Network Working Group J. Schoenwaelder Request for Comments: 5676 Jacobs University Bremen Category: Standards Track A. Clemm Cisco Systems A. Karmakar Cisco Systems India Pvt Ltd October 2009
Network Working Group J. Schoenwaelder Request for Comments: 5676 Jacobs University Bremen Category: Standards Track A. Clemm Cisco Systems A. Karmakar Cisco Systems India Pvt Ltd October 2009
Definitions of Managed Objects for Mapping SYSLOG Messages to Simple Network Management Protocol (SNMP) Notifications
用于将系统日志消息映射到简单网络管理协议(SNMP)通知的托管对象的定义
Abstract
摘要
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a mapping of SYSLOG messages to Simple Network Management Protocol (SNMP) notifications.
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。特别是,它定义了系统日志消息到简单网络管理协议(SNMP)通知的映射。
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括《信托法律条款》第4.e节中所述的简化BSD许可文本,并且提供BSD许可中所述的代码组件时不提供任何担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . . 2 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 6. Relationship to the SNMP Notification to SYSLOG Mapping . . . 6 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 18 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 10. Security Considerations . . . . . . . . . . . . . . . . . . . 19 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 12.1. Normative References . . . . . . . . . . . . . . . . . . 20 12.2. Informative References . . . . . . . . . . . . . . . . . 21
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . . 2 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 6. Relationship to the SNMP Notification to SYSLOG Mapping . . . 6 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 18 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 10. Security Considerations . . . . . . . . . . . . . . . . . . . 19 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 12.1. Normative References . . . . . . . . . . . . . . . . . . 20 12.2. Informative References . . . . . . . . . . . . . . . . . 21
SNMP ([RFC3410], [RFC3411]) and SYSLOG [RFC5424] are two widely used protocols to communicate event notifications. Although co-existence of several management protocols in one operational environment is possible, certain environments require that all event notifications be collected by a single system daemon, such as a SYSLOG collector or an SNMP notification receiver, via a single management protocol. In such environments, it is necessary to translate event notifications between management protocols.
SNMP([RFC3410]、[RFC3411])和SYSLOG[RFC5424]是两种广泛使用的事件通知通信协议。虽然在一个操作环境中可以同时存在多个管理协议,但某些环境要求所有事件通知都由单个系统守护程序(如SYSLOG收集器或SNMP通知接收器)通过单个管理协议收集。在这样的环境中,有必要在管理协议之间转换事件通知。
This document defines an SNMP MIB module to represent SYSLOG messages and to send SYSLOG messages as SNMP notifications to SNMP notification receivers.
本文档定义了一个SNMP MIB模块,用于表示系统日志消息,并将系统日志消息作为SNMP通知发送给SNMP通知接收器。
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
SYSLOG messages are translated to SNMP by a SYSLOG-to-SNMP translator. Such a translator acts as a SYSLOG collector [RFC5424] and implements a MIB module according to the SNMP architecture [RFC3411]. The translator might be tightly coupled to an SNMP agent or it might interface with an SNMP agent via a subagent protocol.
系统日志消息由系统日志到SNMP转换器转换为SNMP。这种转换器充当系统日志收集器[RFC5424],并根据SNMP体系结构[RFC3411]实现MIB模块。转换器可能与SNMP代理紧密耦合,也可能通过子代理协议与SNMP代理接口。
After initialization, the SYSLOG-to-SNMP translator will listen for SYSLOG messages. On receiving a message, the message will be parsed to extract information as described in the MIB module. A conceptual table is populated with information extracted from the SYSLOG message, and finally a notification may be generated.
初始化后,SYSLOG-to-SNMP转换器将侦听SYSLOG消息。在接收到消息时,将按照MIB模块中的描述对消息进行解析以提取信息。使用从SYSLOG消息中提取的信息填充概念表,最后可能会生成通知。
The MIB module is organized into a group of scalars and two tables. The syslogMsgControl group contains two scalars controlling the maximum size of SYSLOG messages recorded in the tables and also controlling whether SNMP notifications are generated for SYSLOG messages.
MIB模块被组织成一组标量和两个表。syslogMsgControl组包含两个标量,控制表中记录的SYSLOG消息的最大大小,还控制是否为SYSLOG消息生成SNMP通知。
--syslogMsgObjects(1) | +--syslogMsgControl(1) | +-- Unsigned32 syslogMsgTableMaxSize(1) +-- TruthValue syslogMsgEnableNotifications(2)
--syslogMsgObjects(1) | +--syslogMsgControl(1) | +-- Unsigned32 syslogMsgTableMaxSize(1) +-- TruthValue syslogMsgEnableNotifications(2)
The syslogMsgTable contains one entry for each recorded SYSLOG message. The basic fields of SYSLOG messages as well as message properties are represented in different columns of the conceptual table.
syslogMsgTable为每个记录的SYSLOG消息包含一个条目。SYSLOG消息的基本字段以及消息属性在概念表的不同列中表示。
--syslogMsgObjects(1) | +--syslogMsgTable(2) | +--syslogMsgEntry(1) [syslogMsgIndex] | +-- Unsigned32 syslogMsgIndex(1) +-- SyslogFacility syslogMsgFacility(2) +-- SyslogSeverity syslogMsgSeverity(3) +-- Unsigned32 syslogMsgVersion(4)
--syslogMsgObjects(1) | +--syslogMsgTable(2) | +--syslogMsgEntry(1) [syslogMsgIndex] | +-- Unsigned32 syslogMsgIndex(1) +-- SyslogFacility syslogMsgFacility(2) +-- SyslogSeverity syslogMsgSeverity(3) +-- Unsigned32 syslogMsgVersion(4)
+-- SyslogTimeStamp syslogMsgTimeStamp(5) +-- DisplayString syslogMsgHostName(6) +-- DisplayString syslogMsgAppName(7) +-- DisplayString syslogMsgProcID(8) +-- DisplayString syslogMsgMsgID(9) +-- Unsigned32 syslogMsgSDParams(10) +-- OctetString syslogMsgMsg(11)
+-- SyslogTimeStamp syslogMsgTimeStamp(5) +-- DisplayString syslogMsgHostName(6) +-- DisplayString syslogMsgAppName(7) +-- DisplayString syslogMsgProcID(8) +-- DisplayString syslogMsgMsgID(9) +-- Unsigned32 syslogMsgSDParams(10) +-- OctetString syslogMsgMsg(11)
The syslogMsgSDTable contains one entry for each structured data element parameter contained in a SYSLOG message. Since structured data elements are optional, the relationship between the syslogMsgTable and the syslogMsgSDTable ranges from one-to-zero to one-to-many.
syslogMsgSDTable为SYSLOG消息中包含的每个结构化数据元素参数包含一个条目。由于结构化数据元素是可选的,syslogMsgTable和syslogMsgSDTable之间的关系范围从一到零到一到多。
--syslogMsgObjects(1) | +--syslogMsgSDTable(3) | +--syslogMsgSDEntry(1) [syslogMsgIndex, | syslogMsgSDParamIndex, | syslogMsgSDID, | syslogMsgSDParamName] | +-- Unsigned32 syslogMsgSDParamIndex(1) +-- DisplayString syslogMsgSDID(2) +-- DisplayString syslogMsgSDParamName(3) +-- SyslogParamValueString syslogMsgSDParamValue(4)
--syslogMsgObjects(1) | +--syslogMsgSDTable(3) | +--syslogMsgSDEntry(1) [syslogMsgIndex, | syslogMsgSDParamIndex, | syslogMsgSDID, | syslogMsgSDParamName] | +-- Unsigned32 syslogMsgSDParamIndex(1) +-- DisplayString syslogMsgSDID(2) +-- DisplayString syslogMsgSDParamName(3) +-- SyslogParamValueString syslogMsgSDParamValue(4)
The NOTIFICATION-LOG-MIB [RFC3014] provides a generic mechanism for logging SNMP notifications in order to deal with lost SNMP notifications, e.g., due to transient communication problems. Applications can poll the notification log to verify that they have not missed important SNMP notifications.
NOTIFICATION-LOG-MIB[RFC3014]提供了一种记录SNMP通知的通用机制,以处理丢失的SNMP通知,例如,由于瞬时通信问题而丢失的SNMP通知。应用程序可以轮询通知日志,以验证它们没有错过重要的SNMP通知。
The MIB module defined in this memo provides a mechanism for logging SYSLOG notifications. This additional SYSLOG notification log is provided because (a) SYSLOG messages might not lead to SNMP notification (this is configurable) and (b) SNMP notifications might not carry all information associated with a SYSLOG notification.
此备忘录中定义的MIB模块提供了记录系统日志通知的机制。提供此附加的SYSLOG通知日志是因为(a)SYSLOG消息可能不会导致SNMP通知(这是可配置的)和(b)SNMP通知可能不会包含与SYSLOG通知相关的所有信息。
The MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580], SNMP-FRAMEWORK-MIB [RFC3411], and SYSLOG-TC-MIB [RFC5427].
MIB模块从SNMPv2 SMI[RFC2578]、SNMPv2 TC[RFC2579]、SNMPv2 CONF[RFC2580]、SNMP-FRAMEWORK-MIB[RFC3411]和SYSLOG-TC-MIB[RFC5427]导入对象。
The textual convention SyslogParamValueString uses the UTF-8 transformation format of the ISO/IEC IS 10646-1 character set defined in [RFC3629].
文本约定SyslogParamValueString使用[RFC3629]中定义的ISO/IEC IS 10646-1字符集的UTF-8转换格式。
A companion document [RFC5675] defines a mapping of SNMP notifications to SYSLOG messages. This section discusses the possibilities of using both specifications in combination.
附带文档[RFC5675]定义了SNMP通知到系统日志消息的映射。本节讨论结合使用这两种规范的可能性。
A SYSLOG collector implementing the SYSLOG-MSG-MIB module and the mapping of SNMP notifications to SYSLOG messages may be configured to translate received SYSLOG messages containing SNMP notifications back into the original SNMP notification. In this case, the relevant tables of the SYSLOG-MSG-MIB will not be populated for SYSLOG messages carrying SNMP notifications. This configuration allows operators to build a forwarding chain where SNMP notifications are "tunneled" through SYSLOG messages. Due to size restrictions of the SYSLOG transports and the more verbose textual encoding used by SYSLOG, there is a possibility that SNMP notification content will get truncated when tunneled through SYSLOG, and thus the resulting SNMP notification may be incomplete.
可以将实现SYSLOG-MSG-MIB模块和SNMP通知到SYSLOG消息的映射的SYSLOG收集器配置为将接收到的包含SNMP通知的SYSLOG消息转换回原始SNMP通知。在这种情况下,不会为承载SNMP通知的SYSLOG消息填充SYSLOG-MSG-MIB的相关表。此配置允许操作员构建转发链,其中SNMP通知通过系统日志消息“隧道化”。由于SYSLOG传输的大小限制以及SYSLOG使用的更详细的文本编码,当通过SYSLOG进行隧道传输时,SNMP通知内容可能会被截断,因此生成的SNMP通知可能不完整。
An SNMP management application supporting the SYSLOG-MSG-MIB and the mapping of SNMP notifications to SYSLOG messages may process information from the SYSLOG-MSG-MIB in order to emit a SYSLOG message representing the SYSLOG message recorded in the SYSLOG-MSG-MIB module. This configuration allows operators to build a forwarding chain where SYSLOG messages are "tunneled" through SNMP messages. A notification receiver can determine whether a syslogMsgNotification contained all structured data element parameters of a SYSLOG message. In case parameters are missing, a forwarding application MUST retrieve the missing parameters from the SYSLOG-MSG-MIB. Regular polling of the SYSLOG-MSG-MIB can be used to take care of any lost SNMP notifications.
支持SYSLOG-MSG-MIB和SNMP通知到SYSLOG消息的映射的SNMP管理应用程序可以处理来自SYSLOG-MSG-MIB的信息,以便发出表示SYSLOG-MSG-MIB模块中记录的SYSLOG消息的SYSLOG消息。此配置允许操作员构建转发链,其中系统日志消息通过SNMP消息“隧道化”。通知接收方可以确定syslogMsgNotification是否包含SYSLOG消息的所有结构化数据元素参数。如果缺少参数,转发应用程序必须从SYSLOG-MSG-MIB中检索缺少的参数。SYSLOG-MSG-MIB的定期轮询可用于处理任何丢失的SNMP通知。
SYSLOG-MSG-MIB DEFINITIONS ::= BEGIN
SYSLOG-MSG-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION, DisplayString, TruthValue FROM SNMPv2-TC OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF SyslogFacility, SyslogSeverity
从SNMPv2 SMI文本约定导入MODULE-IDENTITY、OBJECT-TYPE、NOTIFICATION-TYPE、Unsigned32、mib-2,从SNMPv2 TC对象组导入DisplayString、TruthValue,从SNMPv2 CONF SyslogFacility导入NOTIFICATION-GROUP,从SNMPv2 CONF SyslogSeverity导入MODULE-COMPLIANCE
FROM SYSLOG-TC-MIB;
来自SYSLOG-TC-MIB;
syslogMsgMib MODULE-IDENTITY LAST-UPDATED "200908130800Z" ORGANIZATION "IETF OPSAWG Working Group" CONTACT-INFO "Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Jacobs University Bremen Campus Ring 1 28757 Bremen Germany
syslogMsgMib MODULE-IDENTITY最后更新的“200908130800Z”组织“IETF OPSAWG工作组”联系方式“Juergen Schoenwaeld<j。schoenwaelder@jacobs-德国不莱梅大学雅各布大学校园环128757
Alexander Clemm <alex@cisco.com> Cisco Systems 170 West Tasman Drive San Jose, CA 95134-1706 USA
亚历山大·克莱姆<alex@cisco.com>美国加利福尼亚州圣何塞市西塔斯曼大道170号思科系统公司95134-1706
Anirban Karmakar <akarmaka@cisco.com> Cisco Systems India Pvt Ltd SEZ Unit, Cessna Business Park, Sarjapur Marathahalli ORR, Bangalore, Karnataka 560103 India"
阿尼尔班·卡玛卡<akarmaka@cisco.com>思科系统印度私人有限公司经济特区分公司,印度卡纳塔克邦班加罗尔Sarjapur Marathahalli ORR塞斯纳商业园560103“
DESCRIPTION "This MIB module represents SYSLOG messages as SNMP objects.
DESCRIPTION“此MIB模块将系统日志消息表示为SNMP对象。
Copyright (c) 2009 IETF Trust and the persons identified as authors of the code. All rights reserved.
版权所有(c)2009 IETF信托基金和被确定为代码作者的人员。版权所有。
Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info).
根据IETF信托有关IETF文件的法律规定第4.c节规定的简化BSD许可证中包含的许可条款,允许以源代码和二进制格式重新分发和使用,无论是否修改(http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC 5676; see the RFC itself for full legal notices."
此版本的MIB模块是RFC 5676的一部分;有关完整的法律通知,请参见RFC本身。”
REVISION "200908130800Z" DESCRIPTION "Initial version issued as part of RFC 5676." ::= { mib-2 192 }
REVISION "200908130800Z" DESCRIPTION "Initial version issued as part of RFC 5676." ::= { mib-2 192 }
-- textual convention definitions
--文本约定定义
SyslogTimeStamp ::= TEXTUAL-CONVENTION DISPLAY-HINT "2d-1d-1d,1d:1d:1d.3d,1a1d:1d" STATUS current DESCRIPTION "A date-time specification. This type is similar to the DateAndTime type defined in the SNMPv2-TC, except the subsecond granulation is microseconds instead of deciseconds and a zero-length string can be used to indicate a missing value.
SyslogTimeStamp ::= TEXTUAL-CONVENTION DISPLAY-HINT "2d-1d-1d,1d:1d:1d.3d,1a1d:1d" STATUS current DESCRIPTION "A date-time specification. This type is similar to the DateAndTime type defined in the SNMPv2-TC, except the subsecond granulation is microseconds instead of deciseconds and a zero-length string can be used to indicate a missing value.
field octets contents range ----- ------ -------- ----- 1 1-2 year* 0..65536 2 3 month 1..12 3 4 day 1..31 4 5 hour 0..23 5 6 minutes 0..59 6 7 seconds 0..60 (use 60 for leap-second) 7 8-10 microseconds* 0..999999 8 11 direction from UTC '+' / '-' 9 12 hours from UTC* 0..13 10 13 minutes from UTC 0..59
field octets contents range ----- ------ -------- ----- 1 1-2 year* 0..65536 2 3 month 1..12 3 4 day 1..31 4 5 hour 0..23 5 6 minutes 0..59 6 7 seconds 0..60 (use 60 for leap-second) 7 8-10 microseconds* 0..999999 8 11 direction from UTC '+' / '-' 9 12 hours from UTC* 0..13 10 13 minutes from UTC 0..59
* Notes: - the value of year is in network-byte order - the value of microseconds is in network-byte order - daylight saving time in New Zealand is +13
* 注:-年值按网络字节顺序-微秒值按网络字节顺序-新西兰的夏令时为+13
For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be displayed as:
例如,1992年5月26日星期二美国东部夏令时下午1:30:15将显示为:
1992-5-26,13:30:15.0,-4:0
1992-5-26,13:30:15.0,-4:0
Note that if only local time is known, then timezone information (fields 11-13) is not present." SYNTAX OCTET STRING (SIZE (0 | 10 | 13))
请注意,如果只知道本地时间,则时区信息(字段11-13)不存在
SyslogParamValueString ::= TEXTUAL-CONVENTION DISPLAY-HINT "65535t" STATUS current DESCRIPTION "The value of a SYSLOG SD-PARAM is represented using the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 transformation format described in RFC 3629.
SyslogParamValueString ::= TEXTUAL-CONVENTION DISPLAY-HINT "65535t" STATUS current DESCRIPTION "The value of a SYSLOG SD-PARAM is represented using the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 transformation format described in RFC 3629.
Since additional code points are added by amendments to the 10646 standard from time to time, implementations must be prepared to encounter any code point from 0x00000000 to 0x7fffffff. Byte sequences that do not correspond to the valid UTF-8 encoding of a code point or that are outside this range are prohibited. Similarly, overlong UTF-8 sequences are prohibited.
由于额外的代码点是通过对10646标准的不时修订而添加的,因此实现必须准备好遇到从0x00000000到0x7FFFFF的任何代码点。禁止与代码点的有效UTF-8编码不对应或超出此范围的字节序列。同样,禁止过长的UTF-8序列。
UTF-8 may require multiple bytes to represent a single character / code point; thus, the length of this object in octets may be different from the number of characters encoded. Similarly, size constraints refer to the number of encoded octets, not the number of characters represented by an encoding." REFERENCE "RFC 3629: UTF-8, a transformation format of ISO 10646" SYNTAX OCTET STRING
UTF-8可能需要多个字节来表示单个字符/代码点;因此,该对象的长度(以八位字节为单位)可能不同于编码的字符数。类似地,大小限制是指编码的八位字节数,而不是编码表示的字符数。“参考”RFC 3629:UTF-8,ISO 10646语法八位字节字符串的转换格式
-- object definitions
--对象定义
syslogMsgNotifications OBJECT IDENTIFIER ::= { syslogMsgMib 0 } syslogMsgObjects OBJECT IDENTIFIER ::= { syslogMsgMib 1 } syslogMsgConformance OBJECT IDENTIFIER ::= { syslogMsgMib 2 }
syslogMsgNotifications OBJECT IDENTIFIER ::= { syslogMsgMib 0 } syslogMsgObjects OBJECT IDENTIFIER ::= { syslogMsgMib 1 } syslogMsgConformance OBJECT IDENTIFIER ::= { syslogMsgMib 2 }
syslogMsgControl OBJECT IDENTIFIER ::= { syslogMsgObjects 1 }
syslogMsgControl OBJECT IDENTIFIER ::= { syslogMsgObjects 1 }
syslogMsgTableMaxSize OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of SYSLOG messages that may be held in syslogMsgTable. A particular setting does not guarantee that there is sufficient memory available for the maximum number of table entries indicated by this object. A value of 0 means no fixed limit.
syslogMsgTableMaxSize对象类型语法Unsigned32 MAX-ACCESS读写状态当前说明“syslogMsgTable中可以保存的最大SYSLOG消息数。特定设置不能保证有足够的内存用于此对象指示的最大表项数。值为0表示没有固定的限制。
If an application reduces the limit while there are SYSLOG messages in the syslogMsgTable, the SYSLOG messages that are in the syslogMsgTable for the longest time MUST be discarded to bring the table down to the new limit.
如果应用程序在syslogMsgTable中存在SYSLOG消息时降低了限制,则必须丢弃syslogMsgTable中存在时间最长的SYSLOG消息,以使表降低到新的限制。
The value of this object should be kept in nonvolatile memory." DEFVAL { 0 } ::= { syslogMsgControl 1 }
The value of this object should be kept in nonvolatile memory." DEFVAL { 0 } ::= { syslogMsgControl 1 }
syslogMsgEnableNotifications OBJECT-TYPE
SyslogmGenabNotifications对象类型
SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether syslogMsgNotification notifications are generated.
语法TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION“指示是否生成syslogMsgNotification通知。
The value of this object should be kept in nonvolatile memory." DEFVAL { false } ::= { syslogMsgControl 2 }
The value of this object should be kept in nonvolatile memory." DEFVAL { false } ::= { syslogMsgControl 2 }
syslogMsgTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogMsgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing recent SYSLOG messages. The size of the table is controlled by the syslogMsgTableMaxSize object." ::= { syslogMsgObjects 2 }
syslogMsgTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogMsgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing recent SYSLOG messages. The size of the table is controlled by the syslogMsgTableMaxSize object." ::= { syslogMsgObjects 2 }
syslogMsgEntry OBJECT-TYPE SYNTAX SyslogMsgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of the syslogMsgTable." INDEX { syslogMsgIndex } ::= { syslogMsgTable 1 }
syslogMsgEntry OBJECT-TYPE SYNTAX SyslogMsgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of the syslogMsgTable." INDEX { syslogMsgIndex } ::= { syslogMsgTable 1 }
SyslogMsgEntry ::= SEQUENCE { syslogMsgIndex Unsigned32, syslogMsgFacility SyslogFacility, syslogMsgSeverity SyslogSeverity, syslogMsgVersion Unsigned32, syslogMsgTimeStamp SyslogTimeStamp, syslogMsgHostName DisplayString, syslogMsgAppName DisplayString, syslogMsgProcID DisplayString, syslogMsgMsgID DisplayString, syslogMsgSDParams Unsigned32, syslogMsgMsg OCTET STRING }
SyslogMsgEntry ::= SEQUENCE { syslogMsgIndex Unsigned32, syslogMsgFacility SyslogFacility, syslogMsgSeverity SyslogSeverity, syslogMsgVersion Unsigned32, syslogMsgTimeStamp SyslogTimeStamp, syslogMsgHostName DisplayString, syslogMsgAppName DisplayString, syslogMsgProcID DisplayString, syslogMsgMsgID DisplayString, syslogMsgSDParams Unsigned32, syslogMsgMsg OCTET STRING }
syslogMsgIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current
syslogMsgIndex对象类型语法Unsigned32(1..4294967295)MAX-ACCESS不可访问状态当前
DESCRIPTION "A monotonically increasing number used to identify entries in the syslogMsgTable. When syslogMsgIndex reaches the maximum value (4294967295), the value wraps back to 1.
DESCRIPTION“一个单调递增的数字,用于标识syslogMsgTable中的条目。当syslogMsgIndex达到最大值(4294967295)时,该值返回到1。
Applications periodically polling the syslogMsgTable for new entries should take into account that a complete rollover of syslogMsgIndex will happen if more than 4294967294 messages are received during a poll interval." ::= { syslogMsgEntry 1 }
Applications periodically polling the syslogMsgTable for new entries should take into account that a complete rollover of syslogMsgIndex will happen if more than 4294967294 messages are received during a poll interval." ::= { syslogMsgEntry 1 }
syslogMsgFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-only STATUS current DESCRIPTION "The facility of the SYSLOG message." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.1) RFC 5427: Textual Conventions for Syslog Management" ::= { syslogMsgEntry 2 }
syslogMsgFacility OBJECT-TYPE SYNTAX SyslogFacility MAX-ACCESS read-only STATUS current DESCRIPTION "The facility of the SYSLOG message." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.1) RFC 5427: Textual Conventions for Syslog Management" ::= { syslogMsgEntry 2 }
syslogMsgSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-only STATUS current DESCRIPTION "The severity of the SYSLOG message" REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.1) RFC 5427: Textual Conventions for Syslog Management" ::= { syslogMsgEntry 3 }
syslogMsgSeverity OBJECT-TYPE SYNTAX SyslogSeverity MAX-ACCESS read-only STATUS current DESCRIPTION "The severity of the SYSLOG message" REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.1) RFC 5427: Textual Conventions for Syslog Management" ::= { syslogMsgEntry 3 }
syslogMsgVersion OBJECT-TYPE SYNTAX Unsigned32 (0..999) MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the SYSLOG message. A value of 0 indicates that the version is unknown." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.2)" ::= { syslogMsgEntry 4 }
syslogMsgVersion OBJECT-TYPE SYNTAX Unsigned32 (0..999) MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the SYSLOG message. A value of 0 indicates that the version is unknown." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.2)" ::= { syslogMsgEntry 4 }
syslogMsgTimeStamp OBJECT-TYPE SYNTAX SyslogTimeStamp MAX-ACCESS read-only STATUS current
syslogMsgTimeStamp对象类型语法SyslogTimeStamp MAX-ACCESS只读状态当前
DESCRIPTION "The timestamp of the SYSLOG message. A zero-length string is returned if the timestamp is unknown." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.3)" ::= { syslogMsgEntry 5 }
DESCRIPTION "The timestamp of the SYSLOG message. A zero-length string is returned if the timestamp is unknown." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.3)" ::= { syslogMsgEntry 5 }
syslogMsgHostName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The hostname and the (optional) domain name of the SYSLOG message. A zero-length string indicates an unknown hostname. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.4)" ::= { syslogMsgEntry 6 }
syslogMsgHostName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The hostname and the (optional) domain name of the SYSLOG message. A zero-length string indicates an unknown hostname. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.4)" ::= { syslogMsgEntry 6 }
syslogMsgAppName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..48)) MAX-ACCESS read-only STATUS current DESCRIPTION "The app-name of the SYSLOG message. A zero-length string indicates an unknown app-name. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.5)" ::= { syslogMsgEntry 7 }
syslogMsgAppName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..48)) MAX-ACCESS read-only STATUS current DESCRIPTION "The app-name of the SYSLOG message. A zero-length string indicates an unknown app-name. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.5)" ::= { syslogMsgEntry 7 }
syslogMsgProcID OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The procid of the SYSLOG message. A zero-length string indicates an unknown procid. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.6)" ::= { syslogMsgEntry 8 }
syslogMsgProcID OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The procid of the SYSLOG message. A zero-length string indicates an unknown procid. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.6)" ::= { syslogMsgEntry 8 }
syslogMsgMsgID OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32))
syslogMsgMsgID对象类型语法DisplayString(大小(0..32))
MAX-ACCESS read-only STATUS current DESCRIPTION "The msgid of the SYSLOG message. A zero-length string indicates an unknown msgid. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.7)" ::= { syslogMsgEntry 9 }
MAX-ACCESS read-only STATUS current DESCRIPTION "The msgid of the SYSLOG message. A zero-length string indicates an unknown msgid. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.2.7)" ::= { syslogMsgEntry 9 }
syslogMsgSDParams OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of structured data element parameters carried in the SYSLOG message. This number effectively indicates the number of entries in the syslogMsgSDTable. It can be used, for example, by a notification receiver to determine whether a notification carried all structured data element parameters of a SYSLOG message." ::= { syslogMsgEntry 10 }
syslogMsgSDParams OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of structured data element parameters carried in the SYSLOG message. This number effectively indicates the number of entries in the syslogMsgSDTable. It can be used, for example, by a notification receiver to determine whether a notification carried all structured data element parameters of a SYSLOG message." ::= { syslogMsgEntry 10 }
syslogMsgMsg OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "The message part of the SYSLOG message. The syntax does not impose a size restriction. Implementations of this MIB module may truncate the message part of the SYSLOG message such that it fits into the size constraints imposed by the implementation environment. Such truncations can also happen elsewhere in the SYSLOG forwarding chain.
syslogMsgMsg对象类型语法八位字符串MAX-ACCESS只读状态当前说明“系统日志消息的消息部分。该语法不施加大小限制。此MIB模块的实现可能会截断SYSLOG消息的消息部分,以使其符合实现环境施加的大小约束。这种截断也可能发生在SYSLOG转发链的其他地方。
If the first octets contain the value 'EFBBBF'h, then the rest of the message is a UTF-8 string. Since SYSLOG messages may be truncated at arbitrary octet boundaries during forwarding, the message may contain invalid UTF-8 encodings at the end." REFERENCE "RFC 5424: The Syslog Protocol (Sections 6.1 and 6.4)" ::= { syslogMsgEntry 11 }
If the first octets contain the value 'EFBBBF'h, then the rest of the message is a UTF-8 string. Since SYSLOG messages may be truncated at arbitrary octet boundaries during forwarding, the message may contain invalid UTF-8 encodings at the end." REFERENCE "RFC 5424: The Syslog Protocol (Sections 6.1 and 6.4)" ::= { syslogMsgEntry 11 }
syslogMsgSDTable OBJECT-TYPE SYNTAX SEQUENCE OF SyslogMsgSDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION
syslogMsgSDTable对象类型语法SyslogMsgSDEntry MAX-ACCESS的序列不可访问状态当前描述
"A table containing structured data elements of SYSLOG messages." ::= { syslogMsgObjects 3 }
"A table containing structured data elements of SYSLOG messages." ::= { syslogMsgObjects 3 }
syslogMsgSDEntry OBJECT-TYPE SYNTAX SyslogMsgSDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of the syslogMsgSDTable." INDEX { syslogMsgIndex, syslogMsgSDParamIndex, syslogMsgSDID, syslogMsgSDParamName } ::= { syslogMsgSDTable 1 }
syslogMsgSDEntry OBJECT-TYPE SYNTAX SyslogMsgSDEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry of the syslogMsgSDTable." INDEX { syslogMsgIndex, syslogMsgSDParamIndex, syslogMsgSDID, syslogMsgSDParamName } ::= { syslogMsgSDTable 1 }
SyslogMsgSDEntry ::= SEQUENCE { syslogMsgSDParamIndex Unsigned32, syslogMsgSDID DisplayString, syslogMsgSDParamName DisplayString, syslogMsgSDParamValue SyslogParamValueString }
SyslogMsgSDEntry ::= SEQUENCE { syslogMsgSDParamIndex Unsigned32, syslogMsgSDID DisplayString, syslogMsgSDParamName DisplayString, syslogMsgSDParamValue SyslogParamValueString }
syslogMsgSDParamIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indexes the structured data element parameters contained in a SYSLOG message. The first structured data element parameter has the index value 1, and subsequent parameters are indexed by incrementing the index of the previous parameter. The index increases across structured data element boundaries so that the value reflects the position of a structured data element parameter in a SYSLOG message." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 1 }
syslogMsgSDParamIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indexes the structured data element parameters contained in a SYSLOG message. The first structured data element parameter has the index value 1, and subsequent parameters are indexed by incrementing the index of the previous parameter. The index increases across structured data element boundaries so that the value reflects the position of a structured data element parameter in a SYSLOG message." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 1 }
syslogMsgSDID OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name (SD-ID) of a structured data element. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.2)"
syslogMsgSDID对象类型语法DisplayString(大小(1..32))MAX-ACCESS不可访问状态当前描述“结构化数据元素的名称(SD-ID)。SYSLOG协议规范将此字符串限制为可打印的US-ASCII码点。”参考“RFC 5424:SYSLOG协议(第6.3.2节)”
::= { syslogMsgSDEntry 2 }
::= { syslogMsgSDEntry 2 }
syslogMsgSDParamName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of a parameter of the structured data element. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 3 }
syslogMsgSDParamName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of a parameter of the structured data element. The SYSLOG protocol specification constrains this string to printable US-ASCII code points." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 3 }
syslogMsgSDParamValue OBJECT-TYPE SYNTAX SyslogParamValueString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the parameter of a SYSLOG message identified by the index of this table. The value is stored in the unescaped format." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 4 }
syslogMsgSDParamValue OBJECT-TYPE SYNTAX SyslogParamValueString MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the parameter of a SYSLOG message identified by the index of this table. The value is stored in the unescaped format." REFERENCE "RFC 5424: The Syslog Protocol (Section 6.3.3)" ::= { syslogMsgSDEntry 4 }
-- notification definitions
--通知定义
syslogMsgNotification NOTIFICATION-TYPE OBJECTS { syslogMsgFacility, syslogMsgSeverity, syslogMsgVersion, syslogMsgTimeStamp, syslogMsgHostName, syslogMsgAppName, syslogMsgProcID, syslogMsgMsgID, syslogMsgSDParams, syslogMsgMsg } STATUS current DESCRIPTION "The syslogMsgNotification is generated when a new SYSLOG message is received and the value of syslogMsgGenerateNotifications is true.
syslogMsgNotification通知类型对象{syslogMsgFacility、syslogMsgSeverity、syslogMsgVersion、syslogMsgTimeStamp、syslogMsgHostName、syslogMsgAppName、syslogMsgProcID、syslogMsgMsgID、syslogMsgSDParams、syslogMsgMsg}状态当前描述“当接收到新的SYSLOG消息且syslogMsgGenerateNotifications的值为true时,将生成syslogMsgNotification。
Implementations may add syslogMsgSDParamValue objects as long as the resulting notification fits into the size constraints imposed by the implementation environment and the notification message size constraints imposed by maxMessageSize [RFC3412] and SNMP transport mappings." ::= { syslogMsgNotifications 1 }
Implementations may add syslogMsgSDParamValue objects as long as the resulting notification fits into the size constraints imposed by the implementation environment and the notification message size constraints imposed by maxMessageSize [RFC3412] and SNMP transport mappings." ::= { syslogMsgNotifications 1 }
-- conformance statements
--一致性声明
syslogMsgGroups OBJECT IDENTIFIER ::= { syslogMsgConformance 1 } syslogMsgCompliances OBJECT IDENTIFIER ::= { syslogMsgConformance 2 }
syslogMsgGroups OBJECT IDENTIFIER ::= { syslogMsgConformance 1 } syslogMsgCompliances OBJECT IDENTIFIER ::= { syslogMsgConformance 2 }
syslogMsgFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the SYSLOG-MSG-MIB." MODULE -- this module MANDATORY-GROUPS { syslogMsgGroup, syslogMsgSDGroup, syslogMsgControlGroup, syslogMsgNotificationGroup } ::= { syslogMsgCompliances 1 }
syslogMsgFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the SYSLOG-MSG-MIB." MODULE -- this module MANDATORY-GROUPS { syslogMsgGroup, syslogMsgSDGroup, syslogMsgControlGroup, syslogMsgNotificationGroup } ::= { syslogMsgCompliances 1 }
syslogMsgReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the SYSLOG-MSG-MIB that do not support read-write access." MODULE -- this module MANDATORY-GROUPS { syslogMsgGroup, syslogMsgSDGroup, syslogMsgControlGroup, syslogMsgNotificationGroup } OBJECT syslogMsgTableMaxSize MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT syslogMsgEnableNotifications MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { syslogMsgCompliances 2 }
syslogMsgReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the SYSLOG-MSG-MIB that do not support read-write access." MODULE -- this module MANDATORY-GROUPS { syslogMsgGroup, syslogMsgSDGroup, syslogMsgControlGroup, syslogMsgNotificationGroup } OBJECT syslogMsgTableMaxSize MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT syslogMsgEnableNotifications MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { syslogMsgCompliances 2 }
syslogMsgNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for implementations of the SYSLOG-MSG-MIB that do only generate notifications and do not provide a table to allow read access to SYSLOG message details." MODULE -- this module MANDATORY-GROUPS {
syslogMsgNotificationCompliance MODULE-COMPLIANCE STATUS当前描述“SYSLOG-MSG-MIB的实现的符合性声明,这些实现只生成通知,不提供允许读取SYSLOG消息详细信息的表。”MODULE--此模块是必需的{
syslogMsgGroup, syslogMsgSDGroup, syslogMsgNotificationGroup } OBJECT syslogMsgFacility MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgSeverity MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgVersion MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgTimeStamp MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgHostName MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgAppName MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgProcID MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgMsgID MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgSDParams MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgMsg MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required." OBJECT syslogMsgSDParamValue MIN-ACCESS accessible-for-notify DESCRIPTION "Read access is not required."
syslogMsgGroup,syslogMsgSDGroup,syslogMsgNotificationGroup}对象syslogMsgFacility MIN-ACCESS可用于notify描述“不需要读取访问权限”。对象syslogMsgSeverity MIN-ACCESS可用于notify描述“不需要读取访问权限”。对象syslogMsgVersion MIN-ACCESS可用于notify描述“不需要读取访问权限。”对象syslogMsgTimeStamp MIN-access可用于通知说明“不需要读取访问权限”。对象syslogMsgHostName MIN-access可用于通知说明“不需要读取访问权限”。对象syslogMsgAppName MIN-access可用于通知说明“不需要读取访问权限”。对象syslogMsgProcID MIN-ACCESS可用于notify DESCRIPTION“不需要读取访问权限”。对象syslogMsgMsgID MIN-ACCESS可用于notify DESCRIPTION“不需要读取访问权限”。对象syslogMsgSDParams MIN-ACCESS可用于notify DESCRIPTION“不需要读取访问权限”对象syslogMsgMsg MIN-ACCESS可用于notify说明“不需要读取访问权限”。对象syslogMsgSDParamValue MIN-ACCESS可用于notify说明“不需要读取访问权限”
::= { syslogMsgCompliances 3 }
::= { syslogMsgCompliances 3 }
syslogMsgNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { syslogMsgNotification } STATUS current DESCRIPTION "The notifications emitted by this MIB module." ::= { syslogMsgGroups 1 }
syslogMsgNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { syslogMsgNotification } STATUS current DESCRIPTION "The notifications emitted by this MIB module." ::= { syslogMsgGroups 1 }
syslogMsgGroup OBJECT-GROUP OBJECTS { -- syslogMsgIndex, syslogMsgFacility, syslogMsgSeverity, syslogMsgVersion, syslogMsgTimeStamp, syslogMsgHostName, syslogMsgAppName, syslogMsgProcID, syslogMsgMsgID, syslogMsgSDParams, syslogMsgMsg } STATUS current DESCRIPTION "A collection of objects representing a SYSLOG message, excluding structured data elements." ::= { syslogMsgGroups 2 }
syslogMsgGroup OBJECT-GROUP OBJECTS { -- syslogMsgIndex, syslogMsgFacility, syslogMsgSeverity, syslogMsgVersion, syslogMsgTimeStamp, syslogMsgHostName, syslogMsgAppName, syslogMsgProcID, syslogMsgMsgID, syslogMsgSDParams, syslogMsgMsg } STATUS current DESCRIPTION "A collection of objects representing a SYSLOG message, excluding structured data elements." ::= { syslogMsgGroups 2 }
syslogMsgSDGroup OBJECT-GROUP OBJECTS { -- syslogMsgSDParamIndex, -- syslogMsgSDID, -- syslogMsgSDParamName, syslogMsgSDParamValue } STATUS current DESCRIPTION "A collection of objects representing the structured data elements of a SYSLOG message." ::= { syslogMsgGroups 3 }
syslogMsgSDGroup OBJECT-GROUP OBJECTS { -- syslogMsgSDParamIndex, -- syslogMsgSDID, -- syslogMsgSDParamName, syslogMsgSDParamValue } STATUS current DESCRIPTION "A collection of objects representing the structured data elements of a SYSLOG message." ::= { syslogMsgGroups 3 }
syslogMsgControlGroup OBJECT-GROUP OBJECTS { syslogMsgTableMaxSize, syslogMsgEnableNotifications
syslogMsgControlGroup对象组对象{syslogMsgTableMaxSize,syslogmsgenabnotifications
} STATUS current DESCRIPTION "A collection of control objects to control the size of the syslogMsgTable and to enable/disable notifications." ::= { syslogMsgGroups 4 }
} STATUS current DESCRIPTION "A collection of control objects to control the size of the syslogMsgTable and to enable/disable notifications." ::= { syslogMsgGroups 4 }
END
终止
The following example shows a valid SYSLOG message including structured data. The otherwise-unprintable Unicode byte order mark (BOM) is represented as "BOM" in the example.
以下示例显示了包含结构化数据的有效系统日志消息。在本例中,无法打印的Unicode字节顺序标记(BOM)表示为“BOM”。
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
<165>12003-10-11T22:14:15.003Z mymachine.example.com evntslog-ID47[exampleSDID@32473iut=“3”eventSource=“Application”eventID=“1011”]BOMAn应用程序事件日志条目。。。
This SYSLOG message leads to the following entries in the syslogMsgTable and the syslogMsgSDTable (note that string indexes are written as strings for readability reasons):
此SYSLOG消息导致syslogMsgTable和syslogMsgSDTable中出现以下条目(请注意,出于可读性原因,字符串索引被写入字符串):
syslogMsgIndex.1 = 1 syslogMsgFacility.1 = 20 syslogMsgSeverity.1 = 5 syslogMsgVersion.1 = 1 syslogMsgTimeStamp.1 = 2003-10-11,22:14:15.003,+0:0 syslogMsgHostName.1 = "mymachine.example.com" syslogMsgAppName.1 = "evntslog" syslogMsgProcID.1 = "-" syslogMsgMsgID.1 = "ID47" syslogMsgMsg.1 = "BOMAn application event log entry..." syslogMsgSDParamValue.1.1."exampleSDID@32473"."iut" = "3" syslogMsgSDParamValue.1.2."exampleSDID@32473"."eventSource" = "Application" syslogMsgSDParamValue.1.3."exampleSDID@32473"."eventID" = "1011"
syslogMsgIndex.1 = 1 syslogMsgFacility.1 = 20 syslogMsgSeverity.1 = 5 syslogMsgVersion.1 = 1 syslogMsgTimeStamp.1 = 2003-10-11,22:14:15.003,+0:0 syslogMsgHostName.1 = "mymachine.example.com" syslogMsgAppName.1 = "evntslog" syslogMsgProcID.1 = "-" syslogMsgMsgID.1 = "ID47" syslogMsgMsg.1 = "BOMAn application event log entry..." syslogMsgSDParamValue.1.1."exampleSDID@32473"."iut" = "3" syslogMsgSDParamValue.1.2."exampleSDID@32473"."eventSource" = "Application" syslogMsgSDParamValue.1.3."exampleSDID@32473"."eventID" = "1011"
The IANA has assigned value "192" under the 'mib-2' subtree and recorded the assignment in the SMI Numbers registry.
IANA在“mib-2”子树下分配了值“192”,并将分配记录在SMI编号注册表中。
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability:
此MIB模块中定义了许多管理对象,其MAX-ACCESS子句为read-write和/或read-create。在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。以下是表和对象及其敏感度/漏洞:
o syslogMsgTableMaxSize: This object controls how many entries are kept in the syslogMsgTable. Unauthorized modifications may either cause increased memory consumption (by setting this object to a large value) or turn off the capability to retrieve notifications using GET class operations (by setting this object to zero). This might be used to hide traces of an attack.
o syslogMsgTableMaxSize:此对象控制syslogMsgTable中保留的条目数。未经授权的修改可能会导致内存消耗增加(通过将此对象设置为较大的值),或者关闭使用GET类操作检索通知的功能(通过将此对象设置为零)。这可能用于隐藏攻击的痕迹。
o syslogMsgEnableNotifications: This object enables notifications. Unauthorized modifications to disable notification generation can be used to hide an attack by preventing management applications that use SNMP from receiving real-time notifications about events carried in SYSLOG messages. Unauthorized modifications to enable notification generation may be used as part of a denial-of-service attack against a network management system if, for example, the SYSLOG-to-SNMP translator accepts unauthorized SYSLOG messages.
o syslogmsgenabnotifications:此对象启用通知。通过阻止使用SNMP的管理应用程序接收有关SYSLOG消息中携带的事件的实时通知,可以使用未经授权的修改来禁用通知生成,从而隐藏攻击。例如,如果SYSLOG-to-SNMP转换器接受未经授权的SYSLOG消息,则为生成通知而进行的未经授权的修改可能会被用作针对网络管理系统的拒绝服务攻击的一部分。
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
在某些网络环境中,此MIB模块中的某些可读对象(即具有MAX-ACCESS而非not ACCESS的对象)可能被视为敏感或易受攻击。因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。以下是表和对象及其敏感度/漏洞:
o syslogMsgTableMaxSize, syslogMsgEnableNotifications: These objects provide information regarding whether SYSLOG messages are forwarded as SNMP notifications and how many messages will be maintained in the syslogMsgTable. This information might be exploited by an attacker in order to plan actions with the goal of hiding attack activities.
o syslogMsgTableMaxSize、SyslogMsgenalNotifications:这些对象提供有关SYSLOG消息是否作为SNMP通知转发以及syslogMsgTable中将维护多少消息的信息。攻击者可能会利用此信息来计划旨在隐藏攻击活动的行动。
o syslogMsgFacility, syslogMsgSeverity, syslogMsgVersion, syslogMsgTimeStamp, syslogMsgHostName, syslogMsgAppName, syslogMsgProcID, syslogMsgMsgID, syslogMsgSDParams, syslogMsgMsg, syslogMsgSDParamValue: These objects carry the content of SYSLOG messages and the SYSLOG-message-oriented security considerations of [RFC5424] apply. In particular, an attacker who gains access to SYSLOG messages via SNMP may use the knowledge gained from
o syslogMsgFacility、syslogMsgSeverity、syslogMsgVersion、syslogMsgTimeStamp、syslogMsgHostName、syslogMsgAppName、syslogMsgProcID、syslogMsgMsgID、syslogMsgSDParams、syslogMsgSDParamValue:这些对象包含SYSLOG消息的内容,并且[RFC5424]中面向SYSLOG消息的安全注意事项适用。特别是,通过SNMP访问系统日志消息的攻击者可能会使用从中获得的知识
SYSLOG messages to compromise a machine or do other damage. It is therefore desirable to configure SNMP access control rules, enforcing a consistent security policy for SYSLOG messages.
系统日志消息会危害机器或造成其他损坏。因此,需要配置SNMP访问控制规则,为系统日志消息强制执行一致的安全策略。
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPsec),即使如此,也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
建议实施者考虑SNMPv3框架所提供的安全特性(参见[RCFC310],第8节),包括对SNMPv3加密机制的完全支持(用于身份验证和隐私)。
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。
Using the security features of the SNMPv3 framework secures the transport of SYSLOG data via SNMP only. It is therefore RECOMMENDED that deployments use SYSLOG security mechanisms in order to prevent attackers from adding malicious SYSLOG data to the MIB tables.
使用SNMPv3框架的安全功能可以仅通过SNMP保护系统日志数据的传输。因此,建议部署使用系统日志安全机制,以防止攻击者将恶意系统日志数据添加到MIB表中。
The editors wish to thank the following individuals for providing helpful comments on various versions of this document: Martin Bjorklund, Washam Fan, Rainer Gerhards, Wes Hardacker, David Harrington, Tom Petch, Juergen Quittek, Dan Romascanu, and Bert Wijnen.
编辑们希望感谢以下个人对本文件的不同版本提供了有益的评论:马丁·比约克隆德、瓦萨姆·范、雷纳·格哈德斯、韦斯·哈达克、大卫·哈灵顿、汤姆·佩奇、尤尔根·奎特克、丹·罗马斯卡努和伯特·维恩。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", RFC 2578, STD 58, April 1999.
[RFC2578]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“管理信息的结构版本2(SMIv2)”,RFC 2578,STD 58,1999年4月。
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", RFC 2579, STD 58, April 1999.
[RFC2579]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的文本约定”,RFC 2579,STD 58,1999年4月。
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", RFC 2580, STD 58, April 1999.
[RFC2580]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的一致性声明”,RFC 2580,STD 58,1999年4月。
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[RFC3411]Harrington,D.,Presohn,R.,和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC3412] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3412, December 2002.
[RFC3412]Case,J.,Harrington,D.,Presohn,R.,和B.Wijnen,“简单网络管理协议(SNMP)的消息处理和调度”,STD 62,RFC 3412,2002年12月。
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, March 2009.
[RFC5424]Gerhards,R.,“系统日志协议”,RFC 54242009年3月。
[RFC5427] Keeni, G., "Textual Conventions for Syslog Management", RFC 5427, March 2009.
[RFC5427]Keeni,G.“系统日志管理的文本约定”,RFC 5427,2009年3月。
[RFC5675] Marinov, V. and J. Schoenwaelder, "Mapping Simple Network Management Protocol (SNMP) Notifications to SYSLOG Messages", RFC 5675, October 2009.
[RFC5675]Marinov,V.和J.Schoenwaeld,“将简单网络管理协议(SNMP)通知映射到系统日志消息”,RFC 5675,2009年10月。
[RFC3014] Kavasseri, R., Ed., "Notification Log MIB", RFC 3014, November 2002.
[RFC3014]卡瓦塞里,R.,编辑,“通知日志MIB”,RFC30142002年11月。
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。
Authors' Addresses
作者地址
Juergen Schoenwaelder Jacobs University Bremen Campus Ring 1 28725 Bremen Germany
德国不来梅大学校园环128725
EMail: j.schoenwaelder@jacobs-university.de
EMail: j.schoenwaelder@jacobs-university.de
Alexander Clemm Cisco Systems 170 West Tasman Drive San Jose, CA 95134-1706 USA
美国加利福尼亚州圣何塞西塔斯曼大道170号亚历山大·克莱姆思科系统公司,邮编95134-1706
EMail: alex@cisco.com
EMail: alex@cisco.com
Anirban Karmakar Cisco Systems India Pvt Ltd SEZ Unit, Cessna Business Park, Sarjapur Marathahalli ORR, Bangalore, Karnataka 560103 India
Anirban Karmakar Cisco Systems India Pvt Ltd经济特区,印度卡纳塔克邦班加罗尔Sarjapur Marathahalli ORR塞斯纳商业园,邮编:560103
EMail: akarmaka@cisco.com
EMail: akarmaka@cisco.com