| rfc9742v1.txt | rfc9742.txt | |||
|---|---|---|---|---|
| skipping to change at line 156 ¶ | skipping to change at line 156 ¶ | |||
| statements to specify the optional features they support. At the | statements to specify the optional features they support. At the | |||
| same time, vendors can augment the model to add proprietary features. | same time, vendors can augment the model to add proprietary features. | |||
| Extending Facilities (Appendix B.1) shows an examples of how that can | Extending Facilities (Appendix B.1) shows an examples of how that can | |||
| be realized. | be realized. | |||
| Syslog consists of originators and collectors. The following diagram | Syslog consists of originators and collectors. The following diagram | |||
| shows syslog messages flowing from originators to collectors where | shows syslog messages flowing from originators to collectors where | |||
| filtering can take place. | filtering can take place. | |||
| Originators | Originators | |||
| +-------------+ +-------------+ +-------------+ +-------------+ | +-------------+ +-------------+ +-------------+ +-------------+ | |||
| | Various | | OS | | | | Remote | | | Various | | OS | | | | Remote | | |||
| | Components | | Kernel | | Line Cards | | Servers | | | Components | | Kernel | | Line Cards | | Servers | | |||
| +-------------+ +-------------+ +-------------+ +-------------+ | +-------------+ +-------------+ +-------------+ +-------------+ | |||
| +-------------+ +-------------+ +-------------+ +-------------+ | +-------------+ +-------------+ +-------------+ +-------------+ | |||
| | SNMP | | Interface | | Standby | | Syslog | | | SNMP | | Interface | | Standby | | Syslog | | |||
| | Events | | Events | | Supervisor | | Itself | | | Events | | Events | | Supervisor | | Itself | | |||
| +-------------+ +-------------+ +-------------+ +-------------+ | +-------------+ +-------------+ +-------------+ +-------------+ | |||
| | | | | | | |||
| +----------------------------------------------------------------+ | +----------------------------------------------------------------+ | |||
| | | | | |||
| | | | | |||
| | | | | |||
| | | | | |||
| +-------------+--------------+ | +-------------+--------------+ | |||
| | | | | | | | | |||
| v v v | v v v | |||
| Collectors | Collectors | |||
| +----------+ +----------+ +----------------+ | +----------+ +----------+ +----------------+ | |||
| | | | Log | |Remote Relay(s)/| | | | | Log | |Remote Relay(s)/| | |||
| | Console | | File(s) | |Collector(s) | | | Console | | File(s) | |Collector(s) | | |||
| +----------+ +----------+ +----------------+ | +----------+ +----------+ +----------------+ | |||
| Figure 1: Syslog Processing Flow | Figure 1: Syslog Processing Flow | |||
| Collectors are configured using the leaves in the syslog model | Collectors are configured using the leafs in the syslog model | |||
| "actions" container that correspond to each message collector: | "actions" container that correspond to each message collector: | |||
| * console | * console | |||
| * log file(s) | * log file(s) | |||
| * remote relay(s)/collector(s) | * remote relay(s)/collector(s) | |||
| Within each action, a selector is used to filter syslog messages. A | Within each action, a selector is used to filter syslog messages. A | |||
| selector consists of a list of one or more filters specified by | selector consists of a list of one or more filters specified by | |||
| facility-severity pairs, and, if supported via the select-match | facility-severity pairs, and, if supported via the select-match | |||
| feature, an optional regular expression pattern match that is | feature, an optional regular expression pattern match that is | |||
| performed on the [RFC5424] field. | performed on the [RFC5424] field. | |||
| A syslog message is processed if: | A syslog message is processed if: | |||
| There is an element of facility-list (F, S) where | A syslog message is processed if there is an element | |||
| the message facility matches F | of facility-list (F, S) where | |||
| and the message severity matches S | the message facility matches F, | |||
| and/or the message text matches the regex pattern (if it | the message severity matches S, | |||
| is present) | and/or the message text matches the regex pattern (if it | |||
| is present) | ||||
| The facility is one of a specific syslog-facility or all facilities. | The facility is one of a specific syslog-facility or all facilities. | |||
| The model offers the ability to select a transport that a user might | The model offers the ability to select a transport that a user might | |||
| want to use for a remote relay or collector. The choice is between | want to use for a remote relay or collector. The choice is between | |||
| using UDP or TLS-based sessions. The user can configure multiple | using UDP or TLS-based sessions. The user can configure multiple | |||
| relays or collectors, but they have to use the same transport. | relays or collectors, but they have to use the same transport. | |||
| The severity is one of type syslog-severity, all severities, or none. | The severity is one of type syslog-severity, all severities, or none. | |||
| None is a special case that can be used to disable a filter. When | None is a special case that can be used to disable a filter. When | |||
| skipping to change at line 235 ¶ | skipping to change at line 236 ¶ | |||
| Many vendors extend the list of facilities available for logging in | Many vendors extend the list of facilities available for logging in | |||
| their implementation. An example is included in "Extending | their implementation. An example is included in "Extending | |||
| Facilities" (Appendix B.1). | Facilities" (Appendix B.1). | |||
| 4.1. Syslog Module | 4.1. Syslog Module | |||
| A simplified tree representation of the data model is used in this | A simplified tree representation of the data model is used in this | |||
| document. Please see [RFC8340] for tree diagram notation. | document. Please see [RFC8340] for tree diagram notation. | |||
| module: ietf-syslog | module: ietf-syslog | |||
| +--rw syslog! | +--rw syslog! | |||
| +--rw actions | +--rw actions | |||
| +--rw console! {console-action}? | +--rw console! {console-action}? | |||
| | +--rw filter | | +--rw filter | |||
| | | +--rw facility-list* [facility severity] | | | +--rw facility-list* [facility severity] | |||
| | | +--rw facility union | | | +--rw facility union | |||
| | | +--rw severity union | | | +--rw severity union | |||
| | | +--rw advanced-compare {select-adv-compare}? | | | +--rw advanced-compare {select-adv-compare}? | |||
| | | +--rw compare? enumeration | | | +--rw compare? enumeration | |||
| | | +--rw action? identityref | | | +--rw action? identityref | |||
| | +--rw pattern-match? string {select-match}? | | +--rw pattern-match? string {select-match}? | |||
| +--rw file {file-action}? | +--rw file {file-action}? | |||
| | +--rw log-file* [name] | | +--rw log-file* [name] | |||
| | +--rw name inet:uri | | +--rw name inet:uri | |||
| | +--rw filter | | +--rw filter | |||
| | | +--rw facility-list* [facility severity] | | | +--rw facility-list* [facility severity] | |||
| | | +--rw facility union | | | +--rw facility union | |||
| | | +--rw severity union | | | +--rw severity union | |||
| | | +--rw advanced-compare {select-adv-compare}? | | | +--rw advanced-compare {select-adv-compare}? | |||
| | | +--rw compare? enumeration | | | +--rw compare? enumeration | |||
| | | +--rw action? identityref | | | +--rw action? identityref | |||
| | +--rw pattern-match? string {select-match}? | | +--rw pattern-match? string {select-match}? | |||
| | +--rw structured-data? boolean {structured-data}? | | +--rw structured-data? boolean {structured-data}? | |||
| | +--rw file-rotation | | +--rw file-rotation | |||
| | +--rw number-of-files? uint32 {file-limit-size}? | | +--rw number-of-files? uint32 {file-limit-size}? | |||
| | +--rw max-file-size? uint32 {file-limit-size}? | | +--rw max-file-size? uint32 {file-limit-size}? | |||
| | +--rw rollover? uint32 | | +--rw rollover? uint32 | |||
| | | {file-limit-duration}? | | | {file-limit-duration}? | |||
| | +--rw retention? uint32 | | +--rw retention? uint32 | |||
| | {file-limit-duration}? | | {file-limit-duration}? | |||
| +--rw remote {remote-action}? | +--rw remote {remote-action}? | |||
| +--rw destination* [name] | +--rw destination* [name] | |||
| +--rw name string | +--rw name string | |||
| +--rw (transport) | +--rw (transport) | |||
| | +--:(udp) | | +--:(udp) | |||
| | | +--rw udp | | | +--rw udp | |||
| | | +--rw udp* [address] | | | +--rw udp* [address] | |||
| | | +--rw address inet:host | | | +--rw address inet:host | |||
| | | +--rw port? inet:port-number | | | +--rw port? inet:port-number | |||
| | +--:(tls) | | +--:(tls) | |||
| | +--rw tls | | +--rw tls | |||
| | +--rw tls* [address] | | +--rw tls* [address] | |||
| | +--rw address inet:host | | +--rw address inet:host | |||
| | +--rw port? | | +--rw port? | |||
| | | inet:port-number | | | inet:port-number | |||
| | +--rw client-identity! | | +--rw client-identity! | |||
| | | +--rw (auth-type) | | | +--rw (auth-type) | |||
| | | ... | | | ... | |||
| | +--rw server-authentication | | +--rw server-authentication | |||
| | | +--rw ca-certs! {server-auth-x509-cert}? | | | +--rw ca-certs! {server-auth-x509-cert}? | |||
| | | | ... | | | | ... | |||
| | | +--rw ee-certs! {server-auth-x509-cert}? | | | +--rw ee-certs! {server-auth-x509-cert}? | |||
| | | | ... | | | | ... | |||
| | | +--rw raw-public-keys! | | | +--rw raw-public-keys! | |||
| | | | {server-auth-raw-public-key}? | | | | {server-auth-raw-public-key}? | |||
| | | | ... | | | | ... | |||
| | | +--rw tls12-psks? empty | | | +--rw tls12-psks? empty | |||
| | | | {server-auth-tls12-psk}? | | | | {server-auth-tls12-psk}? | |||
| | | +--rw tls13-epsks? empty | | | +--rw tls13-epsks? empty | |||
| | | {server-auth-tls13-epsk}? | | | {server-auth-tls13-epsk}? | |||
| | +--rw hello-params {tlscmn:hello-params}? | | +--rw hello-params {tlscmn:hello-params}? | |||
| | | +--rw tls-versions | | | +--rw tls-versions | |||
| | | | ... | | | | ... | |||
| | | +--rw cipher-suites | | | +--rw cipher-suites | |||
| | | ... | | | ... | |||
| | +--rw keepalives {tls-client-keepalives}? | | +--rw keepalives {tls-client-keepalives}? | |||
| | +--rw peer-allowed-to-send? empty | | +--rw peer-allowed-to-send? empty | |||
| | +--rw test-peer-aliveness! | | +--rw test-peer-aliveness! | |||
| | ... | | ... | |||
| +--rw filter | +--rw filter | |||
| | +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity] | |||
| | +--rw facility union | | +--rw facility union | |||
| | +--rw severity union | | +--rw severity union | |||
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}? | |||
| | +--rw compare? enumeration | | +--rw compare? enumeration | |||
| | +--rw action? identityref | | +--rw action? identityref | |||
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}? | |||
| +--rw structured-data? boolean {structured-data}? | +--rw structured-data? boolean {structured-data}? | |||
| +--rw facility-override? identityref | +--rw facility-override? identityref | |||
| +--rw source-interface? if:interface-ref | +--rw source-interface? if:interface-ref | |||
| | {remote-source-interface}? | | {remote-source-interface}? | |||
| +--rw signing! {signed-messages}? | +--rw signing! {signed-messages}? | |||
| +--rw cert-signers | +--rw cert-signers | |||
| +--rw cert-signer* [name] | +--rw cert-signer* [name] | |||
| | +--rw name string | | +--rw name string | |||
| | +--rw cert | | +--rw cert | |||
| | | +--rw public-key-format? | | | +--rw public-key-format? | |||
| | | | identityref | | | | identityref | |||
| | | +--rw public-key? binary | | | +--rw public-key? binary | |||
| | | +--rw private-key-format? | | | +--rw private-key-format? | |||
| | | | identityref | | | | identityref | |||
| | | +--rw (private-key-type) | | | +--rw (private-key-type) | |||
| | | | +--:(cleartext-private-key) | | | | +--:(cleartext-private-key) | |||
| | | | | {cleartext-private-keys}? | | | | | {cleartext-private-keys}? | |||
| | | | | ... | | | | | ... | |||
| | | | +--:(hidden-private-key) | | | | +--:(hidden-private-key) | |||
| | | | | {hidden-private-keys}? | | | | | {hidden-private-keys}? | |||
| | | | | ... | | | | | ... | |||
| | | | +--:(encrypted-private-key) | | | | +--:(encrypted-private-key) | |||
| | | | {encrypted-private-keys}? | | | | {encrypted-private-keys}? | |||
| | | | ... | | | | ... | |||
| | | +--rw cert-data? | | | +--rw cert-data? | |||
| | | | end-entity-cert-cms | | | | end-entity-cert-cms | |||
| | | +---n certificate-expiration | | | +---n certificate-expiration | |||
| | | | {certificate-expiration-notification}? | | | | {certificate-expiration-notificati\ | |||
| | | | +-- expiration-date | on}? | |||
| | | | yang:date-and-time | | | | +-- expiration-date | |||
| | | +---x generate-csr {csr-generation}? | | | | yang:date-and-time | |||
| | | +---w input | | | +---x generate-csr {csr-generation}? | |||
| | | | ... | | | +---w input | |||
| | | +--ro output | | | | ... | |||
| | | ... | | | +--ro output | |||
| | +--rw hash-algorithm? enumeration | | | ... | |||
| +--rw cert-initial-repeat? uint32 | | +--rw hash-algorithm? enumeration | |||
| +--rw cert-resend-delay? uint32 | +--rw cert-initial-repeat? uint32 | |||
| +--rw cert-resend-count? uint32 | +--rw cert-resend-delay? uint32 | |||
| +--rw sig-max-delay? uint32 | +--rw cert-resend-count? uint32 | |||
| +--rw sig-number-resends? uint32 | +--rw sig-max-delay? uint32 | |||
| +--rw sig-resend-delay? uint32 | +--rw sig-number-resends? uint32 | |||
| +--rw sig-resend-count? uint32 | +--rw sig-resend-delay? uint32 | |||
| +--rw sig-resend-count? uint32 | ||||
| Figure 2: Tree Diagram for Syslog Model | Figure 2: Tree Diagram for Syslog Model | |||
| 5. Syslog YANG Module | 5. Syslog YANG Module | |||
| 5.1. The ietf-syslog Module | 5.1. The ietf-syslog Module | |||
| This module imports typedefs from [RFC6991], [RFC8343], groupings | This module imports typedefs from [RFC6991], [RFC8343], groupings | |||
| from [RFC9640], and [RFC9645]. It references [RFC5424], [RFC5425], | from [RFC9640], and [RFC9645]. It references [RFC5424], [RFC5425], | |||
| [RFC5426], [RFC5848], [RFC8089], [RFC8174], and [Std-1003.1-2008]. | [RFC5426], [RFC5848], [RFC8089], [RFC8174], and [Std-1003.1-2024]. | |||
| <CODE BEGINS> file "ietf-syslog@2025-03-03.yang" | <CODE BEGINS> file "ietf-syslog@2025-03-03.yang" | |||
| module ietf-syslog { | module ietf-syslog { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; | namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; | |||
| prefix syslog; | prefix syslog; | |||
| import ietf-inet-types { | import ietf-inet-types { | |||
| prefix inet; | prefix inet; | |||
| reference | reference | |||
| "RFC 6991: Common YANG Data Types"; | "RFC 6991: Common YANG Data Types"; | |||
| } | } | |||
| import ietf-interfaces { | import ietf-interfaces { | |||
| prefix if; | prefix if; | |||
| reference | reference | |||
| "RFC 8343: A YANG Data Model for Interface Management"; | "RFC 8343: A YANG Data Model for Interface Management"; | |||
| } | } | |||
| import ietf-tls-client { | import ietf-tls-client { | |||
| prefix tlsc; | prefix tlsc; | |||
| reference | reference | |||
| "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; | "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; | |||
| } | } | |||
| import ietf-crypto-types { | import ietf-crypto-types { | |||
| prefix ct; | prefix ct; | |||
| reference | reference | |||
| "RFC 9640: YANG Data Types and Groupings for Cryptography"; | "RFC 9640: YANG Data Types and Groupings for Cryptography"; | |||
| } | } | |||
| organization | organization | |||
| "IETF NETMOD (Network Modeling) Working Group"; | "IETF NETMOD (Network Modeling) Working Group"; | |||
| contact | contact | |||
| "WG Web: <https://datatracker.ietf.org/wg/netmod/> | "WG Web: <https://datatracker.ietf.org/wg/netmod/> | |||
| WG List: <mailto:netmod@ietf.org> | WG List: <mailto:netmod@ietf.org> | |||
| Editor: Mahesh Jethanandani | Editor: Mahesh Jethanandani | |||
| <mailto:mjethanandani@gmail.com> | <mailto:mjethanandani@gmail.com> | |||
| Editor: Joe Clarke | Editor: Joe Clarke | |||
| <mailto:jclarke@cisco.com> | <mailto:jclarke@cisco.com> | |||
| Editor: Kiran Agrahara Sreenivasa | Editor: Kiran Agrahara Sreenivasa | |||
| <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com> | <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com> | |||
| Editor: Clyde Wildes | Editor: Clyde Wildes | |||
| <mailto:clyde@clydewildes.com>"; | <mailto:clyde@clydewildes.com>"; | |||
| description | description | |||
| "This module contains a collection of YANG definitions | "This module contains a collection of YANG definitions | |||
| for syslog configuration. | for syslog configuration. | |||
| Copyright (c) 2025 IETF Trust and the persons identified as | Copyright (c) 2025 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Revised BSD License | to the license terms contained in, the Revised BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal | set forth in Section 4.c of the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC 9742 | This version of this YANG module is part of RFC 9742 | |||
| (https://www.rfc-editor.org/info/rfc9742); | (https://www.rfc-editor.org/info/rfc9742); | |||
| see the RFC itself for full legal notices. | see the RFC itself for full legal notices. | |||
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | |||
| NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', | |||
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document | 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document | |||
| are to be interpreted as described in BCP 14 (RFC 2119) | are to be interpreted as described in BCP 14 (RFC 2119) | |||
| (RFC 8174) when, and only when, they appear in all capitals, | (RFC 8174) when, and only when, they appear in all capitals, | |||
| as shown here."; | as shown here."; | |||
| revision 2025-03-03 { | revision 2025-03-03 { | |||
| description | description | |||
| "Initial Revision"; | "Initial Revision"; | |||
| reference | reference | |||
| "RFC 9742: Syslog YANG Module"; | "RFC 9742: Syslog YANG Module"; | |||
| } | } | |||
| feature console-action { | feature console-action { | |||
| description | description | |||
| "This feature indicates that the local console action is | "This feature indicates that the local console action is | |||
| supported."; | supported."; | |||
| } | } | |||
| feature file-action { | feature file-action { | |||
| description | description | |||
| "This feature indicates that the local file action is | "This feature indicates that the local file action is | |||
| supported."; | supported."; | |||
| } | } | |||
| feature file-limit-size { | feature file-limit-size { | |||
| description | description | |||
| "This feature indicates that file logging resources | "This feature indicates that file logging resources | |||
| are managed using size and number limits."; | are managed using size and number limits."; | |||
| } | } | |||
| feature file-limit-duration { | feature file-limit-duration { | |||
| description | description | |||
| "This feature indicates that file logging resources | "This feature indicates that file logging resources | |||
| are managed using time based limits."; | are managed using time based limits."; | |||
| } | } | |||
| feature remote-action { | feature remote-action { | |||
| description | description | |||
| "This feature indicates that the remote server action is | "This feature indicates that the remote server action is | |||
| supported."; | supported."; | |||
| } | } | |||
| feature remote-source-interface { | feature remote-source-interface { | |||
| description | description | |||
| "This feature indicates that source-interface is supported | "This feature indicates that source-interface is supported | |||
| for the remote-action."; | for the remote-action."; | |||
| } | } | |||
| feature select-adv-compare { | feature select-adv-compare { | |||
| description | description | |||
| "This feature represents the ability to select messages | "This feature represents the ability to select messages | |||
| using the additional comparison operators when comparing | using the additional comparison operators when comparing | |||
| the syslog message severity."; | the syslog message severity."; | |||
| } | } | |||
| feature select-match { | feature select-match { | |||
| description | description | |||
| "This feature represents the ability to select messages | "This feature represents the ability to select messages | |||
| based on a Posix 1003.2 regular expression pattern | based on a Posix 1003.2 regular expression pattern | |||
| match."; | match."; | |||
| } | } | |||
| feature structured-data { | feature structured-data { | |||
| description | description | |||
| "This feature represents the ability to log messages | "This feature represents the ability to log messages | |||
| in structured-data format."; | in structured-data format."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol"; | |||
| } | } | |||
| feature signed-messages { | feature signed-messages { | |||
| description | description | |||
| "This feature represents the ability to configure signed | "This feature represents the ability to configure signed | |||
| syslog messages."; | syslog messages."; | |||
| reference | reference | |||
| "RFC 5848: Signed Syslog Messages"; | "RFC 5848: Signed Syslog Messages"; | |||
| } | } | |||
| typedef syslog-severity { | typedef syslog-severity { | |||
| type enumeration { | type enumeration { | |||
| enum emergency { | enum emergency { | |||
| value 0; | value 0; | |||
| description | description | |||
| "The severity level 'Emergency' indicates that the | "The severity level 'Emergency' indicates that the | |||
| system is unusable."; | system is unusable."; | |||
| } | } | |||
| enum alert { | enum alert { | |||
| value 1; | value 1; | |||
| description | description | |||
| "The severity level 'Alert' indicates that an | "The severity level 'Alert' indicates that an | |||
| action must be taken immediately."; | action must be taken immediately."; | |||
| } | } | |||
| enum critical { | enum critical { | |||
| value 2; | value 2; | |||
| description | description | |||
| "The severity level 'Critical' indicates a | "The severity level 'Critical' indicates a | |||
| critical condition."; | critical condition."; | |||
| } | } | |||
| enum error { | enum error { | |||
| value 3; | value 3; | |||
| description | description | |||
| "The severity level 'Error' indicates an error | "The severity level 'Error' indicates an error | |||
| condition."; | condition."; | |||
| } | } | |||
| enum warning { | enum warning { | |||
| value 4; | value 4; | |||
| description | description | |||
| "The severity level 'Warning' indicates a warning | "The severity level 'Warning' indicates a warning | |||
| condition."; | condition."; | |||
| } | } | |||
| enum notice { | enum notice { | |||
| value 5; | value 5; | |||
| description | description | |||
| "The severity level 'Notice' indicates a normal | "The severity level 'Notice' indicates a normal | |||
| but significant condition."; | but significant condition."; | |||
| } | } | |||
| enum info { | enum info { | |||
| value 6; | value 6; | |||
| description | description | |||
| "The severity level 'Info' indicates an | "The severity level 'Info' indicates an | |||
| informational message."; | informational message."; | |||
| } | } | |||
| enum debug { | enum debug { | |||
| value 7; | value 7; | |||
| description | description | |||
| "The severity level 'Debug' indicates a | "The severity level 'Debug' indicates a | |||
| debug-level message."; | debug-level message."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "The definitions for Syslog message severity. | "The definitions for Syslog message severity. | |||
| Note that a lower value is a higher severity. Comparisons | Note that a lower value is a higher severity. Comparisons | |||
| of equal-or-higher severity mean equal-or-lower numeric | of equal-or-higher severity mean equal-or-lower numeric | |||
| value"; | value"; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol"; | |||
| } | } | |||
| identity syslog-facility { | identity syslog-facility { | |||
| description | description | |||
| "This identity is used as a base for all syslog | "This identity is used as a base for all syslog | |||
| facilities."; | facilities."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol"; | |||
| } | } | |||
| identity kern { | identity kern { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for kernel messages (0)."; | "The facility for kernel messages (numerical code 0)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity user { | identity user { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for user-level messages (1)."; | "The facility for user-level messages (numerical code 1)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity mail { | identity mail { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the mail system (2)."; | "The facility for the mail system (numerical code 2)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity daemon { | identity daemon { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the system daemons (3)."; | "The facility for the system daemons (numerical code 3)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity auth { | identity auth { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for security/authorization messages (4)."; | "The facility for security/authorization messages (numerical | |||
| reference | code 4)."; | |||
| "RFC 5424: The Syslog Protocol"; | reference | |||
| } | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | ||||
| identity syslog { | identity syslog { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for messages generated internally by a syslogd | "The facility for messages generated internally by a syslogd | |||
| facility (5)."; | facility (numerical code 5)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity lpr { | identity lpr { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the line printer subsystem (6)."; | "The facility for the line printer subsystem (numerical code | |||
| reference | 6)."; | |||
| "RFC 5424: The Syslog Protocol"; | reference | |||
| } | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | ||||
| identity news { | identity news { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the network news subsystem (7)."; | "The facility for the network news subsystem (numerical code | |||
| reference | 7)."; | |||
| "RFC 5424: The Syslog Protocol"; | reference | |||
| } | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | ||||
| identity uucp { | identity uucp { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the Unix-to-Unix Copy (UUCP) subsystem (8)."; | "The facility for the Unix-to-Unix Copy (UUCP) subsystem | |||
| reference | (numerical code 8)."; | |||
| "RFC 5424: The Syslog Protocol"; | reference | |||
| } | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | ||||
| identity cron { | identity cron { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the clock daemon (9)."; | "The facility for the clock daemon (numerical code 9)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity authpriv { | identity authpriv { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for privileged security/authorization | "The facility for privileged security/authorization messages | |||
| messages (10)."; | (numerical code 10)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity ftp { | identity ftp { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the FTP daemon (11)."; | "The facility for the FTP daemon (numerical code 11)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity ntp { | identity ntp { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the NTP subsystem (12)."; | "The facility for the NTP subsystem (numerical code 12)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity audit { | identity audit { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for log audit messages (13)."; | "The facility for log audit messages (numerical code 13)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity console { | identity console { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for log alert messages (14)."; | "The facility for log alert messages (numerical code 14)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity cron2 { | identity cron2 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for the second clock daemon (15)."; | "The facility for the second clock daemon (numerical code | |||
| reference | 15)."; | |||
| "RFC 5424: The Syslog Protocol"; | reference | |||
| } | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | ||||
| identity local0 { | identity local0 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 0 messages (16)."; | "The facility for local use 0 messages (numerical code 16)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local1 { | identity local1 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 1 messages (17)."; | "The facility for local use 1 messages (numerical code 17)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local2 { | identity local2 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 2 messages (18)."; | "The facility for local use 2 messages (numerical code 18)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local3 { | identity local3 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 3 messages (19)."; | "The facility for local use 3 messages (numerical code 19)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol"; | |||
| } | } | |||
| identity local4 { | identity local4 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 4 messages (20)."; | "The facility for local use 4 messages (numerical code 20)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local5 { | identity local5 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 5 messages (21)."; | "The facility for local use 5 messages (numerical code 21)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local6 { | identity local6 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 6 messages (22)."; | "The facility for local use 6 messages (numerical code 22)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity local7 { | identity local7 { | |||
| base syslog-facility; | base syslog-facility; | |||
| description | description | |||
| "The facility for local use 7 messages (23)."; | "The facility for local use 7 messages (numerical code 23)."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol, Section 6.2.1."; | |||
| } | } | |||
| identity action { | identity action { | |||
| description | description | |||
| "Base identity for action for how a message will be | "Base identity for action for how a message will be | |||
| handled."; | handled."; | |||
| } | } | |||
| identity log { | identity log { | |||
| base action; | base action; | |||
| description | description | |||
| "This identity specifies that if the compare operation is | "This identity specifies that if the compare operation is | |||
| true, the message will be logged."; | true, the message will be logged."; | |||
| } | } | |||
| identity block { | identity block { | |||
| base action; | base action; | |||
| description | description | |||
| "This identity specifies that if the compare operation is | "This identity specifies that if the compare operation is | |||
| true, the message will not be logged."; | true, the message will not be logged."; | |||
| } | } | |||
| identity stop { | identity stop { | |||
| base action; | base action; | |||
| description | description | |||
| "This identity specifies that if the compare operation is | "This identity specifies that if the compare operation is | |||
| true, the message will not be logged and no further | true, the message will not be logged and no further | |||
| processing will occur for it."; | processing will occur for it."; | |||
| } | } | |||
| grouping severity-filter { | grouping severity-filter { | |||
| description | description | |||
| "This grouping defines the processing used to select | "This grouping defines the processing used to select | |||
| log messages by comparing syslog message severity using | log messages by comparing syslog message severity using | |||
| the following processing rules: | the following processing rules: | |||
| - if 'none', do not match. | - if 'none', do not match. | |||
| - if 'all', match. | - if 'all', match. | |||
| - else, compare message severity with the specified | - else, compare message severity with the specified | |||
| severity according to the default compare rule (all | severity according to the default compare rule (all | |||
| messages of the specified severity and greater match) | messages of the specified severity and greater match) | |||
| or if the select-adv-compare feature is present, use | or if the select-adv-compare feature is present, use | |||
| the advance-compare rule."; | the advance-compare rule."; | |||
| leaf severity { | leaf severity { | |||
| type union { | type union { | |||
| type syslog-severity; | type syslog-severity; | |||
| type enumeration { | type enumeration { | |||
| enum none { | enum none { | |||
| value 2147483647; | value 2147483647; | |||
| description | description | |||
| "This enum describes the case where no | "This enum describes the case where no | |||
| severities are selected."; | severities are selected."; | |||
| } | } | |||
| enum all { | enum all { | |||
| value -2147483648; | value -2147483648; | |||
| description | description | |||
| "This enum describes the case where all | "This enum describes the case where all | |||
| severities are selected."; | severities are selected."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "This leaf specifies the syslog message severity."; | "This leaf specifies the syslog message severity."; | |||
| } | } | |||
| container advanced-compare { | container advanced-compare { | |||
| when "../severity != \"all\" and | when "../severity != \"all\" and | |||
| ../severity != \"none\"" { | ../severity != \"none\"" { | |||
| description | description | |||
| "The advanced compare container is not applicable | "The advanced compare container is not applicable | |||
| for severity 'all' or severity 'none'"; | for severity 'all' or severity 'none'"; | |||
| } | } | |||
| if-feature "select-adv-compare"; | if-feature "select-adv-compare"; | |||
| leaf compare { | leaf compare { | |||
| type enumeration { | type enumeration { | |||
| enum equals { | enum equals { | |||
| description | description | |||
| "This enum specifies that the severity | "This enum specifies that the severity | |||
| comparison operation will be equals."; | comparison operation will be equals."; | |||
| } | } | |||
| enum equals-or-higher { | enum equals-or-higher { | |||
| description | description | |||
| "This enum specifies that the severity | "This enum specifies that the severity | |||
| comparison operation will be equals or | comparison operation will be equals or | |||
| higher."; | higher."; | |||
| } | } | |||
| } | } | |||
| default "equals-or-higher"; | default "equals-or-higher"; | |||
| description | description | |||
| "The compare can be used to specify the comparison | "The compare operation can be used to specify the comparison | |||
| operator that should be used to compare the syslog | operator that should be used to compare the syslog | |||
| message severity with the specified severity."; | message severity with the specified severity."; | |||
| } | } | |||
| leaf action { | leaf action { | |||
| type identityref { | type identityref { | |||
| base action; | base action; | |||
| } | } | |||
| default "log"; | default "log"; | |||
| description | description | |||
| "The action can be used to specify how the message | "The action can be used to specify how the message | |||
| should be handled. This may include logging the | should be handled. This may include logging the | |||
| message, not logging the message (i.e., blocking | message, not logging the message (i.e., blocking | |||
| it), or stopping further processing."; | it), or stopping further processing."; | |||
| } | } | |||
| description | description | |||
| "This container describes additional severity compare | "This container describes additional severity compare | |||
| operations that can be used in place of the default | operations that can be used in place of the default | |||
| severity comparison. The compare leaf specifies the | severity comparison. The compare leaf specifies the | |||
| type of the compare that is done and the action leaf | type of the compare operation that is done and the | |||
| specifies the intended result. | action leaf specifies the intended result. | |||
| Example: compare->equals and action->block means | Example: compare->equals and action->block means | |||
| messages that have a severity that are equal to the | messages that have a severity that are equal to the | |||
| specified severity will not be logged."; | specified severity will not be logged."; | |||
| } | } | |||
| } | } | |||
| grouping selector { | grouping selector { | |||
| description | description | |||
| "This grouping defines a syslog selector, which is used to | "This grouping defines a syslog selector, which is used to | |||
| select log messages for the log-actions (console, file, | select log messages for the log-actions (console, file, | |||
| remote, etc.). Choose one or both of the following: | remote, etc.). Choose one or both of the following: | |||
| facility [<facility> <severity>...] | facility [<facility> <severity>...] | |||
| pattern-match regular-expression-match-string | pattern-match regular-expression-match-string | |||
| If both facility and pattern-match are specified, both | If both facility and pattern-match are specified, both | |||
| must match in order for a log message to be selected."; | must match in order for a log message to be selected."; | |||
| container filter { | container filter { | |||
| description | description | |||
| "This container describes the syslog filter | "This container describes the syslog filter | |||
| parameters."; | parameters."; | |||
| list facility-list { | list facility-list { | |||
| key "facility severity"; | key "facility severity"; | |||
| ordered-by user; | ordered-by user; | |||
| description | description | |||
| "This list describes a collection of syslog | "This list describes a collection of syslog | |||
| facilities and severities."; | facilities and severities."; | |||
| leaf facility { | leaf facility { | |||
| type union { | type union { | |||
| type identityref { | type identityref { | |||
| base syslog-facility; | base syslog-facility; | |||
| } | } | |||
| type enumeration { | type enumeration { | |||
| enum all { | enum all { | |||
| description | description | |||
| "This enum describes the case where | "This enum describes the case where | |||
| all facilities are requested."; | all facilities are requested."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "The leaf uniquely identifies a syslog | "The leaf uniquely identifies a syslog | |||
| facility."; | facility."; | |||
| } | } | |||
| uses severity-filter; | uses severity-filter; | |||
| } | } | |||
| } | } | |||
| leaf pattern-match { | leaf pattern-match { | |||
| if-feature "select-match"; | if-feature "select-match"; | |||
| type string; | type string; | |||
| description | description | |||
| "This leaf describes a Posix 1003.2 regular expression | "This leaf describes a Posix 1003.2 regular expression | |||
| string that can be used to select a syslog message for | string that can be used to select a syslog message for | |||
| logging. The match is performed on the SYSLOG-MSG | logging. The match is performed on the SYSLOG-MSG | |||
| field."; | field."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol | "RFC 5424: The Syslog Protocol | |||
| Std-1003.1-2008 Regular Expressions"; | Std-1003.1-2024 Regular Expressions"; | |||
| } | } | |||
| } | } | |||
| grouping structured-data { | grouping structured-data { | |||
| description | description | |||
| "This grouping defines the syslog structured data option, | "This grouping defines the syslog structured data option, | |||
| which is used to select the format used to write log | which is used to select the format used to write log | |||
| messages."; | messages."; | |||
| leaf structured-data { | leaf structured-data { | |||
| if-feature "structured-data"; | if-feature "structured-data"; | |||
| type boolean; | type boolean; | |||
| default "false"; | default "false"; | |||
| description | description | |||
| "This leaf describes how log messages are written. | "This leaf describes how log messages are written. | |||
| If true, messages will be written with one or more | If true, messages will be written with one or more | |||
| STRUCTURED-DATA elements; if false, messages will be | STRUCTURED-DATA elements; if false, messages will be | |||
| written with STRUCTURED-DATA = NILVALUE."; | written with STRUCTURED-DATA = NILVALUE."; | |||
| reference | reference | |||
| "RFC 5424: The Syslog Protocol"; | "RFC 5424: The Syslog Protocol"; | |||
| } | } | |||
| } | } | |||
| container syslog { | container syslog { | |||
| presence "Enables logging."; | presence "Enables logging."; | |||
| description | description | |||
| "This container describes the configuration parameters for | "This container describes the configuration parameters for | |||
| syslog."; | syslog."; | |||
| container actions { | container actions { | |||
| description | description | |||
| "This container describes the log-action parameters | "This container describes the log-action parameters | |||
| for syslog."; | for syslog."; | |||
| container console { | container console { | |||
| if-feature "console-action"; | if-feature "console-action"; | |||
| presence "Enables logging to the console"; | presence "Enables logging to the console"; | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for console logging."; | parameters for console logging."; | |||
| uses selector; | uses selector; | |||
| } | } | |||
| container file { | container file { | |||
| if-feature "file-action"; | if-feature "file-action"; | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for file logging. If file-archive | parameters for file logging. If file-archive | |||
| limits are not supplied, it is assumed that | limits are not supplied, it is assumed that | |||
| the local implementation defined limits will | the local implementation defined limits will | |||
| be used."; | be used."; | |||
| list log-file { | list log-file { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "This list describes a collection of local | "This list describes a collection of local | |||
| logging files."; | logging files."; | |||
| leaf name { | leaf name { | |||
| type inet:uri { | type inet:uri { | |||
| pattern 'file:.*'; | pattern 'file:.*'; | |||
| } | } | |||
| description | description | |||
| "This leaf specifies the name of the log | "This leaf specifies the name of the log | |||
| file, which MUST use the uri scheme | file, which MUST use the uri scheme | |||
| file:."; | file:."; | |||
| reference | reference | |||
| "RFC 8089: The file URI Scheme"; | "RFC 8089: The file URI Scheme"; | |||
| } | } | |||
| uses selector; | uses selector; | |||
| uses structured-data; | uses structured-data; | |||
| container file-rotation { | container file-rotation { | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for log file rotation."; | parameters for log file rotation."; | |||
| leaf number-of-files { | leaf number-of-files { | |||
| if-feature "file-limit-size"; | if-feature "file-limit-size"; | |||
| type uint32; | type uint32; | |||
| default "1"; | default "1"; | |||
| description | description | |||
| "This leaf specifies the maximum number | "This leaf specifies the maximum number | |||
| of log files retained. Specify 1 for | of log files retained. Specify 1 for | |||
| implementations that only support one | implementations that only support one | |||
| log file."; | log file."; | |||
| } | } | |||
| leaf max-file-size { | leaf max-file-size { | |||
| if-feature "file-limit-size"; | if-feature "file-limit-size"; | |||
| type uint32; | type uint32; | |||
| units "megabytes"; | units "megabytes"; | |||
| description | description | |||
| "This leaf specifies the maximum log | "This leaf specifies the maximum log | |||
| file size."; | file size."; | |||
| } | } | |||
| leaf rollover { | leaf rollover { | |||
| if-feature "file-limit-duration"; | if-feature "file-limit-duration"; | |||
| type uint32; | type uint32; | |||
| units "minutes"; | units "minutes"; | |||
| description | description | |||
| "This leaf specifies the length of time | "This leaf specifies the length of time | |||
| that log events should be written to a | that log events should be written to a | |||
| specific log file. Log events that | specific log file. Log events that | |||
| arrive after the rollover period cause | arrive after the rollover period cause | |||
| the current log file to be closed and | the current log file to be closed and | |||
| a new log file to be opened."; | a new log file to be opened."; | |||
| } | } | |||
| leaf retention { | leaf retention { | |||
| if-feature "file-limit-duration"; | if-feature "file-limit-duration"; | |||
| type uint32; | type uint32; | |||
| units "minutes"; | units "minutes"; | |||
| description | description | |||
| "This leaf specifies the length of time | "This leaf specifies the length of time | |||
| that completed/closed log event files | that completed/closed log event files | |||
| should be stored in the file system | should be stored in the file system | |||
| before they are removed."; | before they are removed."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| container remote { | container remote { | |||
| if-feature "remote-action"; | if-feature "remote-action"; | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for forwarding syslog messages | parameters for forwarding syslog messages | |||
| to remote relays or collectors."; | to remote relays or collectors."; | |||
| list destination { | list destination { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "This list describes a collection of remote logging | "This list describes a collection of remote logging | |||
| destinations."; | destinations."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "An arbitrary name for the endpoint to connect to."; | "An arbitrary name for the endpoint to connect to."; | |||
| } | } | |||
| choice transport { | choice transport { | |||
| mandatory true; | mandatory true; | |||
| description | description | |||
| "This choice describes the transport option."; | "This choice describes the transport option."; | |||
| case udp { | case udp { | |||
| container udp { | container udp { | |||
| description | description | |||
| "This container describes the UDP transport | "This container describes the UDP transport | |||
| options."; | options."; | |||
| reference | reference | |||
| "RFC 5426: Transmission of Syslog Messages over | "RFC 5426: Transmission of Syslog Messages over | |||
| UDP"; | UDP"; | |||
| list udp { | list udp { | |||
| key "address"; | key "address"; | |||
| description | description | |||
| "List of all UDP sessions."; | "List of all UDP sessions."; | |||
| leaf address { | leaf address { | |||
| type inet:host; | type inet:host; | |||
| description | description | |||
| "The leaf uniquely specifies the address of the | "The leaf uniquely specifies the address of the | |||
| remote host. One of the following must be | remote host. One of the following must be | |||
| specified: | specified: | |||
| - an ipv4 address, | - an ipv4 address, | |||
| - an ipv6 address, or a | - an ipv6 address, or a | |||
| - host name."; | - host name."; | |||
| } | } | |||
| leaf port { | leaf port { | |||
| type inet:port-number; | type inet:port-number; | |||
| default "514"; | default "514"; | |||
| description | description | |||
| "This leaf specifies the port number used to | "This leaf specifies the port number used to | |||
| deliver messages to the remote server."; | deliver messages to the remote server."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| case tls { | case tls { | |||
| container tls { | container tls { | |||
| description | description | |||
| "This container describes the TLS transport | "This container describes the TLS transport | |||
| options."; | options."; | |||
| reference | reference | |||
| "RFC 5425: Transport Layer Security (TLS) Transport | "RFC 5425: Transport Layer Security (TLS) Transport | |||
| Mapping for Syslog "; | Mapping for Syslog "; | |||
| list tls { | list tls { | |||
| key "address"; | key "address"; | |||
| description | description | |||
| "List of all TLS-based sessions."; | "List of all TLS-based sessions."; | |||
| leaf address { | leaf address { | |||
| type inet:host; | type inet:host; | |||
| description | description | |||
| "The leaf uniquely specifies the address of the | "The leaf uniquely specifies the address of the | |||
| remote host. One of the following must be | remote host. One of the following must be | |||
| specified: an ipv4 address, an ipv6 address, | specified: an ipv4 address, an ipv6 address, | |||
| or a host name."; | or a host name."; | |||
| } | } | |||
| leaf port { | leaf port { | |||
| type inet:port-number; | type inet:port-number; | |||
| default "6514"; | default "6514"; | |||
| description | description | |||
| "TCP port 6514 has been allocated as the | "TCP port 6514 has been allocated as the | |||
| default port for syslog over TLS."; | default port for syslog over TLS."; | |||
| } | } | |||
| uses tlsc:tls-client-grouping; | uses tlsc:tls-client-grouping; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| uses selector; | uses selector; | |||
| uses structured-data; | uses structured-data; | |||
| leaf facility-override { | leaf facility-override { | |||
| type identityref { | type identityref { | |||
| base syslog-facility; | base syslog-facility; | |||
| } | } | |||
| description | description | |||
| "If specified, this leaf specifies the facility used | "If specified, this leaf specifies the facility used | |||
| to override the facility in messages delivered to the | to override the facility in messages delivered to the | |||
| remote server."; | remote server."; | |||
| } | } | |||
| leaf source-interface { | leaf source-interface { | |||
| if-feature "remote-source-interface"; | if-feature "remote-source-interface"; | |||
| type if:interface-ref; | type if:interface-ref; | |||
| description | description | |||
| "This leaf sets the source interface to be used to | "This leaf sets the source interface to be used to | |||
| send messages to the remote syslog server. If not set, | send messages to the remote syslog server. If not set, | |||
| messages can be sent on any interface."; | messages can be sent on any interface."; | |||
| } | } | |||
| container signing { | container signing { | |||
| if-feature "signed-messages"; | if-feature "signed-messages"; | |||
| presence "If present, syslog-signing options is | presence "If present, syslog-signing options is | |||
| activated."; | activated."; | |||
| description | description | |||
| "This container describes the configuration | "This container describes the configuration | |||
| parameters for signed syslog messages."; | parameters for signed syslog messages."; | |||
| reference | reference | |||
| "RFC 5848: Signed Syslog Messages"; | "RFC 5848: Signed Syslog Messages"; | |||
| container cert-signers { | container cert-signers { | |||
| description | description | |||
| "This container describes the signing certificate | "This container describes the signing certificate | |||
| configuration for Signature Group 0, which covers | configuration for Signature Group 0, which covers | |||
| the case for administrators who want all Signature | the case for administrators who want all Signature | |||
| Blocks to be sent to a single destination."; | Blocks to be sent to a single destination."; | |||
| list cert-signer { | list cert-signer { | |||
| key "name"; | key "name"; | |||
| description | description | |||
| "This list describes a collection of syslog message | "This list describes a collection of syslog message | |||
| signers."; | signers."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "This leaf specifies the name of the syslog | "This leaf specifies the name of the syslog | |||
| message signer."; | message signer."; | |||
| } | } | |||
| container cert { | container cert { | |||
| uses ct:asymmetric-key-pair-with-cert-grouping; | uses ct:asymmetric-key-pair-with-cert-grouping; | |||
| description | description | |||
| "This is the certificate that is periodically | "This is the certificate that is periodically | |||
| sent to the remote receiver. The certificate is | sent to the remote receiver. The certificate is | |||
| inherently associated with its private | inherently associated with its private | |||
| and public keys."; | and public keys."; | |||
| } | } | |||
| leaf hash-algorithm { | leaf hash-algorithm { | |||
| type enumeration { | type enumeration { | |||
| enum SHA1 { | enum SHA1 { | |||
| value 1; | value 1; | |||
| description | description | |||
| "This enum describes the SHA1 algorithm."; | "This enum describes the SHA1 algorithm."; | |||
| } | } | |||
| enum SHA256 { | enum SHA256 { | |||
| value 2; | value 2; | |||
| description | description | |||
| "This enum describes the SHA256 algorithm."; | "This enum describes the SHA256 algorithm."; | |||
| } | } | |||
| } | } | |||
| description | description | |||
| "This leaf describes the syslog signer hash | "This leaf describes the syslog signer hash | |||
| algorithm used."; | algorithm used."; | |||
| } | } | |||
| } | } | |||
| leaf cert-initial-repeat { | leaf cert-initial-repeat { | |||
| type uint32; | type uint32; | |||
| default "3"; | default "3"; | |||
| description | description | |||
| "This leaf specifies the number of times each | "This leaf specifies the number of times each | |||
| Certificate Block should be sent before the first | Certificate Block should be sent before the first | |||
| message is sent."; | message is sent."; | |||
| } | } | |||
| leaf cert-resend-delay { | leaf cert-resend-delay { | |||
| type uint32; | type uint32; | |||
| units "seconds"; | units "seconds"; | |||
| default "3600"; | default "3600"; | |||
| description | description | |||
| "This leaf specifies the maximum time delay in | "This leaf specifies the maximum time delay in | |||
| seconds until resending the Certificate Block."; | seconds until resending the Certificate Block."; | |||
| } | } | |||
| leaf cert-resend-count { | leaf cert-resend-count { | |||
| type uint32; | type uint32; | |||
| default "0"; | default "0"; | |||
| description | description | |||
| "This leaf specifies the maximum number of other | "This leaf specifies the maximum number of other | |||
| syslog messages to send until resending the | syslog messages to send until resending the | |||
| Certificate Block."; | Certificate Block."; | |||
| } | } | |||
| leaf sig-max-delay { | leaf sig-max-delay { | |||
| type uint32; | type uint32; | |||
| units "seconds"; | units "seconds"; | |||
| default "60"; | default "60"; | |||
| description | description | |||
| "This leaf specifies when to generate a new | "This leaf specifies when to generate a new | |||
| Signature Block. If this many seconds have elapsed | Signature Block. If this many seconds have elapsed | |||
| since the message with the first message number | since the message with the first message number | |||
| of the Signature Block was sent, a new Signature | of the Signature Block was sent, a new Signature | |||
| Block should be generated."; | Block should be generated."; | |||
| } | } | |||
| leaf sig-number-resends { | leaf sig-number-resends { | |||
| type uint32; | type uint32; | |||
| default "0"; | default "0"; | |||
| description | description | |||
| "This leaf specifies the number of times a | "This leaf specifies the number of times a | |||
| Signature Block is resent. (It is recommended to | Signature Block is resent. (It is recommended to | |||
| select a value of greater than 0 in particular | select a value of greater than 0 in particular | |||
| when the UDP transport as in RFC 5426 is used.)"; | when the UDP transport as in RFC 5426 is used.)"; | |||
| } | } | |||
| leaf sig-resend-delay { | leaf sig-resend-delay { | |||
| type uint32; | type uint32; | |||
| units "seconds"; | units "seconds"; | |||
| default "5"; | default "5"; | |||
| description | description | |||
| "This leaf specifies when to send the next | "This leaf specifies when to send the next | |||
| Signature Block transmission based on time. If | Signature Block transmission based on time. If | |||
| this many seconds have elapsed since the previous | this many seconds have elapsed since the previous | |||
| sending of this Signature Block, resend it."; | sending of this Signature Block, resend it."; | |||
| } | } | |||
| leaf sig-resend-count { | leaf sig-resend-count { | |||
| type uint32; | type uint32; | |||
| default "0"; | default "0"; | |||
| description | description | |||
| "This leaf specifies when to send the next | "This leaf specifies when to send the next | |||
| Signature Block transmission based on a count. | Signature Block transmission based on a count. | |||
| If this many other syslog messages have been sent | If this many other syslog messages have been sent | |||
| since the previous sending of this Signature | since the previous sending of this Signature | |||
| Block, resend it. A value of 0 means that you | Block, resend it. A value of 0 means that you | |||
| don't resend based on the number of messages."; | don't resend based on the number of messages."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| Figure 3: Syslog YANG Module | Figure 3: Syslog YANG Module | |||
| 6. Usage Examples | 6. Usage Examples | |||
| 6.1. Syslog Configuration for Severity Critical | The following examples are in XML [W3C.REC-xml-20081126]. | |||
| [note: '\' line wrapping for formatting only] | 6.1. Syslog Configuration for Severity Critical | |||
| <!-- | This example shows enabling console logging of syslogs of severity | |||
| Enable console logging of syslogs of severity critical | critical. | |||
| --> | ||||
| <?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> | <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> | |||
| <actions> | <actions> | |||
| <console> | <console> | |||
| <filter> | <filter> | |||
| <facility-list> | <facility-list> | |||
| <facility>all</facility> | <facility>all</facility> | |||
| <severity>critical</severity> | <severity>critical</severity> | |||
| </facility-list> | </facility-list> | |||
| </filter> | </filter> | |||
| </console> | </console> | |||
| </actions> | </actions> | |||
| </syslog> | </syslog> | |||
| Figure 4: Syslog Configuration for Severity Critical | Figure 4: Syslog Configuration for Severity Critical | |||
| 6.2. Remote Syslog Configuration | 6.2. Remote Syslog Configuration | |||
| [note: '\' line wrapping for formatting only] | This example shows enabling remote logging of syslogs to UDP | |||
| destination foo.example.com for facility auth and severity error. | ||||
| <!-- | ||||
| Enable remote logging of syslogs to udp destination | ||||
| foo.example.com for facility auth, severity error | ||||
| --> | ||||
| <?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> | <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> | |||
| <actions> | <actions> | |||
| <remote> | <remote> | |||
| <destination> | <destination> | |||
| <name>remote1</name> | <name>remote1</name> | |||
| <udp> | <udp> | |||
| <udp> | <udp> | |||
| <address>foo.example.com</address> | <address>foo.example.com</address> | |||
| </udp> | </udp> | |||
| </udp> | </udp> | |||
| <filter> | <filter> | |||
| <facility-list> | <facility-list> | |||
| <facility>auth</facility> | <facility>auth</facility> | |||
| <severity>error</severity> | <severity>error</severity> | |||
| </facility-list> | </facility-list> | |||
| </filter> | </filter> | |||
| </destination> | </destination> | |||
| </remote> | </remote> | |||
| </actions> | </actions> | |||
| </syslog> | </syslog> | |||
| Figure 5: Remote Syslog Configuration | Figure 5: Remote Syslog Configuration | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| 7.1. The IETF XML Registry | 7.1. The IETF XML Registry | |||
| This document registers one URI in the "IETF XML Registry", following | This document registers one URI in the "IETF XML Registry", following | |||
| the format defined in [RFC3688]: | the format defined in [RFC3688]: | |||
| skipping to change at line 1360 ¶ | skipping to change at line 1363 ¶ | |||
| Name: ietf-syslog | Name: ietf-syslog | |||
| Namespace: urn:ietf:params:xml:ns:yang:ietf-syslog | Namespace: urn:ietf:params:xml:ns:yang:ietf-syslog | |||
| Prefix: syslog | Prefix: syslog | |||
| Reference: RFC 9742 | Reference: RFC 9742 | |||
| 8. Security Considerations | 8. Security Considerations | |||
| This section is modeled after the template defined in Section 3.7.1 | This section is modeled after the template defined in Section 3.7.1 | |||
| of [RFC8407]. | of [RFC8407]. | |||
| The YANG module specified in this document defines a schema for data | The "ietf-syslog" YANG module defines a data model that is designed | |||
| that is designed to be accessed via network management protocols such | to be accessed via YANG-based management protocols, such as NETCONF | |||
| as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a | |||
| is the secure transport layer, and the mandatory-to-implement secure | secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC | |||
| transport is Secure Shell (SSH) [RFC4252]. The lowest RESTCONF layer | [RFC9000]) and have to use mutual authentication. | |||
| is HTTPS, and the mandatory-to-implement secure transport is TLS | ||||
| [RFC8446]. | ||||
| The Network Configuration Access Control Model (NACM) [RFC8341] | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
| provides the means to restrict access for particular NETCONF or | provides the means to restrict access for particular NETCONF or | |||
| RESTCONF users to a preconfigured subset of all available NETCONF or | RESTCONF users to a preconfigured subset of all available NETCONF or | |||
| RESTCONF protocol operations and content. | RESTCONF protocol operations and content. | |||
| This module imports groupings from ietf-crypto-types YANG module | This module imports groupings from ietf-crypto-types YANG module | |||
| defined in YANG Groupings for Crypto Types [RFC9640]. Security | defined in YANG Groupings for Crypto Types [RFC9640]. Security | |||
| considerations described in that document apply to this module also. | considerations described in that document apply to this module also. | |||
| skipping to change at line 1504 ¶ | skipping to change at line 1505 ¶ | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., | [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., | |||
| and R. Wilton, "YANG Library", RFC 8525, | and R. Wilton, "YANG Library", RFC 8525, | |||
| DOI 10.17487/RFC8525, March 2019, | DOI 10.17487/RFC8525, March 2019, | |||
| <https://www.rfc-editor.org/info/rfc8525>. | <https://www.rfc-editor.org/info/rfc8525>. | |||
| [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based | ||||
| Multiplexed and Secure Transport", RFC 9000, | ||||
| DOI 10.17487/RFC9000, May 2021, | ||||
| <https://www.rfc-editor.org/info/rfc9000>. | ||||
| [RFC9640] Watsen, K., "YANG Data Types and Groupings for | [RFC9640] Watsen, K., "YANG Data Types and Groupings for | |||
| Cryptography", RFC 9640, DOI 10.17487/RFC9640, October | Cryptography", RFC 9640, DOI 10.17487/RFC9640, October | |||
| 2024, <https://www.rfc-editor.org/info/rfc9640>. | 2024, <https://www.rfc-editor.org/info/rfc9640>. | |||
| [RFC9645] Watsen, K., "YANG Groupings for TLS Clients and TLS | [RFC9645] Watsen, K., "YANG Groupings for TLS Clients and TLS | |||
| Servers", RFC 9645, DOI 10.17487/RFC9645, October 2024, | Servers", RFC 9645, DOI 10.17487/RFC9645, October 2024, | |||
| <https://www.rfc-editor.org/info/rfc9645>. | <https://www.rfc-editor.org/info/rfc9645>. | |||
| [Std-1003.1-2008] | [Std-1003.1-2024] | |||
| The Open Group, ""Chapter 9: Regular Expressions" The Open | The Open Group, ""Chapter 9: Regular Expressions" The Open | |||
| Group Base Specifications Issue 6, IEEE Std 1003.1-2008, | Group Base Specifications Issue 8, IEEE Std 1003.1-2024", | |||
| 2016 Edition", September 2016, | 2024, <https://pubs.opengroup.org/onlinepubs/9799919799>. | |||
| <https://pubs.opengroup.org/ | ||||
| onlinepubs/9699919799.2016edition/>. | [W3C.REC-xml-20081126] | |||
| Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., | ||||
| and F. Yergeau, "Extensible Markup Language (XML) 1.0 | ||||
| (Fifth Edition)", World Wide Web Consortium | ||||
| Recommendation REC-xml-20081126, November 2008, | ||||
| <https://www.w3.org/TR/2008/REC-xml-20081126/>. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | |||
| BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8340>. | <https://www.rfc-editor.org/info/rfc8340>. | |||
| [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
| and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
| (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
| End of changes. 75 change blocks. | ||||
| 1046 lines changed or deleted | 1057 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||