Re: [netmod] Syslog YANG Model Presentation
Benoit Claise <bclaise@cisco.com> Fri, 12 September 2014 09:40 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19EDB1A06AB for <netmod@ietfa.amsl.com>; Fri, 12 Sep 2014 02:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.152
X-Spam-Level:
X-Spam-Status: No, score=-16.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HAAdZY_XS1Kz for <netmod@ietfa.amsl.com>; Fri, 12 Sep 2014 02:40:36 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98411A06B5 for <netmod@ietf.org>; Fri, 12 Sep 2014 02:40:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25246; q=dns/txt; s=iport; t=1410514836; x=1411724436; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=Ot+MYY/4y+AI2BRjrKIi2tP83m4GyHNcKiBu/FHlbfE=; b=FBwvea7R/sdEpN6+i7xnL0rbaPajNk+mXT39bt7+KMLJTrRQGivq9ZSM 0wofnCU5kAr/VsTd6cxrhPFf/X0EeZif0n5B2tp5E6dNenYPsvYHVd7HD 4eejSswbR1CzYqatOJu4aHN3tZg5X+JyWrnFWPyhoij3Vqxl8nQK2zEe4 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnQFAMO+ElStJssW/2dsb2JhbABfg2BXgnyFW8AVh0wBgSZ4hAMBAQEEI0sKARALEQMBAgEJFgEHAwICCQMCAQIBDyUJCAYNAQUCAQEFiCUDEQ2oDo5qDYZ+AReNIIFLEAIBPhEHBgOCcIFTBZYAhHOCEIFfhWWHOoY9g2M7LwGCTgEBAQ
X-IronPort-AV: E=Sophos;i="5.04,511,1406592000"; d="scan'208,217";a="175239984"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP; 12 Sep 2014 09:40:32 +0000
Received: from [10.60.67.84] (ams-bclaise-8913.cisco.com [10.60.67.84]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s8C9eWMC028558; Fri, 12 Sep 2014 09:40:32 GMT
Message-ID: <5412BF90.9050001@cisco.com>
Date: Fri, 12 Sep 2014 11:40:32 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0
MIME-Version: 1.0
To: Chris Lonvick <lonvick@gmail.com>
References: <CFF2F9DA.8B4CA%cwildes@cisco.com> <20140722150553.GB12083@elstar.local> <53CEA093.2070000@cisco.com> <20140730145856.GL29365@pfrc> <53D90D95.5090001@cisco.com> <CFFFB9A8.4EE6%jeffrey.k.lange@ge.com> <CAPhuMXwZapSr8nEXbzz33R4Ck1FvVkCZN_NhJXqN8pwxenpS-w@mail.gmail.com> <54101802.5060507@cisco.com> <CAPhuMXzkJUqziYsxt=cDBrDYQJwNiSXrdAL8+5H=Cj4u+8nErA@mail.gmail.com>
In-Reply-To: <CAPhuMXzkJUqziYsxt=cDBrDYQJwNiSXrdAL8+5H=Cj4u+8nErA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------080902000903010807000300"
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/otSruh2bkMc9c6NqaMBCD1gIPQk
Cc: "rgerhards@hq.adiscon.com" <rgerhards@hq.adiscon.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Syslog YANG Model Presentation
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 09:40:40 -0000
Hi Chris, > Hi Benoit and all, > > I'm not exactly sure what you're asking. I agree with Rainer that the > ID is well written. > > I am not subscribed to the mailing list and have not been following > the discussions so please take my comments with a grain of salt. :-) > > If you're asking if draft-wildes-netmod-syslog-model needs to be > expanded to include the available options resulting from the IETF work > on syslog (which is more than 5424, 5425, and 5426), then I would say > that it does not. It looks to me (I'm not overly familiar with Yang) > that what is described in the ID is equivalent to what can be defined > in a current syslog.conf configuration. IMHO, that should be good > enough at this time to publish the document as an informational RFC > (as it's classified now). This was actually my question. Thanks. > > If you're asking if a potential draft-ietf-netmod-syslog-model > (standards track) should be more thorough to include the available > options resulting from the IETF work on syslog, then I'll give a > definite "maybe". :-) There doesn't appear to be anything in > draft-wildes... that conflicts with the syslog HEADER in 5424; > therefore, it should just work. The Structured-Data is used in the > PAYLOAD and that can't be configured. What would be missing in the > configuration is the specification of the transport. You mention 5425 > and 5426, but there are others: > 5425 - TLS (recommended) > 5426 - UDP (not so much recommended but greatly in use) > 6012 - DTLS > 6587 - TCP (the IESG said to NOT use this, but it is in use :-) > If the document were to be expanded, it would need to include some > very complex rules. For example: > - Facilities 4 and 10 with severities (0-6) send to > sec-logger.example.com <http://sec-logger.example.com> via 5425 > - Facility 2 with severities (0-3) send to mail-logger.example.com > <http://mail-logger.example.com> via 5426 > - All Facilities with severities (0-2) send to > central-logger.example.com <http://central-logger.example.com> via 6012 > As far as I know, the specification of the transport cannot currently > be configured in generic syslog.conf configurations. I believe that > the implementations that are using something other than UDP are doing > it on a "one off" basis. So, IMHO, trying to force that into a > standards track document shouldn't be done at this time. Ok > > If you _are_ looking for draft-ietf-netmod-syslog-model, I would > suggest using draft-wildes... and add something about assuming that > the selection of a transport is implementation specific at this time, > and that a future revision of the model may include the option to > specify the transport(s). Ok. > > And just since I'm going on and on (and on...), the syslog WG did not > complete a MIB on syslog. If anyone is interested, we left off here: > http://tools.ietf.org/html/draft-ietf-syslog-device-mib-17 > > Just a nit to the authors, the last sentence of page 3 reads: > Optional features are used to specified fields that are not present in > all vendor configurations. > Perhaps s/specified/specify (but honestly I think that the sentence needs to be rewritten). > > And, if I'm totally off base on what you're asking, then please disregard. :-) This is exactly what I wanted to find out. Regards, Benoit > > Best regards, > Chris > > On Wed, Sep 10, 2014 at 2:21 AM, Benoit Claise <bclaise@cisco.com > <mailto:bclaise@cisco.com>> wrote: > > Dear all, > > As I understand, the conclusion from this email thread is that the > syslog YANG model must support the options for RFC 5424, RFC 5425, > and RFC 5426 > > Regards, Benoit >> Hi, >> The very brief background: >> - the syslog WG was chartered under the Security Area to secure >> the protocol >> - the BEEP work never took off so we rechartered and found that >> we needed to make changes to the protocol itself >> - in making the changes, Rainer Gerhards proposed structured data >> and the WG liked that >> - 5424 makes use of structured data but there are few >> implementations that strictly adhere to the changes made to the >> packet header >> >> On the other hand, everyone likes structured data and I've seen >> it used in many places. As far as I know, there have been no >> efforts to standardize structured data but people are using it in >> many places because it is very versatile and efficient, and it >> gets the job done. :-) >> >> I've been working (off and on and hopefully more 'on' soon) on an >> ID that explains how non-standardized messages have been conveyed >> in IETF-documented protocols. It will need a couple of more >> revisions before it's ready for consideration for publication but >> you may get some ideas from it. >> https://datatracker.ietf.org/doc/draft-lonvick-private-tax/?include_text=1 >> >> Best regards, >> Chris >> >> >> On Thu, Jul 31, 2014 at 6:19 AM, Lange, Jeffrey K (GE Energy >> Management) <jeffrey.K.lange@ge.com >> <mailto:jeffrey.K.lange@ge.com>> wrote: >> >> Benoit, >> We (GE MDS) support 5424/5425/5426 structured messages on >> our products (with vendor specific structured-data). >> >> -Jeff Lange >> >> >> >> From: Benoit Claise <bclaise@cisco.com >> <mailto:bclaise@cisco.com><mailto:bclaise@cisco.com >> <mailto:bclaise@cisco.com>>> >> Date: Wednesday, July 30, 2014 at 11:21 AM >> To: Jeffrey Haas <jhaas@pfrc.org >> <mailto:jhaas@pfrc.org><mailto:jhaas@pfrc.org >> <mailto:jhaas@pfrc.org>>> >> Cc: "lonvick@gmail.com >> <mailto:lonvick@gmail.com><mailto:lonvick@gmail.com >> <mailto:lonvick@gmail.com>>" <lonvick@gmail.com >> <mailto:lonvick@gmail.com><mailto:lonvick@gmail.com >> <mailto:lonvick@gmail.com>>>, Kiran Agrahara Sreenivasa >> <kkoushik@Brocade.com >> <mailto:kkoushik@Brocade.com><mailto:kkoushik@Brocade.com >> <mailto:kkoushik@Brocade.com>>>, "netmod@ietf.org >> <mailto:netmod@ietf.org><mailto:netmod@ietf.org >> <mailto:netmod@ietf.org>>" <netmod@ietf.org >> <mailto:netmod@ietf.org><mailto:netmod@ietf.org >> <mailto:netmod@ietf.org>>>, "rgerhards@hq.adiscon.com >> <mailto:rgerhards@hq.adiscon.com><mailto:rgerhards@hq.adiscon.com >> <mailto:rgerhards@hq.adiscon.com>>" <rgerhards@hq.adiscon.com >> <mailto:rgerhards@hq.adiscon.com><mailto:rgerhards@hq.adiscon.com >> <mailto:rgerhards@hq.adiscon.com>>> >> Subject: Re: [netmod] Syslog YANG Model Presentation >> >> Jeff, >> >> Thanks. >> So I guess we need to support RFC 5424, RFC 5425, and RFC >> 5426 configuration in the YANG model, right? >> You use only vendor specific STRUCTURED-DATA? Because I don't >> see many in the IANA >> registry<http://www.iana.org/assignments/syslog-parameters/syslog-parameters.xhtml#syslog-parameters-4>, >> and http://tools.ietf.org/html/rfc5424#section-9.2 requests >> IANA registration. >> >> If my memory serves me well (I copied a couple of old >> timers), the STRUCTURED-DATA goal was to standardize the >> syslog message content in the industry, but that did not happen. >> >> Regards, Benoit >> >> Benoit, >> >> On Tue, Jul 22, 2014 at 01:34:11PM -0400, Benoit Claise wrote: >> >> >> PS: I think you should also refer to the standards-track >> version of >> SYSLOG (RFC 5424) in the references and perhaps filters >> should >> also be able to operate on structured content. >> >> >> Is RFC 5424 actually deployed? >> >> >> Juniper has supported it for years. >> >> -- Jeff >> . >> >> >> >> > >
- [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Juergen Schoenwaelder
- Re: [netmod] Syslog YANG Model Presentation Clyde Wildes (cwildes)
- Re: [netmod] Syslog YANG Model Presentation Jeffrey Haas
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Jeffrey Haas
- Re: [netmod] Syslog YANG Model Presentation Lange, Jeffrey K (GE Energy Management)
- Re: [netmod] Syslog YANG Model Presentation Chris Lonvick
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise
- Re: [netmod] Syslog YANG Model Presentation Chris Lonvick
- Re: [netmod] Syslog YANG Model Presentation Benoit Claise