IETF Logo Mail Archive

Re: [netmod] Syslog YANG Model Presentation

"Clyde Wildes (cwildes)" <cwildes@cisco.com> Wed, 23 July 2014 20:40 UTC

Return-Path: <cwildes@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6299F1B2A1E for <netmod@ietfa.amsl.com>; Wed, 23 Jul 2014 13:40:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kClXv3Eh0tj3 for <netmod@ietfa.amsl.com>; Wed, 23 Jul 2014 13:40:17 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A59F11B29EB for <netmod@ietf.org>; Wed, 23 Jul 2014 13:40:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5339; q=dns/txt; s=iport; t=1406148014; x=1407357614; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ZHBka4ESyLmuC6J9XPH2vLA6g7Zd4Kq3bc2MahFDIqw=; b=OnkifmgHZnTzgxrJKYx19t3BzzOLaYcBsqCAwdAiQ3DJKrE814qYZqPT pqmtUg1GWgfewMIi5L3nT8RSjz7PVdlHeIVeo6yNqi0RV/UMcfHhYnmuR YxO8PhKF8Pdy+D+YhmXJgwYnWTHEBGOukH9LSPVy6Yjdi/0NXfVRxIqtN 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiILAEUc0FOtJV2c/2dsb2JhbABQBgOCaiRSVwEDx2mHQwGBCxZ2hAQBAQR5DgICAQgOAgguGxclAgQOBQkRiCgBDMAaFwSObAoBARwjEAcRhDUFjkWMaIFSkm6DSGwBgQs5
X-IronPort-AV: E=Sophos;i="5.01,719,1400025600"; d="scan'208";a="342309174"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-7.cisco.com with ESMTP; 23 Jul 2014 20:40:13 +0000
Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s6NKeCdw029803 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 23 Jul 2014 20:40:12 GMT
Received: from xmb-aln-x13.cisco.com ([fe80::5404:b599:9f57:834b]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.03.0123.003; Wed, 23 Jul 2014 15:40:12 -0500
From: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Thread-Topic: [netmod] Syslog YANG Model Presentation
Thread-Index: AQHPpSkC2ZiRgh9DtUicY+pcm0HXCJushl6AgAGsuQA=
Date: Wed, 23 Jul 2014 20:40:11 +0000
Message-ID: <CFF547D1.8B865%cwildes@cisco.com>
References: <CFF2F9DA.8B4CA%cwildes@cisco.com> <20140722150553.GB12083@elstar.local>
In-Reply-To: <20140722150553.GB12083@elstar.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.97.159]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <43CC924219F26D47A235D4FE54EE94EE@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/X_eMtKLsOoTrr50c3pk40bhE6-U
Cc: Kiran Agrahara Sreenivasa <kkoushik@Brocade.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Syslog YANG Model Presentation
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jul 2014 20:40:19 -0000

Juergen,

Thanks for your review.

My answers are inline as [clyde]...

On 7/22/14, 11:05 AM, "Juergen Schoenwaelder"
<j.schoenwaelder@jacobs-university.de> wrote:

>On Mon, Jul 21, 2014 at 09:16:16PM +0000, Clyde Wildes (cwildes) wrote:
>> 
>> The latest draft of the proposed Syslog YANG Model RFC is at:
>> 
>>http://www.ietf.org/internet-drafts/draft-wildes-netmod-syslog-model-02.t
>>xt
>> 
>
>The traditional Unix syslog daemons usually understand configuration
>rules like this:
>
>*.=info;*.=notice;*.=warn;\
>	auth,authpriv.none;\
>        cron,daemon.none;\
>        mail,news.none          -/var/log/messages
>
>That is, you have rules with multiple selectors that lead to a certain
>action. Note also the various wildcards above. You seem to model this
>backwards, that is the action first followed by the selectors - why?
>I think using the terminology of 'selectors' and 'actions' is quite
>common in Unix syslog land - perhaps this should be adopted instead of
>'Message Distributors' and related terms. It seems some syslog
>implementations (e.g. rsyslog) have a more general concept of a filter
>and selectors (matching facility/severity) and just one of several
>ways to filter.
>
>/js

[clyde] We examined five vendor OSs¹ syslog configuration when we
developed this draft (Brocade, Cisco IOS/XR Cisco IOS/XR, Cisco NXOS, and
Juniper JunOS). We did not consider Unix syslog configuration. In
hindsight we should have and will support it in a future version.

Some vendors support multiple selectors for a specific action and that is
included in this draft.

Treating actions as high level leaves in the model makes it easier to
augment an action IMHO.

Items missing from this draft that are Unix like are:
1. the mark facility - the current model does not support the ³mark"
facility which is a Linux method where messages generated by syslogd
itself that contain only a timestamp and the string ³‹MARK-" are selected
when the ³mark" facility is specified. If needed this could be added by
augmenting the syslog-facility identity in ietf-syslog-types.yang.
2. priority support - the current model does not support:
   - the * specification for all priorities (although specifying ³debug"
means the same thing since specification for priority mean any message
with priority less than or equal to the specified priority is passed and
debug is the highest number of 7),
   - the = specification for a specific priority, or != for any priority
but the specified priority.
3. evaluation of multiple selectors - although we allow multiple
facility/priority selectors for an action we do not follow the linux rule
that says that when an action contains multiple selectors, they are
evaluated from left to right (first to last); The UNIX pattern is that you
list general selectors first, followed by more specific selectors because
once a selector pattern is met, no further selectors are processed for
that action.


>
>PS: I think you should also refer to the standards-track version of
>    SYSLOG (RFC 5424) in the references and perhaps filters should
>    also be able to operate on structured content.

[clyde] I agree that RFC 5424 should be referenced and will include this
in a future revision. Only one vendor has implemented delivery of
structured syslog messages and so we left this for augmentation. We also
left message filtering by message text pattern matching for augmentation.

>
>PS: I do not really understand 'global logging'.

[clyde] Some vendors include an extra log message suppression mechanism
that is logically before the selectors/actions mechanism. We called this
mechanism ³global-logging². It is listed as a feature for those vendors
that support it and it is described in the RFC document.

>
>PS: A configuration model should probably also include ways to
>    configure on which endpoints the syslog 'daemon' is receiving
>    input.

[clyde] This model does not include syslogd daemon listener configuration
(the daemon listens for syslog messages on port 514 on all interfaces if
the ³-r² switch is included on the syslogd command line). I am thinking
that syslog daemon configuration should be a separate model since this
model is concerned with syslog message distribution. For reference here is
the FreeBSD syslogd man page which shows the many syslogd daemon options:
http://www.freebsd.org/cgi/man.cgi?query=syslogd&sektion=8

>
>PS: The reference in the revision statement is usually used to refer
>    to the document defining that specific revision of the data model.
>
>PS: For the example, simple show the config instance not the NETCONF
>    exchange.

[clyde] Please explain. Should the reference for revision 02 be to:
        http://tools.ietf.org/html/draft-wildes-netmod-syslog-model-02

The current revision 03 contents are:

 revision 2014-06-10 {
   description
     "Initial revision.";
   reference
     "This model references RFC 5424 - The Syslog Protocol.";
  }

Thanks,

Clyde

>
>-- 
>Juergen Schoenwaelder           Jacobs University Bremen gGmbH
>Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
>Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email