[netmod] Comments on syslog data model
"Alexander Clemm (alex)" <alex@cisco.com> Thu, 09 October 2014 19:31 UTC
Return-Path: <alex@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 952421A0075 for <netmod@ietfa.amsl.com>; Thu, 9 Oct 2014 12:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.286
X-Spam-Level:
X-Spam-Status: No, score=-15.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yysrOPgeTFRx for <netmod@ietfa.amsl.com>; Thu, 9 Oct 2014 12:31:12 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95A2D1A6FF7 for <netmod@ietf.org>; Thu, 9 Oct 2014 12:31:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=51619; q=dns/txt; s=iport; t=1412883072; x=1414092672; h=from:to:cc:subject:date:message-id:mime-version; bh=dF8/zRgvmeU+g3VrhKc6TMHajyDtbbn5Fo37YwxnQyo=; b=LE315ijTbpCqDl0/fsV8RdzFMMj9+uhLvOMMj0ZIZoO4xtKEyj9/vsuv uMGPBrmCYKqHq2RWqyO/5fdu05wYoW0YKpaLBFpS1oATEdxpagnyXA6su wWqtPsYDIQF9i/JOLlRt/psGlNz28vtHVyI0UdoSfM3aFHMrCj/GXA6Yj Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AksFAAXiNlStJA2M/2dsb2JhbABfgkhGU00MA8kogW2HTQKBCRYBe4QFAQQtTBIBKgMTAT8mAQQODYg2DcMXAReQEzGDNIEeBZF5hEKIPjyDCpEdg2OCNIECAQEB
X-IronPort-AV: E=Sophos;i="5.04,686,1406592000"; d="scan'208,217";a="358904746"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-9.cisco.com with ESMTP; 09 Oct 2014 19:31:05 +0000
Received: from xhc-rcd-x02.cisco.com (xhc-rcd-x02.cisco.com [173.37.183.76]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s99JV5aq010316 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <netmod@ietf.org>; Thu, 9 Oct 2014 19:31:05 GMT
Received: from xmb-rcd-x05.cisco.com ([169.254.15.163]) by xhc-rcd-x02.cisco.com ([173.37.183.76]) with mapi id 14.03.0195.001; Thu, 9 Oct 2014 14:31:04 -0500
From: "Alexander Clemm (alex)" <alex@cisco.com>
To: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
Thread-Topic: Comments on syslog data model
Thread-Index: Ac/j9qWzdk492fFYRg+Tb3MWb3sKbQ==
Date: Thu, 09 Oct 2014 19:31:03 +0000
Message-ID: <DBC595ED2346914F9F81D17DD5C32B571C816175@xmb-rcd-x05.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.154.204.57]
Content-Type: multipart/alternative; boundary="_000_DBC595ED2346914F9F81D17DD5C32B571C816175xmbrcdx05ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/61N7LKdJKR4TpiYKrFAk5x23kmQ
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: [netmod] Comments on syslog data model
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 19:31:15 -0000
Hi Clyde, as mentioned on yesterday's call, I would suggest addressing RFC 5848 in YANG model (http://tools.ietf.org/html/draft-wildes-netmod-syslog-model-02). This is the RFC for signed syslog messages. Since this is IETF standards track and the YANG model is to be published by IETF as well, I think this needs to be included. Since there are many applications that do not support syslog-sign, this can be made feature-dependent. For this purpose, a feature "syslog-sign" can be declared, and corresponding YANG items be marked with a statement "if-feature syslog-sign". The incremental cost of implementation is thus zero when signed syslog is not supported by an implementation. The RFC is here: http://tools.ietf.org/html/rfc5848 Please see specifically section 6.1, which defines a minimal set of parameters that should be configurable. Here is a corresponding snippet that could be added to the model in fairly straightforward manner. container syslog-sign { if-feature syslog-sign; presence "If present, syslog-sign is activated for this receiver"; leaf certInitialRepeat { type uint16; } leaf certResendDelay { type uint16; } leaf certResendCount { type uint16; } leaf sigMaxDelay { type uint16; } leaf sigNumberResends { type uint16; } leaf sigResendDelay { type uint16; } leaf sigResendCount { type uint16; } Furthermore, to allow for configuration of sessions, you also need the following: choice signature-group { case 0 { leaf single-signature-group { type empty; } } case 1 { leaf pri-per-signature-group { type empty; } } case 2 { list pri-range-signature-group { key "sg-id"; leaf sg-id { type uint8; } leaf max-spri { type uint8; range "0 .. 192"; } } } case 3 { leaf custom-signature-group-scheme { type empty; } } } leaf certificateBlock { config false; description "Certificate block that is in effect for this session"; type string; } leaf currentRebootSessionId { config false; type uint64; range "0 .. 9999999999"; } leaf currentGlobalBlockCounter { config false; type uint64; range "0 .. 9999999999"; } } In case you want to include monitoring, here is the following: container subscription-stats { if-feature syslog-stats; config false; leaf messages-sent { type uint32; } leaf messages-filtered { type uint32; } leaf certBlockResends { if-feature syslog-sign; type uint32; } leaf sigBlocks { if-feature syslog-sign; type uint32; } } Thanks --- Alex
- [netmod] Comments on syslog data model Alexander Clemm (alex)