[Syslog] Protocol Action: 'Alarms in SYSLOG' to Proposed Standard (fwd)
Chris Lonvick <clonvick@cisco.com> Mon, 31 August 2009 17:56 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91C5928C23C for <syslog@core3.amsl.com>; Mon, 31 Aug 2009 10:56:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.556
X-Spam-Level:
X-Spam-Status: No, score=-6.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ne+w43cX3aMd for <syslog@core3.amsl.com>; Mon, 31 Aug 2009 10:56:57 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id CFCA128C36A for <syslog@ietf.org>; Mon, 31 Aug 2009 10:56:46 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAI+rm0qrR7PE/2dsb2JhbADBfYhBAY58BYQa
X-IronPort-AV: E=Sophos;i="4.44,306,1249257600"; d="scan'208";a="379053715"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 31 Aug 2009 17:56:58 +0000
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id n7VHuwJx025768 for <syslog@ietf.org>; Mon, 31 Aug 2009 10:56:58 -0700
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id n7VHuvRa023576 for <syslog@ietf.org>; Mon, 31 Aug 2009 17:56:57 GMT
Date: Mon, 31 Aug 2009 10:56:57 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: syslog@ietf.org
Message-ID: <Pine.GSO.4.63.0908311055550.2277@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4365; t=1251741418; x=1252605418; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=clonvick@cisco.com; z=From:=20Chris=20Lonvick=20<clonvick@cisco.com> |Subject:=20Protocol=20Action=3A=20'Alarms=20in=20SYSLOG'=2 0to=20Proposed=20Standard=20(fwd) |Sender:=20; bh=LSOgeY5XyDJITCan9K7HGkFza0lyVWJVT/K99Gv7IVw=; b=n08yQJljoIVXv1BcJB06g2ibuK9a1j3CKnIvRSQstfoBXGs7H7OH9v/wOg wdoqyng9AHshjfSB1scBVi/trPqenyZ0LQtcm87CZW0fBAx6fl/xfCCJ9LV8 4ljDz13UkD;
Authentication-Results: sj-dkim-4; header.From=clonvick@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Subject: [Syslog] Protocol Action: 'Alarms in SYSLOG' to Proposed Standard (fwd)
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2009 17:56:58 -0000
Hi Folks, Many thanks to the people who helped put this together and get it through the process. Regards, Chris ---------- Forwarded message ---------- Date: Mon, 31 Aug 2009 10:24:31 -0700 (PDT) From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org> Subject: Protocol Action: 'Alarms in SYSLOG' to Proposed Standard The IESG has approved the following document: - 'Alarms in SYSLOG ' <draft-ietf-opsawg-syslog-alarm-02.txt> as a Proposed Standard This document is the product of the Operations and Management Area Working Group. The IESG contact persons are Dan Romascanu and Ron Bonica. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-opsawg-syslog-alarm-02.txt Technical Summary This document describes how to send alarm information in syslog. It includes the mapping of ITU perceived severities onto syslog message fields and a number of alarm-specific SD-PARAM definitions from X.733 and the IETF Alarm MIB. Working Group Summary The document was revised based on WG feedback & the result meets the issues that were raised. Document Quality SYSLOG is widely implemented and deployed, and the ITU severities are used by a number of protocols and alarm models including the IETF Alarm MIB. Personnel Scott Bradner is the Document Shepherd for this document. Dan Romascanu is the Responsible Area Director. RFC Editor Note Please insert the following edits in the published version: 1. In section 1, Old:Alarm related terminology is defined in [RFC3877]. New:Alarm related terminology is defined in [RFC3877]. SD-ID, SD-PARM and other syslog related terms are defined in [RFC5424] 2. In section 3 Old: the SD-PARARMS are mandatory. New: the SD-PARAMS are mandatory. 3. In section 3.6 Old: [RFC1738] and its updates. In the case of an SNMP resource, the New: [RFC3986] and its updates. In the case of an SNMP resource, the 4. In section 4 Old: In this example, extended from [Syslog], the VERSION is 1 and the New: In this example, extended from [RFC5424], the VERSION is 1 and the OLD: 'APP-NAME is "su"' NEW: 'APP-NAME is "evntslog"' OLD: 'exampleSDID@0' NEW: 'exampleSDID@32473' OLD: 'resourceURI =' NEW: 'resourceURI=' 5. In section 6 Old: IANA is requested to register the SD-IDs New: IANA is requested to register the syslog Structured Data ID Values 6. In section 8.1 Old: [RFC1738] Berners-Lee, T., Masinter, L., and M. McCahill, "Uniform Resource Locators (URL)", RFC 1738, December 1994. New: [RFC3986] Berners-Lee, T., Fielding, R., and Masinter, L., "Uniform Resource Identifier (URI): Generic Syntax", RFC RFC3986, January 2005. 7. In Section 3.1: OLD: If the "alarm" SD-ID is supported, the "resource" SD-PARAM MUST be supported. NEW: If the "alarm" SD-ID is included, the "resource" SD-PARAM MUST be included. 8. In Section 3.2: OLD: If the "alarm" SD-ID is supported, the "probableCause" SD-PARAM MUST be supported. NEW: If the "alarm" SD-ID is included, the "probableCause" SD-PARAM MUST be included. 9. In Section 3.3: OLD: If the "alarm" SD-ID is supported, the "perceivedSeverity" SD-PARAM MUST be supported. NEW: If the "alarm" SD-ID is included, the "perceivedSeverity" SD-PARAM MUST be included. 10. In Section 3.4: OLD: If the "alarm" SD-ID is supported, the "eventType" SD-PARAM SHOULD be supported. NEW: If the "alarm" SD-ID is included, the "eventType" SD-PARAM SHOULD be included. 11. In Section 3.5: OLD: If the "alarm" SD-ID is supported, the "trendIndication" SD-PARAM SHOULD be supported. NEW: If the "alarm" SD-ID is included, the "trendIndication" SD-PARAM SHOULD be included. 12. In Section 3.6: OLD: If the "alarm" SD-ID is supported, the "resourceURI" SD-PARAM SHOULD be supported. NEW: If the "alarm" SD-ID is included, the "resourceURI" SD-PARAM SHOULD be included. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
- [Syslog] Protocol Action: 'Alarms in SYSLOG' to P… Chris Lonvick