IETF Logo Mail Archive

Re: [OPSAWG] Begin WG Last Call on draft-ietf-opsawg-syslog-alarm-00.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 16 September 2008 12:34 UTC

Return-Path: <opsawg-bounces@ietf.org>
X-Original-To: opsawg-archive@optimus.ietf.org
Delivered-To: ietfarch-opsawg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F23228C182; Tue, 16 Sep 2008 05:34:50 -0700 (PDT)
X-Original-To: opsawg@core3.amsl.com
Delivered-To: opsawg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 706703A68FE for <opsawg@core3.amsl.com>; Tue, 16 Sep 2008 05:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.725
X-Spam-Level:
X-Spam-Status: No, score=-1.725 tagged_above=-999 required=5 tests=[AWL=0.524, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VC25sAfVI6ok for <opsawg@core3.amsl.com>; Tue, 16 Sep 2008 05:34:48 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 3F52728C182 for <opsawg@ietf.org>; Tue, 16 Sep 2008 05:34:48 -0700 (PDT)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id F408BC0038; Tue, 16 Sep 2008 14:34:59 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 8t2BpvRXGUMy; Tue, 16 Sep 2008 14:34:52 +0200 (CEST)
Received: from elstar.iuhb02.iu-bremen.de (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 903EDC0014; Tue, 16 Sep 2008 14:34:52 +0200 (CEST)
Received: by elstar.iuhb02.iu-bremen.de (Postfix, from userid 501) id 5BCF76CEA98; Tue, 16 Sep 2008 14:34:51 +0200 (CEST)
Date: Tue, 16 Sep 2008 14:34:51 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: "Seely, Ted A [CTO]" <Ted.A.Seely@sprint.com>
Message-ID: <20080916123451.GA761@elstar.iuhb02.iu-bremen.de>
Mail-Followup-To: "Seely, Ted A [CTO]" <Ted.A.Seely@sprint.com>, "opsawg@ietf.org" <opsawg@ietf.org>
References: <C4E7083E.8A40%ted.a.seely@sprint.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <C4E7083E.8A40%ted.a.seely@sprint.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: "opsawg@ietf.org" <opsawg@ietf.org>
Subject: Re: [OPSAWG] Begin WG Last Call on draft-ietf-opsawg-syslog-alarm-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: j.schoenwaelder@jacobs-university.de
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/opsawg>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: opsawg-bounces@ietf.org
Errors-To: opsawg-bounces@ietf.org

On Fri, Sep 05, 2008 at 03:01:02PM -0500, Seely, Ted A [CTO] wrote:
 
> The Chairs are initiating a two week last call on
> draft-ietf-opsawg-syslog-alarm-00.txt.
> 
> Please provide feedback and comments to the list no later than September
> 19th.

I have read the document and below are my comments.

1) I think the title and the abstract should better indicate what the
   scope fo the document is. As far as I understand it, it is all
   about representing X.733 alarms in SYSLOG messages. So perhaps the
   title should be "Representing ITU X.733 Alarms in SYSLOG" and the
   abstract should read "This document describes how to represent
   X.733 alarm information in SYSLOG. [...]".

2) The last sentence of section 1 is confusig; the document really
   maps ITU perceived severity to SYSLOG severity and not the other
   way round. So I suggest to replace

   [...] This memo defines a set of SD-PARAM to support
   logging and defines a mapping of syslog severity to the severity of
   the alarm.

   with

   [...] This memo defines a set of SD-PARAM to support logging and
   defines a mapping of ITU X.733 perceived security values to SYSLOG
   severity values.

3) I think the mapping (currently section 1.2) should not be part of
   the introduction. I suggest to merge sections 1 and 1.1 into one
   section and to make section 1.2 section 2.

4) Section 2 in the current ID should spell out what the name of the
   SD-ID is. The syslog document does a fine job in putting the name
   of SD-IDs and SD-PARAMs in double quotes. I suggest you follow the
   style used by the SYSLOG specs - and I particularly also like the
   examples at the end of an SD-ID definition.

5) I fail to see the difference between alarmedResource and
   resourceMapping. Quoting from the two definitions:

     This item uniquely identifies the resource under alarm within the
     scope of a network element.

     This item uniquely identifies the resource under alarm within the
     scope of a network element.

   OK, the resourceMapping has an additional constraint requiring this
   to be an OID or follow similar semantics (I am not quite sure what
   that means - does this still imply the OID format? And how is the
   OID represented in the first place?). I am not sure how useful this
   is in practice. Perhaps some examples would help me to find both
   useful.

6) The usage of the TC labels makes sense. This of course assumes that
   the labels are never changed. The SMIv2 actually allows to change
   labels (although this is a really bad idea in most cases). Since
   you import labels from IANA maintained modules, perhaps IANA should
   be aware that these labels have significance and should not be
   changed. OK, I am making up a story here but I thought I at least
   mention that there is this implicit assumption here that the labels
   of enumerations are somewhat stable.

7) I think some text should be added to better describe the
   relationship to X.733 (what subset of X.733 is covered by the new
   SD-ID?) and RFC 3877 (how does the information captured in the
   SD-ID relate to the information captured in the RFC 3877 MIB
   modules?).

8) I am not sure how to interpret the last paragraph in the security
   considerations. SYSLOG in general does not seem to have a notion
   who the receiver is unless you run it over a secure transport.  And
   even if I am lucky to know the identity of the receiver (well I
   actually can only reasonably know the identity of the next hop
   which might be a proxy), then does the paragraph require that the
   whole SD-ID is removed from the message or only selected SD-PARAM
   or is the whole message dropped?

9) You might want to update the acknowledgement to include OPSAWG.

10) The reference X.X should be replaced with something meaningful
    and references need to be updated.

/js

--
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg

v2.23.0 | Report a Bug | By Email