draft-ietf-opsawg-syslog-snmp-04.txt   draft-ietf-opsawg-syslog-snmp-05.txt 
Network Working Group V. Marinov Network Working Group V. Marinov
Internet-Draft J. Schoenwaelder Internet-Draft J. Schoenwaelder
Intended status: Standards Track Jacobs University Bremen Intended status: Standards Track Jacobs University Bremen
Expires: February 7, 2010 August 6, 2009 Expires: February 14, 2010 August 13, 2009
Mapping Simple Network Management Protocol (SNMP) Notifications to Mapping Simple Network Management Protocol (SNMP) Notifications to
SYSLOG Messages SYSLOG Messages
draft-ietf-opsawg-syslog-snmp-04.txt draft-ietf-opsawg-syslog-snmp-05.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 7, 2010. This Internet-Draft will expire on February 14, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 23 skipping to change at page 2, line 23
3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 7 3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 7
3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7 3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7
3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 10
4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10 4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10
5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 11 5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14
9.2. Informative References . . . . . . . . . . . . . . . . . . 14 9.2. Informative References . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
SNMP and SYSLOG are two widely used protocols to communicate event SNMP and SYSLOG are two widely used protocols to communicate event
notifications. Although co-existence of several management protocols notifications. Although co-existence of several management protocols
in one operational environment is possible, certain environments in one operational environment is possible, certain environments
require that all event notifications are collected by a single system require that all event notifications are collected by a single system
daemon such as a SYSLOG collector or an SNMP notification receiver daemon such as a SYSLOG collector or an SNMP notification receiver
via a single management protocol. In such environments, it is via a single management protocol. In such environments, it is
skipping to change at page 7, line 13 skipping to change at page 7, line 13
Implementations MUST drop invalid SNMP messages before they are Implementations MUST drop invalid SNMP messages before they are
passed to the SNMP-to-SYSLOG translator. passed to the SNMP-to-SYSLOG translator.
3.1. SYSLOG Header 3.1. SYSLOG Header
The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG
message with parameters specific to the system on which it is message with parameters specific to the system on which it is
running. The default facility level for SYSLOG messages containing running. The default facility level for SYSLOG messages containing
SNMP notifications SHOULD be 3, which corresponds to messages SNMP notifications SHOULD be 3, which corresponds to messages
generated by system daemons. The default severity level SHOULD be 5, generated by system daemons. The default severity level SHOULD be 5,
which correponds to "Notice: normal but significant condition". If which corresponds to "Notice: normal but significant condition". If
the SNMP-to-SYSLOG translator has a notion of the type of the SNMP-to-SYSLOG translator has a notion of the type of
notification that has been received it might choose other values for notification that has been received it might choose other values for
facility and severity level. facility and severity level.
The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID and MSGID fields The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID and MSGID fields
in the SYSLOG message header are filled with values that are specific in the SYSLOG message header are filled with values that are specific
to the system on which the SNMP-to-SYSLOG translator is running. The to the system on which the SNMP-to-SYSLOG translator is running. The
character set used in the HEADER MUST be seven-bit ASCII in an eight- character set used in the HEADER MUST be seven-bit ASCII in an eight-
bit field as described in [RFC5424]. bit field as described in [RFC5424].
skipping to change at page 7, line 41 skipping to change at page 7, line 41
SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]" SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]"
SNMP-SD-ID = %x73.6E.6D.70 ; snmp SNMP-SD-ID = %x73.6E.6D.70 ; snmp
CTX = CTXENGINE CTXNAME CTX = CTXENGINE CTXNAME
CTXENGINE = SP "ctxEngine=" %d34 HEXSTRING %d34 CTXENGINE = SP "ctxEngine=" %d34 HEXSTRING %d34
CTXNAME = SP "ctxName=" %d34 PARAM-VALUE %d34 CTXNAME = SP "ctxName=" %d34 PARAM-VALUE %d34
VARBIND = SP VARNAME [SP VARLABEL] SP VARVALUE [SP VALSTRING] VARBIND = SP VARNAME [SP VARLABEL] SP VARVALUE [SP VALSTRING]
VARNAME = %d118 NUM "=" %d34 OID %d34 ; "vN=" VARNAME = %d118 NUM "=" %d34 OID %d34 ; "vN="
VARLABEL = %d108 NUM "=" %d34 PARAM-VALUE %d34 ; "lN=" VARLABEL = %d108 NUM "=" %d34 PARAM-VALUE %d34 ; "lN="
VARVALUE = VALOID / VALHEXSTRING / VALCOUNTER32 / VALCOUNTER64 VARVALUE = VALOID / VALHEXSTRING / VALCOUNTER32 / VALCOUNTER64
/ VALUNSIGNED32 / VALINTEGER32 / VALIP / VALNULL / VALUNSIGNED32 / VALINTEGER32 / VALIP / VALNULL
/ VALOPAQUE / VALTIMETICKS / VALUTF8STRING / VALOPAQUE / VALTIMETICKS / VALSTRING
VALOID = %d111 NUM "=" %d34 OID %d34 ; "oN=" VALOID = %d111 NUM "=" %d34 OID %d34 ; "oN="
VALHEXSTRING = %d120 NUM "=" %d34 HEXSTRING %d34 ; "xN=" VALHEXSTRING = %d120 NUM "=" %d34 HEXSTRING %d34 ; "xN="
VALCOUNTER32 = %d99 NUM "=" %d34 UNSIGNED32 %d34 ; "cN=" VALCOUNTER32 = %d99 NUM "=" %d34 UNSIGNED32 %d34 ; "cN="
VALCOUNTER64 = %d67 NUM "=" %d34 UNSIGNED64 %d34 ; "CN=" VALCOUNTER64 = %d67 NUM "=" %d34 UNSIGNED64 %d34 ; "CN="
VALUNSIGNED32 = %d117 NUM "=" %d34 UNSIGNED32 %d34 ; "uN=" VALUNSIGNED32 = %d117 NUM "=" %d34 UNSIGNED32 %d34 ; "uN="
VALINTEGER32 = %d100 NUM "=" %d34 INTEGER32 %d34 ; "dN=" VALINTEGER32 = %d100 NUM "=" %d34 INTEGER32 %d34 ; "dN="
VALIP = %d105 NUM "=" %d34 IPV4ADDRESS %d34 ; "iN=" VALIP = %d105 NUM "=" %d34 IPV4ADDRESS %d34 ; "iN="
VALNULL = %d110 NUM "=" %d34 NULL %d34 ; "nN=" VALNULL = %d110 NUM "=" %d34 %d34 ; "nN="
VALOPAQUE = %d112 NUM "=" %d34 HEXSTRING %d34 ; "pN=" VALOPAQUE = %d112 NUM "=" %d34 HEXSTRING %d34 ; "pN="
VALTIMETICKS = %d116 NUM "=" %d34 UNSIGNED32 %d34 ; "tN=" VALTIMETICKS = %d116 NUM "=" %d34 UNSIGNED32 %d34 ; "tN="
VALSTRING = %d97 NUM "=" %d34 PARAM-VALUE %d34 ; "aN=" VALSTRING = %d97 NUM "=" %d34 PARAM-VALUE %d34 ; "aN="
NUM = NONZERODIGIT 0*DIGIT NUM = NONZERODIGIT 0*DIGIT
OID = OIDSTART *("." OIDSUBID) OID = OIDSTART *("." OIDSUBID)
OIDSTART = (("0." / "1.")[%d49-51] DIGIT) / ("2." OIDSUBID) OIDSTART = (("0." / "1.")[%d49-51] DIGIT) / ("2." OIDSUBID)
OIDSUBID = ZERO / (NONZERODIGIT *DIGIT) OIDSUBID = ZERO / (NONZERODIGIT *DIGIT)
PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and
; ']' MUST be escaped. ; ']' MUST be escaped.
UTF-8-STRING = *OCTET ; Any VALID UTF-8 String UTF-8-STRING = *OCTET ; Any VALID UTF-8 String
; "shortest form" MUST be used ; "shortest form" MUST be used
HEXSTRING = *HEX HEXSTRING = *HEX
INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT
UNSIGNED32 = NONZERODIGIT 0*DIGIT UNSIGNED32 = NONZERODIGIT 0*DIGIT
UNSIGNED64 = NONZERODIGIT 0*DIGIT UNSIGNED64 = NONZERODIGIT 0*DIGIT
NULL = ""
IPV4ADDRESS = d8 "." d8 "." d8 "." d8 IPV4ADDRESS = d8 "." d8 "." d8 "." d8
d8 = DIGIT ; 0-9 d8 = DIGIT ; 0-9
/ %d49-57 DIGIT ; 10-99 / %d49-57 DIGIT ; 10-99
/ "1" 2DIGIT ; 100-199 / "1" 2DIGIT ; 100-199
/ "2" %d48-52 DIGIT ; 200-249 / "2" %d48-52 DIGIT ; 200-249
/ "25" %d48-53 ; 250-255 / "25" %d48-53 ; 250-255
HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f
NONZERODIGIT = %d49-57 NONZERODIGIT = %d49-57
skipping to change at page 10, line 13 skipping to change at page 10, line 11
In particular, the parameters in the "origin" SD-ID SHOULD identify In particular, the parameters in the "origin" SD-ID SHOULD identify
the originator of the SNMP notification. A suitable value for the the originator of the SNMP notification. A suitable value for the
"ip" parameter MAY be taken from the snmpTrapAddress varbind if "ip" parameter MAY be taken from the snmpTrapAddress varbind if
present and a suitable value for the "enterpriseId" parameter MAY be present and a suitable value for the "enterpriseId" parameter MAY be
extracted from snmpTrapOID varbind. extracted from snmpTrapOID varbind.
3.3. MSG Data 3.3. MSG Data
The MSG part of the SYSLOG message is optional and may contain a The MSG part of the SYSLOG message is optional and may contain a
free-form message that provides a textual description of the SNMP free-form message that provides a textual description of the SNMP
event notification. The character set used in MSG SHOULD be UNICODE, event notification. According to [RFC5424], the character set used
encoded using UTF-8 as specified in [RFC3629]. If the originator can in MSG SHOULD be UNICODE, encoded using UTF-8 as specified in
not encode the MSG in Unicode, it MAY use any other encoding. [RFC3629]. If the originator can not encode the MSG in Unicode, it
MAY use any other encoding. The originator MAY use the "language"
parameters defined in [RFC5424] to convey information about the
natural language used inside MSG.
4. Relationship to the SYSLOG-MSG-MIB 4. Relationship to the SYSLOG-MSG-MIB
A companion document defines an SNMP MIB module to represent SYSLOG A companion document defines an SNMP MIB module to represent SYSLOG
messages and to send SYSLOG messages as SNMP notifications to SNMP messages and to send SYSLOG messages as SNMP notifications to SNMP
notification receivers [I-D.ietf-opsawg-syslog-msg-mib]. This notification receivers [I-D.ietf-opsawg-syslog-msg-mib]. This
section discusses the possibilities of using both specifications in section discusses the possibilities of using both specifications in
combination. combination.
A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the
skipping to change at page 14, line 44 skipping to change at page 14, line 44
[RFC3418] Presuhn, R., "Management Information Base (MIB) for the [RFC3418] Presuhn, R., "Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP)", STD 62, Simple Network Management Protocol (SNMP)", STD 62,
RFC 3418, December 2002. RFC 3418, December 2002.
[RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen,
"Coexistence between Version 1, Version 2, and Version 3 "Coexistence between Version 1, Version 2, and Version 3
of the Internet-standard Network Management Framework.", of the Internet-standard Network Management Framework.",
BCP 74, RFC 3584, August 2003. BCP 74, RFC 3584, August 2003.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 5234, January 2008. Specifications: ABNF", RFC 5234, January 2008.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.
9.2. Informative References 9.2. Informative References
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)", "Structure of Management Information Version 2 (SMIv2)",
RFC 2578, STD 58, April 1999. RFC 2578, STD 58, April 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000. MIB", RFC 2863, June 2000.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
Authors' Addresses Authors' Addresses
Vladislav Marinov Vladislav Marinov
Jacobs University Bremen Jacobs University Bremen
Campus Ring 1 Campus Ring 1
28725 Bremen 28725 Bremen
Germany Germany
Email: v.marinov@jacobs-university.de Email: v.marinov@jacobs-university.de
 End of changes. 11 change blocks. 
14 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/