Hi Dave, The same question that Andy asks below occurred to me when I read your note...since I have not followed the "Security Issues in Syslog" WG for some time, I checked the WG charter page and the additional info at http://www.employees.org/~lonvick/index.shtml ...and came away a bit confused about the MIB work being done there ...this confusion is still based on flimsy research, so I won't whine about a smack on the wrist if warranted. :)
However, the charter calls for a Syslog Device MIB...the current version of the I-D appears to be at http://www.ietf.org/internet-drafts/draft-ietf-syslog-device-mib-15.txt ...but that MIB seems to be about control and monitoring of Syslog applications (nothing wrong with that!...quite the contrary) ...notes indicate that the change was made at -11 (the descriptive text on the "Additional Info" page should be updated accordingly) ...changes "process" and "device" to "entity" == "application"...fine. But what IETF MIB refers to Syslog messages themselves...along the lines of, for example, the CISCO-SYSLOG-MIB...? Cheers, BobN -----Original Message----- From: Andy Bierman [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 11:24 AM To: David Harrington Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [OPS-AREA] syslog data modeling David Harrington wrote: > Hi, > > I propose that an initial set of syslog data models be developed in > the OPS Area WG. Are you suggesting a set of standard SDEs for particular MIB objects, or the SDE encoding rules for an arbitrary MIB object? Or both? Andy > > For those who have not followed the work of the syslog WG, let me > explain. > > The syslog WG in the security area has drawn a number of syslog > implementers to work on standardizing the message format for syslog, > as an important step toward addressing security issues. The syslog WG > is scoped to address "security issues in network event logging", and > the work is drawing to a close, as three of the documents in its > charter (a message format and UDP and TLS transport mappings) are > being delivered for IESG consideration as Proposed Standards, and the > other three (a reliable transport mapping, an integrity-checking > "signature" mechanism, and a MIB module) are scheduled for WGLC within > the next two months. The co-chairs expect that the syslog WG will > close by year-end. > > One of the features of the new message format is structured data > elements (SDEs), which provide a mechanism for structuring message > content so it is more easily parsed by programs/tools. The SDE format > supplements the traditional free-form text content. There are some > proposals starting to be published for SDEs and posted to the syslog > WG, such as SDEs that map syslog severity to ITU-T perceived > severities, following the work done in the ALARM-MIB. > > The co-chairs believe it would be inappropriate for the "security > issues in network event logging" WG to deal with proposals for syslog > data modeling. The OPS area would be the likely area to work on data > modeling standards for syslog. > > A few SDEs have been defined by the syslog WG that are used in the > syslog message header, but we have not addressed the many SDEs that > could be included in syslog content. It would be good to design a set > of SDEs that are consistent with other IETF protocol information > models and data models, such as MIB-II, IF-MIB, ENTITY-MIB, standard > SNMP notification-types, and standard netconf data models, to make it > easier for operators to correlate the information in syslog messages > with the information contained in SNMP trap and informs and in netconf > notifications, and possibly ipfix information elements. The experts in > these IETF-based information and data models are found in the OPS > area. > > I propose that an initial set of SDEs be worked on within the OPSAWG. > The scope and deliverables of such work should be clearly defined > based on the correlation needs of operators, input from network > management modeling experts in the OPS area, in cooperation with the > syslog implementers from the current syslog WG. > > If you agree and would be willing to work on developing standardized > SDEs for syslog, please email me at [EMAIL PROTECTED] > > > David Harrington > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > > > > _______________________________________________ > OPS-AREA mailing list > [EMAIL PROTECTED] > https://www1.ietf.org/mailman/listinfo/ops-area > > _______________________________________________ OPS-AREA mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ops-area _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
