Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog-nat-logging-01.txt
Tom Taylor <tom.taylor.stds@gmail.com> Wed, 08 May 2013 15:56 UTC
Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9711921F94A6 for <behave@ietfa.amsl.com>; Wed, 8 May 2013 08:56:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id THxIvM8fjRGQ for <behave@ietfa.amsl.com>; Wed, 8 May 2013 08:56:07 -0700 (PDT)
Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id BDE8021F8E74 for <behave@ietf.org>; Wed, 8 May 2013 08:55:46 -0700 (PDT)
Received: by mail-ie0-f173.google.com with SMTP id k5so3535276iea.4 for <behave@ietf.org>; Wed, 08 May 2013 08:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=ZB/eKB1oj2wDjoproageqQ5KzmYumbszmCwX7ZkgalY=; b=UuTujeZlYwl51W0OQjDsP22Q8qC4p5esxbkoJUBGc6pQLloWR7qCI22lasD1h+nSEb nNBwsrf+CLBeMxXh9Wg0wRwQg/oxghPMV7lm3Jx/ritepJxme5l1U5zDzSWLuoOMfPm4 PGDKEOLDe+XO8MYS5pUpCXpjuf6rSiz3Lmp/z67qXZMW8/4JXVFGWBua3zxTEKK+Wv5k SWYPYEHmXm/m4OlTRghSExAkG9GMj461Pu8aqQP0JL1r9gIqVSFlMAO980vDBsZYc1SV enr6ZLgdIo3gnLSWat0aHWLCMYkWe3HRU/xtmRAGMFVLd/IopVDIcioeb89VmnEj2ABd JQyw==
X-Received: by 10.50.212.3 with SMTP id ng3mr2761477igc.43.1368028546304; Wed, 08 May 2013 08:55:46 -0700 (PDT)
Received: from [192.168.1.65] (dsl-173-206-68-118.tor.primus.ca. [173.206.68.118]) by mx.google.com with ESMTPSA id ve9sm3337476igb.3.2013.05.08.08.55.44 for <behave@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 08 May 2013 08:55:45 -0700 (PDT)
Message-ID: <518A757F.5000701@gmail.com>
Date: Wed, 08 May 2013 11:55:43 -0400
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: behave@ietf.org
References: <20130508154447.24024.36769.idtracker@ietfa.amsl.com>
In-Reply-To: <20130508154447.24024.36769.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog-nat-logging-01.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2013 15:56:07 -0000
Done at last. The updated document has two new sections:
2. Deployment Considerations
- discusses the logging implications of the various Softwires
transition methods, as well some considerations arising out
of the architectural role of the NAT.
3. NAT-Related Events and Parameters
- is a description at a generally coding-independent level of
the events to be logged at NATs and their associated parameters.
In principle the contents are the same as in the IPFIX
document, but some reconciliation may be required.
These sections are followed by SYSLOG-specific stuff: applicability
statement, parameter and event encoding (with lots examples of complete
logs), and an extensive IANA section. Then the usual remaining sections.
Comments are welcome. Fire away.
Tom Taylor
On 08/05/2013 11:44 AM, internet-drafts@ietf.org wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Behavior Engineering for Hindrance Avoidance Working Group of the IETF.
>
> Title : Syslog Format for NAT Logging
> Author(s) : Zhonghua Chen
> Cathy Zhou
> Tina Tsou
> T. Taylor
> Filename : draft-ietf-behave-syslog-nat-logging-01.txt
> Pages : 31
> Date : 2013-05-08
>
> Abstract:
> With the wide deployment of Carrier Grade NAT (CGN) devices, the
> logging of NAT-related events has become very important for legal
> purposes. The logs may be required to identify a host that was used
> to launch malicious attacks or engage in illegal behaviour, and/or
> may be required for accounting purposes. This document identifies
> the events that need to be logged and the parameters that are
> required in the logs depending on the context in which the NAT is
> being used. It goes on to standardize formats for reporting these
> events and parameters using SYSLOG (RFC 5424). A companion document
> specifies formats for reporting the same events and parameters using
> IPFIX (RFC 5101). Applicability statements are provided in this
> document and its companion to guide operators and implementors in
> their choice of which technology to use for logging.
>
...
- [BEHAVE] I-D Action: draft-ietf-behave-syslog-nat… internet-drafts
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Tom Taylor
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Dan Wing
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Tom Taylor
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Tom Taylor
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Dan Wing
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Dan Wing
- Re: [BEHAVE] I-D Action: draft-ietf-behave-syslog… Tom Taylor