IETF Logo Mail Archive

Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11

"Clyde Wildes (cwildes)" <cwildes@cisco.com> Thu, 15 December 2016 18:29 UTC

Return-Path: <cwildes@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7CAB129B87 for <netmod@ietfa.amsl.com>; Thu, 15 Dec 2016 10:29:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.418
X-Spam-Level:
X-Spam-Status: No, score=-17.418 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnyXqb24zm3l for <netmod@ietfa.amsl.com>; Thu, 15 Dec 2016 10:29:21 -0800 (PST)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8798B12944C for <netmod@ietf.org>; Thu, 15 Dec 2016 10:29:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10708; q=dns/txt; s=iport; t=1481826561; x=1483036161; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=fGiHNVSE4ELj0aSDonQLbe4CdfWd61m3YWCTEAuz//c=; b=GLNBFzzJ3XLnt3qf0tKzhDhek9DAmxr65XJ/OKZEN4ocOanT+fWXBjoA wLp8IMIMAywm1I6xzRdnqhSMdQbv4kmiNd59sPF09arNBu/IJ5k66Aaot sZIn1xUNJ5YHMkMS2MPuZWp6ngg/a8NbOvKe/zvOC2Llj42i8Intf1hfZ o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DTAQAV4FJY/4gNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgzcBAQEBAR9agQYHAY1GlliVCoIJHwuFLkoCGoFuPxQBAgEBAQEBAQFiKIRoAQEBBAEBEAsGEToLEgEIEQQBAQMCJgIEJQsVCAoEDgUiiEkOmyQBjXaCKIsIAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBC4UrgX0IglSECDiDBC2CMAWPAYVqhgEBhlCDEoMVhDsKgWoYhGmEWYR9jhSEDgEfN4EiKQ8BAYM+gX5yhj6BIQGBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.33,353,1477958400"; d="scan'208";a="360553929"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 15 Dec 2016 18:29:20 +0000
Received: from XCH-ALN-011.cisco.com (xch-aln-011.cisco.com [173.36.7.21]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id uBFITKKj020360 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 15 Dec 2016 18:29:20 GMT
Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-ALN-011.cisco.com (173.36.7.21) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 15 Dec 2016 12:29:19 -0600
Received: from xch-aln-015.cisco.com ([173.36.7.25]) by XCH-ALN-015.cisco.com ([173.36.7.25]) with mapi id 15.00.1210.000; Thu, 15 Dec 2016 12:29:19 -0600
From: "Clyde Wildes (cwildes)" <cwildes@cisco.com>
To: Alex Campbell <Alex.Campbell@Aviatnet.com>
Thread-Topic: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11
Thread-Index: AQHSVwEmf0zqhzKmtE+Zpe9My2EhJg==
Date: Thu, 15 Dec 2016 18:29:19 +0000
Message-ID: <E108CF9B-2992-4B68-ADCA-40F565E47685@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.107.151.30]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9F853963494D974C960CD879A7FF9E6B@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/s7M7PrLa6b-9ltGXcPT3yTar-YI>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 18:29:24 -0000

Hi Alex,

Thanks for your review. My comments are inline as [clyde]…

On 12/13/16, 8:16 PM, "netmod on behalf of Alex Campbell" <netmod-bounces@ietf.org on behalf of Alex.Campbell@Aviatnet.com> wrote:

    I am considering to implement the data model in this draft.
    
    I have reviewed this draft and found the following issues. In approximately decreasing order of severity:
    
    * In the "selector-facility" choice statement the cases have misleading names - the case where no facility is matched is named "facility", and the case where specific facilities are matched is named "name". I suggest "no-facilities" and "specified-facilities", or similar.
    
[clyde] I understand your concern and agree. Please see the next answer where I have removed the no-facilities case from the model.


    * I disagree with the premise of the "no-facilities" case, which is that it can be used to disable a log action, according to the description:
    
         description
                "This case specifies no facilities will match when
                 comparing the syslog message facility. This is a
                 method that can be used to effectively disable a
                 particular log-action (buffer, file, etc).";
    
      If an administrator wants to disable a log action they should do it by either removing it from the configuration, or by setting an "enabled" leaf to false.
      With that in mind, there is no reason for the "no-facilities" case to exist.

[clyde] I agree with your suggestion to simplify by removing the no-facilities case. Please see the revised selector grouping which will appear in the next draft:

  grouping selector {
    description
      "This grouping defines a syslog selector which is used to 
       select log messages for the log-action (console, file, 
       remote, etc.). Choose one or both of the following:
         facility [<facility> <severity>...]
         pattern-match regular-expression-match-string
       If both facility and pattern-match are specified, both must 
       match in order for a log message to be selected.";
    container selector {
      description
        "This container describes the log selector parameters 
         for syslog.";
      list facility-list {
        key facility;
        description
          "This list describes a collection of syslog 
           facilities and severities.";
        leaf facility {
          type union {
            type identityref {
              base syslogtypes:syslog-facility;
            }
            type enumeration {
              enum all {
                description
                  "This enum describes the case where all 
                   facilities are requested.";
              }
            }
          }
          description
            "The leaf uniquely identifies a syslog facility.";
        }
        uses log-severity;
      }
      leaf pattern-match {
        if-feature select-match;
        type string;
        description
          "This leaf desribes a Posix 1003.2 regular expression 
           string that can be used to select a syslog message for 
           logging. The match is performed on the RFC 5424 
           SYSLOG-MSG field.";
      }
    }
  }
    

    * What is the behaviour of a selector if neither "no-facilities" nor "facility-list" is present?

[clyde] At least one or both of the following must be specified: facility; pattern-match (if supported).

I have updated the description at the beginning of the selector – please see above.


    * In the "selector" grouping it is not clear how the facility and pattern conditions are combined to decide whether a message is selected.

      Must they both match the message, or is it sufficient for either one to match the message?

[clyde] If both are specified they must both match the message. This is consistent with the syslog implementations by Cisco and Juniper.


    * Not all servers have a console; there should be a feature to indicate whether logging to the console is supported.

[clyde] I have received comments in earlier reviews that we should implement the minimum set of functionality that is contained in at least three vendor implementations.

Console is supported by Alcatel/Lucent, Brocade, Cisco (XE, XR, and NXOS), Juniper, and Linux-rsyslog. Removal of the console action for your case could be done through a vendor specific deviation statement.


    * Likewise, not all servers may support logging to user sessions.

[clyde] User sessions are supported by Alcatel/Lucent, and Juniper. I will make this a feature in the next revision of the draft since only two vendors implement it.


    * Likewise, not all servers may support a user-accessible filesystem.

[clyde] Files are supported by Alcatel/Lucent, Cisco (XE, XR, and NXOS), Juniper, and Linux-rsyslog. Removal of the file action for your case could be done through a vendor specific deviation statement.


    * RFC 5424 states that the severity and protocol values are not normative. 

[clyde] Is it that you are asking for RFC 5424 to be removed from the Normative Reference section of the draft and added to the Informative section?


    * It's not clear to me why this needs to be split into two modules. Is it so that other modules can define logging parameters but still be usable on a device without syslog?

[clyde] We were guided by an early Yang Dr.’s advice in the choice of two modules – one for types and one for the model. I will defer to our mentor Jürgen for his advice. 


    * "log-severity" defines a severity filter, not a severity, so its name is misleading.

[clyde] Please suggest a better name.


    * Perhaps the "severity" type and the facility identities should have "reference" statements referring to RFC 5424, rather than referring to it in the description.

[clyde] I will defer to our mentor Jürgen for his advice. We previously followed his advice here.


    * In section "8.2", "admisintrator" is a typo.

[clyde] This will be fixed in the next draft.

    
    I assume that the means of accessing the memory buffer and log files are out of scope of this data model.

[clyde] This draft covers syslog configuration only.


Thanks,

Clyde

    
    Alex
    
    ________________________________________
    From: netmod <netmod-bounces@ietf.org> on behalf of Kent Watsen <kwatsen@juniper.net>
    Sent: Wednesday, 14 December 2016 2:01 p.m.
    To: netmod@ietf.org
    Subject: [netmod] WG Last Call for draft-ietf-netmod-syslog-model-11
    
    This is a notice to start a two-week NETMOD WG last call for the document:
    
        A YANG Data Model for Syslog Configuration
        https://tools.ietf.org/html/draft-ietf-netmod-syslog-model-11
    
    Please indicate your support or concerns by Tuesday, December 27, 2016.
    
    We are particularly interested in statements of the form:
      * I have reviewed this draft and found no issues.
      * I have reviewed this draft and found the following issues: ...
    
    As well as:
      * I have implemented the data model in this draft.
      * I am implementing the data model in this draft.
      * I am considering to implement the data model in this draft.
      * I am not considering to implement the data model in this draft.
    
    Thank you,
    NETMOD WG Chairs
    
    
    
    _______________________________________________
    netmod mailing list
    netmod@ietf.org
    https://www.ietf.org/mailman/listinfo/netmod
    
    _______________________________________________
    netmod mailing list
    netmod@ietf.org
    https://www.ietf.org/mailman/listinfo/netmod

v2.23.0 | Report a Bug | By Email