Network Working Group H. Tsunoda Internet-Draft Tohoku Institute of Technology Intended status: Proposed Standard G. Keeni Expires: October 18, 2017 Cyber Solutions Inc. April 16, 2017 Syslog Management Information Base draft-tsuno-syslog-mib-04.txt Abstract This memo defines a portion of the Management Information Base (MIB), the SYSLOG-MIB, for use with network management protocols in the Internet community. In particular, the SYSLOG-MIB will be used to monitor and control syslog applications. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on October 18, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Tsunoda & Keeni Expires October 18, 2017 [Page 1] Internet-Draft syslogMIB April 2017 Table of Contents 1. The Internet-Standard Management Framework . . . . . . . . . 2 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Managing syslog . . . . . . . . . . . . . . . . . . . . . . . 3 4. The MIB Design. . . . . . . . . . . . . . . . . . . . . . . . 4 5. The Syslog MIB . . . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 9. APPENDIX . . . . . . . . . . . . . . . . . . . . . . . . . . 37 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 10.2. Informative References . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 2. Background Operating systems, processes and applications, collectively termed "facilities" in the following, generate messages indicating their own status or the occurrence of events. These messages are handled by what has come to be known as the syslog application [RFC5424]. A syslog application sends and/or receives syslog messages. The reader is referred to [RFC5424] for a description of the various roles of a syslog application viz. "sender", "receiver" and "relay". The discussion in this document, in general, applies to a generic syslog Tsunoda & Keeni Expires October 18, 2017 [Page 2] Internet-Draft syslogMIB April 2017 application. For special cases the specific role of the syslog application will be mentioned. This document defines a set of managed objects (MOs) that can be used to monitor a group of syslog applications. The SYSLOG-MIB can be used in conjunction with other MIB modules - in particular the Host Resources MIB [RFC2790]. The generic process related matters e.g. control and monitoring for status, resource usage etc. can be serviced by the corresponding entries in the Host Resources MIB. +------+ Syslog message ----->| App1 | +------+ +------+ Syslog message ----->| App2 |------> Syslog message +------+ +------+ | App3 |------> Syslog message +------+ App1: Syslog collector (syslog receiver) App2: Syslog relay (syslog receiver, syslog sender) App3: Syslog originator (syslog sender) Figure 1: Syslog applications modeled by the SYSLOG-MIB The syslog applications modeled by the SYSLOG-MIB are shown in Fig.1. A syslog receiver receives syslog messages. A syslog sender sends syslog messages to other syslog applications. A syslog relay forwards some of the received syslog messages to other syslog applications. A syslog receiver receives a syslog message and processes it. The processing will depend on the internal configuration and may involve relaying the message to one or more syslog applications. Note that a syslog application may have multiple roles. Multiple syslog applications may co-exist on the same host. 3. Managing syslog Log messages are expected to be collected, reliably and without interruption. For this, the logging system itself needs to be monitored and managed just like any other component of the ICT infrastructure. Tsunoda & Keeni Expires October 18, 2017 [Page 3] Internet-Draft syslogMIB April 2017 The operational information of syslog applications will be a target of syslog monitoring. Running status of related processes, resource usages, and statistics of the number of processed log messages will be monitored. The number of log messages delivered to each destination on a target host will give administrators insight into the operation of the syslog application. Managing syslog will also involve viewing and maintaining the configuration of the underlying syslog applications. 4. The MIB Design. The purpose of the SYSLOG-MIB is to allow the monitoring of a group of syslog applications. This requires managed objects representing the following elements. o The configuration and status related details of each syslog application. o The statistics on syslog messages received, processed locally, relayed by each syslog application. The MIB contains three subtrees. o The syslogNotifications subtree defines the set of notifications that will be used to asynchronously report the change of status of a syslog application. o The syslogObjects subtree contains four subtrees. * The syslogControlTable subtree deals with the configuration and control information for a syslog application. * The syslogOperationsTable subtree deals with operations and statistical information about syslog messages sent and/or received by a syslog application. * The syslogPriorityTable subtree deals with the relay configuration parameters pertaining to a syslog application. * The syslogRelayTable deals with the information about the destination of the relayed messages. o The conformance subtree defines the compliance statements. The SYSLOG-MIB module uses textual conventions defined in INET- ADDRESS-MIB [RFC4001], SNMP-FRAMEWORK-MIB [RFC3411] and SYSLOG-TC-MIB [RFC5427]. Tsunoda & Keeni Expires October 18, 2017 [Page 4] Internet-Draft syslogMIB April 2017 5. The Syslog MIB SYSLOG-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, Integer32, mib-2, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, StorageType, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SyslogFacility, SyslogSeverity FROM SYSLOG-TC-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB; syslogMIB MODULE-IDENTITY LAST-UPDATED "201704160000Z" -- 16th April, 2017 ORGANIZATION "Cyber Solutions Inc. NetMan Working Group" CONTACT-INFO " Hiroshi Tsunoda Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho Taihaku-ku, Sendai, Japan 982-8577 Tel: +81-22-305-3411 E-mail: tsuno@m.ieice.org Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com Support Group E-mail: mibsupport@cysols.com " DESCRIPTION "The MIB module for monitoring syslog applications. A syslog application sends and/or receives syslog messages. Tsunoda & Keeni Expires October 18, 2017 [Page 5] Internet-Draft syslogMIB April 2017 The reader is referred to [RFC5424] for a description of the various roles of a syslog application viz. ''sender'', ''receiver'' and ''relay''. The discussion in this document in general applies to a generic syslog application. For special cases the specific role of the syslog application will be mentioned. Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. " REVISION "201704160000Z" -- 16th April, 2017 DESCRIPTION "The initial version, published as RFC XXXX." -- RFC Ed.: replace XXXX with the actual RFC number & remove this -- note ::= { mib-2 YYYY } -- Will be assigned by IANA -- IANA Reg.: Please assign a value for "YYYY" under the -- 'mib-2' subtree and record the assignment in the SMI -- Numbers registry. -- RFC Ed.: When the above assignment has been made, please -- remove the above note -- replace "YYYY" here with the assigned value and -- remove this note. -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- SyslogRoles ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the roles of a syslog application. Note that a syslog application can have multiple roles. Tsunoda & Keeni Expires October 18, 2017 [Page 6] Internet-Draft syslogMIB April 2017 " REFERENCE "The Syslog Protocol [RFC5424] sec. 3. " SYNTAX BITS { sender (0), receiver (1), relay (2) } SyslogEncapsulation ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the encapsulations of the syslog message that is used between syslog application endpoints. " REFERENCE "Transmission of syslog messages over UDP [RFC5426], TLS Transport Mapping for Syslog [RFC5425], Reliable Delivery for syslog [RFC3195], Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog [RFC6012]. " SYNTAX INTEGER { other (1), none (2), -- [RFC5426] (no encapsulation) tls (3), -- [RFC5425] beep (4), -- [RFC3195] dtls (5) -- [RFC6012] } -- syslogMIB - the main groups -- ------------------------------------------------------------- syslogNotifications OBJECT IDENTIFIER ::= { syslogMIB 0 } syslogObjects OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogConformance OBJECT IDENTIFIER ::= { syslogMIB 2 } -- ------------------------------------------------------------- Tsunoda & Keeni Expires October 18, 2017 [Page 7] Internet-Draft syslogMIB April 2017 -- syslog application configuration info table -- ------------------------------------------------------------- syslogControlTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing the configuration parameters pertaining to the syslog applications serviced by an SNMP agent. " ::= { syslogObjects 1 } syslogControlEntry OBJECT-TYPE SYNTAX SyslogControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The configuration parameters pertaining to a syslog application. " INDEX { syslogControlIndex } ::= { syslogControlTable 1 } SyslogControlEntry ::= SEQUENCE { syslogControlIndex Unsigned32, syslogControlDescr SnmpAdminString, syslogControlRoles SyslogRoles, syslogControlBindAddrType InetAddressType, syslogControlBindAddr InetAddress, syslogControlBindPort InetPortNumber, syslogControlEncapsulation SyslogEncapsulation, syslogControlMaxMessageSize Unsigned32, syslogControlConfFileName SnmpAdminString, syslogControlStorageType StorageType, syslogControlRowStatus RowStatus Tsunoda & Keeni Expires October 18, 2017 [Page 8] Internet-Draft syslogMIB April 2017 } syslogControlIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog application in the syslogControlTable. The value of the index for a syslog application may not be the same across system reboots. Users and applications will need to determine the index of a syslog application after system reboots. " ::= { syslogControlEntry 1 } syslogControlDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A user definable description of the syslog application. This description could be used by syslog management applications e.g. in reports or user interfaces. " ::= { syslogControlEntry 2 } syslogControlRoles OBJECT-TYPE SYNTAX SyslogRoles MAX-ACCESS read-create STATUS current DESCRIPTION "The roles of the syslog application. " ::= { syslogControlEntry 3 } syslogControlBindAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogControlBindAddr. If this syslog application is not a syslog receiver, the value of this object will be 'unknown' (0). " Tsunoda & Keeni Expires October 18, 2017 [Page 9] Internet-Draft syslogMIB April 2017 ::= { syslogControlEntry 4 } syslogControlBindAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The specific address the syslog receiver will bind to. The format of the address is specified by the corresponding syslogControlBindAddrType object. If the address is specified in the DNS domain name format [syslogControlBindAddrType = 'dns'], the corresponding IPv4 or IPv6 address obtained at the time of the binding operation by the syslog application, will be used. If this syslog application is not a syslog receiver, the value of this object will be a zero-length string. " ::= { syslogControlEntry 5 } syslogControlBindPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The port number that this syslog receiver will bind to. If this syslog application is not a syslog receiver the value of this object will be zero. " ::= { syslogControlEntry 6 } syslogControlEncapsulation OBJECT-TYPE SYNTAX SyslogEncapsulation MAX-ACCESS read-create STATUS current DESCRIPTION "The encapsulation that will be used for syslog messages by the syslog receiver. If this syslog application is not a syslog receiver the value of this object will be ''other''. " ::= { syslogControlEntry 7 } syslogControlMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create Tsunoda & Keeni Expires October 18, 2017 [Page 10] Internet-Draft syslogMIB April 2017 STATUS current DESCRIPTION "The maximum size of the syslog messages in bytes for this syslog application. A syslog receiver may reject or truncate messages larger than the specified maximum syslog message size. " REFERENCE "The Syslog Protocol [RFC5424] sec. 6.1. " ::= { syslogControlEntry 8 } syslogControlConfFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The full path name of the configuration file where the syslog application's message selection and corresponding action rules will be read from. If the syslog application does not support the specification of a configuration file, the value of this object will be a zero-length string. " DEFVAL { "/etc/syslog.conf" } ::= { syslogControlEntry 9 } syslogControlStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile or permanent storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " DEFVAL { nonVolatile } ::= { syslogControlEntry 11 } syslogControlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current Tsunoda & Keeni Expires October 18, 2017 [Page 11] Internet-Draft syslogMIB April 2017 DESCRIPTION "This object is used to create, modify and delete rows in the syslogControlTable. The value of syslogControlDescr can be changed when this object is in state ''active'' or in ''notInService''. The other objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', b. change the values of the row c. change the row status to ''active'' The syslogControlRowStatus may be changed to ''active'' if all the managed objects in the conceptual row with MAX-ACCESS read-create except syslogControlBindPort and syslogControlEncapsulation have been assigned valid values. " ::= { syslogControlEntry 12 } -- ------------------------------------------------------------- -- syslogOperations -- ------------------------------------------------------------- syslogOperationsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogOperationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing operations information about the syslog applications serviced by an SNMP agent. This table complements the (configuration) information in syslogControlTable . " ::= { syslogObjects 2 } syslogOperationsEntry OBJECT-TYPE SYNTAX SyslogOperationsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The operations information pertaining to a syslog application. " AUGMENTS { syslogControlEntry } ::= { syslogOperationsTable 1 } Tsunoda & Keeni Expires October 18, 2017 [Page 12] Internet-Draft syslogMIB April 2017 SyslogOperationsEntry ::= SEQUENCE { syslogOperationsMsgsReceived Counter32, syslogOperationsMsgsTransmitted Counter32, syslogOperationsMsgsRelayed Counter32, syslogOperationsMsgsDropped Counter32, syslogOperationsMsgsMalFormed Counter32, syslogOperationsMsgsDiscarded Counter32, syslogOperationsLastMsgRecdTime TimeStamp, syslogOperationsLastMsgTransmittedTime TimeStamp, syslogOperationsStartTime TimeStamp, syslogOperationsLastError SnmpAdminString, syslogOperationsLastErrorTime TimeStamp, syslogOperationsRunIndex Integer32, syslogOperationsCounterDiscontinuityTime TimeStamp, syslogOperationsStatus INTEGER } syslogOperationsMsgsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog receiver. This includes messages that were discarded. If this syslog application is not a syslog receiver the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 1 } Tsunoda & Keeni Expires October 18, 2017 [Page 13] Internet-Draft syslogMIB April 2017 syslogOperationsMsgsTransmitted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages transmitted by the syslog sender. This does not include the messages that could not be queued for transmission by the syslog sender. If this syslog application is not a syslog sender the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 2 } syslogOperationsMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog relay to other syslog applications. If this syslog application is not a syslog relay the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFC5424] sec. 3. " ::= { syslogOperationsEntry 3 } syslogOperationsMsgsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that could not be queued for transmission by the syslog sender. If this syslog application is not a syslog sender the value of this object will be zero. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of Tsunoda & Keeni Expires October 18, 2017 [Page 14] Internet-Draft syslogMIB April 2017 syslogOperationsCounterDiscontinuityTime. " ::= { syslogOperationsEntry 4 } syslogOperationsMsgsMalFormed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog receiver which had a malformed header. If this syslog application is not a syslog receiver, then this object will have a zero value. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFC5424] sec. 6.3. " ::= { syslogOperationsEntry 5 } syslogOperationsMsgsDiscarded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were discarded by the syslog receiver. This will include messages that were discarded because the message size was greater than the system's maximum message size. If this syslog application is not a syslog receiver this object will have a zero value. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogOperationsCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFC5424] sec. 6.1. " ::= { syslogOperationsEntry 6 } syslogOperationsLastMsgRecdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current Tsunoda & Keeni Expires October 18, 2017 [Page 15] Internet-Draft syslogMIB April 2017 DESCRIPTION "The value of sysUpTime when the last message was received by the syslog receiver. If this syslog application is not a syslog receiver or, if no messages have been received by this syslog application, since the last re-initialization of the local SNMP management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 7 } syslogOperationsLastMsgTransmittedTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last message was transmitted by the syslog sender. If this syslog application is not a syslog sender or, if no messages have been transmitted by this syslog application, since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 8 } syslogOperationsStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this syslog application was started. " ::= { syslogOperationsEntry 9 } syslogOperationsLastError OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A description of the last error related to sending, receiving or processing a syslog message that was encountered by this syslog application. If no error has been encountered by this syslog application then the value of this object will be a zero-length string. Tsunoda & Keeni Expires October 18, 2017 [Page 16] Internet-Draft syslogMIB April 2017 If no error has been encountered by this syslog application since the last re-initialization of the local management subsystem then the value of this object will be a zero-length string. " ::= { syslogOperationsEntry 10 } syslogOperationsLastErrorTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the last error was encountered. If no error has been encountered by this syslog application since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 11 } syslogOperationsRunIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "If the Host Resources MIB is instantiated on the host then this entry will have the value of the hrSWRunIndex of the corresponding entry in the hrSWRunTable. Note that the hrSWRunIndex is not persistent across system reboots or software restarts. The value of syslogOperationsRunIndex SHOULD reference the latest value of the hrSWRunIndex of the corresponding entry in the hrSWRunTable. The special value of zero indicates that the Host resource MIB is not instantiated. " ::= { syslogOperationsEntry 12 } syslogOperationsCounterDiscontinuityTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion Tsunoda & Keeni Expires October 18, 2017 [Page 17] Internet-Draft syslogMIB April 2017 at which any one or more of this syslog application's counters, viz., counters with OID prefix 'syslogOperationsMsgsReceived' or 'syslogOperationsMsgsTransmitted' or 'syslogOperationsMsgsRelayed' or 'syslogOperationsMsgsDropped' or 'syslogOperationsMsgsMalFormed' or 'syslogOperationsMsgsDiscarded' suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogOperationsEntry 13 } syslogOperationsStatus OBJECT-TYPE SYNTAX INTEGER { unknown (1), started (2), suspended(3), stopped (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the syslog application. " DEFVAL { unknown } ::= { syslogOperationsEntry 14 } syslogPriorityTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing the relay configuration parameters pertaining to the syslog applications serviced by an SNMP agent. " ::= { syslogObjects 3 } syslogPriorityEntry OBJECT-TYPE SYNTAX SyslogPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The relay configuration parameters pertaining to a syslog application. Tsunoda & Keeni Expires October 18, 2017 [Page 18] Internet-Draft syslogMIB April 2017 " INDEX { syslogControlIndex, syslogPriorityFacility, syslogPrioritySeverity } ::= { syslogPriorityTable 1 } SyslogPriorityEntry ::= SEQUENCE { syslogPriorityFacility SyslogFacility, syslogPrioritySeverity SyslogSeverity, syslogPriorityDescr SnmpAdminString, syslogPriorityDestinationIndex Unsigned32, syslogPriorityStorageType StorageType, syslogPriorityRowStatus RowStatus } syslogPriorityFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS not-accessible STATUS current DESCRIPTION "The facility value of this entry. " ::= { syslogPriorityEntry 1 } syslogPrioritySeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS not-accessible STATUS current DESCRIPTION "The severity value of this entry. " ::= { syslogPriorityEntry 2 } syslogPriorityDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A textual description of this priority entry. " ::= { syslogPriorityEntry 3 } Tsunoda & Keeni Expires October 18, 2017 [Page 19] Internet-Draft syslogMIB April 2017 syslogPriorityDestinationIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "On systems where the priority value in a syslog message indicates the destination to which a syslog message should be relayed, the value of this object will identify the row in syslogRelayTable that contains information about the relay destination to which messages which have the priority value represented by syslogPriorityFacility and syslogPrioritySeverity values of this row will be relayed. A value of 0 will indicate that there is no corresponding row in the syslogRelayTable table. " ::= { syslogPriorityEntry 4 } syslogPriorityStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile or permanent storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " DEFVAL { nonVolatile } ::= { syslogPriorityEntry 5 } syslogPriorityRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create, modify and delete rows in the syslogPriorityTable. The value of syslogPriorityDescr can be changed when this object is in state ''active'' or in ''notInService''. The other objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', Tsunoda & Keeni Expires October 18, 2017 [Page 20] Internet-Draft syslogMIB April 2017 b. change the values of the row c. change the row status to ''active'' The syslogPriorityRowStatus may be changed to ''active'' if all the managed objects in the conceptual row with MAX-ACCESS read-create have been assigned valid values. " ::= { syslogPriorityEntry 6 } syslogRelayTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogRelayEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information for the relay destinations. " ::= { syslogObjects 4 } syslogRelayEntry OBJECT-TYPE SYNTAX SyslogRelayEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information pertaining to a syslog message relay destination. " INDEX { syslogRelayIndex } ::= { syslogRelayTable 1 } SyslogRelayEntry ::= SEQUENCE { syslogRelayIndex Unsigned32, syslogRelayDescr SnmpAdminString, syslogRelayAddrType InetAddressType, syslogRelayAddr InetAddress, syslogRelayPort InetPortNumber, syslogRelayEncapsulation SyslogEncapsulation, syslogRelayMsgsRelayed Counter32, syslogRelayCounterDiscontinuityTime Tsunoda & Keeni Expires October 18, 2017 [Page 21] Internet-Draft syslogMIB April 2017 TimeStamp, syslogRelayStorageType StorageType, syslogRelayRowStatus RowStatus } syslogRelayIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog relay in the syslogRelayTable. The value of the index for a syslog relay may not be the same across system reboots. Users and applications will need to determine the index of a syslog relay after system reboots. " ::= { syslogRelayEntry 1 } syslogRelayDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A user definable description of the syslog relay. This description could be used by syslog management applications e.g. in reports or in user interfaces. " ::= { syslogRelayEntry 2 } syslogRelayAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslogRelayAddr. " ::= { syslogRelayEntry 3 } syslogRelayAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The address of the syslog relay . Tsunoda & Keeni Expires October 18, 2017 [Page 22] Internet-Draft syslogMIB April 2017 The format of the address is specified by the corresponding syslogRelayAddrType object. If the address is specified in the DNS domain name format [syslogRelayAddrType = 'dns'], the corresponding IPv4 or IPv6 address obtained at the time of the relay operation by the syslog application, will be used. " ::= { syslogRelayEntry 4 } syslogRelayPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The port number of the syslog relay. " ::= { syslogRelayEntry 5 } syslogRelayEncapsulation OBJECT-TYPE SYNTAX SyslogEncapsulation MAX-ACCESS read-create STATUS current DESCRIPTION "The encapsulation that will be used for syslog messages sent by the syslog sender to the relay destination. " ::= { syslogRelayEntry 6 } syslogRelayMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog relay to this relay destination. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of syslogRelayCounterDiscontinuityTime. " REFERENCE "The Syslog Protocol [RFC5424] sec. 3. " ::= { syslogRelayEntry 7 } syslogRelayCounterDiscontinuityTime OBJECT-TYPE SYNTAX TimeStamp Tsunoda & Keeni Expires October 18, 2017 [Page 23] Internet-Draft syslogMIB April 2017 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which counters with OID prefix 'syslogRelayMsgsRelayed' suffered a discontinuity. If no such discontinuities have occurred since the last re-initialization of the local management subsystem, then this object will have a zero value. " ::= { syslogRelayEntry 8 } syslogRelayStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile or permanent storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " DEFVAL { nonVolatile } ::= { syslogRelayEntry 9 } syslogRelayRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create, modify and delete rows in the syslogRelayTable. The value of syslogRelayDescr can be changed when this object is in state ''active'' or in ''notInService''. The other objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', b. change the values of the row c. change the row status to ''active'' The syslogRelayRowStatus may be changed to ''active'' if all the managed objects in the conceptual row with MAX-ACCESS read-create have been assigned valid Tsunoda & Keeni Expires October 18, 2017 [Page 24] Internet-Draft syslogMIB April 2017 values. " ::= { syslogRelayEntry 10 } syslogStatusChanged NOTIFICATION-TYPE OBJECTS { syslogControlDescr, syslogControlRoles, syslogControlBindAddrType, syslogControlBindAddr, syslogControlBindPort, syslogControlEncapsulation, syslogControlConfFileName, syslogOperationsStatus } STATUS current DESCRIPTION "This notification is sent when a syslog application changes state. For example when the syslog application starts [syslogOperationsStatus is ''started'' ] or the syslog application stops [syslogOperationsStatus is ''suspended'' or ''stopped'']. The value of syslogOperationsStatus will be the new status of the syslog application after the change. The syslog application corresponding to the notification will be identified by the syslogOperationsIndex instance identifier of the objects in the notification. " ::= { syslogNotifications 1 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- syslogGroups OBJECT IDENTIFIER ::= { syslogConformance 1 } syslogCompliances OBJECT IDENTIFIER ::= { syslogConformance 2 } -- ------------------------------------------------------------- -- units of conformance -- ------------------------------------------------------------- syslogOperationsGroup OBJECT-GROUP OBJECTS { -- syslogOperationsIndex, syslogOperationsMsgsReceived, syslogOperationsMsgsTransmitted, Tsunoda & Keeni Expires October 18, 2017 [Page 25] Internet-Draft syslogMIB April 2017 syslogOperationsMsgsRelayed, syslogOperationsMsgsDropped, syslogOperationsMsgsMalFormed, syslogOperationsMsgsDiscarded, syslogOperationsLastMsgRecdTime, syslogOperationsLastMsgTransmittedTime, syslogOperationsStartTime, syslogOperationsLastError, syslogOperationsLastErrorTime, syslogOperationsRunIndex, syslogOperationsCounterDiscontinuityTime, syslogOperationsStatus } STATUS current DESCRIPTION "A collection of objects providing message related statistics." ::= { syslogGroups 1} syslogControlGroup OBJECT-GROUP OBJECTS { syslogControlDescr, syslogControlRoles, syslogControlBindAddrType, syslogControlBindAddr, syslogControlEncapsulation, syslogControlBindPort, syslogControlMaxMessageSize, syslogControlConfFileName, syslogControlStorageType, syslogControlRowStatus } STATUS current DESCRIPTION "A collection of objects representing the run time parameters for the syslog applications. " ::= { syslogGroups 2} syslogPriorityGroup OBJECT-GROUP OBJECTS { syslogPriorityDescr, syslogPriorityDestinationIndex, syslogPriorityStorageType, syslogPriorityRowStatus } STATUS current DESCRIPTION "A collection of objects representing the priority Tsunoda & Keeni Expires October 18, 2017 [Page 26] Internet-Draft syslogMIB April 2017 groupings of syslog messages. " ::= { syslogGroups 3} syslogRelayGroup OBJECT-GROUP OBJECTS { syslogRelayDescr, syslogRelayAddrType, syslogRelayAddr, syslogRelayPort, syslogRelayEncapsulation, syslogRelayMsgsRelayed, syslogRelayCounterDiscontinuityTime, syslogRelayStorageType, syslogRelayRowStatus } STATUS current DESCRIPTION "A collection of objects representing the relay destinations for syslog messages. " ::= { syslogGroups 4} syslogNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { syslogStatusChanged } STATUS current DESCRIPTION "A collection of notifications about the operational state of a syslog application. " ::= { syslogGroups 5} -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- syslogFullCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB with support for writable objects and notifications. Such an implementation can be both monitored and configured via SNMP. It can also send notifications about change in the operational status of the syslog application. " MODULE -- this module Tsunoda & Keeni Expires October 18, 2017 [Page 27] Internet-Draft syslogMIB April 2017 MANDATORY-GROUPS { syslogNotificationGroup, syslogOperationsGroup, syslogControlGroup, syslogPriorityGroup, syslogRelayGroup } ::= { syslogCompliances 1 } syslogFullCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB with support for writable objects. Such an implementation can be both monitored and configured via SNMP. " MODULE -- this module MANDATORY-GROUPS { syslogOperationsGroup, syslogControlGroup, syslogPriorityGroup, syslogRelayGroup } ::= { syslogCompliances 2 } syslogFullCompliance3 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB with support for writable objects but without support for the objects in syslogPriorityGroup and syslogRelayGroup. Such an implementation can be both monitored and configured via SNMP. " MODULE -- this module MANDATORY-GROUPS { syslogOperationsGroup, syslogControlGroup } ::= { syslogCompliances 3 } syslogReadOnlyCompliance1 MODULE-COMPLIANCE STATUS current Tsunoda & Keeni Expires October 18, 2017 [Page 28] Internet-Draft syslogMIB April 2017 DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB without support for read-write (i.e. in read-only mode). It can also send notifications about change in the operational status of the syslog application. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup, syslogOperationsGroup, syslogControlGroup, syslogPriorityGroup, syslogRelayGroup } OBJECT syslogControlDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRoles MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindPort MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlMaxMessageSize MIN-ACCESS read-only Tsunoda & Keeni Expires October 18, 2017 [Page 29] Internet-Draft syslogMIB April 2017 DESCRIPTION "Write access is not required. " OBJECT syslogControlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 4 } syslogReadOnlyCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB without support for read-write (i.e. in read-only mode). " MODULE -- this module MANDATORY-GROUPS { syslogOperationsGroup, syslogControlGroup, syslogPriorityGroup, syslogRelayGroup } OBJECT syslogControlDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRoles MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddrType MIN-ACCESS read-only DESCRIPTION Tsunoda & Keeni Expires October 18, 2017 [Page 30] Internet-Draft syslogMIB April 2017 "Write access is not required. " OBJECT syslogControlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindPort MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlMaxMessageSize MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogPriorityDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogPriorityDestinationIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogPriorityStorageType Tsunoda & Keeni Expires October 18, 2017 [Page 31] Internet-Draft syslogMIB April 2017 MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogPriorityRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayPort MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogRelayRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 5 } syslogReadOnlyCompliance3 MODULE-COMPLIANCE STATUS current Tsunoda & Keeni Expires October 18, 2017 [Page 32] Internet-Draft syslogMIB April 2017 DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB without support for read-write (i.e. in read-only mode) and without support for the objects in syslogRelayGroup and syslogPriorityGroup. " MODULE -- this module MANDATORY-GROUPS { syslogOperationsGroup, syslogControlGroup } OBJECT syslogControlDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRoles MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlBindPort MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlEncapsulation MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlMaxMessageSize MIN-ACCESS read-only DESCRIPTION "Write access is not required. " Tsunoda & Keeni Expires October 18, 2017 [Page 33] Internet-Draft syslogMIB April 2017 OBJECT syslogControlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslogControlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 6 } syslogNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB and support only notifications about change in the operational status of a syslog application. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup } ::= { syslogCompliances 7 } END 6. Security Considerations Syslog plays a very important role in the computer and network security of an organization. SYSLOG-MIB defines several managed objects that may be used to monitor, configure and control syslog applications. As such improper manipulation of the objects represented by this MIB may lead to an attack on an important component of the computer and network security infrastructure. The objects in syslogControlTable, syslogPriorityTable and syslogRelayTable may be misconfigured to cause syslog messages to be diverted or lost. Tsunoda & Keeni Expires October 18, 2017 [Page 34] Internet-Draft syslogMIB April 2017 There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o syslogControlTable: The objects in this table describe the configuration of the syslog applications. It may be misconfigured to start up a very large number of syslog applications (processes) and deny the system of its resources. o syslogControlBindAddr: This object may be misconfigured to bind syslog application to the wrong address. This will cause messages to be lost. o syslogControlBindPort: This object may be misconfigured to bind syslog application to the wrong service (port). This will cause messages to be lost. o syslogControlMaxMessageSize: This message may be misconfigured to set the wrong MaxMessageSize for the syslog application. It may cause syslog messages to be lost. o syslogControlConfFileName: This object may be misconfigured to start the syslog application with the wrong (rogue) configuration. o syslogControlStorageType: This object may be misconfigured to set the wrong storage type. That may cause confusion, operational errors and/or loss of information. o syslogPriorityTable: The objects in this table link the priority value in a syslog message to the entry in the syslogRelayTable corresponding to the syslog collector to which the syslog message should be relayed. The table may be misconfigured to redirect a syslog message to a potentially non- existent wrong destination and/or to redirect a large number of messages to a particular syslog collector. o syslogRelayTable: The rows in this table represent the relays to which syslog messages will be relayed, depending on the priority value in the respective syslog messages. The table may be misconfigured to redirect a syslog message to a potentially non- existent wrong destination and/or redirect a large number of messages to a particular syslog collector. Tsunoda & Keeni Expires October 18, 2017 [Page 35] Internet-Draft syslogMIB April 2017 Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o syslogOperationsTable: Objects in this table carry sensitive information. The counters may reveal information about the deployment and effectiveness of the relevant security systems. The counters may be analyzed to tell whether the security systems are able to detect an event or not. o syslogOperationsLastError: This object may contain sensitive information e.g. user-id, password, etc. depending on the implementation of the syslog application. It may reveal details about the syslog implementation itself, e.g. version, OS, etc. o syslogPriorityTable: Objects in this table carry sensitive information. The objects reveal how the syslog messages are grouped, relayed and/or stored. o syslogRelayTable: Objects in this table carry sensitive information. The objects reveal the destination of syslog messages. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP application giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Tsunoda & Keeni Expires October 18, 2017 [Page 36] Internet-Draft syslogMIB April 2017 7. IANA Considerations The MIB modules in this document use the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- syslogMIB { mib-2 YYYY } IANA Reg.: Please assign a value under the 'mib-2' subtree for the 'syslogMIB' MODULE-IDENTITY and record the assignment in the SMI Numbers registry. RFC Ed.: When the above assignments have been made, please - remove the above note - replace "YYYY" here with the assigned values and - remove this note. 8. Acknowledgments The initial draft of this document was authored by Bruno Pape. The authors would like to thank Mark Ellison, David Harrington, Mike MacFaden, Dave T Perkins, Tom Petch, Juergen Schoenwaelder, Rohit M, Bert Wijnen and members of the WIDE-netman group for their comments and suggestions. Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). 9. APPENDIX This section documents the development of the draft. It will be deleted when the draft becomes an RFC. Revision History: This draft is a revision of draft-ietf-syslog-device-mib-17.txt, the last version of the SyslogMIB draft developed as a SyslogWG work item. o Changes from draft-ietf-syslog-device-mib-17.txt to draft-tsuno- syslog-mib-00.txt 1. Editorial changes only o Changes from draft-tsuno-syslog-mib-00.txt to draft-tsuno-syslog- mib-01.txt Tsunoda & Keeni Expires October 18, 2017 [Page 37] Internet-Draft syslogMIB April 2017 1. Added new textual convention for DTLS transport 2. Added text to explain syslogPriorityTable and syslogRelayTable 3. Editorial changes. o Changes from draft-tsuno-syslog-mib-01.txt to draft-tsuno-syslog- mib-02.txt 1. Added "Managing syslog" section to clarify the necessity of this MIB. o Changes from draft-tsuno-syslog-mib-02.txt to draft-tsuno-syslog- mib-03.txt 1. Editorial changes only o Changes from draft-tsuno-syslog-mib-03.txt to draft-tsuno-syslog- mib-04.txt 1. Editorial changes only 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ RFC2119, March 1997, . [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/ RFC2578, April 1999, . [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, . [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, . Tsunoda & Keeni Expires October 18, 2017 [Page 38] Internet-Draft syslogMIB April 2017 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, DOI 10.17487/RFC3411, December 2002, . [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, . [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, DOI 10.17487/RFC5424, March 2009, . [RFC5427] Keeni, G., "Textual Conventions for Syslog Management", RFC 5427, DOI 10.17487/RFC5427, March 2009, . 10.2. Informative References [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 2790, DOI 10.17487/RFC2790, March 2000, . [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, DOI 10.17487/ RFC3410, December 2002, . Authors' Addresses Hiroshi Tsunoda Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho Taihaku-ku, Sendai 982-8577 Japan Phone: +81-22-305-3411 Email: tsuno@m.ieice.org Tsunoda & Keeni Expires October 18, 2017 [Page 39] Internet-Draft syslogMIB April 2017 Glenn Mansfield Keeni Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 Email: glenn@cysols.com Tsunoda & Keeni Expires October 18, 2017 [Page 40]