| draft-ietf-opsawg-syslog-snmp-05.txt | rfc5675.txt | |||
|---|---|---|---|---|
| Network Working Group V. Marinov | Network Working Group V. Marinov | |||
| Internet-Draft J. Schoenwaelder | Request for Comments: 5675 J. Schoenwaelder | |||
| Intended status: Standards Track Jacobs University Bremen | Category: Standards Track Jacobs University Bremen | |||
| Expires: February 14, 2010 August 13, 2009 | October 2009 | |||
| Mapping Simple Network Management Protocol (SNMP) Notifications to | ||||
| SYSLOG Messages | ||||
| draft-ietf-opsawg-syslog-snmp-05.txt | ||||
| Status of this Memo | ||||
| This Internet-Draft is submitted to IETF in full conformance with the | ||||
| provisions of BCP 78 and BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Mapping Simple Network Management Protocol (SNMP) | |||
| Task Force (IETF), its areas, and its working groups. Note that | Notifications to SYSLOG Messages | |||
| other groups may also distribute working documents as Internet- | ||||
| Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | Abstract | |||
| and may be updated, replaced, or obsoleted by other documents at any | ||||
| time. It is inappropriate to use Internet-Drafts as reference | ||||
| material or to cite them other than as "work in progress." | ||||
| The list of current Internet-Drafts can be accessed at | This memo defines a mapping from Simple Network Management Protocol | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | (SNMP) notifications to SYSLOG messages. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | Status of This Memo | |||
| http://www.ietf.org/shadow.html. | ||||
| This Internet-Draft will expire on February 14, 2010. | This document specifies an Internet standards track protocol for the | |||
| Internet community, and requests discussion and suggestions for | ||||
| improvements. Please refer to the current edition of the "Internet | ||||
| Official Protocol Standards" (STD 1) for the standardization state | ||||
| and status of this protocol. Distribution of this memo is unlimited. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents | |||
| publication of this document (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | ||||
| Abstract | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | ||||
| described in the BSD License. | ||||
| This memo defines a mapping from Simple Network Management Protocol | RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | |||
| (SNMP) notifications to SYSLOG messages. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. SNMP Notifications . . . . . . . . . . . . . . . . . . . . 3 | 2.1. SNMP Notifications . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.2. SYSLOG Notifications . . . . . . . . . . . . . . . . . . . 5 | 2.2. SYSLOG Notifications . . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Mapping SNMP Notifications to SYSLOG Messages . . . . . . . . 6 | 3. Mapping SNMP Notifications to SYSLOG Messages . . . . . . . . 5 | |||
| 3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 7 | 3.1. SYSLOG Header . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7 | 3.2. Structured Data . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 3.3. MSG Data . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10 | 4. Relationship to the SYSLOG-MSG-MIB . . . . . . . . . . . . . . 10 | |||
| 5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 11 | 5. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 15 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 | ||||
| 1. Introduction | 1. Introduction | |||
| SNMP and SYSLOG are two widely used protocols to communicate event | SNMP and SYSLOG are two widely used protocols to communicate event | |||
| notifications. Although co-existence of several management protocols | notifications. Although co-existence of several management protocols | |||
| in one operational environment is possible, certain environments | in one operational environment is possible, certain environments | |||
| require that all event notifications are collected by a single system | require that all event notifications be collected by a single system | |||
| daemon such as a SYSLOG collector or an SNMP notification receiver | daemon, such as a SYSLOG collector or an SNMP notification receiver, | |||
| via a single management protocol. In such environments, it is | via a single management protocol. In such environments, it is | |||
| necessary to translate event notifications between management | necessary to translate event notifications between management | |||
| protocols. | protocols. | |||
| The latest version of SYSLOG, specified in [RFC5424], supports a | The latest version of SYSLOG, specified in [RFC5424], supports a | |||
| structured data element format. Structured data elements allow us to | structured data element format. Structured data elements allow us to | |||
| map between SNMP notifications and SYSLOG messages without losing | map between SNMP notifications and SYSLOG messages without losing | |||
| information. In this memo we specify a concrete mapping from SNMP | information. In this memo, we specify a concrete mapping from SNMP | |||
| event notifications [RFC3416] into SYSLOG messages [RFC5424]. We | event notifications [RFC3416] into SYSLOG messages [RFC5424]. We | |||
| specify how the SYSLOG message format should be utilized to carry the | specify how the SYSLOG message format should be utilized to carry the | |||
| information contained in an SNMP notification message. A new SYSLOG | information contained in an SNMP notification message. A new SYSLOG | |||
| structured data element is defined which carries the PDU portion of | structured data element is defined, which carries the PDU portion of | |||
| an SNMP notification message. | an SNMP notification message. | |||
| 1.1. Conventions | 1.1. Conventions | |||
| A system which has the capability of receiving SNMP notification | A system that has the capability of receiving SNMP notification | |||
| messages from an SNMP Notification Originator and sending the SNMP | messages from an SNMP notification originator and sending the SNMP | |||
| data contained inside in a SYSLOG message format to a SYSLOG | data contained inside in a SYSLOG message format to a SYSLOG | |||
| collector is referred in this memo as an "SNMP-to-SYSLOG translator". | collector is referred to in this memo as an "SNMP-to-SYSLOG | |||
| By definition, such a system should have an SNMP Notification | translator". By definition, such a system should have an SNMP | |||
| Receiver application and a SYSLOG originator running in order to be | ||||
| able to perform the functions of an "SNMP-to-SYSLOG translator". | RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | |||
| notification receiver application and a SYSLOG originator running in | ||||
| order to be able to perform the functions of an "SNMP-to-SYSLOG | ||||
| translator". | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Background | 2. Background | |||
| 2.1. SNMP Notifications | 2.1. SNMP Notifications | |||
| A detailed introduction to the SNMP Management Framework can be found | A detailed introduction to the SNMP Management Framework can be found | |||
| in [RFC3410]. The SNMP Management Architecture is described in | in [RFC3410]. The SNMP Management Architecture is described in | |||
| [RFC3411]. Managed objects are accessed via a virtual information | [RFC3411]. Managed objects are accessed via a virtual information | |||
| store, termed the Management Information Base or MIB [RFC3418]. | store, termed the Management Information Base or MIB [RFC3418]. | |||
| Objects in the MIB are defined using the mechanisms defined in the | Objects in the MIB are defined using the mechanisms defined in the | |||
| SMI [RFC2578]. | Structure of Management Information (SMI) [RFC2578]. | |||
| An SNMP notification message is generated and transmitted by an SNMP | An SNMP notification message is generated and transmitted by an SNMP | |||
| entity on behalf of a Notification Originator application [RFC3413]. | entity on behalf of a notification originator application [RFC3413]. | |||
| SNMP notifications are often used to notify a Notification Receiver | SNMP notifications are often used to notify a notification receiver | |||
| application at a logically remote SNMP entity that an event has | application at a logically remote SNMP entity that an event has | |||
| occurred or that a certain condition is present. There are two types | occurred or that a certain condition is present. There are two types | |||
| of SNMP protocol operations that are associated with SNMP | of SNMP protocol operations that are associated with SNMP | |||
| notification messages [RFC3416]: | notification messages [RFC3416]: | |||
| o SNMPv2-Trap-PDU, an unconfirmed notification delivery mechanisms | o SNMPv2-Trap-PDU, an unconfirmed notification delivery mechanism | |||
| o InformRequest-PDU, a confirmed notification delivery mechanism | o InformRequest-PDU, a confirmed notification delivery mechanism | |||
| The scopedPDU portion of an SNMPv3 trap or inform message has the | The scopedPDU portion of an SNMPv3 trap or inform message has the | |||
| following format [RFC3412]: | following format [RFC3412]: | |||
| ScopedPDU ::= SEQUENCE { | ScopedPDU ::= SEQUENCE { | |||
| contextEngineID OCTET STRING, | contextEngineID OCTET STRING, | |||
| contextName OCTET STRING, | contextName OCTET STRING, | |||
| data ANY -- e.g., PDUs as defined in [RFC3416] | data ANY -- e.g., PDUs as defined in [RFC3416] | |||
| } | } | |||
| The data member of the SEQUENCE ScopedPDU carries a SNMPv2-Trap-PDU | The data member of the SEQUENCE ScopedPDU carries an SNMPv2-Trap-PDU | |||
| or an InformRequest-PDU. They both have the same structure: | or an InformRequest-PDU. They both have the same structure: | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| PDUs ::= [7] IMPLICIT SEQUENCE { | PDUs ::= [7] IMPLICIT SEQUENCE { | |||
| request-id INTEGER, | request-id INTEGER, | |||
| error-status INTEGER, -- ignored in notifications | error-status INTEGER, -- ignored in notifications | |||
| error-index INTEGER, -- ignored in notifications | error-index INTEGER, -- ignored in notifications | |||
| variable-bindings VarBindList | variable-bindings VarBindList | |||
| } | } | |||
| -- variable binding | -- variable binding | |||
| VarBind ::= SEQUENCE { | VarBind ::= SEQUENCE { | |||
| skipping to change at page 5, line 7 | skipping to change at page 4, line 35 | |||
| endOfMibView [2] IMPLICIT NULL | endOfMibView [2] IMPLICIT NULL | |||
| } | } | |||
| } | } | |||
| -- variable-binding list | -- variable-binding list | |||
| VarBindList ::= SEQUENCE (SIZE (0..max-bindings)) OF VarBind | VarBindList ::= SEQUENCE (SIZE (0..max-bindings)) OF VarBind | |||
| The first two variable bindings in the variable binding list of an | The first two variable bindings in the variable binding list of an | |||
| SNMPv2-Trap-PDU or InformRequest-PDU are sysUpTime.0 [RFC3418] and | SNMPv2-Trap-PDU or InformRequest-PDU are sysUpTime.0 [RFC3418] and | |||
| snmpTrapOID.0 [RFC3418] respectively. If the OBJECTS clause is | snmpTrapOID.0 [RFC3418], respectively. If the OBJECTS clause is | |||
| present in the invocation of the corresponding NOTIFICATION-TYPE | present in the invocation of the corresponding NOTIFICATION-TYPE | |||
| macro, then each corresponding variable, as instantiated by this | macro, then each corresponding variable, as instantiated by this | |||
| notification, is copied, in order, to the variable-bindings field. | notification, is copied, in order, to the variable-bindings field. | |||
| If any additional variables are being included (at the option of the | If any additional variables are being included (at the option of the | |||
| generating SNMP entity), then each is copied to the variable-bindings | generating SNMP entity), then each is copied to the variable-bindings | |||
| field. | field. | |||
| In the case of SNMPv1 or SNMPv2c notifications, the contextEngineID | In the case of SNMPv1 or SNMPv2c notifications, the contextEngineID | |||
| and the contextName parameters are not present in notification | and the contextName parameters are not present in notification | |||
| messages. | messages. | |||
| This document assumes that notifications are in the format defined in | This document assumes that notifications are in the format defined in | |||
| RFC 3416 [RFC3416]. Notifications in the SNMPv1 notification format | [RFC3416]. Notifications in the SNMPv1 notification format MUST be | |||
| MUST be translated as described in Section 3.1 of RFC 3584 [RFC3584]. | translated as described in Section 3.1 of [RFC3584]. | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| 2.2. SYSLOG Notifications | 2.2. SYSLOG Notifications | |||
| The SYSLOG protocol is defined in [RFC5424]. The message contains a | The SYSLOG protocol is defined in [RFC5424]. The message contains a | |||
| global header and a number of structured data elements. The ABNF | global header and a number of structured data elements. The ABNF | |||
| [RFC5234] representation of a SYSLOG message is defined in RFC 5424 | [RFC5234] representation of a SYSLOG message is defined in RFC 5424 | |||
| [RFC5424]. The relevant productions for structured data elements | [RFC5424]. The relevant productions for structured data elements | |||
| are: | are: | |||
| STRUCTURED-DATA = NILVALUE / 1*SD-ELEMENT | STRUCTURED-DATA = NILVALUE / 1*SD-ELEMENT | |||
| skipping to change at page 6, line 7 | skipping to change at page 5, line 35 | |||
| UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | |||
| ; "shortest form" MUST be used | ; "shortest form" MUST be used | |||
| OCTET = %d00-255 | OCTET = %d00-255 | |||
| SP = %d32 | SP = %d32 | |||
| PRINTUSASCII = %d33-126 | PRINTUSASCII = %d33-126 | |||
| NILVALUE = "-" | NILVALUE = "-" | |||
| 3. Mapping SNMP Notifications to SYSLOG Messages | 3. Mapping SNMP Notifications to SYSLOG Messages | |||
| In this section, we define how the scopedPDU portion from a SNMP | In this section, we define how the scopedPDU portion from an SNMP | |||
| notification message is used to generate a message in the SYSLOG | notification message is used to generate a message in the SYSLOG | |||
| format. The notification receiver application at the SNMP-to-SYSLOG | format. The notification receiver application at the SNMP-to-SYSLOG | |||
| translator is listening for incoming notifications. After a | translator is listening for incoming notifications. After a | |||
| notification is received by the SNMP engine the data portion is | notification is received by the SNMP engine, the data portion is | |||
| forwarded to the notification receiver application. The data portion | forwarded to the notification receiver application. The data portion | |||
| contains the scopedPDU of the message which is used by the SYSLOG | contains the scopedPDU of the message, which is used by the SYSLOG | |||
| originator on the SNMP-to-SYSLOG translator to generate a SYSLOG | originator on the SNMP-to-SYSLOG translator to generate a SYSLOG | |||
| message and send it to a SYSLOG collector (or proxy). Note that | message and send it to a SYSLOG collector (or proxy). Note that | |||
| every SNMP notification maps to exactly one SYSLOG message. | every SNMP notification maps to exactly one SYSLOG message. | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| +------------+ +------------------+ | +------------+ +------------------+ | |||
| |snmp | snmp | | syslog +---------+ | |snmp | snmp | | syslog +---------+ | |||
| |notification| notification | +------------+ | message |syslog | | |notification| notification | +------------+ | message |syslog | | |||
| |originator |------------->| |syslog | |-------->|collector| | |originator |------------->| |syslog | |-------->|collector| | |||
| +------------+ | |originator | | +---------+ | +------------+ | |originator | | +---------+ | |||
| +------------+ | +------------+ | | +------------+ | +------------+ | | |||
| |snmp | snmp | +------------+ | syslog +---------+ | |snmp | snmp | +------------+ | syslog +---------+ | |||
| |notification| notification | |snmp | | message |syslog | | |notification| notification | |snmp | | message |syslog | | |||
| |originator |------------->| |notification| |-------->|collector| | |originator |------------->| |notification| |-------->|collector| | |||
| +------------+ | |receiver | | +---------+ | +------------+ | |receiver | | +---------+ | |||
| +------------+ | +------------+ | | +------------+ | +------------+ | | |||
| |snmp | snmp | | | |snmp | snmp | | | |||
| |notification| notification | SNMP-to-SYSLOG | | |notification| notification | SNMP-to-SYSLOG | | |||
| |originator |------------->| translator | | |originator |------------->| translator | | |||
| +------------+ +------------------+ | +------------+ +------------------+ | |||
| Figure 1: SNMP-to-SYSLOG translator deployment | Figure 1: SNMP-to-SYSLOG Translator Deployment | |||
| A common deployment scenario is shown in Figure 1. There can be many | A common deployment scenario is shown in Figure 1. There can be many | |||
| SNMP notification originators which send SNMP event notifications to | SNMP notification originators that send SNMP event notifications to | |||
| a SNMP-to-SYSLOG translator. The SNMP-to-SYSLOG translator extracts | an SNMP-to-SYSLOG translator. The SNMP-to-SYSLOG translator extracts | |||
| the data portion of the notification, generates a SYSLOG message, and | the data portion of the notification, generates a SYSLOG message, and | |||
| send the SYSLOG message to a SYSLOG collector, which is responsible | sends the SYSLOG message to a SYSLOG collector, which is responsible | |||
| for collecting and storing all notification messages. The arrows in | for collecting and storing all notification messages. The arrows in | |||
| Figure 1 indicate message flows, not individual messages. | Figure 1 indicate message flows, not individual messages. | |||
| The SNMP-to-SYSLOG translator is not transparent for a SYSLOG | The SNMP-to-SYSLOG translator is not transparent for a SYSLOG | |||
| collector. The global header of the SYSLOG message generated by the | collector. The global header of the SYSLOG message generated by the | |||
| SNMP-to-SYSLOG translator is filled with parameters that are specific | SNMP-to-SYSLOG translator is filled with parameters that are specific | |||
| for the system running the SNMP-to-SYSLOG translator such as its | for the system running the SNMP-to-SYSLOG translator, such as its | |||
| hostname, time stamp, etc. The data portion (scopedPDU for SNMPv3 or | hostname, timestamp, etc. The data portion (scopedPDU for SNMPv3 or | |||
| PDU for SNMPv1/SNMPv2c) of the SNMP notification message is contained | PDU for SNMPv1/SNMPv2c) of the SNMP notification message is contained | |||
| in the structured data of the SYSLOG message. | in the structured data of the SYSLOG message. | |||
| Implementations MUST drop invalid SNMP messages before they are | Implementations MUST drop invalid SNMP messages before they are | |||
| passed to the SNMP-to-SYSLOG translator. | passed to the SNMP-to-SYSLOG translator. | |||
| 3.1. SYSLOG Header | 3.1. SYSLOG Header | |||
| The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG | The SNMP-to-SYSLOG translator fills the HEADER field of a SYSLOG | |||
| message with parameters specific to the system on which it is | message with parameters specific to the system on which it is | |||
| running. The default facility level for SYSLOG messages containing | running. The default facility level for SYSLOG messages containing | |||
| SNMP notifications SHOULD be 3, which corresponds to messages | SNMP notifications SHOULD be 3, which corresponds to messages | |||
| generated by system daemons. The default severity level SHOULD be 5, | generated by system daemons. The default severity level SHOULD be 5, | |||
| which corresponds to "Notice: normal but significant condition". If | which corresponds to "Notice: normal but significant condition". If | |||
| the SNMP-to-SYSLOG translator has a notion of the type of | the SNMP-to-SYSLOG translator has a notion of the type of | |||
| notification that has been received it might choose other values for | notification that has been received, it might choose other values for | |||
| facility and severity level. | facility and severity level. | |||
| The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID and MSGID fields | RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | |||
| The VERSION, TIMESTAMP, HOSTNAME, APP-NAME, PROCID, and MSGID fields | ||||
| in the SYSLOG message header are filled with values that are specific | in the SYSLOG message header are filled with values that are specific | |||
| to the system on which the SNMP-to-SYSLOG translator is running. The | to the system on which the SNMP-to-SYSLOG translator is running. The | |||
| character set used in the HEADER MUST be seven-bit ASCII in an eight- | character set used in the HEADER MUST be seven-bit ASCII in an eight- | |||
| bit field as described in [RFC5424]. | bit field, as described in [RFC5424]. | |||
| 3.2. Structured Data | 3.2. Structured Data | |||
| The STRUCTURED-DATA field of a SYSLOG message carries the ScopedPDU | The STRUCTURED-DATA field of a SYSLOG message carries the ScopedPDU | |||
| (or PDU) portion of an SNMP notification message. For the purpose of | (or PDU) portion of an SNMP notification message. For the purpose of | |||
| carrying SNMP notification data, a new SD-ID element is defined. The | carrying SNMP notification data, a new SD-ID element is defined. The | |||
| ABNF [RFC5234] representation of the new structured element is: | ABNF [RFC5234] representation of the new structured element is: | |||
| SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]" | SNMP-SD-ELEMENT = "[" SNMP-SD-ID [CTX] *VARBIND "]" | |||
| SNMP-SD-ID = %x73.6E.6D.70 ; snmp | SNMP-SD-ID = %x73.6E.6D.70 ; snmp | |||
| skipping to change at page 8, line 18 | skipping to change at page 8, line 4 | |||
| OID = OIDSTART *("." OIDSUBID) | OID = OIDSTART *("." OIDSUBID) | |||
| OIDSTART = (("0." / "1.") [%d49-51] DIGIT) / ("2." OIDSUBID) | OIDSTART = (("0." / "1.") [%d49-51] DIGIT) / ("2." OIDSUBID) | |||
| OIDSUBID = ZERO / (NONZERODIGIT *DIGIT) | OIDSUBID = ZERO / (NONZERODIGIT *DIGIT) | |||
| PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and | PARAM-VALUE = UTF-8-STRING ; characters '"', '\' and | |||
| ; ']' MUST be escaped. | ; ']' MUST be escaped. | |||
| UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | UTF-8-STRING = *OCTET ; Any VALID UTF-8 String | |||
| ; "shortest form" MUST be used | ; "shortest form" MUST be used | |||
| HEXSTRING = *HEX | HEXSTRING = *HEX | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT | INTEGER32 = ["-"] NONZERODIGIT 0*DIGIT | |||
| UNSIGNED32 = NONZERODIGIT 0*DIGIT | UNSIGNED32 = NONZERODIGIT 0*DIGIT | |||
| UNSIGNED64 = NONZERODIGIT 0*DIGIT | UNSIGNED64 = NONZERODIGIT 0*DIGIT | |||
| IPV4ADDRESS = d8 "." d8 "." d8 "." d8 | IPV4ADDRESS = d8 "." d8 "." d8 "." d8 | |||
| d8 = DIGIT ; 0-9 | d8 = DIGIT ; 0-9 | |||
| / %d49-57 DIGIT ; 10-99 | / %d49-57 DIGIT ; 10-99 | |||
| / "1" 2DIGIT ; 100-199 | / "1" 2DIGIT ; 100-199 | |||
| / "2" %d48-52 DIGIT ; 200-249 | / "2" %d48-52 DIGIT ; 200-249 | |||
| / "25" %d48-53 ; 250-255 | / "25" %d48-53 ; 250-255 | |||
| HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f | HEX = DIGIT / %x41-46 / %x61-66 ; 0-9 / A-F / a-f | |||
| NONZERODIGIT = %d49-57 | NONZERODIGIT = %d49-57 | |||
| ZERO = %d48 | ZERO = %d48 | |||
| DIGIT = ZERO / NONZERODIGIT | DIGIT = ZERO / NONZERODIGIT | |||
| SP = %d32 | SP = %d32 | |||
| Each SNMP-SD-ELEMENT starts with the SD-ID "snmp". The first two | Each SNMP-SD-ELEMENT starts with the SD-ID "snmp". The first two | |||
| SD-ID parameters are "ctxEngine" and "ctxName". The context MUST be | SD-ID parameters are "ctxEngine" and "ctxName". The context MUST be | |||
| present in an SNMPv3 notification and therefore they MUST be present | present in an SNMPv3 notification and therefore "ctxEngine" and | |||
| in a SYSLOG message generated by an SNMP-to-SYSLOG translator from an | "ctxName" MUST be present in a SYSLOG message generated by an SNMP- | |||
| SNMPv3 notification. The contexdEngineID is encoded as an | to-SYSLOG translator from an SNMPv3 notification. The | |||
| hexadecimal string while the contextName is encoded as a UTF8 string. | contextEngineID is encoded as an hexadecimal string while the | |||
| contextName is encoded as a UTF8 string. | ||||
| The remaining parameters in the "snmp" SD-ID correspond to the | The remaining parameters in the "snmp" SD-ID correspond to the | |||
| varbind list elements contained in the SNMP PDU. The name of a | varbind list elements contained in the SNMP PDU. The name of a | |||
| varbind is encoded as an OID in dotted notation. The rendered OID is | varbind is encoded as an OID in dotted notation. The rendered OID is | |||
| carried in a "vN" parameter, where N identifies the position of the | carried in a "vN" parameter, where N identifies the position of the | |||
| varbind in the varbind list of the SNMP message (the first varbind | varbind in the varbind list of the SNMP message (the first varbind | |||
| having the position 1). A MIB aware implementation may in addition | having the position 1). A MIB-aware implementation may in addition | |||
| generate a parameter "lN" carrying the descriptor of the associated | generate a parameter "lN" carrying the descriptor of the associated | |||
| MIB object plus the instance identifier suffix (also called an OID | MIB object plus the instance identifier suffix (also called an OID | |||
| label). The number N again identifies the position of the varbind in | label). The number N again identifies the position of the varbind in | |||
| the varbind list of the SNMP message. | the varbind list of the SNMP message. | |||
| The value of a varbind is encoded depending on its type according to | The value of a varbind is encoded depending on its type according to | |||
| the rules shown in Table 1 and type specific parameter names are used | the rules shown in Table 1, and type-specific parameter names are | |||
| to convey the type information. The number N again identifies the | used to convey the type information. The number N again identifies | |||
| position of the varbind in the varbind list of the SNMP message. A | the position of the varbind in the varbind list of the SNMP message. | |||
| MIB aware implementation may in addition generate a parameter "aN" | A MIB-aware implementation may in addition generate a parameter "aN" | |||
| carrying a alternate textual representation of the value, which is | carrying an alternate textual representation of the value, which is | |||
| obtained by applying DISPLAY-HINTs and translating named numbers into | obtained by applying DISPLAY-HINTs and translating named numbers into | |||
| corresponding labels or OBJECT IDENTIFIER values to descriptors. For | corresponding labels or OBJECT IDENTIFIER values to descriptors. For | |||
| SNMP object types that have a DISPLAY-HINT of the form 'Ma' or 'Mt' | SNMP object types that have a DISPLAY-HINT of the form 'Ma' or 'Mt', | |||
| where M is some number, a MIB aware implementation can choose to | where M is some number, a MIB-aware implementation can choose to | |||
| include the "aN" parameter and to suppress the corresponding "xN" | include the "aN" parameter and to suppress the corresponding "xN" | |||
| parameter. This special case allows to save space for textual | parameter. This special case saves space for textual objects. A | |||
| objects. A receiver receiving a "aN" parameter without a matching | ||||
| value at position N can unambiguously convert the value carried in | RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | |||
| the "aN" parameter back to an OCTET STRING value. | ||||
| receiver receiving an "aN" parameter without a matching value at | ||||
| position N can unambiguously convert the value carried in the "aN" | ||||
| parameter back to an OCTET STRING value. | ||||
| While the inclusion of additional parameters carrying OID labels or | While the inclusion of additional parameters carrying OID labels or | |||
| alternate value representations increases human readability, this | alternate value representations increases human readability, this | |||
| comes at the cost of increased message size which may cause | comes at the cost of increased message size, which may cause | |||
| truncation of SYSLOG message. Therefore, implementations SHOULD | truncation of SYSLOG messages. Therefore, implementations SHOULD | |||
| provide a configuration mechanism to enable/disable the generation of | provide a configuration mechanism to enable/disable the generation of | |||
| parameters carrying OID labels or alternate value representations. | parameters carrying OID labels or alternate value representations. | |||
| +--------------------+------------+--------------------------+ | +--------------------+------------+--------------------------+ | |||
| | SNMP Type | PARAM-NAME | Value Encoding | | | SNMP Type | PARAM-NAME | Value Encoding | | |||
| +--------------------+------------+--------------------------+ | +--------------------+------------+--------------------------+ | |||
| | OBJECT IDENTIFIER | oN | dotted-decimal notation | | | OBJECT IDENTIFIER | oN | dotted-decimal notation | | |||
| | OCTET STRING | xN | hexadecimal string | | | OCTET STRING | xN | hexadecimal string | | |||
| | Counter32 | cN | unsigned decimal number | | | Counter32 | cN | unsigned decimal number | | |||
| | Counter64 | CN | unsigned decimal number | | | Counter64 | CN | unsigned decimal number | | |||
| skipping to change at page 10, line 4 | skipping to change at page 9, line 43 | |||
| Table 1: Mapping of SNMP Types to SD Params | Table 1: Mapping of SNMP Types to SD Params | |||
| The SYSLOG message generated by the SNMP-to-SYSLOG translator may, in | The SYSLOG message generated by the SNMP-to-SYSLOG translator may, in | |||
| addition to the SNMP-SD-ELEMENT, include other structured data | addition to the SNMP-SD-ELEMENT, include other structured data | |||
| elements in its structured data part. These additional structured | elements in its structured data part. These additional structured | |||
| data elements MUST comply with the specification in [RFC5424]. | data elements MUST comply with the specification in [RFC5424]. | |||
| In particular, the parameters in the "origin" SD-ID SHOULD identify | In particular, the parameters in the "origin" SD-ID SHOULD identify | |||
| the originator of the SNMP notification. A suitable value for the | the originator of the SNMP notification. A suitable value for the | |||
| "ip" parameter MAY be taken from the snmpTrapAddress varbind if | "ip" parameter MAY be taken from the snmpTrapAddress varbind if | |||
| present and a suitable value for the "enterpriseId" parameter MAY be | present, and a suitable value for the "enterpriseId" parameter MAY be | |||
| extracted from snmpTrapOID varbind. | extracted from the snmpTrapOID varbind. | |||
| 3.3. MSG Data | 3.3. MSG Data | |||
| The MSG part of the SYSLOG message is optional and may contain a | The MSG part of the SYSLOG message is optional and may contain a | |||
| free-form message that provides a textual description of the SNMP | free-form message that provides a textual description of the SNMP | |||
| event notification. According to [RFC5424], the character set used | event notification. According to [RFC5424], the character set used | |||
| in MSG SHOULD be UNICODE, encoded using UTF-8 as specified in | in MSG SHOULD be Unicode, encoded using UTF-8 as specified in | |||
| [RFC3629]. If the originator can not encode the MSG in Unicode, it | [RFC3629]. If the originator cannot encode the MSG in Unicode, it | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| MAY use any other encoding. The originator MAY use the "language" | MAY use any other encoding. The originator MAY use the "language" | |||
| parameters defined in [RFC5424] to convey information about the | parameters defined in [RFC5424] to convey information about the | |||
| natural language used inside MSG. | natural language used inside MSG. | |||
| 4. Relationship to the SYSLOG-MSG-MIB | 4. Relationship to the SYSLOG-MSG-MIB | |||
| A companion document defines an SNMP MIB module to represent SYSLOG | A companion document [RFC5676] defines an SNMP MIB module to | |||
| messages and to send SYSLOG messages as SNMP notifications to SNMP | represent SYSLOG messages and to send SYSLOG messages as SNMP | |||
| notification receivers [I-D.ietf-opsawg-syslog-msg-mib]. This | notifications to SNMP notification receivers. This section discusses | |||
| section discusses the possibilities of using both specifications in | the possibilities of using both specifications in combination. | |||
| combination. | ||||
| A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the | A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the | |||
| mapping of SNMP notifications to SYSLOG messages may be configured to | mapping of SNMP notifications to SYSLOG messages may be configured to | |||
| translate received SYSLOG messages containing SNMP notifications back | translate received SYSLOG messages containing SNMP notifications back | |||
| into the original SNMP notification. In this case, the relevant | into the original SNMP notification. In this case, the relevant | |||
| tables of the SYSLOG-MSG-MIB will not be populated for SYSLOG | tables of the SYSLOG-MSG-MIB will not be populated for SYSLOG | |||
| messages carrying SNMP notifications. This configuration allows | messages carrying SNMP notifications. This configuration allows | |||
| operators to build a forwarding chain where SNMP notifications are | operators to build a forwarding chain where SNMP notifications are | |||
| "tunneled" through SYSLOG messages. Due to size restrictions of the | "tunneled" through SYSLOG messages. Due to size restrictions of the | |||
| SYSLOG transports and the more verbose textual encoding used by | SYSLOG transports and the more verbose textual encoding used by | |||
| SYSLOG, there is a possibility that SNMP notification content gets | SYSLOG, there is a possibility that SNMP notification content will | |||
| truncated while tunneled through SYSLOG and thus the resulting SNMP | get truncated when tunneled through SYSLOG, and thus the resulting | |||
| notification may be incomplete. | SNMP notification may be incomplete. | |||
| An SNMP management application supporting the SYSLOG-MSG-MIB and the | An SNMP management application supporting the SYSLOG-MSG-MIB and the | |||
| mapping of SNMP notifications to SYSLOG messages may process | mapping of SNMP notifications to SYSLOG messages may process | |||
| information from the SYSLOG-MSG-MIB in order to emit a SYSLOG message | information from the SYSLOG-MSG-MIB in order to emit a SYSLOG message | |||
| representing the SYSLOG message recorded in the SYSLOG-MSG-MIB | representing the SYSLOG message recorded in the SYSLOG-MSG-MIB | |||
| module. This configuration allows operators to build a forwarding | module. This configuration allows operators to build a forwarding | |||
| chain where SYSLOG messages are "tunneled" through SNMP messages. A | chain where SYSLOG messages are "tunneled" through SNMP messages. A | |||
| notification receiver can determine whether a syslogMsgNotification | notification receiver can determine whether a syslogMsgNotification | |||
| contained all structured data element parameters of a SYSLOG message. | contained all structured data element parameters of a SYSLOG message. | |||
| In case parameters are missing, a forwarding application MUST | In case parameters are missing, a forwarding application MUST | |||
| retrieve the missing parameters from the SYSLOG-MSG-MIB. Regular | retrieve the missing parameters from the SYSLOG-MSG-MIB. Regular | |||
| polling of the SYSLOG-MSG-MIB can be used to take care of any lost | polling of the SYSLOG-MSG-MIB can be used to take care of any lost | |||
| SNMP notifications. | SNMP notifications. | |||
| 5. Usage Example | 5. Usage Example | |||
| Here we provide an example how an SNMP linkUp trap message is mapped | Here we provide an example of how an SNMP linkUp trap message is | |||
| into a SYSLOG message by using the mappings defined in Section 3.1 | mapped into a SYSLOG message by using the mappings defined in | |||
| and Section 3.2. | Section 3.1 and Section 3.2. | |||
| The linkUp notification is defined in [RFC2863] as follows: | The linkUp notification is defined in [RFC2863] as follows: | |||
| linkUp NOTIFICATION-TYPE | linkUp NOTIFICATION-TYPE | |||
| OBJECTS { ifIndex, ifAdminStatus, ifOperStatus } | OBJECTS { ifIndex, ifAdminStatus, ifOperStatus } | |||
| STATUS current | STATUS current | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| DESCRIPTION | DESCRIPTION | |||
| "A linkUp trap signifies that the SNMP entity, acting in an | "A linkUp trap signifies that the SNMP entity, acting in an | |||
| agent role, has detected that the ifOperStatus object for | agent role, has detected that the ifOperStatus object for | |||
| one of its communication links left the down state and | one of its communication links left the down state and | |||
| transitioned into some other state (but not into the | transitioned into some other state (but not into the | |||
| notPresent state). This other state is indicated by the | notPresent state). This other state is indicated by the | |||
| included value of ifOperStatus." | included value of ifOperStatus." | |||
| ::= { snmpTraps 4 } | ::= { snmpTraps 4 } | |||
| The scopedPDU portion of an SNMP linkUp trap sent using the SNMPv3 | The scopedPDU portion of an SNMP linkUp trap sent using the SNMPv3 | |||
| message format is shown below (left columns shows the BER encoding | message format is shown below (the left column shows the Basic | |||
| while the right column indicates the corresponding ASN.1 | Encoding Rules (BER) encoding, while the right column indicates the | |||
| definitions): | corresponding ASN.1 definitions): | |||
| 30:7C SEQUENCE { | 30:7C SEQUENCE { | |||
| 04:08:80:00:02:B8:04:61:62:63 800002b804616263 | 04:08:80:00:02:B8:04:61:62:63 800002b804616263 | |||
| 04:04:63:74:78:31 "ctx1" | 04:04:63:74:78:31 "ctx1" | |||
| A7:6A SNMPv2-Trap-PDU { | A7:6A SNMPv2-Trap-PDU { | |||
| 02:03:6D:08:67 INTEGER 7145575 | 02:03:6D:08:67 INTEGER 7145575 | |||
| 02:01:00 INTEGER 0 | 02:01:00 INTEGER 0 | |||
| 02:01:00 INTEGER 0 | 02:01:00 INTEGER 0 | |||
| 30:5D SEQUENCE OF { | 30:5D SEQUENCE OF { | |||
| 30:0F SEQUENCE { | 30:0F SEQUENCE { | |||
| skipping to change at page 12, line 15 | skipping to change at page 12, line 4 | |||
| The corresponding SYSLOG message generated by the SNMP-to-SYSLOG | The corresponding SYSLOG message generated by the SNMP-to-SYSLOG | |||
| translator is shown below. (SYSLOG examples should be considered to | translator is shown below. (SYSLOG examples should be considered to | |||
| be on one line. They are wrapped on multiple lines in this document | be on one line. They are wrapped on multiple lines in this document | |||
| for readability purposes only.) | for readability purposes only.) | |||
| <29>1 2003-10-11T22:14:15.003Z mymachine.example.com snmptrapd - ID47 | <29>1 2003-10-11T22:14:15.003Z mymachine.example.com snmptrapd - ID47 | |||
| [snmp ctxEngine="800002b804616263" ctxName="ctx1" | [snmp ctxEngine="800002b804616263" ctxName="ctx1" | |||
| v1="1.3.6.1.2.1.1.3.0" l1="sysUpTime.0" d1="94860" | v1="1.3.6.1.2.1.1.3.0" l1="sysUpTime.0" d1="94860" | |||
| v2="1.3.6.1.6.3.1.1.4.1.0" l2="snmpTrapOID.0" | v2="1.3.6.1.6.3.1.1.4.1.0" l2="snmpTrapOID.0" | |||
| o2="1.3.6.1.6.3.1.1.5.4" a2="linkUp" | o2="1.3.6.1.6.3.1.1.5.4" a2="linkUp" | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| v3="1.3.6.1.2.1.2.2.1.1.3" d3="3" | v3="1.3.6.1.2.1.2.2.1.1.3" d3="3" | |||
| v4="1.3.6.1.2.1.2.2.1.7.3" d4="1" a4="up" | v4="1.3.6.1.2.1.2.2.1.7.3" d4="1" a4="up" | |||
| v5="1.3.6.1.2.1.2.2.1.8.3" d5="1" a5="up"] | v5="1.3.6.1.2.1.2.2.1.8.3" d5="1" a5="up"] | |||
| The corresponding SYSLOG message has a priority value of 29 which | The corresponding SYSLOG message has a priority value of 29, which | |||
| means a facility level of 3 (system daemons) and a severity level of | means a facility level of 3 (system daemons) and a severity level of | |||
| 5 (Notice: Normal but significant condition) according to the | 5 (Notice: normal but significant condition) according to the | |||
| algorithm for calculation of priority value specified in Section | algorithm for calculation of priority value specified in Section | |||
| 6.2.1 of [RFC5424]. The rest of the fields in the header of the | 6.2.1 of [RFC5424]. The rest of the fields in the header of the | |||
| SYSLOG message are parameters that are specific to the system running | SYSLOG message are parameters that are specific to the system running | |||
| the SNMP-to-SYSLOG translator. The SYSLOG version is 1 and the | the SNMP-to-SYSLOG translator. The SYSLOG version is 1 and the | |||
| message was generated at 22:14:15.003Z on 2003-10-11T by the host | message was generated at 22:14:15.003Z on 2003-10-11T by the host | |||
| "mymachine.example.com". The application on the SNMP-to-SYSLOG | "mymachine.example.com". The application on the SNMP-to-SYSLOG | |||
| translator that generated the message was "snmptrapd", there is no | translator that generated the message was "snmptrapd"; there is no | |||
| information about the process id and the message on the SNMP-to- | information about the process id, and the message on the SNMP-to- | |||
| SYSLOG system is identified with the MSGID of ID47. | SYSLOG system is identified with the MSGID of ID47. | |||
| The SYSLOG message contains one structured data element with a SD-ID | The SYSLOG message contains one structured data element with an SD-ID | |||
| of "snmp" which means that this is the scopedPDU portion of an SNMP | of "snmp", which means that this is the scopedPDU portion of an SNMP | |||
| event notification message. The data which is contained in the | event notification message. The data that is contained in the | |||
| notification is associated with the ContextEngineID "123456" and | notification is associated with the ContextEngineID "123456" and | |||
| ContextName "ctx1". The request-id of the SNMP notification message | ContextName "ctx1". The request-id of the SNMP notification message | |||
| was "7145575". Then follows the data portion of the scopedPDU. The | was "7145575". Then follows the data portion of the scopedPDU. The | |||
| first two variables contained in the data portion are always the | first two variables contained in the data portion are always the | |||
| sysUpTime.0 and snmpTrapOID.0. An snmpTrapOID.0 with a value of | sysUpTime.0 and snmpTrapOID.0. An snmpTrapOID.0 with a value of | |||
| "1.3.6.1.6.3.1.1.5.4" means that this is a linkUp trap. The | "1.3.6.1.6.3.1.1.5.4" means that this is a linkUp trap. The | |||
| parameters v3="1.3.6.1.2.1.2.2.1.1.3" d3="3" mean that the SNMP | parameters v3="1.3.6.1.2.1.2.2.1.1.3" d3="3" mean that the SNMP | |||
| notification message is carrying the ifIndex object which has a type | notification message is carrying the ifIndex object, which has a type | |||
| INTEGER and has a value of 3. The parameters | INTEGER and a value of 3. The parameters v4="1.3.6.1.2.1.2.2.1.7.3" | |||
| v4="1.3.6.1.2.1.2.2.1.7.3" d4="1" mean that the SNMP notification | d4="1" mean that the SNMP notification message is carrying the object | |||
| message is carrying the object ifAdminStatus which has type INTEGER | ifAdminStatus, which has a type INTEGER and a value of 1. The | |||
| and a value of 1. The parameters v5="1.3.6.1.2.1.2.2.1.8.3" d5="1" | parameters v5="1.3.6.1.2.1.2.2.1.8.3" d5="1" mean that the SNMP | |||
| mean that the SNMP notification message is carrying the object | notification message is carrying the object ifOperStatus, which has a | |||
| ifOperStatus which has type INTEGER and a value of "1". | type INTEGER and a value of "1". | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| IANA is requested to register the SD-ID value "snmp" together with | IANA registered the SD-ID value "snmp" together with the PARAM-NAME | |||
| the PARAM-NAME values specified in Section 3.2 in the registry for | values specified in Section 3.2 in the registry for SYSLOG Structured | |||
| SYSLOG structured data id values according to Section 9 in [RFC5424]. | Data ID Values according to Section 9 in [RFC5424]. The notation <N> | |||
| The notation <N> indicates a position number. | indicates a position number. | |||
| SD-ID PARAM-NAME | SD-ID PARAM-NAME | |||
| snmp OPTIONAL | snmp OPTIONAL | |||
| ctxEngine OPTIONAL | ctxEngine OPTIONAL | |||
| ctxName OPTIONAL | ctxName OPTIONAL | |||
| v<N> OPTIONAL | v<N> OPTIONAL | |||
| l<N> OPTIONAL | l<N> OPTIONAL | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| o<N> OPTIONAL | o<N> OPTIONAL | |||
| x<N> OPTIONAL | x<N> OPTIONAL | |||
| c<N> OPTIONAL | c<N> OPTIONAL | |||
| C<N> OPTIONAL | C<N> OPTIONAL | |||
| u<N> OPTIONAL | u<N> OPTIONAL | |||
| d<N> OPTIONAL | d<N> OPTIONAL | |||
| i<N> OPTIONAL | i<N> OPTIONAL | |||
| n<N> OPTIONAL | n<N> OPTIONAL | |||
| p<N> OPTIONAL | p<N> OPTIONAL | |||
| t<N> OPTIONAL | t<N> OPTIONAL | |||
| a<N> OPTIONAL | a<N> OPTIONAL | |||
| 7. Security Considerations | 7. Security Considerations | |||
| The security considerations discussed in [RFC5424] apply to this | The security considerations discussed in [RFC5424] apply to this | |||
| document. | document. | |||
| The SNMP architecture supports an access control mechanism ensuring | The SNMP architecture supports an access control mechanism, ensuring | |||
| that SNMP notifications are only sent to receivers who are authorized | that SNMP notifications are only sent to receivers who are authorized | |||
| to receive the notification. Network operators using this mapping of | to receive the notification. Network operators using this mapping of | |||
| SNMP notifications to SYSLOG messages should enforce a consistent | SNMP notifications to SYSLOG messages should enforce a consistent | |||
| policy preventing people from accessing SNMP notifications via the | policy, preventing people from accessing SNMP notifications via the | |||
| SYSLOG mapping that would otherwise not be accessible. | SYSLOG mapping that would otherwise not be accessible. | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| The editors wish to thank the following individuals for providing | The editors wish to thank the following individuals for providing | |||
| helpful comments on various versions of this document: Martin | helpful comments on various versions of this document: Martin | |||
| Bjorklund, Washam Fan, Rainer Gerhards, Tom Petch, and Dan Romascanu. | Bjorklund, Washam Fan, Rainer Gerhards, Tom Petch, and Dan Romascanu. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | ||||
| [I-D.ietf-opsawg-syslog-msg-mib] | 9.1. Normative References | |||
| Schoenwaelder, J., Clemm, A., and A. Karmakar, | ||||
| "Definitions of Managed Objects for Mapping SYSLOG | ||||
| Messages to Simple Network Management Protocol (SNMP) | ||||
| Notifications", Internet Draft (work in progress), | ||||
| March 2009. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An | [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An | |||
| Architecture for Describing Simple Network Management | Architecture for Describing Simple Network Management | |||
| Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, | Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, | |||
| December 2002. | December 2002. | |||
| [RFC3412] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, | [RFC3412] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, | |||
| "Message Processing and Dispatching for the Simple Network | "Message Processing and Dispatching for the Simple Network | |||
| Management Protocol (SNMP)", STD 62, RFC 3412, | Management Protocol (SNMP)", STD 62, RFC 3412, | |||
| December 2002. | December 2002. | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network | [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network | |||
| Management Protocol (SNMP) Applications", STD 62, | Management Protocol (SNMP) Applications", STD 62, | |||
| RFC 3413, December 2002. | RFC 3413, December 2002. | |||
| [RFC3416] Presuhn, R., "Version 2 of the Protocol Operations for the | [RFC3416] Presuhn, R., "Version 2 of the Protocol Operations for the | |||
| Simple Network Management Protocol (SNMP)", STD 62, | Simple Network Management Protocol (SNMP)", STD 62, | |||
| RFC 3416, December 2002. | RFC 3416, December 2002. | |||
| [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | [RFC3418] Presuhn, R., "Management Information Base (MIB) for the | |||
| Simple Network Management Protocol (SNMP)", STD 62, | Simple Network Management Protocol (SNMP)", STD 62, | |||
| RFC 3418, December 2002. | RFC 3418, December 2002. | |||
| [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, | [RFC3584] Frye, R., Levi, D., Routhier, S., and B. Wijnen, | |||
| "Coexistence between Version 1, Version 2, and Version 3 | "Coexistence between Version 1, Version 2, and Version 3 | |||
| of the Internet-standard Network Management Framework.", | of the Internet-standard Network Management Framework", | |||
| BCP 74, RFC 3584, August 2003. | BCP 74, RFC 3584, August 2003. | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
| 10646", STD 63, RFC 3629, November 2003. | 10646", STD 63, RFC 3629, November 2003. | |||
| [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", RFC 5234, January 2008. | Specifications: ABNF", RFC 5234, January 2008. | |||
| [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. | [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009. | |||
| [RFC5676] Schoenwaelder, J., Clemm, A., and A. Karmakar, | ||||
| "Definitions of Managed Objects for Mapping SYSLOG | ||||
| Messages to Simple Network Management Protocol (SNMP) | ||||
| Notifications", RFC 5676, October 2009. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, | |||
| "Structure of Management Information Version 2 (SMIv2)", | "Structure of Management Information Version 2 (SMIv2)", | |||
| RFC 2578, STD 58, April 1999. | RFC 2578, STD 58, April 1999. | |||
| [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group | [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group | |||
| MIB", RFC 2863, June 2000. | MIB", RFC 2863, June 2000. | |||
| [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, | |||
| "Introduction and Applicability Statements for Internet- | "Introduction and Applicability Statements for Internet- | |||
| Standard Management Framework", RFC 3410, December 2002. | Standard Management Framework", RFC 3410, December 2002. | |||
| RFC 5675 Mapping SNMP Notifications to SYSLOG October 2009 | ||||
| Authors' Addresses | Authors' Addresses | |||
| Vladislav Marinov | Vladislav Marinov | |||
| Jacobs University Bremen | Jacobs University Bremen | |||
| Campus Ring 1 | Campus Ring 1 | |||
| 28725 Bremen | 28725 Bremen | |||
| Germany | Germany | |||
| Email: v.marinov@jacobs-university.de | EMail: v.marinov@jacobs-university.de | |||
| Juergen Schoenwaelder | Juergen Schoenwaelder | |||
| Jacobs University Bremen | Jacobs University Bremen | |||
| Campus Ring 1 | Campus Ring 1 | |||
| 28725 Bremen | 28725 Bremen | |||
| Germany | Germany | |||
| Email: j.schoenwaelder@jacobs-university.de | EMail: j.schoenwaelder@jacobs-university.de | |||
| End of changes. 68 change blocks. | ||||
| 139 lines changed or deleted | 162 lines changed or added | |||
This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||