Re: [netmod] Syslog YANG Model Presentation
"Clyde Wildes (cwildes)" <cwildes@cisco.com> Wed, 23 July 2014 20:40 UTC
Return-Path: <cwildes@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6299F1B2A1E for <netmod@ietfa.amsl.com>; Wed, 23 Jul 2014 13:40:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kClXv3Eh0tj3 for <netmod@ietfa.amsl.com>; Wed, 23 Jul 2014 13:40:17 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A59F11B29EB for <netmod@ietf.org>; Wed, 23 Jul 2014 13:40:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5339; q=dns/txt; s=iport; t=1406148014; x=1407357614; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ZHBka4ESyLmuC6J9XPH2vLA6g7Zd4Kq3bc2MahFDIqw=; b=OnkifmgHZnTzgxrJKYx19t3BzzOLaYcBsqCAwdAiQ3DJKrE814qYZqPT pqmtUg1GWgfewMIi5L3nT8RSjz7PVdlHeIVeo6yNqi0RV/UMcfHhYnmuR YxO8PhKF8Pdy+D+YhmXJgwYnWTHEBGOukH9LSPVy6Yjdi/0NXfVRxIqtN 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiILAEUc0FOtJV2c/2dsb2JhbABQBgOCaiRSVwEDx2mHQwGBCxZ2hAQBAQR5DgICAQgOAgguGxclAgQOBQkRiCgBDMAaFwSObAoBARwjEAcRhDUFjkWMaIFSkm6DSGwBgQs5
X-IronPort-AV: E=Sophos;i="5.01,719,1400025600"; d="scan'208";a="342309174"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-7.cisco.com with ESMTP; 23 Jul 2014 20:40:13 +0000
Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s6NKeCdw029803 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Jul 2014 20:40:12 GMT
Received: from xmb-aln-x13.cisco.com ([fe80::5404:b599:9f57:834b]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.03.0123.003; Wed, 23 Jul 2014 15:40:12 -0500
From: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Thread-Topic: [netmod] Syslog YANG Model Presentation
Thread-Index: AQHPpSkC2ZiRgh9DtUicY+pcm0HXCJushl6AgAGsuQA=
Date: Wed, 23 Jul 2014 20:40:11 +0000
Message-ID: <CFF547D1.8B865%cwildes@cisco.com>
References: <CFF2F9DA.8B4CA%cwildes@cisco.com> <20140722150553.GB12083@elstar.local>
In-Reply-To: <20140722150553.GB12083@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.97.159]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <43CC924219F26D47A235D4FE54EE94EE@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/X_eMtKLsOoTrr50c3pk40bhE6-U
Cc: Kiran Agrahara Sreenivasa <kkoushik@Brocade.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Syslog YANG Model Presentation
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 20:40:19 -0000
Juergen, Thanks for your review. My answers are inline as [clyde]... On 7/22/14, 11:05 AM, "Juergen Schoenwaelder" <j.schoenwaelder@jacobs-university.de> wrote: >On Mon, Jul 21, 2014 at 09:16:16PM +0000, Clyde Wildes (cwildes) wrote: >> >> The latest draft of the proposed Syslog YANG Model RFC is at: >> >>http://www.ietf.org/internet-drafts/draft-wildes-netmod-syslog-model-02.t >>xt >> > >The traditional Unix syslog daemons usually understand configuration >rules like this: > >*.=info;*.=notice;*.=warn;\ > auth,authpriv.none;\ > cron,daemon.none;\ > mail,news.none -/var/log/messages > >That is, you have rules with multiple selectors that lead to a certain >action. Note also the various wildcards above. You seem to model this >backwards, that is the action first followed by the selectors - why? >I think using the terminology of 'selectors' and 'actions' is quite >common in Unix syslog land - perhaps this should be adopted instead of >'Message Distributors' and related terms. It seems some syslog >implementations (e.g. rsyslog) have a more general concept of a filter >and selectors (matching facility/severity) and just one of several >ways to filter. > >/js [clyde] We examined five vendor OSs¹ syslog configuration when we developed this draft (Brocade, Cisco IOS/XR Cisco IOS/XR, Cisco NXOS, and Juniper JunOS). We did not consider Unix syslog configuration. In hindsight we should have and will support it in a future version. Some vendors support multiple selectors for a specific action and that is included in this draft. Treating actions as high level leaves in the model makes it easier to augment an action IMHO. Items missing from this draft that are Unix like are: 1. the mark facility - the current model does not support the ³mark" facility which is a Linux method where messages generated by syslogd itself that contain only a timestamp and the string ³‹MARK-" are selected when the ³mark" facility is specified. If needed this could be added by augmenting the syslog-facility identity in ietf-syslog-types.yang. 2. priority support - the current model does not support: - the * specification for all priorities (although specifying ³debug" means the same thing since specification for priority mean any message with priority less than or equal to the specified priority is passed and debug is the highest number of 7), - the = specification for a specific priority, or != for any priority but the specified priority. 3. evaluation of multiple selectors - although we allow multiple facility/priority selectors for an action we do not follow the linux rule that says that when an action contains multiple selectors, they are evaluated from left to right (first to last); The UNIX pattern is that you list general selectors first, followed by more specific selectors because once a selector pattern is met, no further selectors are processed for that action. > >PS: I think you should also refer to the standards-track version of > SYSLOG (RFC 5424) in the references and perhaps filters should > also be able to operate on structured content. [clyde] I agree that RFC 5424 should be referenced and will include this in a future revision. Only one vendor has implemented delivery of structured syslog messages and so we left this for augmentation. We also left message filtering by message text pattern matching for augmentation. > >PS: I do not really understand 'global logging'. [clyde] Some vendors include an extra log message suppression mechanism that is logically before the selectors/actions mechanism. We called this mechanism ³global-logging². It is listed as a feature for those vendors that support it and it is described in the RFC document. > >PS: A configuration model should probably also include ways to > configure on which endpoints the syslog 'daemon' is receiving > input. [clyde] This model does not include syslogd daemon listener configuration (the daemon listens for syslog messages on port 514 on all interfaces if the ³-r² switch is included on the syslogd command line). I am thinking that syslog daemon configuration should be a separate model since this model is concerned with syslog message distribution. For reference here is the FreeBSD syslogd man page which shows the many syslogd daemon options: http://www.freebsd.org/cgi/man.cgi?query=syslogd&sektion=8 > >PS: The reference in the revision statement is usually used to refer > to the document defining that specific revision of the data model. > >PS: For the example, simple show the config instance not the NETCONF > exchange. [clyde] Please explain. Should the reference for revision 02 be to: http://tools.ietf.org/html/draft-wildes-netmod-syslog-model-02 The current revision 03 contents are: revision 2014-06-10 { description "Initial revision."; reference "This model references RFC 5424 - The Syslog Protocol."; } Thanks, Clyde > >-- >Juergen Schoenwaelder Jacobs University Bremen gGmbH >Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany >Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Jeffrey Haas
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Jeffrey Haas
- Re: [netmod] Syslog YANG Model Presentation Lange, Jeffrey K (GE Energy Management)
- Re: [netmod] Syslog YANG Model Presentation Chris Lonvick
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Chris Lonvick
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise