Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping documents,
"Juergen Quittek" <Quittek@nw.neclab.eu> Sun, 25 January 2009 01:18 UTC
Return-Path: <opsawg-bounces@ietf.org>
X-Original-To: opsawg-archive@optimus.ietf.org
Delivered-To: ietfarch-opsawg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E16613A6850; Sat, 24 Jan 2009 17:18:13 -0800 (PST)
X-Original-To: opsawg@core3.amsl.com
Delivered-To: opsawg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8183E3A6850 for <opsawg@core3.amsl.com>; Sat, 24 Jan 2009 17:18:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[AWL=0.343, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zypAzGDeTI1M for <opsawg@core3.amsl.com>; Sat, 24 Jan 2009 17:18:12 -0800 (PST)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id 1DFAF3A6848 for <opsawg@ietf.org>; Sat, 24 Jan 2009 17:18:11 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id 752A62C0008DF; Sun, 25 Jan 2009 02:17:53 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDOHN51DU8Yj; Sun, 25 Jan 2009 02:17:53 +0100 (CET)
Received: from VENUS.office (mx1.office [192.168.24.3]) by smtp0.neclab.eu (Postfix) with ESMTP id 3688C2C00030D; Sun, 25 Jan 2009 02:17:33 +0100 (CET)
Received: from 10.7.0.54 ([10.7.0.54]) by VENUS.office ([192.168.24.102]) with Microsoft Exchange Server HTTP-DAV ; Sun, 25 Jan 2009 01:17:33 +0000
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
Date: Sun, 25 Jan 2009 02:17:40 +0100
Message-ID: <C5A17C44.634A6%Quittek@nw.neclab.eu>
In-Reply-To: <EDC652A26FB23C4EB6384A4584434A04012C0C9B@307622ANEX5.global.avaya.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping documents,
thread-index: Acl1xa+dyCLM2jMTQxei6UFobFN47wAeRWjgAhL8ef4=
From: Juergen Quittek <Quittek@nw.neclab.eu>
To: Dan Romascanu <dromasca@avaya.com>, Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "Scott O. Bradner" <sob@harvard.edu>
Cc: opsawg@ietf.org
Subject: Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping documents,
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1066079788=="
Sender: opsawg-bounces@ietf.org
Errors-To: opsawg-bounces@ietf.org
Dear all,
Below please find a review of draft-schoenw-syslog-msg-mib-01.
The draft is clearly written, well elaborated and already in a
mature state.
Most of the comments I have are editorial, nits, or requests for
clarification.
Juergen Q.
1. Section 4, line 1:
Why do you consider only the conversion of received SYSLOG messages
to entries in the SyslogMsg tables? If you report log messages
concerning the host of the syslog MIB module, couldn't it also make
sense to directly generate table entries for local log messages
without sending messages using the SYSLOG protocol to a local
SYSLOG receiver and converter?
If it does not make sense, it may be worth clarifying why.
2. Section 5, paragraph 2, line 8:
I am not sure it is really "needed", because requirements for this
MIB module are not elaborated to that detail. I would suggest
"needed" -> "provided".
3. Section 6:
It would be nice to have a text section before the MIB definitions that
- gives an overview of included groups and tables
- describes the mapping of SYSLOG messages to tables
- gives and example of representing structured data (SD) in the
syslogMsgSDTable, particularly including a case of an SD element
having more than one parameter
4. syslogMsgTableMaxSize, DESCRIPTION clause, lines 2-3:
"A particular setting does not guarantee that much data can be held."
is a foggy phrasing. What does it mean? Do you want to say that
it cannot be guaranteed that there may not be sufficient memory
available for the maximum number of table entries indicated by this
object?
5. syslogMsgTableMaxSize, DESCRIPTION clause, paragraph 2, line 1:
"changes" -> "reduces"
6. syslogMsgTableMaxSize, DESCRIPTION clause, paragraph 2, line 2:
What is the "oldest" syslog message? The one that is in the
syslogMsgTable for the longest time. The one that was received
by the SYSLOG receiver the longest time ago? The one with the
oldest timestamp? In the last case: What if there is not timestamp?
The SYSLOG protocol specification says that the timestamp is optional.
7. syslogMsgFacility, syslogMsgSeverity:
Wouldn't it be useful to add a reference to section 6.2.1 of
draft-ietf-syslog-protocol where the semantics and encoding of these
objects is described?
8. syslogMsgVersion, DESCRIPTION clause:
Why do you need a value indicating that the version is unknown?
Your assumption in section 4 is that all entries come from a SYSLOG
to SNMP converter. In the SYSLOG protocol the version number is
mandatory. Thus it would always be known.
9. syslogMsgTimestamp:
The timestamp is optional in the SYSLOG protocol. You should specify
an encoding of an unknown timestamp.
10. syslogMsgHostName, syslogMsgAppName, syslogMsgProcID, syslogMsgMsgID:
Also for these objects it would be helpful to add a reference to
Sections 6.2.4, 6.2.5, 6.2.6, or 6.2.7, respectively of
draft-ietf-syslog-protocol
11. syslogMsgMsg, syslogMsgFlags:
Can you always know if a SYSLOG message has been truncated?
What if it has been truncated already by a SYSLOG relay?
12. syslogMsgMsg, DESCRIPTION clause, line 6:
"truncated" -> "truncated by the SYSLOG to SNMP converter"?
13. syslogMsgMsg:
Would't it be helpful to have a (read-only) object in the
control group called syslogMsgMaxMsgSize?
14. syslogMsgFlags, DESCRIPTION clause, one but last line:
"truncted" -> "truncated"
15. syslogMsgNotification, DESCRIPTION clause, last line:
Can you give a reference to a description of notification message
constraints?
16. syslogMsgReadOnlyCompliance, OBJECT syslogMsgEnableNotifications,
DESCRIPTION clause, second sentence:
What do you mean with "to be useful"? The MIB module can even be
useful without sending notifications.
17. syslogMsgSDGroup, DESCRIPTION clause:
the group contains just a single object. Do you really want to call
this a "collection of objects"?
On 14.01.09 12:55 "Dan Romascanu" <dromasca@avaya.com> wrote:
> Are there at least three people who are not editors or ADs committed to
> read and review the documents in the WG?
>
> Dan
>
>
>> -----Original Message-----
>> From: Juergen Schoenwaelder
>> [mailto:j.schoenwaelder@jacobs-university.de]
>> Sent: Tuesday, January 13, 2009 11:27 PM
>> To: Scott O. Bradner; Romascanu, Dan (Dan)
>> Cc: opsawg@ietf.org
>> Subject: Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mapping
>> documents,
>>
>> On Mon, Dec 15, 2008 at 03:49:43PM -0500, Scott O. Bradner wrote:
>>
>>> there was some discussion of the WG adopting the SNMP <-> SYSLOG
>>> mapping documents on the list back in november - at the
>> time there was
>>> some support for the idea
>>>
>>> see
>>> http://www.ietf.org/mail-archive/web/opsawg/current/msg00326.html
>>>
>>> I'd like to see if what level of support there is at this point
>>
>> May I ask where we are with this? This is now waiting for a
>> decision since the Dublin IETF (about half a year ago)...
>>
>> Thanks,
>>
>> /js
>>
>> --
>> Juergen Schoenwaelder Jacobs University Bremen gGmbH
>> Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany
>> Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
>>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Scott O. Bradner
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Martin Bjorklund
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Alexander Clemm (alex)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Partain
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Romascanu, Dan (Dan)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Romascanu, Dan (Dan)
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Quittek
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Rainer Gerhards
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… David Harrington
- Re: [OPSAWG] WG adoption of SNMP <-> SYSLOG mappi… Juergen Schoenwaelder