IETF Logo Mail Archive

Re: [netmod] Syslog YANG Model Presentation

Chris Lonvick <lonvick@gmail.com> Thu, 11 September 2014 00:54 UTC

Return-Path: <lonvick@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12EFD1A01A5 for <netmod@ietfa.amsl.com>; Wed, 10 Sep 2014 17:54:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwRNgdDhY-zP for <netmod@ietfa.amsl.com>; Wed, 10 Sep 2014 17:54:20 -0700 (PDT)
Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE591A01C3 for <netmod@ietf.org>; Wed, 10 Sep 2014 17:54:20 -0700 (PDT)
Received: by mail-qg0-f42.google.com with SMTP id q107so10204469qgd.15 for <netmod@ietf.org>; Wed, 10 Sep 2014 17:54:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kDHGfQplUYlI/amRd/f1fwWV9DqlpqnivqyqvIWTL7A=; b=hgB5fWxqTF7aFwzcdr7Zc97rg07gDdErkoWCyJRrWyRAfd6uikeLNBPi0VRxvUd0TZ zwzur5Zj9qVEg5mivkxGStuplfJ7VVzqLIiSMvvI3yiz7tnERFh/hGlfaIRE60ayZ8hW 5cuXNWB9eZzZe6xxkg+yYOTBHKeCN6XH78ROCRtP7WEFRRSywQnGa3p3Yp4j95/LceOI Y1tQvda/Ytzy6Lt0WWEryH6piaq3PdO1z/ZDpJwBg2Hi/sPphCQqwhUNEsM4BBuh4aVZ L7JMWTIxGZN5meT0XMmiFUKpXr383ljbQQfEdZDdP8Rf4/iJ/QvKDxhnYmtUTUI9brd8 cKpA==
MIME-Version: 1.0
X-Received: by 10.224.88.137 with SMTP id a9mr33686599qam.88.1410396859412; Wed, 10 Sep 2014 17:54:19 -0700 (PDT)
Received: by 10.229.171.9 with HTTP; Wed, 10 Sep 2014 17:54:19 -0700 (PDT)
In-Reply-To: <54101802.5060507@cisco.com>
References: <CFF2F9DA.8B4CA%cwildes@cisco.com> <20140722150553.GB12083@elstar.local> <53CEA093.2070000@cisco.com> <20140730145856.GL29365@pfrc> <53D90D95.5090001@cisco.com> <CFFFB9A8.4EE6%jeffrey.k.lange@ge.com> <CAPhuMXwZapSr8nEXbzz33R4Ck1FvVkCZN_NhJXqN8pwxenpS-w@mail.gmail.com> <54101802.5060507@cisco.com>
Date: Wed, 10 Sep 2014 17:54:19 -0700
Message-ID: <CAPhuMXzkJUqziYsxt=cDBrDYQJwNiSXrdAL8+5H=Cj4u+8nErA@mail.gmail.com>
From: Chris Lonvick <lonvick@gmail.com>
To: Benoit Claise <bclaise@cisco.com>
Content-Type: multipart/alternative; boundary="001a11c2bbc0cc36f50502bf9be1"
Archived-At: http://mailarchive.ietf.org/arch/msg/netmod/zf3-vUl-2GbIPgFMPiSyM269CBA
Cc: "rgerhards@hq.adiscon.com" <rgerhards@hq.adiscon.com>, "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Syslog YANG Model Presentation
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 00:54:24 -0000

Hi Benoit and all,

I'm not exactly sure what you're asking.  I agree with Rainer that the ID
is well written.

I am not subscribed to the mailing list and have not been following the
discussions so please take my comments with a grain of salt.  :-)

If you're asking if draft-wildes-netmod-syslog-model needs to be expanded
to include the available options resulting from the IETF work on syslog
(which is more than 5424, 5425, and 5426), then I would say that it does
not.  It looks to me (I'm not overly familiar with Yang) that what is
described in the ID is equivalent to what can be defined in a current
syslog.conf configuration.  IMHO, that should be good enough at this time
to publish the document as an informational RFC (as it's classified now).

If you're asking if a potential draft-ietf-netmod-syslog-model (standards
track) should be more thorough to include the available options resulting
from the IETF work on syslog, then I'll give a definite "maybe".  :-)
 There doesn't appear to be anything in draft-wildes... that conflicts with
the syslog HEADER in 5424; therefore, it should just work.  The
Structured-Data is used in the PAYLOAD and that can't be configured.  What
would be missing in the configuration is the specification of the
transport.  You mention 5425 and 5426, but there are others:
5425 - TLS (recommended)
5426 - UDP (not so much recommended but greatly in use)
6012 - DTLS
6587 - TCP (the IESG said to NOT use this, but it is in use :-)
If the document were to be expanded, it would need to include some very
complex rules.  For example:
 - Facilities 4 and 10 with severities (0-6) send to sec-logger.example.com
via 5425
 - Facility 2 with severities (0-3) send to mail-logger.example.com via 5426
 - All Facilities with severities (0-2) send to central-logger.example.com
via 6012
As far as I know, the specification of the transport cannot currently be
configured in generic syslog.conf configurations.  I believe that the
implementations that are using something other than UDP are doing it on a
"one off" basis.  So, IMHO, trying to force that into a standards track
document shouldn't be done at this time.

If you _are_ looking for draft-ietf-netmod-syslog-model, I would suggest
using draft-wildes... and add something about assuming that the selection
of a transport is implementation specific at this time, and that a future
revision of the model may include the option to specify the transport(s).

And just since I'm going on and on (and on...), the syslog WG did not
complete a MIB on syslog.  If anyone is interested, we left off here:
 http://tools.ietf.org/html/draft-ietf-syslog-device-mib-17

Just a nit to the authors, the last sentence of page 3 reads:

Optional features are used to specified fields that are not present in
   all vendor configurations.

Perhaps s/specified/specify (but honestly I think that the sentence
needs to be rewritten).


And, if I'm totally off base on what you're asking, then please disregard.  :-)


Best regards,

Chris


On Wed, Sep 10, 2014 at 2:21 AM, Benoit Claise <bclaise@cisco.com> wrote:

>  Dear all,
>
> As I understand, the conclusion from this email thread is that the syslog
> YANG model must support the options for RFC 5424, RFC 5425, and RFC 5426
>
> Regards, Benoit
>
>  Hi,
>  The very brief background:
> - the syslog WG was chartered under the Security Area to secure the
> protocol
> - the BEEP work never took off so we rechartered and found that we needed
> to make changes to the protocol itself
> - in making the changes, Rainer Gerhards proposed structured data and the
> WG liked that
> - 5424 makes use of structured data but there are few implementations that
> strictly adhere to the changes made to the packet header
>
>  On the other hand, everyone likes structured data and I've seen it used
> in many places.  As far as I know, there have been no efforts to
> standardize structured data but people are using it in many places because
> it is very versatile and efficient, and it gets the job done.  :-)
>
>  I've been working (off and on and hopefully more 'on' soon) on an ID
> that explains how non-standardized messages have been conveyed in
> IETF-documented protocols.  It will need a couple of more revisions before
> it's ready for consideration for publication but you may get some ideas
> from it.
>
> https://datatracker.ietf.org/doc/draft-lonvick-private-tax/?include_text=1
>
>  Best regards,
> Chris
>
>
> On Thu, Jul 31, 2014 at 6:19 AM, Lange, Jeffrey K (GE Energy Management) <
> jeffrey.K.lange@ge.com> wrote:
>
>> Benoit,
>>   We (GE MDS) support 5424/5425/5426 structured messages on our products
>> (with vendor specific structured-data).
>>
>> -Jeff Lange
>>
>>
>>
>> From: Benoit Claise <bclaise@cisco.com<mailto:bclaise@cisco.com>>
>> Date: Wednesday, July 30, 2014 at 11:21 AM
>> To: Jeffrey Haas <jhaas@pfrc.org<mailto:jhaas@pfrc.org>>
>> Cc: "lonvick@gmail.com<mailto:lonvick@gmail.com>" <lonvick@gmail.com
>> <mailto:lonvick@gmail.com>>, Kiran Agrahara Sreenivasa <
>> kkoushik@Brocade.com<mailto:kkoushik@Brocade.com>>, "netmod@ietf.org
>> <mailto:netmod@ietf.org>" <netmod@ietf.org<mailto:netmod@ietf.org>>, "
>> rgerhards@hq.adiscon.com<mailto:rgerhards@hq.adiscon.com>" <
>> rgerhards@hq.adiscon.com<mailto:rgerhards@hq.adiscon.com>>
>> Subject: Re: [netmod] Syslog YANG Model Presentation
>>
>> Jeff,
>>
>> Thanks.
>> So I guess we need to support RFC 5424, RFC 5425, and RFC 5426
>> configuration in the YANG model, right?
>> You use only vendor specific STRUCTURED-DATA? Because I don't see many in
>> the IANA registry<
>> http://www.iana.org/assignments/syslog-parameters/syslog-parameters.xhtml#syslog-parameters-4>,
>> and http://tools.ietf.org/html/rfc5424#section-9.2 requests IANA
>> registration.
>>
>> If my memory serves me well (I copied a couple of old timers), the
>> STRUCTURED-DATA goal was to standardize the syslog message content in the
>> industry, but that did not happen.
>>
>> Regards, Benoit
>>
>> Benoit,
>>
>> On Tue, Jul 22, 2014 at 01:34:11PM -0400, Benoit Claise wrote:
>>
>>
>> PS: I think you should also refer to the standards-track version of
>>     SYSLOG (RFC 5424) in the references and perhaps filters should
>>     also be able to operate on structured content.
>>
>>
>> Is RFC 5424 actually deployed?
>>
>>
>> Juniper has supported it for years.
>>
>> -- Jeff
>> .
>>
>>
>>
>>
>
>

v2.23.0 | Report a Bug | By Email