IETF Logo Mail Archive

Re: [OPSAWG] Begin WG Last Call on draft-ietf-opsawg-syslog-alarm-00.txt

"Sharon Chisholm" <schishol@nortel.com> Mon, 27 October 2008 13:30 UTC

Return-Path: <opsawg-bounces@ietf.org>
X-Original-To: opsawg-archive@optimus.ietf.org
Delivered-To: ietfarch-opsawg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4603F28C128; Mon, 27 Oct 2008 06:30:33 -0700 (PDT)
X-Original-To: opsawg@core3.amsl.com
Delivered-To: opsawg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 480E93A6842 for <opsawg@core3.amsl.com>; Mon, 27 Oct 2008 06:30:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.11
X-Spam-Level:
X-Spam-Status: No, score=-5.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCgtmvYyjlPQ for <opsawg@core3.amsl.com>; Mon, 27 Oct 2008 06:30:26 -0700 (PDT)
Received: from zcars04e.nortel.com (zcars04e.nortel.com [47.129.242.56]) by core3.amsl.com (Postfix) with ESMTP id CA92D28C128 for <opsawg@ietf.org>; Mon, 27 Oct 2008 06:30:25 -0700 (PDT)
Received: from zcarhxm2.corp.nortel.com (zcarhxm2.corp.nortel.com [47.129.230.99]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id m9RDRQJ04502; Mon, 27 Oct 2008 13:27:27 GMT
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 27 Oct 2008 09:30:17 -0400
Message-ID: <713043CE8B8E1348AF3C546DBE02C1B416F60BA9@zcarhxm2.corp.nortel.com>
In-Reply-To: <20080916123451.GA761@elstar.iuhb02.iu-bremen.de>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [OPSAWG] Begin WG Last Call on draft-ietf-opsawg-syslog-alarm-00.txt
Thread-Index: AckX+KlQZpWE+uPISEGtGg7rsnMEdwgPAbSA
References: <C4E7083E.8A40%ted.a.seely@sprint.com> <20080916123451.GA761@elstar.iuhb02.iu-bremen.de>
From: Sharon Chisholm <schishol@nortel.com>
To: j.schoenwaelder@jacobs-university.de, "Seely, Ted A [CTO]" <Ted.A.Seely@sprint.com>
Cc: opsawg@ietf.org
Subject: Re: [OPSAWG] Begin WG Last Call on draft-ietf-opsawg-syslog-alarm-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsawg-bounces@ietf.org
Errors-To: opsawg-bounces@ietf.org

Hi

I believe these are the only working group last call comments we have
received. Responses inline. Once I think we have reached consensus, I'll
send a list of proposed edits.

Thanks Juergen for the review ... 

-----Original Message-----
From: opsawg-bounces@ietf.org [mailto:opsawg-bounces@ietf.org] On Behalf
Of Juergen Schoenwaelder
Sent: Tuesday, September 16, 2008 8:35 AM
To: Seely, Ted A [CTO]
Cc: opsawg@ietf.org
Subject: Re: [OPSAWG] Begin WG Last Call on
draft-ietf-opsawg-syslog-alarm-00.txt

On Fri, Sep 05, 2008 at 03:01:02PM -0500, Seely, Ted A [CTO] wrote:
 
> The Chairs are initiating a two week last call on 
> draft-ietf-opsawg-syslog-alarm-00.txt.
> 
> Please provide feedback and comments to the list no later than 
> September 19th.

I have read the document and below are my comments.

1) I think the title and the abstract should better indicate what the
   scope fo the document is. As far as I understand it, it is all
   about representing X.733 alarms in SYSLOG messages. So perhaps the
   title should be "Representing ITU X.733 Alarms in SYSLOG" and the
   abstract should read "This document describes how to represent
   X.733 alarm information in SYSLOG. [...]".

<Sharon>
The scope of the document is alarms in syslog, not specifically X.733.
Yes, pretty much all alarm work in the industry I've seen can be mapped
back to X.733 and X.736, but I don't think referencing this in the title
is accurate. We have one field that was introduced in the Alarm MIB in
this mapping and may wish to extend the document in the future with
other alarm information.
</Sharon>

2) The last sentence of section 1 is confusig; the document really
   maps ITU perceived severity to SYSLOG severity and not the other
   way round. So I suggest to replace

   [...] This memo defines a set of SD-PARAM to support
   logging and defines a mapping of syslog severity to the severity of
   the alarm.

   with

   [...] This memo defines a set of SD-PARAM to support logging and
   defines a mapping of ITU X.733 perceived security values to SYSLOG
   severity values.

<Sharon>
(The mapping we are referring to is the one in section 1.2.) The table
sort of provides a two way mapping since it should be fairly obvious to
a human, but perhaps not a machine, whether to map a  Notice to be
'indeterminate' or 'cleared'. Perhaps an update to the text to clarify
this would be helpful?
</Sharon>


3) I think the mapping (currently section 1.2) should not be part of
   the introduction. I suggest to merge sections 1 and 1.1 into one
   section and to make section 1.2 section 2.
<Sharon>
You are right that it should not be the introduction. I think a
standalone section is appropriate given this is a fairly short document.
</Sharon>

4) Section 2 in the current ID should spell out what the name of the
   SD-ID is. The syslog document does a fine job in putting the name
   of SD-IDs and SD-PARAMs in double quotes. I suggest you follow the
   style used by the SYSLOG specs - and I particularly also like the
   examples at the end of an SD-ID definition.
<Sharon>
We can put SD-IDs in double quotes. I'll try to dig up an example. One
from the Alarm MIB would be good.
</Sharon>

5) I fail to see the difference between alarmedResource and
   resourceMapping. Quoting from the two definitions:

     This item uniquely identifies the resource under alarm within the
     scope of a network element.

     This item uniquely identifies the resource under alarm within the
     scope of a network element.

   OK, the resourceMapping has an additional constraint requiring this
   to be an OID or follow similar semantics (I am not quite sure what
   that means - does this still imply the OID format? And how is the
   OID represented in the first place?). I am not sure how useful this
   is in practice. Perhaps some examples would help me to find both
   useful.
<Sharon>
The two pieces of information point at the same thing, but in two very
different ways. This is fairly common to do in practice. One is very
SNMP-ish and maps to the Alarm MIB. The other is more syslog-ish and
more string-based. The former SNMP-ish ones allows you to cross
reference with information obtained from SNMP. 
</Sharon>

6) The usage of the TC labels makes sense. This of course assumes that
   the labels are never changed. The SMIv2 actually allows to change
   labels (although this is a really bad idea in most cases). Since
   you import labels from IANA maintained modules, perhaps IANA should
   be aware that these labels have significance and should not be
   changed. OK, I am making up a story here but I thought I at least
   mention that there is this implicit assumption here that the labels
   of enumerations are somewhat stable.
<Sharon>
Should we add something in the IANA considerations section?
</Sharon>

7) I think some text should be added to better describe the
   relationship to X.733 (what subset of X.733 is covered by the new
   SD-ID?) and RFC 3877 (how does the information captured in the
   SD-ID relate to the information captured in the RFC 3877 MIB
   modules?).
<Sharon>
Like what? This document reports information from the Alarm MIB and the
alarm MIB reports information from X.733 and X.736?
</Sharon>

8) I am not sure how to interpret the last paragraph in the security
   considerations. SYSLOG in general does not seem to have a notion
   who the receiver is unless you run it over a secure transport.  And
   even if I am lucky to know the identity of the receiver (well I
   actually can only reasonably know the identity of the next hop
   which might be a proxy), then does the paragraph require that the
   whole SD-ID is removed from the message or only selected SD-PARAM
   or is the whole message dropped?
<Sharon>
Just like in SNMP, we only assume next-hop. Security considerations
sections are hard to write. In NETCONF, we don't drop the entire message
if people don't have permissions. I'm not sure how much of an access
model syslog has defined so I'd prefer to leave it vague. I'm not sure
what all we should say.
</Sharon>

9) You might want to update the acknowledgement to include OPSAWG.
<Sharon>
Will do
</Sharon>

10) The reference X.X should be replaced with something meaningful
    and references need to be updated.
<Sharon>
Oops. Will do.
</Sharon>

/js

--
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

v2.23.0 | Report a Bug | By Email