David Harrington wrote:
Hi,
I propose that an initial set of syslog data models be developed in
the OPS Area WG.
Are you suggesting a set of standard SDEs for particular MIB objects,
or the SDE encoding rules for an arbitrary MIB object? Or both?
Andy
For those who have not followed the work of the syslog WG, let me
explain.
The syslog WG in the security area has drawn a number of syslog
implementers to work on standardizing the message format for syslog,
as an important step toward addressing security issues. The syslog WG
is scoped to address "security issues in network event logging", and
the work is drawing to a close, as three of the documents in its
charter (a message format and UDP and TLS transport mappings) are
being delivered for IESG consideration as Proposed Standards, and the
other three (a reliable transport mapping, an integrity-checking
"signature" mechanism, and a MIB module) are scheduled for WGLC within
the next two months. The co-chairs expect that the syslog WG will
close by year-end.
One of the features of the new message format is structured data
elements (SDEs), which provide a mechanism for structuring message
content so it is more easily parsed by programs/tools. The SDE format
supplements the traditional free-form text content. There are some
proposals starting to be published for SDEs and posted to the syslog
WG, such as SDEs that map syslog severity to ITU-T perceived
severities, following the work done in the ALARM-MIB.
The co-chairs believe it would be inappropriate for the "security
issues in network event logging" WG to deal with proposals for syslog
data modeling. The OPS area would be the likely area to work on data
modeling standards for syslog.
A few SDEs have been defined by the syslog WG that are used in the
syslog message header, but we have not addressed the many SDEs that
could be included in syslog content. It would be good to design a set
of SDEs that are consistent with other IETF protocol information
models and data models, such as MIB-II, IF-MIB, ENTITY-MIB, standard
SNMP notification-types, and standard netconf data models, to make it
easier for operators to correlate the information in syslog messages
with the information contained in SNMP trap and informs and in netconf
notifications, and possibly ipfix information elements. The experts in
these IETF-based information and data models are found in the OPS
area.
I propose that an initial set of SDEs be worked on within the OPSAWG.
The scope and deliverables of such work should be clearly defined
based on the correlation needs of operators, input from network
management modeling experts in the OPS area, in cooperation with the
syslog implementers from the current syslog WG.
If you agree and would be willing to work on developing standardized
SDEs for syslog, please email me at [EMAIL PROTECTED]
David Harrington
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
_______________________________________________
OPS-AREA mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ops-area
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
