-- extracted from draft-ietf-syslog-device-mib-07.txt -- at Tue Dec 13 06:40:08 2005 SYSLOG-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, Integer32, mib-2, NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, StorageType, TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; syslogMIB MODULE-IDENTITY LAST-UPDATED "200511250000Z" -- 25th November, 2005 ORGANIZATION "IETF Syslog Working Group" CONTACT-INFO " Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com " DESCRIPTION "The MIB module for monitoring syslog devices. Copyright (C) The Internet Society (2005). This version of this MIB module is part of RFC XXXX; see the RFC itself for full legal notices. " -- RFC Ed.: replace XXXX with the actual RFC number & remove this -- note REVISION "200511250000Z" -- 25th November, 2005 DESCRIPTION "The initial version, published as RFC XXXX." -- RFC Ed.: replace XXXX with the actual RFC number & remove this -- note ::= { mib-2 YYYY } -- Will be assigned by IANA -- IANA Reg.: Please assign a value for "YYYY" under the -- 'mib-2' subtree and record the assignment in the SMI -- Numbers registry. -- RFC Ed.: When the above assignment has been made, please -- remove the above note -- replace "YYYY" here with the assigned value and -- remove this note. -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- SyslogFacility ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the facilities that originate syslog messages. The value noMap(99) indicates that the appropriate facility will be provided by the application on the managed entity. If this option is not available on a particular entity, attempts to set the facility to this value will fail with an error-status of wrongValue. " REFERENCE "The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 1). " SYNTAX INTEGER { kernel (0), -- kernel messages user (1), -- user-level messages mail (2), -- mail system daemon (3), -- system daemons auth (4), -- authorization messages syslog (5), -- messages generated by syslogd lpr (6), -- line printer subsystem news (7), -- network news subsystem uucp (8), -- UUCP subsystem cron (9), -- clock daemon authPriv (10),-- authorization messages -- (private) ftp (11),-- ftp daemon ntp (12),-- NTP subsystem security (13),-- security subsystems -- (firewalling, etc.) console (14),-- /dev/console output local0 (16), local1 (17), local2 (18), local3 (19), local4 (20), local5 (21), local6 (22), local7 (23), noMap (99) } SyslogSeverity ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention enumerates the severity levels of syslog messages. The syslog protocol uses the values 0 (emergency), to 7 (debug)." REFERENCE "The BSD syslog Protocol (RFC 3164) sec. 4.1.1 (Table 2) " SYNTAX INTEGER { emergency (0), -- system is unusable alert (1), -- action must be taken -- immediately critical (2), -- critical conditions error (3), -- error conditions warning (4), -- warning conditions notice (5), -- normal but significant -- condition info (6), -- informational debug (7), -- debug-level messages other (99) -- none of the above } SyslogTransport ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The transport protocol that will be used to send and/or receive messages. " REFERENCE "The The BSD syslog Protocol RFC 3164 Sec. 2. " SYNTAX INTEGER { any (1), udp (2), tcp (3) } SyslogService ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The service name or port number that will be used to send and/or receive messages. The service name must resolve to a port number on the local host. " SYNTAX OCTET STRING (SIZE (0..255)) -- ------------------------------------------------------------- -- syslogMIB - the main groups -- ------------------------------------------------------------- syslogNotifications OBJECT IDENTIFIER ::= { syslogMIB 0 } syslogSystem OBJECT IDENTIFIER ::= { syslogMIB 1 } syslogDevice OBJECT IDENTIFIER ::= { syslogMIB 2 } -- ------------------------------------------------------------- -- syslogSystem -- ------------------------------------------------------------- -- The default parameters syslogDefaultTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-write STATUS current DESCRIPTION "The default transport that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " DEFVAL {udp} ::= { syslogSystem 1 } syslogDefaultService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-write STATUS current DESCRIPTION "The default service name or port number that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " DEFVAL { "514" } ::= { syslogSystem 2 } syslogDefaultFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog facility that will be added to syslog messages when the message needs to be relayed and does not have facility specified. " ::= { syslogSystem 3 } syslogDefaultSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-write STATUS current DESCRIPTION "The default syslog severity that will be added to syslog messages when the message needs to be relayed and does not have priority specified. " ::= { syslogSystem 4 } syslogDefaultMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The default maximum syslog message size in bytes. " DEFVAL { 1024 } ::= { syslogSystem 5 } -- ------------------------------------------------------------- -- syslDevOps -- ------------------------------------------------------------- syslDevOpsTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslDevOpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing information about the syslog devices serviced by an SNMP agent. " ::= { syslogDevice 1 } syslDevOpsEntry OBJECT-TYPE SYNTAX SyslDevOpsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information pertaining to a syslog device. " INDEX { syslDevOpsIndex } ::= { syslDevOpsTable 1 } SyslDevOpsEntry ::= SEQUENCE { syslDevOpsIndex Unsigned32, syslDevOpsMsgsReceived Counter32, syslDevOpsMsgsRelayed Counter32, syslDevOpsMsgsDropped Counter32, syslDevOpsMsgsIllFormed Counter32, syslDevOpsMsgsIgnored Counter32, syslDevOpsLastMsgRecdTime TimeStamp, syslDevOpsLastMsgDeliveredTime TimeStamp, syslDevOpsStartTime TimeStamp, syslDevOpsLastError SnmpAdminString, syslDevOpsLastErrorTime TimeStamp, syslDevOpsReference Integer32 } syslDevOpsIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Index that uniquely identifies the syslog device in the syslDevOpsTable. " ::= { syslDevOpsEntry 1 } syslDevOpsMsgsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages received by the syslog device. This includes messages that were ignored. " ::= { syslDevOpsEntry 2 } syslDevOpsMsgsRelayed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages relayed by the syslog device to other syslog devices. " ::= { syslDevOpsEntry 3 } syslDevOpsMsgsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that could not be relayed (could not be queued for transmitting)." ::= { syslDevOpsEntry 4 } syslDevOpsMsgsIllFormed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were rejected by the syslog device because these were not well-formed. " ::= { syslDevOpsEntry 5 } syslDevOpsMsgsIgnored OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that were not processed by the syslog device because the message did not meet the 'allowed specifications'. " ::= { syslDevOpsEntry 6 } syslDevOpsLastMsgRecdTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was received by the syslog device locally or from a remote syslog device. " ::= { syslDevOpsEntry 7 } syslDevOpsLastMsgDeliveredTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last message was delivered by the syslog process. " ::= { syslDevOpsEntry 8 } syslDevOpsStartTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when this device was started. " ::= { syslDevOpsEntry 9 } syslDevOpsLastError OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A description of the last error that was encountered by this process. " ::= { syslDevOpsEntry 10 } syslDevOpsLastErrorTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The local time when the last error was encountered. " ::= { syslDevOpsEntry 11 } syslDevOpsReference OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "If the Host resource MIB is serviced on the host then this entry will have the value of the hrSWRunIndex of the corresponding entry in the hrSWRunTable. Otherwise this object will be inaccessible, " ::= { syslDevOpsEntry 12 } -- ------------------------------------------------------------- -- syslog device static info table -- ------------------------------------------------------------- syslDevCtlTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslDevCtlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing static information about the syslog devices. " ::= { syslogDevice 2 } syslDevCtlEntry OBJECT-TYPE SYNTAX SyslDevCtlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The parameters pertaining to a syslog process." INDEX { syslDevOpsIndex } ::= { syslDevCtlTable 1 } SyslDevCtlEntry ::= SEQUENCE { syslDevCtlProcDescr SnmpAdminString, syslDevCtlBindAddrType InetAddressType, syslDevCtlBindAddr InetAddress, syslDevCtlTransport SyslogTransport, syslDevCtlService SyslogService, syslDevCtlMaxMessageSize Unsigned32, syslDevCtlConfFileName SnmpAdminString, syslDevCtlStatus INTEGER, syslDevCtlStorageType StorageType, syslDevCtlRowStatus RowStatus } syslDevCtlProcDescr OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "A user definable description of the syslog process. " ::= { syslDevCtlEntry 1 } syslDevCtlBindAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of Internet address which follows in syslDevCtlBindAddr. " ::= { syslDevCtlEntry 2 } syslDevCtlBindAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The specific IP address or hostname the syslog process will bind to. If a hostname is specified, the IPv4 or IPv6 address corresponding to the hostname will be used. " ::= { syslDevCtlEntry 3 } syslDevCtlTransport OBJECT-TYPE SYNTAX SyslogTransport MAX-ACCESS read-write STATUS current DESCRIPTION "The default transport that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " ::= { syslDevCtlEntry 4 } syslDevCtlService OBJECT-TYPE SYNTAX SyslogService MAX-ACCESS read-write STATUS current DESCRIPTION "The default service name or port number that a syslog process will use to send syslog messages. " REFERENCE "The BSD syslog Protocol RFC 3164 Sec. 2. " ::= { syslDevCtlEntry 5 } syslDevCtlMaxMessageSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum size of the syslog messages in bytes for this syslog device. " ::= { syslDevCtlEntry 6 } syslDevCtlConfFileName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The fullpath name of the configuration file where the syslog device's message selection and corresponding action rules will be read from. Data is loaded from this file into the syslogCtlSelectionTable and the syslogCtlLogActionTable. If the objects loaded from the file specified by this object have an access level of read-create this file MUST be writable so that modifications to the corresponding objects, if any, will be effected in this file. If the system does not support the specification of a configuration file, this field will not be accessible. " DEFVAL { "/etc/syslog.conf" } ::= { syslDevCtlEntry 7 } syslDevCtlStatus OBJECT-TYPE SYNTAX INTEGER { unknown (1), started (2), suspended(3), stopped (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the process. " DEFVAL { unknown } ::= { syslDevCtlEntry 8 } syslDevCtlStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether the parameters defined in this row are kept in volatile storage and lost upon reboot or are backed up by non-volatile (permanent) storage. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row. " ::= { syslDevCtlEntry 9 } syslDevCtlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used to create, modify and delete rows in the syslDevCtlTable. Objects in a row can be modified only when the value of this object in the corresponding conceptual row is not ''active''. Thus to modify one or more of the objects in this conceptual row, a. change the row status to ''notInService'', b. change the values of the row c. change the row status to ''active'' The syslDevCtlRowStatus may be changed to ''active'' iff all the MOs in the conceptual row have been assigned valid values. " ::= { syslDevCtlEntry 10 } syslDevStarted NOTIFICATION-TYPE OBJECTS { syslDevCtlProcDescr, syslDevCtlBindAddrType, syslDevCtlBindAddr, syslDevCtlTransport, syslDevCtlService, syslDevCtlConfFileName } STATUS current DESCRIPTION "This notification is sent when a syslog device operation is started. [The syslDevCtlStatus entered the state ''started''] The MO instances in the notifications will be identified by the syslDevOpsIndex for the syslog device in the syslDevOpsTable. " ::= { syslogNotifications 1 } syslDevStopped NOTIFICATION-TYPE OBJECTS { syslDevCtlStatus, syslDevCtlProcDescr, syslDevCtlBindAddrType, syslDevCtlBindAddr, syslDevCtlTransport, syslDevCtlService, syslDevCtlConfFileName } STATUS current DESCRIPTION "This notification is sent when a syslog device operation is stopped or suspended i.e. the syslDevCtlStatus entered the state ''stopped'' or ''suspended'' from the ''started'' state] The MO instances in the notifications will be identified by the syslDevOpsIndex for the syslog device in the syslDevOpsTable. " ::= { syslogNotifications 2 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- syslogConformance OBJECT IDENTIFIER ::= { syslogMIB 4 } syslogGroups OBJECT IDENTIFIER ::= { syslogConformance 1 } syslogCompliances OBJECT IDENTIFIER ::= { syslogConformance 2 } -- ------------------------------------------------------------- -- units of conformance -- ------------------------------------------------------------- syslogSystemGroup OBJECT-GROUP OBJECTS { syslogDefaultTransport, syslogDefaultService, syslogDefaultFacility, syslogDefaultSeverity, syslogDefaultMaxMessageSize } STATUS current DESCRIPTION "A collection of objects providing default parameters for syslog devices. " ::= { syslogGroups 1} syslogDevOpsGroup OBJECT-GROUP OBJECTS { -- syslDevOpsIndex, syslDevOpsMsgsReceived, syslDevOpsMsgsRelayed, syslDevOpsMsgsDropped, syslDevOpsMsgsIllFormed, syslDevOpsMsgsIgnored, syslDevOpsLastMsgRecdTime, syslDevOpsLastMsgDeliveredTime, syslDevOpsStartTime, syslDevOpsLastError, syslDevOpsLastErrorTime, syslDevOpsReference } STATUS current DESCRIPTION "A collection of objects providing message related statistics." ::= { syslogGroups 2} syslogDevCtlGroup OBJECT-GROUP OBJECTS { syslDevCtlProcDescr, syslDevCtlBindAddrType, syslDevCtlBindAddr, syslDevCtlTransport, syslDevCtlService, syslDevCtlMaxMessageSize, syslDevCtlConfFileName, syslDevCtlStatus, syslDevCtlStorageType, syslDevCtlRowStatus } STATUS current DESCRIPTION "A collection of objects representing the run time parameters for the syslog processes. " ::= { syslogGroups 3} syslogNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { syslDevStarted, syslDevStopped } STATUS current DESCRIPTION "A collection of notifications about the operational state of a syslog device. " ::= { syslogGroups 4} -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- syslogCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB. " MODULE -- this module MANDATORY-GROUPS { syslogSystemGroup, syslogDevOpsGroup, syslogDevCtlGroup } ::= { syslogCompliances 1 } syslogReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implememt the syslog MIB without support for read-write (i.e. in read-only mode) . " MODULE -- this module MANDATORY-GROUPS { syslogSystemGroup, syslogDevOpsGroup, syslogDevCtlGroup } OBJECT syslDevCtlProcDescr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlBindAddrType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlBindAddr MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlTransport MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlService MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlMaxMessageSize MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlConfFileName MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT syslDevCtlRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required. " ::= { syslogCompliances 2 } syslogNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which implement the SYSLOG-MIB and support notifications about change in the operational status of a syslog device. " MODULE -- this module MANDATORY-GROUPS { syslogNotificationGroup } ::= { syslogCompliances 3 } END -- -- Copyright (C) The Internet Society (2005). -- -- This document is subject to the rights, licenses and restrictions -- contained in BCP 78, and except as set forth therein, the authors -- retain all their rights. -- -- -- This document and the information contained herein are provided on an -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE -- REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE -- INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR -- IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- Intellectual Property -- -- The IETF takes no position regarding the validity or scope of any -- Intellectual Property Rights or other rights that might be claimed -- to pertain to the implementation or use of the technology -- described in this document or the extent to which any license -- under such rights might or might not be available; nor does it -- represent that it has made any independent effort to identify any -- such rights. Information on the procedures with respect to -- rights in RFC documents can be found in BCP 78 and BCP 79. -- -- Copies of IPR disclosures made to the IETF Secretariat and any -- assurances of licenses to be made available, or the result of an -- attempt made to obtain a general license or permission for the use -- of such proprietary rights by implementers or users of this -- specification can be obtained from the IETF on-line IPR repository -- at http://www.ietf.org/ipr. -- -- The IETF invites any interested party to bring to its attention -- any copyrights, patents or patent applications, or other -- proprietary rights that may cover technology that may be required -- to implement this standard. Please address the information to the -- IETF at ietf-ipr@ietf.org. -- -- Acknowledgment -- -- Funding for the RFC Editor function is currently provided by the -- Internet Society. -- APPENDIX -- -- -- This section documents the development of the draft. It will be -- deleted when the draft becomes an RFC. -- -- Revision History: -- -- -- -- REVISION "200511250000Z" -- 25th November 2005 -- DESCRIPTION -- "A near complete overhaul of the MIB and the document. -- The BSD-syslog flavor has been abandoned in favor of a -- more generic syslog-protocol document that is under -- preparation. -- TBD. The reference clauses need to be redone once the -- new syslog document is ready. -- -- List of authors changed. Original draft author Bruno -- Pape is acknowledged in the Acknowldgments section. -- -- Editorial nits fixed. -- " -- -- REVISION "200406160000Z" -- Mon Feb 16 00:00 GMT 2004 -- DESCRIPTION -- "Major change. -- The configuration parts have been removed. -- -- Updated the description clauses. -- -- Editorial nits fixed. -- " -- -- REVISION "200306250000Z" -- Wed June 25 00:00 GMT 2003 -- DESCRIPTION -- "Changed the type of -- syslogProcLastError SnmpAdminString, -- from Integer32. -- -- DEFVAL { 0 ] is added to syslogAllowedHostsMaskLen -- -- MO name changed from -- syslogCtlSelectionHostname to syslogCtlSelectionHostName -- -- Updated the description clauses. -- Fixed nits pointed out in Bert's mails of 20030319 and -- revised the document wrt the guidelines in -- draft-ietf-ops-mib-review-guidelines-01.txt -- -- Editorial nits fixed. -- " -- -- REVISION "200303030000Z" -- Mon March 03 00:00 GMT 2003 -- DESCRIPTION -- "Fixing of nits in descriptions, addition of references, -- addition of the following MOs -- syslogProcMsgsIllFormed Counter32, -- syslogProcStartTime TimeStamp, -- syslogProcLastError Integer32, -- syslogProcLastErrorTime TimeStamp, -- syslDevCtlStorageType StorageType, -- syslogCtlFwdActionSrcAddrType InetAddressType, -- syslogCtlFwdActionSrcAddr InetAddress, -- added enumeration ''suspended(2)'' to -- syslDevCtlStatus. -- " -- -- REVISION "200212252343Z" -- Wed December 25 23:43 GMT 2002 -- DESCRIPTION -- "Radical revision of the MIB structure and design." -- -- REVISION "200206061841Z" -- Thu Jun 6 18:41 GMT 2002 -- DESCRIPTION -- "The initial version of this MIB module."