My proposal for a Yang module for SYSLOG control (at the end of this
message) drew no replies. Would people at least be interested in an SNMP
MIB that allowed monitoring of the controls? What I have in mind is two
tables, a basic SYSLOG control table and a rate-limited event report
table. The contents of the tables would be as follows. The field names
are taken from RFC 5424.
Basic SYSLOG Control Table:
--------------------------
Key: combination of APP-NAME (general class of logs) and MSGID (specific
event type).
Assigned PRI value
Index into rate-limited table, or nil if not rate-limited
Suppressed (TRUE/FALSE)
If an event type is suppressed, the associated events are totally
ignored by the log system, so the assigned PRI value is not meaningful
and rate-limit value should be nil.
Rate Limited Log Control Table:
------------------------------
Key: table index
APP-NAME
MSGID
Reporting interval time units: seconds, hours, days, busy period.
Reporting interval value: integer
Maximum reports per reporting interval: integer
Count of observed events
Count of reported events
Comments?
Tom Taylor
Message previously sent (28 March)
==================================
While working on draft-ietf-behave-syslog-nat-logging, I noted a number
of management requirements for SYSLOG that are really independent of the
particular application being logged. These include, for example, a list
of events for which the operator wants logging suppressed, or
specifications for rate-limiting specific event reports. For more
details see Section 6, particularly sub-section 6.1.3 of the draft cited
above.
Would there be any interest in implementing or deploying a YANG module
to provide the necessary controls if I created one?
Tom Taylor
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
