[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 RFC 5674

Network Working Group                                        S. Chisholm
Internet-Draft                                                    Nortel
Intended status: Standards Track                             R. Gerhards
Expires: May 6, 2009                                        Adiscon GmbH
                                                        November 2, 2008


                            Alarms in SYSLOG
                 draft-ietf-opsawg-syslog-alarm-01.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on May 6, 2009.

Copyright Notice

   Copyright (C) The IETF Trust (2008).













Chisholm & Gerhards        Expires May 6, 2009                  [Page 1]

Internet-Draft              Alarms in SYSLOG               November 2008


Abstract

   This document describes how to send alarm information in syslog.  It
   includes the mapping of ITU perceived severities onto syslog message
   fields.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  terminology  . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Severity Mapping . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Alarm STRUCTURED-DATA Elements . . . . . . . . . . . . . . . .  5
     3.1.  alarmedResource  . . . . . . . . . . . . . . . . . . . . .  5
     3.2.  probableCause  . . . . . . . . . . . . . . . . . . . . . .  5
     3.3.  perceivedSeverity  . . . . . . . . . . . . . . . . . . . .  5
     3.4.  eventType  . . . . . . . . . . . . . . . . . . . . . . . .  6
     3.5.  trendIndication  . . . . . . . . . . . . . . . . . . . . .  6
     3.6.  resourceMapping  . . . . . . . . . . . . . . . . . . . . .  6
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
   6.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . .  9
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 10
     7.2.  Informative References . . . . . . . . . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
   Intellectual Property and Copyright Statements . . . . . . . . . . 12
























Chisholm & Gerhards        Expires May 6, 2009                  [Page 2]

Internet-Draft              Alarms in SYSLOG               November 2008


1.  Introduction

   In addition to sending out alarm information asynchronously via
   protocols such as SNMP or Netconf, many implementations also log
   alarms via syslog.  This memo defines a set of SD-PARAM to support
   logging and defines a mapping of syslog severity to the severity of
   the alarm.

1.1.  terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC2119 [RFC2119].

   Alarm related terminology is defined in [RFC3877].




































Chisholm & Gerhards        Expires May 6, 2009                  [Page 3]

Internet-Draft              Alarms in SYSLOG               November 2008


2.  Severity Mapping

   The Alarm MIB RFC3877 [RFC3877] defines ITU perceived severities
   which are useful to be able to relate to the syslog message fields,
   particularly in the case where alarms are being logged.  This memo
   describes the representation of ITU perceived severities in
   appropriate syslog fields described in [Syslog].  Syslog offers both
   a so-called SEVERITY as well as STRUCTURED-DATA.  Due to constraints
   in syslog, there is no one-to-one mapping possible for SEVERITY.  A
   STRUCTURED-DATA element is defined to allow inclusion of the
   unmodified ITU perceived severity.

   Syslog supports severity values different from ITU perceived
   severities.  These are defined in section 6.2.1 of [Syslog].  The
   mapping shown in table 1 below SHOULD be used to map ITU perceived
   severities to syslog severities.

           ITU Perceived Severity      syslog SEVERITY (Name)
           Critical                    1 (Alert)
           Major                       2 (Critical)
           Minor                       3 (Error)
           Warning                     4 (Warning)
           Indeterminate               5 (Notice)
           Cleared                     5 (Notice)

        Table 1. ITUPerceivedSeverity to syslog SEVERITY mapping.

























Chisholm & Gerhards        Expires May 6, 2009                  [Page 4]

Internet-Draft              Alarms in SYSLOG               November 2008


3.  Alarm STRUCTURED-DATA Elements

   STRUCTURED-DATA allows to include any structured information into a
   syslog message.  The following are defined to support structuring
   alarm information.

   o  Resource Under Alarm

   o  Probable Cause

   o  Event Type

   o  Perceived Severity

   o  Trend Indication

   o  Resource Mapping

   Support of the alarm SD-ID is optional, but once supported some of
   the SD-PARARMS are mandatory.

3.1.  alarmedResource

   If the alarm SD-ID is supported, the alarmResource SD-PARAM MUST be
   supported.  This item uniquely identifies the resource under alarm
   within the scope of a network element.

3.2.  probableCause

   If the alarm SD-ID is supported, the probableCause SD-PARAM MUST be
   supported.  This parameter is the mnemonic associated with the
   IANAItuProbableCause object defined within [RFC3877] and any
   subsequent extensions defined by IANA.  For example,
   IANAItuProbableCause defines a transmission failure to a probable
   cause of 'transmissionError (10)'.  The value of the parameter in
   this case would be 'transmissionError'"

3.3.  perceivedSeverity

   If the alarm SD-ID is supported, the perceivedSeverity SD-PARAM MUST
   be supported.  Similar to the definition of perceived severity in
   [X.736] and [RFC3877], this object can take the following values:

   o  cleared

   o  indeterminate





Chisholm & Gerhards        Expires May 6, 2009                  [Page 5]

Internet-Draft              Alarms in SYSLOG               November 2008


   o  critical

   o  major

   o  minor

   o  warning

   See section 2 for the relationship between this severity and syslog
   severity.

3.4.  eventType

   If the alarm SD-ID is supported, the eventType SD-PARAM SHOULD be
   supported.  This parameter is the mnemonic associated with the
   IANAItuEventType object defined within [RFC3877] and any subsequent
   extensions defined by IANA.  For example, IANAItuEventType defines a
   environmental alarm to a event type of 'environmentalAlarm (6)'.  The
   value of the parameter in this case would be 'environmentalAlarm'"

3.5.  trendIndication

   If the alarm SD-ID is supported, the trendIndication SD-PARAM SHOULD
   be supported.  Similar to the definition of perceived severity in
   [X.733] and [RFC3877], this object can take the following values:

   o  moreSevere

   o  noChange

   o  lessSevere

3.6.  resourceMapping

   If the alarm SD-ID is supported, the resourceMapping SD-PARAM SHOULD
   be supported.  This item uniquely identifies the resource under alarm
   within the scope of a network element.  This must be the same value
   as alarmActiveResourceId [RFC3877] for this alarm or follow similar
   semantics if the Alarm MIB is not supported.












Chisholm & Gerhards        Expires May 6, 2009                  [Page 6]

Internet-Draft              Alarms in SYSLOG               November 2008


4.  Security Considerations

   In addition to general syslog security considerations discussed in
   [Syslog], the information contained with alarms may provide hackers
   with helpful information about parts of the system currently
   experiencing stress as well as general information about the system
   such as inventory.

   Users should not have access to information in alarms that their
   normal access permissions would not permit if the information was
   accessed in another manner.








































Chisholm & Gerhards        Expires May 6, 2009                  [Page 7]

Internet-Draft              Alarms in SYSLOG               November 2008


5.  IANA Considerations

   IANA is requested to register the SD-IDs and PARAM-NAMEs shown below:

   SD-ID              PARAM-NAME
   alarm                                 OPTIONAL
                      alarmedResource    MANDATORY
                      probableCause      MANDATORY
                      perceivedSeverity  MANDATORY
                      eventType          OPTIONAL
                      trendIndication    OPTIONAL
                      resourceMapping    OPTIONAL







































Chisholm & Gerhards        Expires May 6, 2009                  [Page 8]

Internet-Draft              Alarms in SYSLOG               November 2008


6.  Acknowledgments

   Thanks to members of the Syslog and OPSAWG work group who contributed
   to this specification.















































Chisholm & Gerhards        Expires May 6, 2009                  [Page 9]

Internet-Draft              Alarms in SYSLOG               November 2008


7.  References

7.1.  Normative References

   [RFC2119]  Bradner, s., "Key words for RFCs to Indicate Requirements
              Levels", RFC 2119, March 1997.

   [RFC3877]  Chisholm, S. and D. Romascanu, "Alarm Management
              Information Base (MIB)", RFC 3877, September 2004.

   [Syslog]   Gerhards, Rainer., "The syslog Protocol",
              ID draft-ietf-syslog-protocol-19.txt, November 2006.

7.2.  Informative References

   [X.733]    ITU-T, ""Information Technology - Open Systems
              Interconnection - System Management: Alarm Reporting
              Function"", ITU-T X.733, 1992.

   [X.736]    ITU-T, ""Information Technology - Open Systems
              Interconnection - System Management: Security Alarm
              Reporting Function"", ITU-T X.736, 1992.





























Chisholm & Gerhards        Expires May 6, 2009                 [Page 10]

Internet-Draft              Alarms in SYSLOG               November 2008


Authors' Addresses

   Sharon Chisholm
   Nortel
   3500 Carling Ave
   Nepean, Ontario  K2H 8E9
   Canada

   Email: schishol@nortel.com


   Rainer Gerhards
   Adiscon GmbH
   Mozartstrasse 21
   Grossrinderfeld, BW  97950
   Germany

   Email: rgerhards@adiscon.com

































Chisholm & Gerhards        Expires May 6, 2009                 [Page 11]

Internet-Draft              Alarms in SYSLOG               November 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Chisholm & Gerhards        Expires May 6, 2009                 [Page 12]


Html markup produced by rfcmarkup 1.108, available from http://tools.ietf.org/tools/rfcmarkup/