headers
tom.petch | 1 Oct 2006 20:56

Re: Working Group Last Call: syslog-mib document

<inline>

----- Original Message -----
From: "Glenn M. Keeni" <glenn <at> cysols.com>
To: "tom.petch" <cfinss <at> dial.pipex.com>
Cc: <syslog <at> ietf.org>
Sent: Saturday, September 30, 2006 7:57 AM
Subject: Re: [Syslog] Working Group Last Call: syslog-mib document

> Tom,
>     Your observation is correct. I guess that other MIBs deal with
> entities which are essentially singleton in the context of a host.
> An SNMP agent on the host services the information rquired to
> monitor "the" entity.
>     Some entities may not be singleton - syslog is one of them. The
> syslog MIB nicely takes care of this case. It can service multiple
> syslog daemons. For example, one can ask
>      - how many syslog messages were received by the experimental
>        syslogd that I am running on UDP port 10512?
>      - how many syslog messages were received by the standard
>        syslogd that I am running on TCP port 512 ?
>     etc.
>
>     I think that this is a very nice feature. Am I missing something?

No, you are missing nothing; I am just stating the obvious:-)

I state it because, for me, it makes the MIB I-D stand out as something
different, not like the other syslog I-Ds, and balancing the benefits of this
feature against the costs of differentness (and the additional complexity in the
(Continue reading)

Permalink | Reply | 0 comments |
headers
rfgraveman | 2 Oct 2006 21:23
Favicon

review of draft-ietf-syslog-protocol-17

I reviewed this draft and believe it is in good shape and reflects the
discussions on the list and consensus of the working group. After one more
round, it should IMO be ready to go to the AD.

In addition to or in agreement with the other review comments that have
been posted, I sent some editorial comments to the author and also made a
couple of small comments about:

1. replacing the reference to 3513 with 4291
2. clarifying the text about when UTF-8 versus "plain ASCII" is present in a
   SD-PARAMs versus the MSG
3. simplifying the overloaded use of HOSTNAME, Hostname, and hostname in
   Section 6.2.4.

The details are below.

Rich Graveman

------------------
   If an IPv4 address is used, it MUST be in the format of the dotted
   decimal notation as used in STD 13 [4].  If an IPv6 address is used,
   a valid textual representation described in RFC 3513 [10], Section
   2.2, MUST be used.
* RFC 4291 (DS) obsoletes 3513. Section number 2.2 is still correct.
-------------------from 6.2.4
   The NILVALUE SHOULD only be used when the sender has no way to obtain
   its real hostname.  This situation is considered highly unlikely.
* We now have HOSTNAME, Hostname, and hostname. Maybe just:
* s/its real hostname/any of the names or addresses listed above/
-------------------from 6.4
(Continue reading)

Permalink | Reply | 1 comment |
headers
Glenn M. Keeni | 3 Oct 2006 00:15
Favicon

WGLC results : Syslog-MIB

Hi,
    The status of the draft is attached.

Glenn

Current draft: draft-ietf-syslog-device-mib-09.txt ( September 3, 2006)

Comments:
      Editorial: None

      Closed Issues:
         1. Comment: Tables in the MIB to serve "groups of" syslog
            entities look different in focus from the other syslog
            protocols
            o Reference
               Re: [Syslog] Working Group Last Call: syslog-mib document
               Tom Petch [2006/09/28 23:05]
            o Action: explained the usage and necessity of the tables to
               serve a group of syslog entities
            o Status: I think that the issue is closed.

      Open Issues:
         1. Comments: should anything on syslog-sign be added?
            o Reference
              RE: [Syslog] MIB document decision
              Alexander Clemm [2006/09/21 6:47]
            o Action: sent back the question to the WG
            o Status: The Syslog-sign related module may be added
              now or later ( in a separate document, after a few
              implementations and some experience). If the working
(Continue reading)

Permalink | Reply | 0 comments |
headers
rfgraveman | 3 Oct 2006 20:51
Favicon

review of draft-ietf-syslog-transport-udp-07

I reviewed this draft and found it well written and complete. I believe it
is ready for publication.

I had only one minor suggestion upon reading the text:

In the section on out-of-order delivery, one may mention using the meta
Structured Data sequenceId, if present, as well as time stamps.

Rich Graveman

_______________________________________________
Syslog mailing list
Syslog <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
Permalink | Reply | 0 comments |
headers
Wijnen, Bert (Bert | 9 Oct 2006 16:28
Picon
Favicon

RE: Request for Reviewers - draft-ietf-syslog-protocol-17.txt

David Harrington (co-chair of the Syslog WG) specifically asked me 
for a review of documents in WG Last Call.

I am not subscribed to the SYSLOG WG mailing list, so pls copy
me explicitly on any reactions that you want me to see.

Bert
----- draft-ietf-syslog-protocol-17.txt

I see:

   4.1.  Example Deployment Scenarios

   Sample deployment scenarios are shown in Diagram 1.  Other
   arrangements of these examples are also acceptable.  As noted, in the
   following diagram, relays may pass along all or some of the messages
>> that they receive and also pass along messages that they generate
   internally.  The boxes represent syslog-enabled applications.

I would change "pass along" into "send".
The "pass along" to me sounds as if the message was received from
someone else to beging with.

table 1 on page 12 refers to "(note 1)" and "(note 2)"
I cannot find these notes. Is that just me?

Section 6.2.4 states, page 16, 2nd para:

   Senders SHOULD consistently use the same value in the HOSTNAME field
   for as long as possible.  If the sender is multihomed, this value
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wijnen, Bert (Bert | 10 Oct 2006 11:23
Picon
Favicon

RE: Request for Reviewers - draft-ietf-syslog-transport-tls-03.tx t


-----Original Message-----
From: Wijnen, Bert (Bert) 
Sent: Monday, October 09, 2006 16:29
To: syslog <at> ietf.org
Subject: RE: Request for Reviewers - draft-ietf-syslog-protocol-17.txt

David Harrington (co-chair of the Syslog WG) specifically asked me 
for a review of documents in WG Last Call.

I am not subscribed to the SYSLOG WG mailing list, so pls copy
me explicitly on any reactions that you want me to see.

I am not a security expert, and this WG is in the Security Area, so 
I am assuming that the security aspects are well reviewed by the
respected WG members or colleagues in the SEC area.

I also have a common/generic question:

  The ISMS and NETCONF WGs have defined as manadatory to implement
  SNMP-over-SSH and NETCONF-over-SSH.

  I think it would be really really good/best if the SYSLOG WG would
  also define a mandatory to implement SYSLOG-over-SSH, so that 
  operators can use one and the same security infrastructure for
  the operational management and monitoring of their systems.

In other words, I find it a pitty that the WG charted work-item:

  - A document will be produced that requires a secure transport
(Continue reading)

Permalink | Reply | 1 comment |
headers
Wijnen, Bert (Bert | 10 Oct 2006 11:23
Picon
Favicon

RE: Request for Reviewers - draft-ietf-syslog-device-mib-09.txt

David Harrington (co-chair of the Syslog WG) specifically asked me 
for a review of documents in WG Last Call.

I am not subscribed to the SYSLOG WG mailing list, so pls copy
me explicitly on any reactions that you want me to see.

Bert

----- draft-ietf-syslog-device-mib-09.txt

First some SMICng error messages resulting from syntax checking:

  C:\bwijnen\smicng\work>smicng syslog.inc
  W: f(syslog.mi2), (47,17) REVISION value "200609R04000Z" is not
     a valid extended UTC time
  E: f(syslog.mi2), (97,15) Name of "auth" duplicates an existing one
  E: f(syslog.mi2), (102,15) Name of "cron" duplicates an existing one
  E: f(syslog.mi2), (54,20) Sub-Id for item "syslogMIB" must be
    "number" or "name(number)" format
  W: f(syslog.mi2), (245,4) Sequence "SyslDevOpsEntry" and Row
    "syslEntOpsEntry" should have related names
  W: f(syslog.mi2), (418,4) Sequence "SyslDevCtlEntry" and Row
    "syslEntCtlEntry" should have related names
  E: f(syslog.mi2), (418,4) Row "syslEntCtlEntry" may not have
     columns with MAX-ACCESS of read-write if any column is read-create

  *** 4 errors and 3 warnings in parsing

I see on page 3, sect 2:
(Continue reading)

Permalink | Reply | 2 comments |
headers
Wijnen, Bert (Bert | 10 Oct 2006 11:23
Picon
Favicon

FW: Request for Reviewers - draft-ietf-syslog-transport-udp-07.tx t

David Harrington (co-chair of the Syslog WG) specifically asked me 
for a review of documents in WG Last Call.

I am not subscribed to the SYSLOG WG mailing list, so pls copy
me explicitly on any reactions that you want me to see.

Bert

----- draft-ietf-syslog-transport-udp-07.txt

Seems fine to me. Two remarks

- it may not be 100% clear that the reference [2] is to the
  new WG document: draft-ietf-syslog-protocol-17.txt

- I hope it is OK with TSV area that there is no mandatory
  retae limiting in the number of syslog messages that can
  be sent.

Bert

----------- original review message:
> >
> http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-17.txt
> > > 
> > > Transmission of syslog messages over UDP
> > > 
> >
> http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-udp-07
> > > .txt
(Continue reading)

Permalink | Reply | 0 comments |
headers
Chris Lonvick | 10 Oct 2006 15:48
Picon
Favicon

syslog over ssh - was: RE: Request for Reviewers - draft-ietf-syslog-transport-tls-03.tx t

Hi Bert,

We appreciate your review of the document.

As for syslog-over-ssh:  We had been incontact with the ISMS and Netconf 
WGs and we did see that they had chosen SSH as a secure transport.  We did 
discuss this within our own Working Group.  The consensus was:
- there are current implementations of syslog-over-ssl
- ssh uses the concept that there is an interactive user which works well 
for ISMS and Netconf.  However, syslog does not have a concept of a user 
but is more associated with the idea that this is an automated function of 
the device which works better with tls authentication mechanisms.

With that said, I believe that there is interest from some members of the 
WG to pursue syslog-over-ssh and in fact, a starting point has been made 
with  draft-gerhards-syslog-transport-ssh-00.txt

We are under a tight timeline and since the topic has been discussed and 
agreed to in the past, we will complete the syslog-over-tls work.

Thanks,
Chris

On Tue, 10 Oct 2006, Wijnen, Bert (Bert) wrote:

>
>
> -----Original Message-----
> From: Wijnen, Bert (Bert)
> Sent: Monday, October 09, 2006 16:29
(Continue reading)

Permalink | Reply | 0 comments |
headers
Glenn M. Keeni | 12 Oct 2006 14:43
Favicon

Re: RE: Request for Reviewers - draft-ietf-syslog-device-mib-09.txt

Bert,
     Thanks for the detailed review. Let me go through these
and post a revised draft. I hope to make it before the 23rd
cutoff.

     Cheers

     Glenn
Wijnen, Bert (Bert) wrote:
> David Harrington (co-chair of the Syslog WG) specifically asked me 
> for a review of documents in WG Last Call.
> 
> I am not subscribed to the SYSLOG WG mailing list, so pls copy
> me explicitly on any reactions that you want me to see.
> 
> Bert
> 
> ----- draft-ietf-syslog-device-mib-09.txt
> 
> First some SMICng error messages resulting from syntax checking:
> 
>   C:\bwijnen\smicng\work>smicng syslog.inc
>   W: f(syslog.mi2), (47,17) REVISION value "200609R04000Z" is not
>      a valid extended UTC time
>   E: f(syslog.mi2), (97,15) Name of "auth" duplicates an existing one
>   E: f(syslog.mi2), (102,15) Name of "cron" duplicates an existing one
>   E: f(syslog.mi2), (54,20) Sub-Id for item "syslogMIB" must be
>     "number" or "name(number)" format
>   W: f(syslog.mi2), (245,4) Sequence "SyslDevOpsEntry" and Row
>     "syslEntOpsEntry" should have related names
(Continue reading)

Permalink | Reply | 0 comments |

Gmane