IETF Logo Mail Archive

Re: [netmod] Syslog YANG Model Presentation

Benoit Claise <bclaise@cisco.com> Wed, 10 September 2014 09:21 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1531A06C2 for <netmod@ietfa.amsl.com>; Wed, 10 Sep 2014 02:21:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.152
X-Spam-Level:
X-Spam-Status: No, score=-16.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9O5XyMR_l6ti for <netmod@ietfa.amsl.com>; Wed, 10 Sep 2014 02:21:09 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B5061A06C1 for <netmod@ietf.org>; Wed, 10 Sep 2014 02:21:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12012; q=dns/txt; s=iport; t=1410340870; x=1411550470; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=bS+3wGIO04Xi/ioFEcrfxBGrPqY/6oGu2vPOv0xGxQI=; b=cODxjqy8PQw3rqRWmLCYe+inZuRdOx+Puulyp42ieUL6dC1YXdnlKD6k axd4SD4zFh4jjOa7SEYm4m6eSxYoxEAbj9Q4MHkDbs1Z0B4q+co2M6zqP 4gOEWP0vQiopcm3uoluJK4wigHADDsuP3+gE7ABLBCDLH+RfjHwMqTqLe U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Am8FALMWEFStJssW/2dsb2JhbABZg2BXgnyFW8FXh0oBgSF4hAMBAQEEI1UBEAsRAwECAQkWCAMCAgkDAgECAQ8lCQgGDQEFAgEBBYglAxENqByOWA2GOQEXjSCBSxEBPxEHBoJzgVMFlXGEcoIQgV+FYocyhjuDYzsvAYEOgUABAQE
X-IronPort-AV: E=Sophos;i="5.04,497,1406592000"; d="scan'208,217";a="172810334"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP; 10 Sep 2014 09:21:07 +0000
Received: from [10.60.67.84] (ams-bclaise-8913.cisco.com [10.60.67.84]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s8A9L6j1007252; Wed, 10 Sep 2014 09:21:06 GMT
Message-ID: <54101802.5060507@cisco.com>
Date: Wed, 10 Sep 2014 11:21:06 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: Chris Lonvick <lonvick@gmail.com>, "Lange, Jeffrey K (GE Energy Management)" <jeffrey.K.lange@ge.com>
References: <CFF2F9DA.8B4CA%cwildes@cisco.com> <20140722150553.GB12083@elstar.local> <53CEA093.2070000@cisco.com> <20140730145856.GL29365@pfrc> <53D90D95.5090001@cisco.com> <CFFFB9A8.4EE6%jeffrey.k.lange@ge.com> <CAPhuMXwZapSr8nEXbzz33R4Ck1FvVkCZN_NhJXqN8pwxenpS-w@mail.gmail.com>
In-Reply-To: <CAPhuMXwZapSr8nEXbzz33R4Ck1FvVkCZN_NhJXqN8pwxenpS-w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------020004050500020909000007"
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/PTSKaGPKxoW52yL4le2fWOPBpJ0
Cc: "rgerhards@hq.adiscon.com" <rgerhards@hq.adiscon.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Syslog YANG Model Presentation
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Sep 2014 09:21:14 -0000

Dear all,

As I understand, the conclusion from this email thread is that the 
syslog YANG model must support the options for RFC 5424, RFC 5425, and 
RFC 5426

Regards, Benoit
> Hi,
> The very brief background:
> - the syslog WG was chartered under the Security Area to secure the 
> protocol
> - the BEEP work never took off so we rechartered and found that we 
> needed to make changes to the protocol itself
> - in making the changes, Rainer Gerhards proposed structured data and 
> the WG liked that
> - 5424 makes use of structured data but there are few implementations 
> that strictly adhere to the changes made to the packet header
>
> On the other hand, everyone likes structured data and I've seen it 
> used in many places.  As far as I know, there have been no efforts to 
> standardize structured data but people are using it in many places 
> because it is very versatile and efficient, and it gets the job done.  :-)
>
> I've been working (off and on and hopefully more 'on' soon) on an ID 
> that explains how non-standardized messages have been conveyed in 
> IETF-documented protocols.  It will need a couple of more revisions 
> before it's ready for consideration for publication but you may get 
> some ideas from it.
> https://datatracker.ietf.org/doc/draft-lonvick-private-tax/?include_text=1
>
> Best regards,
> Chris
>
>
> On Thu, Jul 31, 2014 at 6:19 AM, Lange, Jeffrey K (GE Energy 
> Management) <jeffrey.K.lange@ge.com <mailto:jeffrey.K.lange@ge.com>> 
> wrote:
>
>     Benoit,
>       We (GE MDS) support 5424/5425/5426 structured messages on our
>     products (with vendor specific structured-data).
>
>     -Jeff Lange
>
>
>
>     From: Benoit Claise <bclaise@cisco.com
>     <mailto:bclaise@cisco.com><mailto:bclaise@cisco.com
>     <mailto:bclaise@cisco.com>>>
>     Date: Wednesday, July 30, 2014 at 11:21 AM
>     To: Jeffrey Haas <jhaas@pfrc.org
>     <mailto:jhaas@pfrc.org><mailto:jhaas@pfrc.org
>     <mailto:jhaas@pfrc.org>>>
>     Cc: "lonvick@gmail.com
>     <mailto:lonvick@gmail.com><mailto:lonvick@gmail.com
>     <mailto:lonvick@gmail.com>>" <lonvick@gmail.com
>     <mailto:lonvick@gmail.com><mailto:lonvick@gmail.com
>     <mailto:lonvick@gmail.com>>>, Kiran Agrahara Sreenivasa
>     <kkoushik@Brocade.com<mailto:kkoushik@Brocade.com
>     <mailto:kkoushik@Brocade.com>>>, "netmod@ietf.org
>     <mailto:netmod@ietf.org><mailto:netmod@ietf.org
>     <mailto:netmod@ietf.org>>" <netmod@ietf.org
>     <mailto:netmod@ietf.org><mailto:netmod@ietf.org
>     <mailto:netmod@ietf.org>>>, "rgerhards@hq.adiscon.com
>     <mailto:rgerhards@hq.adiscon.com><mailto:rgerhards@hq.adiscon.com
>     <mailto:rgerhards@hq.adiscon.com>>" <rgerhards@hq.adiscon.com
>     <mailto:rgerhards@hq.adiscon.com><mailto:rgerhards@hq.adiscon.com
>     <mailto:rgerhards@hq.adiscon.com>>>
>     Subject: Re: [netmod] Syslog YANG Model Presentation
>
>     Jeff,
>
>     Thanks.
>     So I guess we need to support RFC 5424, RFC 5425, and RFC 5426
>     configuration in the YANG model, right?
>     You use only vendor specific STRUCTURED-DATA? Because I don't see
>     many in the IANA
>     registry<http://www.iana.org/assignments/syslog-parameters/syslog-parameters.xhtml#syslog-parameters-4>,
>     and http://tools.ietf.org/html/rfc5424#section-9.2 requests IANA
>     registration.
>
>     If my memory serves me well (I copied a couple of old timers), the
>     STRUCTURED-DATA goal was to standardize the syslog message content
>     in the industry, but that did not happen.
>
>     Regards, Benoit
>
>     Benoit,
>
>     On Tue, Jul 22, 2014 at 01:34:11PM -0400, Benoit Claise wrote:
>
>
>     PS: I think you should also refer to the standards-track version of
>         SYSLOG (RFC 5424) in the references and perhaps filters should
>         also be able to operate on structured content.
>
>
>     Is RFC 5424 actually deployed?
>
>
>     Juniper has supported it for years.
>
>     -- Jeff
>     .
>
>
>
>

v2.23.0 | Report a Bug | By Email