslogCtlSelectionTable: the objects in this table describe selection
rules for messages. Improper configuration may lead to loss of relevant
messages or the collection of useless, potentially ill-intentioned,
messages.
o syslogCtlLogActionTable: the objects in this table describe the actions
that will be carried on a received syslog message. Misconfiguration may
lead to loss of important messages or misdirection of messages.
o syslogCtlUserActionTable: Objects in this table describe the users that
will be notified. It may be misconfigured to prevent a user from
receiving an important message or to spam a user's console.
o syslogCtlFwdActionTable: Objects in this table describe the forwarding
action that will carried out on messages. It may be misconfigured to
prevent important messages from reaching their destinations or to direct
a DoS attack on a specific destination. It may also be misconfigured to
send syslog messages to an improper destination - resulting in a breach
of user's privacy.
o syslogCtlPipeActionTable: objects in this table describe the commands
that will be invoked to process a log message. This may be misconfigured
to cause arbitrary programs to be invoked on the syslog receiver.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o syslogProcTable: objects in this table carry sensitive information. The
counters may reveal information about the deployment and effectiveness
of the relevant security systems. The counters may be analyzed to tell
whether the security systems are able to detect an event or not.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
Expires: July 2, 2003 [Page 43]
Internet Draft January 3, 2003
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
8. References:
[Normative References]
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999
[Informative References]
[ODC-Dft] Schoenwaelder, J. "SNMP Payload Compression", Work In
Progress
http://www.ietf.org/internet-drafts/internet-draft draft-
irtf-
nmrg-snmp-compression-01.txt, April, 2001. [RFC2571]
Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571,
April
1999
[RFC1155] Rose, M., and K. McCloghrie, "Structure and
Identification
of Management Information for TCP/IP-based Internets",
STD
16, RFC 1155, May 1990
[RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions",
STD
16, RFC 1212, March 1991
Expires: July 2, 2003 [Page 44]
Internet Draft January 3, 2003
[RFC1215] M. Rose, "A Convention for Defining Traps for use with
the
SNMP", RFC 1215, March 1991
[RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin,
"Simple
Network Management Protocol", STD 15, RFC 1157, May 1990.
[RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901,
January
1996.
[RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996.
[RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen,
"Message
Processing and Dispatching for the Simple Network
Management
Protocol (SNMP)", RFC 2572, April 1999
[RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 2574, April 1999
[RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996.
[RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3
Applications",
RFC 2573, April 1999
[RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)", RFC 2575, April 1999.
[RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction to Version 3 of the Internet-standard
Network
Management Framework", RFC 2570, April 1999
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for the
Internet-Standard Management Framework", RFC 3410,
December 2002.
Expires: July 2, 2003 [Page 45]
Internet Draft January 3, 2003
[RFC3164] C. Lonvick, "The BSD Syslog Protocol", RFC 3164,
August 2001.
Expires: July 2, 2003 [Page 46]
Internet Draft January 3, 2003
9. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished
to
others, and derivative works that comment on or otherwise explain
it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by
removing
the copyright notice or references to the Internet Society or
other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not
be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Expires: July 2, 2003 [Page 47]
Internet Draft January 3, 2003
10. Authors Address
Glenn Mansfield Keeni
Cyber Solutions Inc.
6-6-3 Minami Yoshinari
Aoba-ku, Sendai 989-3204
Japan
Phone: +81-22-303-4012
EMail: glenn@cysols.com
Bruno Pape
Enterasys Networks, Inc.
35 Industrial Way
Rochester, NH 03867
USA
Email: bpape@enterasys.com"
Tel: +1 603 337 0446
Expires: July 2, 2003 [Page 48]
