Network Working Group G. Keeni
Request for Comments: 5427 Cyber Solutions Inc.
Category: Standards Track March 2009
Network Working Group G. Keeni
Request for Comments: 5427 Cyber Solutions Inc.
Category: Standards Track March 2009
Textual Conventions for Syslog Management
系统日志管理的文本约定
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Abstract
摘要
This MIB module defines textual conventions to represent Facility and Severity information commonly used in syslog messages. The intent is that these textual conventions will be imported and used in MIB modules that would otherwise define their own representations.
此MIB模块定义文本约定,以表示系统日志消息中常用的设施和严重性信息。目的是导入这些文本约定,并在MIB模块中使用,否则这些模块将定义它们自己的表示。
Table of Contents
目录
1. The Internet-Standard Management Framework ......................2
2. Background ......................................................2
3. The Syslog Textual Conventions MIB ..............................3
4. Security Considerations .........................................7
5. IANA Considerations .............................................7
6. References ......................................................8
6.1. Normative References .......................................8
6.2. Informative References .....................................8
7. Acknowledgments .................................................8
1. The Internet-Standard Management Framework ......................2
2. Background ......................................................2
3. The Syslog Textual Conventions MIB ..............................3
4. Security Considerations .........................................7
5. IANA Considerations .............................................7
6. References ......................................................8
6.1. Normative References .......................................8
6.2. Informative References .....................................8
7. Acknowledgments .................................................8
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
Operating systems, processes, and applications, collectively termed "Facilities" in the following, generate messages indicating their own status or the occurrence of events. These messages have come to be known as syslog messages. A syslog message in general will contain among other things a code representing the Facility that generated the message and a code representing the Severity of the message. The Facility and the Severity codes are commonly used to categorize and select received syslog messages for processing and display. The Facility codes have been useful in qualifying the originator of the content of the messages but in some cases they are not specific enough to explicitly identify the originator. Implementations of the syslog protocol [RFC5424] that contain structured data elements (SDEs) should use these SDEs to clarify the entity that originated the content of the message.
以下统称为“设施”的操作系统、流程和应用程序生成指示其自身状态或事件发生的消息。这些消息被称为syslog消息。系统日志消息通常包含一个表示生成消息的设施的代码和一个表示消息严重性的代码。设施和严重性代码通常用于分类和选择接收的系统日志消息以进行处理和显示。设施代码有助于确认信息内容的发端人,但在某些情况下,它们不够具体,无法明确识别发端人。包含结构化数据元素(SDE)的系统日志协议[RFC5424]的实现应使用这些SDE来澄清产生消息内容的实体。
This document defines a set of textual conventions (TCs) that can be used to represent Facility and Severity codes commonly used in syslog messages.
本文档定义了一组文本约定(TCs),可用于表示系统日志消息中常用的设施和严重性代码。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
SYSLOG-TC-MIB DEFINITIONS ::= BEGIN
SYSLOG-TC-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, mib-2 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579]
从SNMPv2 SMI导入模块标识mib-2--[RFC2578]从SNMPv2 TC导入文本约定;--[RFC2579]
syslogTCMIB MODULE-IDENTITY LAST-UPDATED "200903300000Z" -- 30 March 2009 ORGANIZATION "IETF Syslog Working Group" CONTACT-INFO " Glenn Mansfield Keeni Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 EMail: glenn@cysols.com
syslogTCMIB MODULE-IDENTITY最新更新“20090330000Z”-2009年3月30日组织“IETF Syslog工作组”联系方式“Glenn Mansfield Keeni邮政:Cyber Solutions Inc.6-6-3,日本仙台南部吉纳里青叶谷989-3204。电话:+81-22-303-4012传真:+81-22-303-4015电子邮件:glenn@cysols.com
Support Group EMail: syslog@ietf.org "
支持组电子邮件:syslog@ietf.org "
DESCRIPTION "The MIB module containing textual conventions for syslog messages.
DESCRIPTION“包含syslog消息文本约定的MIB模块。
Copyright (c) 2009 IETF Trust and the persons identified as authors of the code. All rights reserved.
版权所有(c)2009 IETF信托基金和被确定为代码作者的人员。版权所有。
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
在满足以下条件的情况下,允许以源代码和二进制格式重新分发和使用,无论是否修改:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- 源代码的重新分发必须保留上述版权声明、此条件列表和以下免责声明。
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- 以二进制形式重新分发时,必须在分发时提供的文档和/或其他材料中复制上述版权声明、本条件列表和以下免责声明。
- Neither the name of Internet Society, IETF or IETF Trust, nor the names of specific contributors, may be used to endorse or promote products derived from this software without specific prior written permission.
- 未经事先书面许可,不得使用互联网协会、IETF或IETF Trust的名称或特定贡献者的名称来认可或推广源自本软件的产品。
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
本软件由版权所有者和贡献者“按原样”提供,不承担任何明示或暗示的担保,包括但不限于适销性和特定用途适用性的暗示担保。在任何情况下,版权所有人或贡献者均不对任何直接、间接、偶然、特殊、惩戒性或后果性损害(包括但不限于替代商品或服务的采购;使用、数据或利润的损失;或业务中断)负责,无论是在合同中还是在任何责任理论下,严格责任,或因使用本软件而产生的侵权行为(包括疏忽或其他),即使告知可能发生此类损害。
This version of this MIB module is part of RFC 5427; see the RFC itself for full legal notices. "
此版本的MIB模块是RFC 5427的一部分;有关完整的法律通知,请参见RFC本身。"
REVISION "200903300000Z" -- 30 March 2009 DESCRIPTION "The initial version, published as RFC 5427."
修订版“20090330000Z”-2009年3月30日描述“初始版本,发布为RFC 5427。”
::= { mib-2 173 }
::= { mib-2 173 }
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
SyslogFacility ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the Facilities that
originate syslog messages.
SyslogFacility ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the Facilities that
originate syslog messages.
The Facilities of syslog messages are numerically coded with decimal values. For interoperability and backwards-compatibility reasons, this document specifies a normative mapping between a label, which represents a Facility, and the corresponding numeric value. This label could be used in, for example, SNMP Manager user interfaces.
syslog消息的功能是用十进制值进行数字编码的。出于互操作性和向后兼容性的原因,本文档规定了表示设施的标签与相应数值之间的标准映射。例如,此标签可用于SNMP Manager用户界面。
The label itself is often semantically meaningless because it is impractical to attempt to enumerate all possible Facilities, and many daemons and processes do not have an explicitly assigned Facility code or label. For example, there is no Facility label corresponding to an HTTP service. An HTTP service implementation might log messages as coming from, for example, 'local7' or 'uucp'. This is typical current practice, and originators, relays, and collectors can be configured to properly handle this situation. For improved accuracy, an application can also include an APP-NAME structured data element.
标签本身在语义上通常没有意义,因为尝试枚举所有可能的设施是不切实际的,而且许多守护进程和进程没有显式分配的设施代码或标签。例如,没有与HTTP服务对应的设施标签。HTTP服务实现可能会将消息记录为来自,例如“local7”或“uucp”。这是典型的当前实践,可以配置发起者、继电器和收集器来正确处理这种情况。为了提高准确性,应用程序还可以包括APP-NAME结构化数据元素。
Note that operating system mechanisms for configuring syslog, such as syslog.conf, have not yet been standardized and might use different sets of Facility labels and/or mapping between Facility labels and Facility codes than the MIB.
请注意,用于配置syslog的操作系统机制(如syslog.conf)尚未标准化,可能使用不同于MIB的设施标签集和/或设施标签与设施代码之间的映射。
In particular, the labels corresponding to Facility codes 4, 10, 13, and 14, and the code corresponding to the Facility label 'cron' are known to vary across different operating systems. To distinguish between the labels corresponding to Facility codes 9 and 15, a label of 'cron2' is assigned to the Facility code 15. This list is not intended to be exhaustive; other differences might exist, and new differences might be introduced in the future.
特别是,已知与设施代码4、10、13和14对应的标签以及与设施标签“cron”对应的代码在不同的操作系统中有所不同。为了区分与设施代码9和15相对应的标签,将“cron2”标签分配给设施代码15。本清单并非详尽无遗;可能存在其他差异,将来可能会引入新的差异。
The mapping specified here MUST be used in a MIB network management interface, even though a particular syslog implementation might use a different mapping in a different network management interface. " REFERENCE "The Syslog Protocol (RFC5424): Table 1" SYNTAX INTEGER {
此处指定的映射必须在MIB网络管理接口中使用,即使特定的syslog实现可能在不同的网络管理接口中使用不同的映射。“参考”系统日志协议(RFC5424):表1“语法整数”{
kern (0), -- kernel messages user (1), -- user-level messages mail (2), -- mail system messages daemon (3), -- system daemons' messages auth (4), -- authorization messages syslog (5), -- messages generated internally by -- syslogd lpr (6), -- line printer subsystem messages news (7), -- network news subsystem messages uucp (8), -- UUCP subsystem messages cron (9), -- clock daemon messages authpriv (10),-- security/authorization messages
内核(0),--内核消息用户(1),--用户级消息邮件(2),--邮件系统消息守护进程(3),--系统守护进程的消息验证(4),--授权消息syslog(5),--内部生成的消息--syslogd lpr(6),--行打印机子系统消息新闻(7),--网络新闻子系统消息uucp(8),--UUCP子系统消息cron(9),--时钟守护进程消息authpriv(10),--安全/授权消息
ftp (11),-- ftp daemon messages ntp (12),-- NTP subsystem messages audit (13),-- audit messages console (14),-- console messages cron2 (15),-- clock daemon messages local0 (16), local1 (17), local2 (18), local3 (19), local4 (20), local5 (21), local6 (22), local7 (23) }
ftp(11),--ftp守护进程消息ntp(12),--ntp子系统消息审计(13),--审计消息控制台(14),--控制台消息cron2(15),--时钟守护进程消息local0(16)、local1(17)、local2(18)、local3(19)、local4(20)、local5(21)、local6(22)、local7(23)}
SyslogSeverity ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the Severity levels
of syslog messages.
SyslogSeverity ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates the Severity levels
of syslog messages.
The Severity levels of syslog messages are numerically coded with decimal values. For interoperability and backwards-compatibility reasons, this document specifies a normative mapping between a label, which represents a Severity level, and the corresponding numeric value. This label could be used in, for example, SNMP Manager user interfaces.
系统日志消息的严重性级别用十进制值进行数字编码。出于互操作性和向后兼容性的原因,本文档指定了表示严重性级别的标签与相应数值之间的标准映射。例如,此标签可用于SNMP Manager用户界面。
The label itself is often semantically meaningless because it is impractical to attempt to strictly define the criteria for each Severity level, and the criteria that is used by syslog originators is, and has historically been, implementation-dependent.
标签本身在语义上通常是无意义的,因为试图严格定义每个严重性级别的标准是不切实际的,并且syslog发起者使用的标准依赖于实现,并且在历史上一直依赖于实现。
Note that operating system mechanisms for configuring syslog, such as syslog.conf, have not yet been standardized and might use different sets of Severity labels and/or mapping between Severity labels and Severity codes than the MIB.
请注意,用于配置syslog的操作系统机制(如syslog.conf)尚未标准化,可能使用不同于MIB的严重性标签集和/或严重性标签与严重性代码之间的映射。
For example, the foobar application might log messages as 'crit' based on some subjective criteria. Yet the operator can configure syslog to forward these messages, even though the criteria for 'crit' may differ from one originator to another. This is typical current practice, and originators, relays, and collectors can be configured to properly handle this situation.
例如,foobar应用程序可能基于一些主观标准将消息记录为“crit”。然而,操作员可以配置syslog转发这些消息,即使“crit”的标准在不同的发起者之间可能有所不同。这是典型的当前实践,可以配置发起者、继电器和收集器来正确处理这种情况。
" REFERENCE "The Syslog Protocol (RFC5424): Table 2" SYNTAX INTEGER { emerg (0), -- emergency; system is unusable alert (1), -- action must be taken immediately crit (2), -- critical condition err (3), -- error condition warning (4), -- warning condition notice (5), -- normal but significant condition info (6), -- informational message debug (7) -- debug-level messages
“参考”系统日志协议(RFC5424):表2“语法整数{emerg(0),--紧急;系统不可用警报(1),--必须立即采取措施crit(2),--临界条件错误(3),--错误条件警告(4),--警告条件通知(5),--正常但有效的条件信息(6),--信息消息调试(7)--调试级消息
}
}
END
终止
This module does not define any management objects. Instead, it defines a set of textual conventions which may be used by other MIB modules to define management objects. Meaningful security considerations can only be written in the MIB modules that define management objects. This document has therefore no impact on the security of the Internet. Since objects defined using the TCs defined in this document may introduce security issues, the user of these TCs should read the security considerations section of [RFC5424].
此模块不定义任何管理对象。相反,它定义了一组文本约定,其他MIB模块可以使用这些文本约定来定义管理对象。有意义的安全注意事项只能写入定义管理对象的MIB模块中。因此,本文件对互联网的安全没有影响。由于使用本文档中定义的TCs定义的对象可能会引入安全问题,因此这些TCs的用户应阅读[RFC5424]的安全注意事项部分。
The MIB modules in this document use the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
本文档中的MIB模块使用SMI编号注册表中记录的以下IANA分配的对象标识符值:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
syslogTCMIB { mib-2 173 }
syslogTCMIB{mib-2 173}
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2578]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2579]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.
[RFC5424]Gerhards,R.,“系统日志协议”,RFC 54242009年3月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
This document is a product of the Syslog Working Group. The author would like to thank Chris Lonvick, David Harrington, Juergen Schoenwaelder, and Pasi Eronen for their comments and suggestions.
本文档是Syslog工作组的产品。作者要感谢Chris Lonvick、David Harrington、Juergen Schoenwaeld和Pasi Eronen的评论和建议。
Author's Address
作者地址
Glenn Mansfield Keeni Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan
Glenn Mansfield Keeni Cyber Solutions Inc.6-6-3 Minami Yoshinari Aoba ku,仙台989-3204日本
Phone: +81-22-303-4012
EMail: glenn@cysols.com
Phone: +81-22-303-4012
EMail: glenn@cysols.com