Hi,
The Syslog protocols have been defined and are in
"proposed standard" stage. Now the working group needs
to decide whether it needs Syslog to be manageable.
To make it manageable we need to define a Syslog-MIB
(Management Information Base) module. This has been
an ongoing work for several years which was shelved
at some stage to let the WG focus on the core protocol
documents.
The working group is being rechartered and we
are looking for comments/feedback on the Syslog-MIB
proposal. In the absence of comments the chairs have
threatened to drop the Syslog-MIB proposal from the
charter. If that happens, for some time, you will NOT
be able to monitor/manage syslog from your management
console using the Internet Standard management
protocols. So, keep the comments coming.
A simple explanation of the current proposed
Syslog-MIB is given below. It explains the design
principles and more importantly the kind of things
that can be done by the Syslog-MIB.
If you want to see the actual draft syslog-MIB
proposal, please try
http://tools.ietf.org/html/draft-ietf-syslog-device-mib-17
Thanks and cheers
Glenn
----------------------- Simple SyslogMIB --------------------
Design
=======
The basic design principle has been to keep the MIB simple.
It has gone through several iterations, each one making it
simpler than the earlier version :-)
At present the MIB basically allows the NMS (Network Management
System) to manage the syslog entity (sender, receiver, relay) by
looking at its
(a) status ( up/down/suspended/unknown)
(b) configuration (Address, protocol, port number etc.)
(c) macro statistics
total number of messages (sent, received, relayed)
total number of exceptions
( drops, discards, malforms)
The asynchronous notifications will alert the NMS about changes
in the syslog entity's status.
That in a nutshell is what one will want to or need to do
for basic syslog monitoring/management.
The MIB can provide information on multiple syslog entities.
[Scenario: two syslogd's are running on a syslog server - one
for experiments one for regular operations.]
Examples:
=========
1. We may want to get a table like the following on our NMS
console:
Syslog Status and Statistics Summary
====================================
+-----+-----+--------------+------+-----+-----+---------+
|Index|Type | Description |Status| Messages |
| |rsR* | | |Sent | Recd| Dropped |
+-----+-----+--------------+------+-----+-----+---------+
| 1 |r-- | SecuritySys | Up | - | 120| - |
| 2 |r-- | Operations | Up | - | 1234| - |
| 3 |r-- | Experiment-1 | Up | - | 9890| - |
| 4 |-s- | SenderExpt-1 | Up | 99| - | 0 |
| 4 |rsR | Experiment-2 | Down | 1200| 2345| 0 |
+-----+-----+--------------+------+-----+-----+---------+
* r: Receiver , s: Sender, R: Relay
Note that this is a sample. Several other columns are possible.
In a similar manner the address and port of the syslog receiver,
the number of malformed messages received etc. can be obtained.
2. Facility wise statistics can be generated as follows.
Facility-wise Syslog Statistics Summary
=======================================
+-----+--------+-----+--------------+------+-----+-----+---------+
|Index|Facility|Type | Description |Status| Messages |
| | |rsR* | | |Sent | Recd| malformd|
+-----+--------+-----+--------------+------+-----+-----+---------+
| 1 | 51 |r-- | SecuritySys | Up | - | 123| - |
| 1 | 52 |r-- | SecuritySys | Up | - | 45| 45 |
| 1 | 53 |r-- | SecuritySys | Up | - | 6| - |
| 2 | 51 |r-- | Operations | Up | - | 789| - |
| 2 | 52 |r-- | Operations | Up | - | 10| 10 |
+-----+--------+-----+--------------+------+-----+-----+---------+
* r: Receiver , s: Sender, R: relay
3. In a more advanced scenario,
i. a syslog entity can be started, from the NMS console,
[with a specific address and port, if it is a receiver] or,
ii.an existing syslog entity can be stopped or suspended.
[I will not try to explain how that can be done.]
I think that is as simple as it can be. Let me know if
a. it can be made simpler or,
b. it is too simple and more detailed information/functions
are necessary.
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
