| draft-ietf-opsawg-syslog-snmp-04.txt | draft-ietf-opsawg-syslog-snmp-05.txt | |||
|---|---|---|---|---|
| Network Working Group V. Marinov | Network Working Group V. Marinov | |||
| Internet-Draft J. Schoenwaelder | Internet-Draft J. Schoenwaelder | |||
| Intended status: Standards Track Jacobs University Bremen | Intended status: Standards Track Jacobs University Bremen | |||
| Expires: February 7, 2010 August 6, 2009 | Expires: February 14, 2010 August 13, 2009 | |||
| Mapping Simple Network Management Protocol (SNMP) Notifications to | Mapping Simple Network Management Protocol (SNMP) Notifications to | |||
| SYSLOG Messages | SYSLOG Messages | |||
| draft-ietf-opsawg-syslog-snmp-04.txt | draft-ietf-opsawg-syslog-snmp-05.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on February 7, 2010. | This Internet-Draft will expire on February 14, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 23 | skipping to change at page 2, line 23 | |||
| 3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 7 | 3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7 | 3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10 | 4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10 | |||
| 5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 11 | 5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 15 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| SNMP and SYSLOG are two widely used protocols to communicate event | SNMP and SYSLOG are two widely used protocols to communicate event | |||
| notifications. Although co-existence of several management protocols | notifications. Although co-existence of several management protocols | |||
| in one operational environment is possible, certain environments | in one operational environment is possible, certain environments | |||
| require that all event notifications are collected by a single system | require that all event notifications are collected by a single system | |||
| daemon such as a SYSLOG collector or an SNMP notification receiver | daemon such as a SYSLOG collector or an SNMP notification receiver | |||
| via a single management protocol. In such environments, it is | via a single management protocol. In such environments, it is | |||
| skipping to change at page 7, line 13 | skipping to change at page 7, line 13 | |||
| Implementations MUST drop invalid SNMP messages before they are | Implementations MUST drop invalid SNMP messages before they are | |||
| passed to the SNMP-to-SYSLOG translator. | passed to the SNMP-to-SYSLOG translator. | |||
| 3.1. SYSLOG Header | 3.1. SYSLOG Header | |||
| The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG | The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG | |||
| message with parameters specific to the system on which it is | message with parameters specific to the system on which it is | |||
| running. The default facility level for SYSLOG messages containing | running. The default facility level for SYSLOG messages containing | |||
| SNMP notifications SHOULD be 3, which corresponds to messages | SNMP notifications SHOULD be 3, which corresponds to messages | |||
| generated by system daemons. The default severity level SHOULD be 5, | generated by system daemons. The default severity level SHOULD be 5, | |||
| which correponds to "Notice: normal but significant condition". If | which corresponds to "Notice: normal but significant condition". If | |||
| the SNMP-to-SYSLOG translator has a notion of the type of | the SNMP-to-SYSLOG translator has a notion of the type of | |||
| notification that has been received it might choose other values for | notification that has been received it might choose other values for | |||
| facility and severity level. | facility and severity level. | |||
| The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID and MSGID fields | The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID and MSGID fields | |||
| in the SYSLOG message header are filled with values that are specific | in the SYSLOG message header are filled with values that are specific | |||
| to the system on which the SNMP-to-SYSLOG translator is running. The | to the system on which the SNMP-to-SYSLOG translator is running. The | |||
| character set used in the HEADER MUST be seven-bit ASCII in an eight- | character set used in the HEADER MUST be seven-bit ASCII in an eight- | |||
| bit field as described in [RFC5424]. | bit field as described in [RFC5424]. | |||
| skipping to change at page 7, line 41 | skipping to change at page 7, line 41 | |||
| SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]" | SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]" | |||
| SNMP-SD-ID = %x73.6E.6D.70 ; snmp | SNMP-SD-ID = %x73.6E.6D.70 ; snmp | |||
| CTX = CTXENGINE CTXNAME | CTX = CTXENGINE CTXNAME | |||
| CTXENGINE = SP "ctxEngine=" %d34 HEXSTRING %d34 | CTXENGINE = SP "ctxEngine=" %d34 HEXSTRING %d34 | |||
| CTXNAME = SP "ctxName=" %d34 PARAM-VALUE %d34 | CTXNAME = SP "ctxName=" %d34 PARAM-VALUE %d34 | |||
| VARBIND = SP VARNAME [SP VARLABEL] SP VARVALUE [SP VALSTRING] | VARBIND = SP VARNAME [SP VARLABEL] SP VARVALUE [SP VALSTRING] | |||
| VARNAME = %d118 NUM "=" %d34 OID %d34 ; "vN=" | VARNAME = %d118 NUM "=" %d34 OID %d34 ; "vN=" | |||
| VARLABEL = %d108 NUM "=" %d34 PARAM-VALUE %d34 ; "lN=" | VARLABEL = %d108 NUM "=" %d34 PARAM-VALUE %d34 ; "lN=" | |||
| VARVALUE = VALOID / VALHEXSTRING / VALCOUNTER32 / VALCOUNTER64 | VARVALUE = VALOID / VALHEXSTRING / VALCOUNTER32 / VALCOUNTER64 | |||
| / VALUNSIGNED32 / VALINTEGER32 / VALIP / VALNULL | / VALUNSIGNED32 / VALINTEGER32 / VALIP / VALNULL | |||
| / VALOPAQUE / VALTIMETICKS / VALUTF8STRING | / VALOPAQUE / VALTIMETICKS / VALSTRING | |||
| VALOID = %d111 NUM "=" %d34 OID %d34 ; "oN=" | VALOID = %d111 NUM "=" %d34 OID %d34 ; "oN=" | |||
| VALHEXSTRING = %d120 NUM "=" %d34 HEXSTRING %d34 ; "xN=" | VALHEXSTRING = %d120 NUM "=" %d34 HEXSTRING %d34 ; "xN=" | |||
| VALCOUNTER32 = %d99 NUM "=" %d34 UNSIGNED32 %d34 ; "cN=" | VALCOUNTER32 = %d99 NUM "=" %d34 UNSIGNED32 %d34 ; "cN=" | |||
| VALCOUNTER64 = %d67 NUM "=" %d34 UNSIGNED64 %d34 ; "CN=" | VALCOUNTER64 = %d67 NUM "=" %d34 UNSIGNED64 %d34 ; "CN=" | |||
| VALUNSIGNED32 = %d117 NUM "=" %d34 UNSIGNED32 %d34 ; "uN=" | VALUNSIGNED32 = %d117 NUM "=" %d34 UNSIGNED32 %d34 ; "uN=" | |||
| VALINTEGER32 = %d100 NUM "=" %d34 INTEGER32 %d34 ; "dN=" | VALINTEGER32 = %d100 NUM "=" %d34 INTEGER32 %d34 ; "dN=" | |||
| VALIP = %d105 NUM "=" %d34 IPV4ADDRESS %d34 ; "iN=" | VALIP = %d105 NUM "=" %d34 IPV4ADDRESS %d34 ; "iN=" | |||
| VALNULL = %d110 NUM "=" %d34 NULL %d34 ; "nN=" | VALNULL = %d110 NUM "=" %d34 %d34 ; "nN=" | |||
| VALOPAQUE = %d112 NUM "=" %d34 HEXSTRING %d34 ; "pN=" | VALOPAQUE = %d112 NUM "=" %d34 HEXSTRING %d34 ; "pN=" | |||
| VALTIMETICKS = %d116 NUM "=" %d34 UNSIGNED32 %d34 ; "tN=" | VALTIMETICKS = %d116 NUM "=" %d34 UNSIGNED32 %d34 ; "tN=" | |||
| VALSTRING = %d97 NUM "=" %d34 PARAM-VALUE %d34 ; "aN=" | VALSTRING = %d97 NUM "=" %d34 PARAM-VALUE %d34 ; "aN=" | |||
| NUM = NONZERODIGIT 0*DIGIT | NUM = NONZERODIGIT 0*DIGIT | |||
| OID = OIDSTART *("." OIDSUBID) | OID = OIDSTART *("." OIDSUBID) | |||
| OIDSTART = (("0." / "1.")[%d49-51] DIGIT) / ("2." OIDSUBID) | OIDSTART = (("0." / "1.")[%d49-51] DIGIT) / ("2." OIDSUBID) | |||
| OIDSUBID = ZERO / (NONZERODIGIT *DIGIT) | OIDSUBID = ZERO / (NONZERODIGIT *DIGIT) | |||
| PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and | PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and | |||
| ; ']' MUST be escaped. | ; ']' MUST be escaped. | |||
| UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | |||
| ; "shortest form" MUST be used | ; "shortest form" MUST be used | |||
| HEXSTRING = *HEX | HEXSTRING = *HEX | |||
| INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT | INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT | |||
| UNSIGNED32 = NONZERODIGIT 0*DIGIT | UNSIGNED32 = NONZERODIGIT 0*DIGIT | |||
| UNSIGNED64 = NONZERODIGIT 0*DIGIT | UNSIGNED64 = NONZERODIGIT 0*DIGIT | |||
| NULL = "" | ||||
| IPV4ADDRESS = d8 "." d8 "." d8 "." d8 | IPV4ADDRESS = d8 "." d8 "." d8 "." d8 | |||
| d8 = DIGIT ; 0-9 | d8 = DIGIT ; 0-9 | |||
| / %d49-57 DIGIT ; 10-99 | / %d49-57 DIGIT ; 10-99 | |||
| / "1" 2DIGIT ; 100-199 | / "1" 2DIGIT ; 100-199 | |||
| / "2" %d48-52 DIGIT ; 200-249 | / "2" %d48-52 DIGIT ; 200-249 | |||
| / "25" %d48-53 ; 250-255 | / "25" %d48-53 ; 250-255 | |||
| HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f | HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f | |||
| NONZERODIGIT = %d49-57 | NONZERODIGIT = %d49-57 | |||
| skipping to change at page 10, line 13 | skipping to change at page 10, line 11 | |||
| In particular, the parameters in the "origin" SD-ID SHOULD identify | In particular, the parameters in the "origin" SD-ID SHOULD identify | |||
| the originator of the SNMP notification. A suitable value for the | the originator of the SNMP notification. A suitable value for the | |||
| "ip" parameter MAY be taken from the snmpTrapAddress varbind if | "ip" parameter MAY be taken from the snmpTrapAddress varbind if | |||
| present and a suitable value for the "enterpriseId" parameter MAY be | present and a suitable value for the "enterpriseId" parameter MAY be | |||
| extracted from snmpTrapOID varbind. | extracted from snmpTrapOID varbind. | |||
| 3.3. MSG Data | 3.3. MSG Data | |||
| The MSG part of the SYSLOG message is optional and may contain a | The MSG part of the SYSLOG message is optional and may contain a | |||
| free-form message that provides a textual description of the SNMP | free-form message that provides a textual description of the SNMP | |||
| event notification. The character set used in MSG SHOULD be UNICODE, | event notification. According to [RFC5424], the character set used | |||
| encoded using UTF-8 as specified in [RFC3629]. If the originator can | in MSG SHOULD be UNICODE, encoded using UTF-8 as specified in | |||
| not encode the MSG in Unicode, it MAY use any other encoding. | [RFC3629]. If the originator can not encode the MSG in Unicode, it | |||
| MAY use any other encoding. The originator MAY use the "language" | ||||
| parameters defined in [RFC5424] to convey information about the | ||||
| natural language used inside MSG. | ||||
| 4. Relationship to the SYSLOG-MSG-MIB | 4. Relationship to the SYSLOG-MSG-MIB | |||
| A companion document defines an SNMP MIB module to represent SYSLOG | A companion document defines an SNMP MIB module to represent SYSLOG | |||
| messages and to send SYSLOG messages as SNMP notifications to SNMP | messages and to send SYSLOG messages as SNMP notifications to SNMP | |||
| notification receivers [I-D.ietf-opsawg-syslog-msg-mib]. This | notification receivers [I-D.ietf-opsawg-syslog-msg-mib]. This | |||
| section discusses the possibilities of using both specifications in | section discusses the possibilities of using both specifications in | |||
| combination. | combination. | |||
| A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the | A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the | |||
| skipping to change at page 14, line 44 | skipping to change at page 14, line 44 | |||
| [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | |||
| Simple Network Management Protocol (SNMP)", STD 62, | Simple Network Management Protocol (SNMP)", STD 62, | |||
| RFC 3418, December 2002. | RFC 3418, December 2002. | |||
| [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, | [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, | |||
| "Coexistence between Version 1, Version 2, and Version 3 | "Coexistence between Version 1, Version 2, and Version 3 | |||
| of the Internet-standard Network Management Framework.", | of the Internet-standard Network Management Framework.", | |||
| BCP 74, RFC 3584, August 2003. | BCP 74, RFC 3584, August 2003. | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | ||||
| 10646", STD 63, RFC 3629, November 2003. | ||||
| [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", RFC 5234, January 2008. | Specifications: ABNF", RFC 5234, January 2008. | |||
| [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. | [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | |||
| "Structure of Management Information Version 2 (SMIv2)", | "Structure of Management Information Version 2 (SMIv2)", | |||
| RFC 2578, STD 58, April 1999. | RFC 2578, STD 58, April 1999. | |||
| [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group | [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group | |||
| MIB", RFC 2863, June 2000. | MIB", RFC 2863, June 2000. | |||
| [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | |||
| "Introduction and Applicability Statements for Internet- | "Introduction and Applicability Statements for Internet- | |||
| Standard Management Framework", RFC 3410, December 2002. | Standard Management Framework", RFC 3410, December 2002. | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | ||||
| 10646", STD 63, RFC 3629, November 2003. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Vladislav Marinov | Vladislav Marinov | |||
| Jacobs University Bremen | Jacobs University Bremen | |||
| Campus Ring 1 | Campus Ring 1 | |||
| 28725 Bremen | 28725 Bremen | |||
| Germany | Germany | |||
| Email: v.marinov@jacobs-university.de | Email: v.marinov@jacobs-university.de | |||
| End of changes. 11 change blocks. | ||||
| 14 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||