Internet Engineering Task Force (IETF) J. Clarke, Ed.
Request for Comments: 9742 Cisco
Category: Standards Track M. Jethanandani, Ed.
ISSN: 2070-1721 Kloud Services
C. Wildes, Ed.
Cisco Systems Inc.
K. Koushik, Ed.
Verizon Wireless
April 2025
This document defines a YANG data model for the management of a syslog process. It is intended that this data model be used by vendors who implement syslog collectors in their systems.
このドキュメントでは、syslogプロセスの管理のためのYangデータモデルを定義します。このデータモデルは、システムにSyslogコレクターを実装するベンダーが使用することを意図しています。
This is an Internet Standards Track document.
これは、インターネット標準トラックドキュメントです。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
このドキュメントは、インターネットエンジニアリングタスクフォース(IETF)の製品です。IETFコミュニティのコンセンサスを表しています。公開レビューを受けており、インターネットエンジニアリングステアリンググループ(IESG)からの出版が承認されています。インターネット標準の詳細については、RFC 7841のセクション2で入手できます。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9742.
このドキュメントの現在のステータス、任意のERRATA、およびそのフィードバックを提供する方法に関する情報は、https://www.rfc-editor.org/info/rfc9742で取得できます。
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.
著作権(c)2025 IETF Trustおよび文書著者として特定された人。無断転載を禁じます。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.
このドキュメントは、BCP 78およびIETFドキュメント(https://trustee.ietf.org/license-info)に関連するIETF Trustの法的規定の対象となります。この文書に関するあなたの権利と制限を説明するので、これらの文書を注意深く確認してください。このドキュメントから抽出されたコードコンポーネントには、セクション4.Eで説明されている法的規定のセクション4.Eで説明されており、改訂されたBSDライセンスで説明されている保証なしで提供されるように、改訂されたBSDライセンステキストを含める必要があります。
1. Introduction
1.1. Requirements Language
2. Terminology
3. NMDA Compliance
4. Design of the Syslog Model
4.1. Syslog Module
5. Syslog YANG Module
5.1. The ietf-syslog Module
6. Usage Examples
6.1. Syslog Configuration for Severity Critical
6.2. Remote Syslog Configuration
7. IANA Considerations
7.1. The IETF XML Registry
7.2. The YANG Module Names Registry
8. Security Considerations
9. References
9.1. Normative References
9.2. Informative References
Appendix A. Tree Diagrams
A.1. Complete Tree Diagram
Appendix B. Implementer Guidelines
B.1. Extending Facilities
B.2. Syslog Terminal Output
B.3. Syslog File Naming Convention
Acknowledgements
Authors' Addresses
This document defines a YANG [RFC7950] data model that may be used to configure the syslog feature running on a system. YANG data models can be used with network management protocols such as NETCONF [RFC6241] to install, manipulate, and delete the configuration of network devices.
このドキュメントでは、システムで実行されているSyslog機能の構成に使用できるYang [RFC7950]データモデルを定義します。Yangデータモデルは、NetConf [RFC6241]などのネットワーク管理プロトコルで使用して、ネットワークデバイスの構成をインストール、操作、削除できます。
The data model makes use of the YANG "feature" construct that allows implementations to support only those syslog features that lie within their capabilities.
データモデルは、実装が機能内にあるSyslog機能のみをサポートできるようにするYang「機能」構成を使用します。
This module can be used to configure the syslog application conceptual layers as implemented on the syslog collector.
このモジュールを使用して、Syslogコレクターに実装されているようにSyslogアプリケーションの概念レイヤーを構成できます。
Essentially, a syslog process receives messages (from the kernel, processes, applications, or other syslog processes) and processes them. The processing may involve logging to a local file, displaying on console, and/or relaying to syslog processes on other machines. The process is determined by the "facility" that originated the message and the "severity" assigned to the message by the facility.
基本的に、Syslogプロセスはメッセージ(カーネル、プロセス、アプリケーション、またはその他のSyslogプロセスから)を受信し、それらを処理します。処理には、ローカルファイルへのログ、コンソールに表示され、他のマシンのSyslogプロセスに中継することが含まれます。このプロセスは、メッセージを発信した「施設」と、施設によってメッセージに割り当てられた「重大度」によって決定されます。
Such definitions of syslog protocol are defined in [RFC5424] and are used in this RFC.
Syslogプロトコルのこのような定義は[RFC5424]で定義されており、このRFCで使用されています。
The YANG data model in this document conforms to the Network Management Datastore Architecture defined in [RFC8342].
このドキュメントのYangデータモデルは、[RFC8342]で定義されているネットワーク管理データストアアーキテクチャに準拠しています。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
このドキュメント内のキーワード「MUST」、「MUST NOT」、「REQUIRED」、「SHALL」、「SHALL NOT」、「SHOULD」、「SHOULD NOT」、「RECOMMENDED」、「NOT RECOMMENDED」、「MAY」、および「OPTIONAL」は、ここに示すようにすべて大文字で表示されている場合にのみ、BCP 14 [RFC2119] [RFC8174] で説明されているように解釈されます。
The following terms are used throughout this document:
次の用語は、このドキュメント全体で使用されます。
Originator:
オリジネーター:
An "originator" refers to an entity that generates syslog content to be carried in a message. The term is defined in [RFC5424].
「オリジネーター」とは、メッセージに掲載されるSyslogコンテンツを生成するエンティティを指します。この用語は[RFC5424]で定義されています。
Relay:
リレー:
A "relay" is an entity that forwards syslog messages. It accepts messages from originators or other relays and sends them to collectors or other relays. The term is defined in [RFC5424].
「リレー」は、Syslogメッセージを転送するエンティティです。オリジネーターまたは他のリレーからのメッセージを受け入れ、コレクターや他のリレーに送信します。この用語は[RFC5424]で定義されています。
Collector:
コレクタ:
A "collector" gathers syslog content for further analysis. The term is defined in [RFC5424].
「コレクター」は、さらなる分析のためにSyslogコンテンツを収集します。この用語は[RFC5424]で定義されています。
Action:
アクション:
The term "action" refers to the process that takes place for each syslog message received.
「アクション」という用語は、受信した各syslogメッセージに対して行われるプロセスを指します。
The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in [RFC8342].
このドキュメントのYangデータモデルは、[RFC8342]で定義されているネットワーク管理データストアアーキテクチャ(NMDA)に準拠しています。
The syslog model was designed by comparing various syslog features implemented by various vendors in different implementations.
Syslogモデルは、さまざまな実装でさまざまなベンダーによって実装されたさまざまなSyslog機能を比較することで設計されました。
The module defines leafs that are common across implementations. Its simple design is meant to offer maximum flexibility. However, not all optional features defined in this document are present in all vendor implementations. Therefore, vendors need to use the feature statements to specify the optional features they support. At the same time, vendors can augment the model to add proprietary features. "Extending Facilities" (Appendix B.1) shows an example of how that can be realized.
モジュールは、実装全体で一般的な葉を定義します。そのシンプルなデザインは、最大限の柔軟性を提供することを目的としています。ただし、このドキュメントで定義されているすべてのオプション機能がすべてのベンダーの実装に存在するわけではありません。したがって、ベンダーは機能ステートメントを使用して、サポートするオプションの機能を指定する必要があります。同時に、ベンダーはモデルを増強して独自の機能を追加できます。「施設の拡張」(付録B.1)は、それがどのように実現できるかの例を示しています。
Syslog consists of originators and collectors. The following diagram shows the syslog processing flow from originators to collectors where filtering can take place.
Syslogは、創始者とコレクターで構成されています。次の図は、フィルタリングが行われる可能性のある発信者からコレクターへのsyslog処理フローを示しています。
Originators
+-------------+ +-------------+ +-------------+ +-------------+
| Various | | OS | | | | Remote |
| Components | | Kernel | | Line Cards | | Servers |
+-------------+ +-------------+ +-------------+ +-------------+
+-------------+ +-------------+ +-------------+ +-------------+
| SNMP | | Interface | | Standby | | Syslog |
| Events | | Events | | Supervisor | | Itself |
+-------------+ +-------------+ +-------------+ +-------------+
| |
+----------------------------------------------------------------+
|
|
|
|
+-------------+--------------+
| | |
v v v
Collectors
+----------+ +----------+ +----------------+
| | | Log | |Remote Relay(s)/|
| Console | | File(s) | |Collector(s) |
+----------+ +----------+ +----------------+
Figure 1: Syslog Processing Flow
図1:syslog処理フロー
Collectors are configured using the leafs in the syslog model "actions" container that correspond to each message collector:
コレクターは、各メッセージコレクターに対応するsyslogモデル「アクション」コンテナのリーフを使用して構成されています。
* console
* コンソール
* log file(s)
* ログファイル
* remote relay(s)/collector(s)
* リモートリレー/コレクター
Within each action, a selector is used to filter syslog messages. A selector consists of a list of one or more filters specified by facility-severity pairs, and, if supported via the select-match feature, an optional regular expression pattern match that is performed on the MSG field described in Section 6.4 of [RFC5424].
各アクション内で、セレクターを使用してsyslogメッセージをフィルタリングします。セレクターは、施設の過度のペアで指定された1つ以上のフィルターのリストで構成され、選択マッチ機能を介してサポートされている場合、[RFC5424]のセクション6.4で説明されているMSGフィールドで実行されるオプションの正規表現パターンマッチ。
A syslog message is processed if there is an element
of facility-list (F, S) where
the message facility matches F,
the message severity matches S,
and/or the message text matches the regex pattern (if it
is present)
The facility is one of a specific syslog-facility or all facilities.
この施設は、特定のSyslogファシリティまたはすべての施設の1つです。
The model offers the ability to select a transport that a user might want to use for a remote relay or collector. The choice is between using UDP or TLS-based sessions. The user can configure multiple relays or collectors, but they have to use the same transport.
このモデルは、ユーザーがリモートリレーまたはコレクターに使用する可能性のあるトランスポートを選択する機能を提供します。選択は、UDPまたはTLSベースのセッションを使用するかどうかです。ユーザーは複数のリレーまたはコレクターを構成できますが、同じトランスポートを使用する必要があります。
The severity is one of type syslog-severity, all severities, or none. None is a special case that can be used to disable a filter. When filtering severity, the default comparison is that messages of the specified severity and higher are selected to be logged. This is shown in the model as "default equals-or-higher". This behavior can be altered if the select-adv-compare feature is enabled to specify a compare operation and an action. Compare operations are: "equals" to select messages with this single severity, or "equals-or-higher" to select messages of the specified severity and higher. Actions are used to log the message, block the message, or stop the message from being logged.
重大度は、タイプのsyslogの過剰、すべての重症度、またはなしの1つです。フィルターの無効化に使用できる特別なケースはありません。重大度をフィルタリングする場合、デフォルトの比較は、指定された重大度以降のメッセージがログに表示されるように選択されることです。これは、モデルに「デフォルトの等しいまたは高」として表示されます。この動作は、Select-ADV-Compare機能が有効になっている場合、比較操作とアクションを指定すると変更できます。操作を比較すると、「等しい」この単一の重大度を持つメッセージを選択するか、「等しいまたは高」で指定された重大度以上のメッセージを選択します。アクションは、メッセージのログ、メッセージのブロック、またはメッセージのログが表示されないようにするために使用されます。
Many vendors extend the list of facilities available for logging in their implementation. An example is included in "Extending Facilities" (Appendix B.1).
多くのベンダーは、実装をログに記録できる施設のリストを拡張しています。例は「施設の拡張」に含まれています(付録B.1)。
A simplified tree representation of the data model is shown in Figure 2. Please see [RFC8340] for tree diagram notation.
データモデルの単純化されたツリー表現を図2に示します。ツリー図の表記については、[RFC8340]を参照してください。
module: ietf-syslog
+--rw syslog!
+--rw actions
+--rw console! {console-action}?
| +--rw filter
| | +--rw facility-list* [facility severity]
| | +--rw facility union
| | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration
| | +--rw action? identityref
| +--rw pattern-match? string {select-match}?
+--rw file {file-action}?
| +--rw log-file* [name]
| +--rw name inet:uri
| +--rw filter
| | +--rw facility-list* [facility severity]
| | +--rw facility union
| | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration
| | +--rw action? identityref
| +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint32 {file-limit-size}?
| +--rw rollover? uint32
| | {file-limit-duration}?
| +--rw retention? uint32
| {file-limit-duration}?
+--rw remote {remote-action}?
+--rw destination* [name]
+--rw name string
+--rw (transport)
| +--:(udp)
| | +--rw udp
| | +--rw udp* [address]
| | +--rw address inet:host
| | +--rw port? inet:port-number
| +--:(tls)
| +--rw tls
| +--rw tls* [address]
| +--rw address inet:host
| +--rw port?
| | inet:port-number
| +--rw client-identity!
| | +--rw (auth-type)
| | ...
| +--rw server-authentication
| | +--rw ca-certs! {server-auth-x509-cert}?
| | | ...
| | +--rw ee-certs! {server-auth-x509-cert}?
| | | ...
| | +--rw raw-public-keys!
| | | {server-auth-raw-public-key}?
| | | ...
| | +--rw tls12-psks? empty
| | | {server-auth-tls12-psk}?
| | +--rw tls13-epsks? empty
| | {server-auth-tls13-epsk}?
| +--rw hello-params {tlscmn:hello-params}?
| | +--rw tls-versions
| | | ...
| | +--rw cipher-suites
| | ...
| +--rw keepalives {tls-client-keepalives}?
| +--rw peer-allowed-to-send? empty
| +--rw test-peer-aliveness!
| ...
+--rw filter
| +--rw facility-list* [facility severity]
| +--rw facility union
| +--rw severity union
| +--rw advanced-compare {select-adv-compare}?
| +--rw compare? enumeration
| +--rw action? identityref
+--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref
+--rw source-interface? if:interface-ref
| {remote-source-interface}?
+--rw signing! {signed-messages}?
+--rw cert-signers
+--rw cert-signer* [name]
| +--rw name string
| +--rw cert
| | +--rw public-key-format?
| | | identityref
| | +--rw public-key? binary
| | +--rw private-key-format?
| | | identityref
| | +--rw (private-key-type)
| | | +--:(cleartext-private-key)
| | | | {cleartext-private-keys}?
| | | | ...
| | | +--:(hidden-private-key)
| | | | {hidden-private-keys}?
| | | | ...
| | | +--:(encrypted-private-key)
| | | {encrypted-private-keys}?
| | | ...
| | +--rw cert-data?
| | | end-entity-cert-cms
| | +---n certificate-expiration
| | | {certificate-expiration-notificati\
on}?
| | | +-- expiration-date
| | | yang:date-and-time
| | +---x generate-csr {csr-generation}?
| | +---w input
| | | ...
| | +--ro output
| | ...
| +--rw hash-algorithm? enumeration
+--rw cert-initial-repeat? uint32
+--rw cert-resend-delay? uint32
+--rw cert-resend-count? uint32
+--rw sig-max-delay? uint32
+--rw sig-number-resends? uint32
+--rw sig-resend-delay? uint32
+--rw sig-resend-count? uint32
Figure 2: Tree Diagram for Syslog Model
図2:Syslogモデルのツリー図
This module imports typedefs from [RFC6991], [RFC8343], groupings from [RFC9640], and [RFC9645]. It references [RFC5424], [RFC5425], [RFC5426], [RFC5848], [RFC8089], [RFC8174], and [Std-1003.1-2024].
このモジュールは、[RFC6991]、[RFC8343]、[RFC9640]、および[RFC9645]からの[RFC8343]、[RFC9640]からのTypedEfをインポートします。[RFC5424]、[RFC5425]、[RFC5426]、[RFC5848]、[RFC8089]、[RFC8174]、および[STD-1003.1-2024]を参照します。
<CODE BEGINS> file "ietf-syslog@2025-04-30.yang"
module ietf-syslog {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog;
import ietf-inet-types {
prefix inet;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
import ietf-tls-client {
prefix tlsc;
reference
"RFC 9645: YANG Groupings for TLS Clients and TLS Servers";
}
import ietf-crypto-types {
prefix ct;
reference
"RFC 9640: YANG Data Types and Groupings for Cryptography";
}
organization
"IETF NETMOD (Network Modeling) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org>
Editor: Mahesh Jethanandani
<mailto:mjethanandani@gmail.com>
Editor: Joe Clarke
<mailto:jclarke@cisco.com>
Editor: Kiran Agrahara Sreenivasa
<mailto:kirankoushik.agraharasreenivasa@verizonwireless.com>
Editor: Clyde Wildes
<mailto:clyde@clydewildes.com>";
description
"This module contains a collection of YANG definitions
for syslog management.
Copyright (c) 2025 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 9742
(https://www.rfc-editor.org/info/rfc9742);
see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all capitals,
as shown here.";
revision 2025-04-30 {
description
"Initial Revision";
reference
"RFC 9742: Syslog YANG Module";
}
feature console-action {
description
"This feature indicates that the local console action is
supported.";
}
feature file-action {
description
"This feature indicates that the local file action is
supported.";
}
feature file-limit-size {
description
"This feature indicates that file logging resources
are managed using size and number limits.";
}
feature file-limit-duration {
description
"This feature indicates that file logging resources
are managed using time based limits.";
}
feature remote-action {
description
"This feature indicates that the remote server action is
supported.";
}
feature remote-source-interface {
description
"This feature indicates that source-interface is supported
for the remote-action.";
}
feature select-adv-compare {
description
"This feature represents the ability to select messages
using the additional comparison operators when comparing
the syslog message severity.";
}
feature select-match {
description
"This feature represents the ability to select messages
based on a Posix 1003.2 regular expression pattern
match.";
}
feature structured-data {
description
"This feature represents the ability to log messages
in structured-data format.";
reference
"RFC 5424: The Syslog Protocol";
}
feature signed-messages {
description
"This feature represents the ability to configure signed
syslog messages.";
reference
"RFC 5848: Signed Syslog Messages";
}
typedef syslog-severity {
type enumeration {
enum emergency {
value 0;
description
"The severity level 'Emergency' indicates that the
system is unusable.";
}
enum alert {
value 1;
description
"The severity level 'Alert' indicates that an
action must be taken immediately.";
}
enum critical {
value 2;
description
"The severity level 'Critical' indicates a
critical condition.";
}
enum error {
value 3;
description
"The severity level 'Error' indicates an error
condition.";
}
enum warning {
value 4;
description
"The severity level 'Warning' indicates a warning
condition.";
}
enum notice {
value 5;
description
"The severity level 'Notice' indicates a normal
but significant condition.";
}
enum info {
value 6;
description
"The severity level 'Info' indicates an
informational message.";
}
enum debug {
value 7;
description
"The severity level 'Debug' indicates a
debug-level message.";
}
}
description
"The definitions for Syslog message severity.
Note that a lower value is a higher severity. Comparisons
of equal-or-higher severity mean equal-or-lower numeric
value";
reference
"RFC 5424: The Syslog Protocol";
}
identity syslog-facility {
description
"This identity is used as a base for all syslog
facilities.";
reference
"RFC 5424: The Syslog Protocol";
}
identity kern {
base syslog-facility;
description
"The facility for kernel messages (numerical code 0).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity user {
base syslog-facility;
description
"The facility for user-level messages (numerical code 1).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity mail {
base syslog-facility;
description
"The facility for the mail system (numerical code 2).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity daemon {
base syslog-facility;
description
"The facility for the system daemons (numerical code 3).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity auth {
base syslog-facility;
description
"The facility for security/authorization messages (numerical
code 4).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity syslog {
base syslog-facility;
description
"The facility for messages generated internally by a syslog
daemon facility (numerical code 5).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity lpr {
base syslog-facility;
description
"The facility for the line printer subsystem (numerical code
6).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity news {
base syslog-facility;
description
"The facility for the network news subsystem (numerical code
7).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity uucp {
base syslog-facility;
description
"The facility for the Unix-to-Unix Copy (UUCP) subsystem
(numerical code 8).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity cron {
base syslog-facility;
description
"The facility for the clock daemon (numerical code 9).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity authpriv {
base syslog-facility;
description
"The facility for privileged security/authorization messages
(numerical code 10).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity ftp {
base syslog-facility;
description
"The facility for the FTP daemon (numerical code 11).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity ntp {
base syslog-facility;
description
"The facility for the NTP subsystem (numerical code 12).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity audit {
base syslog-facility;
description
"The facility for log audit messages (numerical code 13).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity console {
base syslog-facility;
description
"The facility for log alert messages (numerical code 14).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity cron2 {
base syslog-facility;
description
"The facility for the second clock daemon (numerical code
15).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local0 {
base syslog-facility;
description
"The facility for local use 0 messages (numerical code 16).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local1 {
base syslog-facility;
description
"The facility for local use 1 messages (numerical code 17).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local2 {
base syslog-facility;
description
"The facility for local use 2 messages (numerical code 18).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local3 {
base syslog-facility;
description
"The facility for local use 3 messages (numerical code 19).";
reference
"RFC 5424: The Syslog Protocol";
}
identity local4 {
base syslog-facility;
description
"The facility for local use 4 messages (numerical code 20).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local5 {
base syslog-facility;
description
"The facility for local use 5 messages (numerical code 21).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local6 {
base syslog-facility;
description
"The facility for local use 6 messages (numerical code 22).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local7 {
base syslog-facility;
description
"The facility for local use 7 messages (numerical code 23).";
reference
"RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity action {
description
"Base identity for action for how a message will be
handled.";
}
identity log {
base action;
description
"This identity specifies that if the compare operation is
true, the message will be logged.";
}
identity block {
base action;
description
"This identity specifies that if the compare operation is
true, the message will not be logged.";
}
identity stop {
base action;
description
"This identity specifies that if the compare operation is
true, the message will not be logged and no further
processing will occur for it.";
}
grouping severity-filter {
description
"This grouping defines the processing used to select
log messages by comparing syslog message severity using
the following processing rules:
- if 'none', do not match.
- if 'all', match.
- else, compare message severity with the specified
severity according to the default compare rule (all
messages of the specified severity and greater match)
or if the select-adv-compare feature is present, use
the advance-compare rule.";
leaf severity {
type union {
type syslog-severity;
type enumeration {
enum none {
value 2147483647;
description
"This enum describes the case where no
severities are selected.";
}
enum all {
value -2147483648;
description
"This enum describes the case where all
severities are selected.";
}
}
}
mandatory true;
description
"This leaf specifies the syslog message severity.";
}
container advanced-compare {
when "../severity != \"all\" and
../severity != \"none\"" {
description
"The advanced compare container is not applicable
for severity 'all' or severity 'none'";
}
if-feature "select-adv-compare";
leaf compare {
type enumeration {
enum equals {
description
"This enum specifies that the severity
comparison operation will be equals.";
}
enum equals-or-higher {
description
"This enum specifies that the severity
comparison operation will be equals or
higher.";
}
}
default "equals-or-higher";
description
"The compare operation can be used to specify the comparison
operator that should be used to compare the syslog
message severity with the specified severity.";
}
leaf action {
type identityref {
base action;
}
default "log";
description
"The action can be used to specify how the message
should be handled. This may include logging the
message, not logging the message (i.e., blocking
it), or stopping further processing.";
}
description
"This container describes additional severity compare
operations that can be used in place of the default
severity comparison. The compare leaf specifies the
type of compare operation that is done and the
action leaf specifies the intended result.
Example: compare->equals and action->block means
messages that have a severity that are equal to the
specified severity will not be logged.";
}
}
grouping selector {
description
"This grouping defines a syslog selector, which is used to
select log messages for the log-actions (console, file,
remote, etc.). Choose one or both of the following:
facility [<facility> <severity>...]
pattern-match regular-expression-match-string
If both facility and pattern-match are specified, both
must match in order for a log message to be selected.";
container filter {
description
"This container describes the syslog filter
parameters.";
list facility-list {
key "facility severity";
ordered-by user;
description
"This list describes a collection of syslog
facilities and severities.";
leaf facility {
type union {
type identityref {
base syslog-facility;
}
type enumeration {
enum all {
description
"This enum describes the case where
all facilities are requested.";
}
}
}
description
"The leaf uniquely identifies a syslog
facility.";
}
uses severity-filter;
}
}
leaf pattern-match {
if-feature "select-match";
type string;
description
"This leaf describes a Posix 1003.2 regular expression
string that can be used to select a syslog message for
logging. The match is performed on the SYSLOG-MSG
field.";
reference
"RFC 5424: The Syslog Protocol
Std-1003.1-2024 Regular Expressions";
}
}
grouping structured-data {
description
"This grouping defines the syslog structured data option,
which is used to select the format used to write log
messages.";
leaf structured-data {
if-feature "structured-data";
type boolean;
default "false";
description
"This leaf describes how log messages are written.
If true, messages will be written with one or more
STRUCTURED-DATA elements; if false, messages will be
written with STRUCTURED-DATA = NILVALUE.";
reference
"RFC 5424: The Syslog Protocol";
}
}
container syslog {
presence "Enables logging.";
description
"This container describes the configuration parameters for
syslog.";
container actions {
description
"This container describes the log-action parameters
for syslog.";
container console {
if-feature "console-action";
presence "Enables logging to the console";
description
"This container describes the configuration
parameters for console logging.";
uses selector;
}
container file {
if-feature "file-action";
description
"This container describes the configuration
parameters for file logging. If file-archive
limits are not supplied, it is assumed that
the local implementation defined limits will
be used.";
list log-file {
key "name";
description
"This list describes a collection of local
logging files.";
leaf name {
type inet:uri {
pattern 'file:.*';
}
description
"This leaf specifies the name of the log
file, which MUST use the uri scheme
file:.";
reference
"RFC 8089: The file URI Scheme";
}
uses selector;
uses structured-data;
container file-rotation {
description
"This container describes the configuration
parameters for log file rotation.";
leaf number-of-files {
if-feature "file-limit-size";
type uint32;
default "1";
description
"This leaf specifies the maximum number
of log files retained. Specify 1 for
implementations that only support one
log file.";
}
leaf max-file-size {
if-feature "file-limit-size";
type uint32;
units "megabytes";
description
"This leaf specifies the maximum log
file size.";
}
leaf rollover {
if-feature "file-limit-duration";
type uint32;
units "minutes";
description
"This leaf specifies the length of time
that log events should be written to a
specific log file. Log events that
arrive after the rollover period cause
the current log file to be closed and
a new log file to be opened.";
}
leaf retention {
if-feature "file-limit-duration";
type uint32;
units "minutes";
description
"This leaf specifies the length of time
that completed/closed log event files
should be stored in the file system
before they are removed.";
}
}
}
}
container remote {
if-feature "remote-action";
description
"This container describes the configuration
parameters for forwarding syslog messages
to remote relays or collectors.";
list destination {
key "name";
description
"This list describes a collection of remote logging
destinations.";
leaf name {
type string;
description
"An arbitrary name for the endpoint to connect to.";
}
choice transport {
mandatory true;
description
"This choice describes the transport option.";
case udp {
container udp {
description
"This container describes the UDP transport
options.";
reference
"RFC 5426: Transmission of Syslog Messages over
UDP";
list udp {
key "address";
description
"List of all UDP sessions.";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of the
remote host. One of the following must be
specified:
- an ipv4 address,
- an ipv6 address, or a
- host name.";
}
leaf port {
type inet:port-number;
default "514";
description
"This leaf specifies the port number used to
deliver messages to the remote server.";
}
}
}
}
case tls {
container tls {
description
"This container describes the TLS transport
options.";
reference
"RFC 5425: Transport Layer Security (TLS) Transport
Mapping for Syslog ";
list tls {
key "address";
description
"List of all TLS-based sessions.";
leaf address {
type inet:host;
description
"The leaf uniquely specifies the address of the
remote host. One of the following must be
specified: an ipv4 address, an ipv6 address,
or a host name.";
}
leaf port {
type inet:port-number;
default "6514";
description
"TCP port 6514 has been allocated as the
default port for syslog over TLS.";
}
uses tlsc:tls-client-grouping;
}
}
}
}
uses selector;
uses structured-data;
leaf facility-override {
type identityref {
base syslog-facility;
}
description
"If specified, this leaf specifies the facility used
to override the facility in messages delivered to the
remote server.";
}
leaf source-interface {
if-feature "remote-source-interface";
type if:interface-ref;
description
"This leaf sets the source interface to be used to
send messages to the remote syslog server. If not set,
messages can be sent on any interface.";
}
container signing {
if-feature "signed-messages";
presence "If present, syslog-signing options is
activated.";
description
"This container describes the configuration
parameters for signed syslog messages.";
reference
"RFC 5848: Signed Syslog Messages";
container cert-signers {
description
"This container describes the signing certificate
configuration for Signature Group 0, which covers
the case for administrators who want all Signature
Blocks to be sent to a single destination.";
list cert-signer {
key "name";
description
"This list describes a collection of syslog message
signers.";
leaf name {
type string;
description
"This leaf specifies the name of the syslog
message signer.";
}
container cert {
uses ct:asymmetric-key-pair-with-cert-grouping;
description
"This is the certificate that is periodically
sent to the remote receiver. The certificate is
inherently associated with its private
and public keys.";
}
leaf hash-algorithm {
type enumeration {
enum SHA1 {
value 1;
description
"This enum describes the SHA1 algorithm.";
}
enum SHA256 {
value 2;
description
"This enum describes the SHA256 algorithm.";
}
}
description
"This leaf describes the syslog signer hash
algorithm used.";
}
}
leaf cert-initial-repeat {
type uint32;
default "3";
description
"This leaf specifies the number of times each
Certificate Block should be sent before the first
message is sent.";
}
leaf cert-resend-delay {
type uint32;
units "seconds";
default "3600";
description
"This leaf specifies the maximum time delay in
seconds until resending the Certificate Block.";
}
leaf cert-resend-count {
type uint32;
default "0";
description
"This leaf specifies the maximum number of other
syslog messages to send until resending the
Certificate Block.";
}
leaf sig-max-delay {
type uint32;
units "seconds";
default "60";
description
"This leaf specifies when to generate a new
Signature Block. If this many seconds have elapsed
since the message with the first message number
of the Signature Block was sent, a new Signature
Block should be generated.";
}
leaf sig-number-resends {
type uint32;
default "0";
description
"This leaf specifies the number of times a
Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular
when the UDP transport as in RFC 5426 is used.)";
}
leaf sig-resend-delay {
type uint32;
units "seconds";
default "5";
description
"This leaf specifies when to send the next
Signature Block transmission based on time. If
this many seconds have elapsed since the previous
sending of this Signature Block, resend it.";
}
leaf sig-resend-count {
type uint32;
default "0";
description
"This leaf specifies when to send the next
Signature Block transmission based on a count.
If this many other syslog messages have been sent
since the previous sending of this Signature
Block, resend it. A value of 0 means that you
don't resend based on the number of messages.";
}
}
}
}
}
}
}
}
<CODE ENDS>
Figure 3: Syslog YANG Module
図3:Syslog Yangモジュール
The following examples are in XML [W3C.REC-xml-20081126].
次の例はXML [W3C.REC-XML-20081126]にあります。
This example shows how the console logging of syslog of severity critical can be enabled.
この例は、Syslog of Siverity Criticalのコンソールロギングを有効にする方法を示しています。
<?xml version="1.0" encoding="UTF-8"?>
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions>
<console>
<filter>
<facility-list>
<facility>all</facility>
<severity>critical</severity>
</facility-list>
</filter>
</console>
</actions>
</syslog>
Figure 4: Syslog Configuration for Severity Critical
図4:重大度クリティカルのSyslog構成
This example shows how the remote logging of syslogs to UDP destination foo.example.com for facility auth and severity error can be enabled.
この例は、syslogsのudp destination foo.example.comへのリモートロギングが施設の認証と重大度エラーを有効にする方法を示しています。
<?xml version="1.0" encoding="UTF-8"?>
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions>
<remote>
<destination>
<name>remote1</name>
<udp>
<udp>
<address>foo.example.com</address>
</udp>
</udp>
<filter>
<facility-list>
<facility>auth</facility>
<severity>error</severity>
</facility-list>
</filter>
</destination>
</remote>
</actions>
</syslog>
Figure 5: Remote Syslog Configuration
図5:リモートSyslog構成
This document registers one URI in the "IETF XML Registry", following the format defined in [RFC3688]:
このドキュメントは、[RFC3688]で定義されている形式に従って、「IETF XMLレジストリ」に1つのURIを登録します。
URI:
URI:
urn:ietf:params:xml:ns:yang:ietf-syslog
urn:ietf:params:xml:ns:yang:ietf-syslog
Registrant Contact:
登録者の連絡先:
The IESG.
IESG。
XML:
XML:
N/A; the requested URI is an XML namespace.
n/a;要求されたURIはXMLネームスペースです。
This document registers one YANG module in the "YANG Module Names" registry [RFC8525], following the format in [RFC7950]:
このドキュメントは、[RFC7950]の形式に従って、「Yangモジュール名」レジストリ[RFC8525]に1つのYangモジュールを登録します。
Name:
名前:
ietf-syslog
ietf-syslog
Namespace:
名前空間:
urn:ietf:params:xml:ns:yang:ietf-syslog
urn:ietf:params:xml:ns:yang:ietf-syslog
Prefix:
プレフィックス:
syslog
syslog
Reference:
参照:
RFC 9742
RFC 9742
This section is modeled after the template defined in [YANG-GUIDELINES].
このセクションは、[Yang-Guidelines]で定義されているテンプレートをモデルにします。
The "ietf-syslog" YANG module defines a data model that is designed to be accessed via YANG-based management protocols, such as NETCONF [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC [RFC9000]) and have to use mutual authentication.
「IETF-SYSLOG」Yangモジュールは、NetConf [RFC6241]やRestConf [RFC8040]などのYangベースの管理プロトコルを介してアクセスするように設計されたデータモデルを定義します。これらのプロトコルは、安全な輸送層(例:SSH [RFC4252]、TLS [RFC8446]、およびQUIC [RFC9000])を使用し、相互認証を使用する必要があります。
The Network Configuration Access Control Model (NACM) [RFC8341] provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
ネットワーク構成アクセス制御モデル(NACM)[RFC8341]は、利用可能なすべてのNetConfまたはRestConfプロトコル操作とコンテンツの事前に設定されたサブセットに特定のNetConfまたはRestConfユーザーのアクセスを制限する手段を提供します。
This module imports groupings from ietf-crypto-types YANG module defined in YANG Groupings for Crypto Types [RFC9640]. Security considerations described in that document apply to this module also.
このモジュールは、暗号タイプ[RFC9640]のYangグループで定義されたIETF-CRYPTO-TYPES YANGモジュールからグループをインポートします。そのドキュメントで説明されているセキュリティ上の考慮事項は、このモジュールにも適用されます。
There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., "config true", which is the default). All writable data nodes are likely to be reasonably sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) and delete operations to these data nodes without proper protection or authentication can have a negative effect on network operations. The following subtrees and data nodes have particular sensitivities/vulnerabilities:
このYangモジュールには、作成可能/クリエーション/削除可能な(つまり、デフォルトである「config true」)というデータノードが多数あります。すべての書き込みデータノードは、一部のネットワーク環境で合理的に敏感または脆弱である可能性があります。適切な保護や認証なしにこれらのデータノードに操作を書き込み(編集)、操作を削除すると、ネットワーク操作に悪影響を与える可能性があります。次のサブツリーとデータノードには、特定の感度/脆弱性があります。
facility-filter/pattern-match:
施設フィルター/パターンマッチ:
When writing this node, implementations MUST ensure that the regular expression pattern match is not constructed to cause a regular expression denial-of-service attack due to a pattern that causes the regular expression implementation to work very slowly (exponentially related to input size).
このノードを記述するとき、実装は、正規表現の実装が非常にゆっくりと動作する(入力サイズに指数関数的に関連)に動作するパターンのために、正規表現パターンの一致が構築されないように構築されていないことを確認する必要があります。
remote/destination/signing/cert-signer:
リモート/宛先/署名/cert-signer:
When writing this subtree, implementations MUST NOT specify a private key that is used for any other purpose.
このサブツリーを書くとき、実装は他の目的に使用される秘密鍵を指定してはなりません。
Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. Specifically, the following subtrees and data nodes have particular sensitivities/ vulnerabilities:
このYangモジュールの読み取り可能なデータノードの一部は、一部のネットワーク環境で敏感または脆弱と見なされる場合があります。したがって、これらのデータノードへの読み取りアクセス(GET、GetConfig、または通知を介して)を制御することが重要です。具体的には、次のサブツリーとデータノードには、特定の感度/脆弱性があります。
remote/destination/transport:
リモート/宛先/輸送:
This subtree contains information about other hosts in the network, the services available on those hosts, and the TLS transport certificate properties if TLS is selected as the transport protocol. Knowing that a service like syslog (udp/514) is enabled on the host will allow a malicious user to spam the host on that port.
このサブツリーには、ネットワーク内の他のホストに関する情報、それらのホストで利用可能なサービス、およびTLSが輸送プロトコルとして選択されている場合のTLS輸送証明書プロパティに関する情報が含まれています。Syslog(UDP/514)のようなサービスがホストで有効になっていることを知ることで、悪意のあるユーザーがそのポートでホストをスパムできるようになります。
remote/destination/signing:
リモート/宛先/署名:
This subtree contains information about the syslog message signing properties, including signing certificate information.
このサブツリーには、証明書情報の署名など、Syslogメッセージ署名プロパティに関する情報が含まれています。
There are no particularly sensitive RPC or action operations.
特に敏感なRPCまたはアクション操作はありません。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424,
DOI 10.17487/RFC5424, March 2009,
<https://www.rfc-editor.org/info/rfc5424>.
[RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed.,
"Transport Layer Security (TLS) Transport Mapping for
Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009,
<https://www.rfc-editor.org/info/rfc5425>.
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
RFC 5426, DOI 10.17487/RFC5426, March 2009,
<https://www.rfc-editor.org/info/rfc5426>.
[RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog
Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010,
<https://www.rfc-editor.org/info/rfc5848>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089,
DOI 10.17487/RFC8089, February 2017,
<https://www.rfc-editor.org/info/rfc8089>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>.
[RFC9640] Watsen, K., "YANG Data Types and Groupings for
Cryptography", RFC 9640, DOI 10.17487/RFC9640, October
2024, <https://www.rfc-editor.org/info/rfc9640>.
[RFC9645] Watsen, K., "YANG Groupings for TLS Clients and TLS
Servers", RFC 9645, DOI 10.17487/RFC9645, October 2024,
<https://www.rfc-editor.org/info/rfc9645>.
[Std-1003.1-2024]
The Open Group, ""Chapter 9: Regular Expressions" The Open
Group Base Specifications Issue 8, IEEE Std 1003.1-2024",
2024, <https://pubs.opengroup.org/onlinepubs/9799919799>.
[W3C.REC-xml-20081126]
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E.,
and F. Yergeau, "Extensible Markup Language (XML) 1.0
(Fifth Edition)", World Wide Web Consortium
Recommendation REC-xml-20081126, November 2008,
<https://www.w3.org/TR/2008/REC-xml-20081126/>.
[RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
January 2006, <https://www.rfc-editor.org/info/rfc4252>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.
[YANG-GUIDELINES]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for
Authors and Reviewers of Documents Containing YANG Data
Models", Work in Progress, Internet-Draft, draft-ietf-
netmod-rfc8407bis-24, 18 April 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-netmod-
rfc8407bis-24>.
[note: '\' line wrapping for formatting only]
module: ietf-syslog
+--rw syslog!
+--rw actions
+--rw console! {console-action}?
| +--rw filter
| | +--rw facility-list* [facility severity]
| | +--rw facility union
| | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration
| | +--rw action? identityref
| +--rw pattern-match? string {select-match}?
+--rw file {file-action}?
| +--rw log-file* [name]
| +--rw name inet:uri
| +--rw filter
| | +--rw facility-list* [facility severity]
| | +--rw facility union
| | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration
| | +--rw action? identityref
| +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint32 {file-limit-size}?
| +--rw rollover? uint32
| | {file-limit-duration}?
| +--rw retention? uint32
| {file-limit-duration}?
+--rw remote {remote-action}?
+--rw destination* [name]
+--rw name string
+--rw (transport)
| +--:(udp)
| | +--rw udp
| | +--rw udp* [address]
| | +--rw address inet:host
| | +--rw port? inet:port-number
| +--:(tls)
| +--rw tls
| +--rw tls* [address]
| +--rw address inet:host
| +--rw port?
| | inet:port-number
| +--rw client-identity!
| | +--rw (auth-type)
| | +--:(certificate)
| | | {client-ident-x509-cert}?
| | | +--rw certificate
| | | +--rw (inline-or-keystore)
| | | +--:(inline)
| | | | {inline-definition\
s-supported}?
| | | | +--rw inline-definition
| | | | +--rw public-key-form\
at?
| | | | | identityref
| | | | +--rw public-key?
| | | | | binary
| | | | +--rw private-key-for\
mat?
| | | | | identityref
| | | | +--rw (private-key-ty\
pe)
| | | | | +--:(cleartext-pri\
vate-key)
| | | | | | {cleartex\
t-private-keys}?
| | | | | | +--rw cleartext\
-private-key?
| | | | | | binary
| | | | | +--:(hidden-privat\
e-key)
| | | | | | {hidden-p\
rivate-keys}?
| | | | | | +--rw hidden-pr\
ivate-key?
| | | | | | empty
| | | | | +--:(encrypted-pri\
vate-key)
| | | | | {encrypte\
d-private-keys}?
| | | | | +--rw encrypted\
-private-key
| | | | | +--rw encryp\
ted-by
| | | | | +--rw encryp\
ted-value-format
| | | | | | iden\
tityref
| | | | | +--rw encryp\
ted-value
| | | | | bina\
ry
| | | | +--rw cert-data?
| | | | | end-entity-ce\
rt-cms
| | | | +---n certificate-exp\
iration
| | | | | {certificate-\
expiration-notification}?
| | | | | +-- expiration-dat\
e
| | | | | yang:date-\
and-time
| | | | +---x generate-csr
| | | | {csr-generati\
on}?
| | | | +---w input
| | | | | +---w csr-forma\
t
| | | | | | identit\
yref
| | | | | +---w csr-info
| | | | | csr-inf\
o
| | | | +--ro output
| | | | +--ro (csr-type\
)
| | | | +--:(p10-csr\
)
| | | | +--ro p10\
-csr?
| | | | p\
10-csr
| | | +--:(central-keystore)
| | | {central-keystore-\
supported,asymmetric-keys}?
| | | +--rw central-keystore-r\
eference
| | | +--rw asymmetric-key?\
| | | | ks:central-as\
ymmetric-key-ref
| | | | {central-keys\
tore-supported,asymmetric-keys}?
| | | +--rw certificate?
| | | leafref
| | +--:(raw-public-key)
| | | {client-ident-raw-public-ke\
y}?
| | | +--rw raw-private-key
| | | +--rw (inline-or-keystore)
| | | +--:(inline)
| | | | {inline-definition\
s-supported}?
| | | | +--rw inline-definition
| | | | +--rw public-key-form\
at?
| | | | | identityref
| | | | +--rw public-key?
| | | | | binary
| | | | +--rw private-key-for\
mat?
| | | | | identityref
| | | | +--rw (private-key-ty\
pe)
| | | | +--:(cleartext-pri\
vate-key)
| | | | | {cleartex\
t-private-keys}?
| | | | | +--rw cleartext\
-private-key?
| | | | | binary
| | | | +--:(hidden-privat\
e-key)
| | | | | {hidden-p\
rivate-keys}?
| | | | | +--rw hidden-pr\
ivate-key?
| | | | | empty
| | | | +--:(encrypted-pri\
vate-key)
| | | | {encrypte\
d-private-keys}?
| | | | +--rw encrypted\
-private-key
| | | | +--rw encryp\
ted-by
| | | | +--rw encryp\
ted-value-format
| | | | | iden\
tityref
| | | | +--rw encryp\
ted-value
| | | | bina\
ry
| | | +--:(central-keystore)
| | | {central-keystore-\
supported,asymmetric-keys}?
| | | +--rw central-keystore-r\
eference?
| | | ks:central-asymm\
etric-key-ref
| | +--:(tls12-psk)
| | | {client-ident-tls12-psk}?
| | | +--rw tls12-psk
| | | +--rw (inline-or-keystore)
| | | | +--:(inline)
| | | | | {inline-definition\
s-supported}?
| | | | | +--rw inline-definition
| | | | | +--rw key-format?
| | | | | | identityref
| | | | | +--rw (key-type)
| | | | | +--:(cleartext-sym\
metric-key)
| | | | | | +--rw cleartext\
-symmetric-key?
| | | | | | binary
| | | | | | {cleart\
ext-symmetric-keys}?
| | | | | +--:(hidden-symmet\
ric-key)
| | | | | | {hidden-s\
ymmetric-keys}?
| | | | | | +--rw hidden-sy\
mmetric-key?
| | | | | | empty
| | | | | +--:(encrypted-sym\
metric-key)
| | | | | {encrypte\
d-symmetric-keys}?
| | | | | +--rw encrypted\
-symmetric-key
| | | | | +--rw encryp\
ted-by
| | | | | +--rw encryp\
ted-value-format
| | | | | | iden\
tityref
| | | | | +--rw encryp\
ted-value
| | | | | bina\
ry
| | | | +--:(central-keystore)
| | | | {central-keystore-\
supported,symmetric-keys}?
| | | | +--rw central-keystore-r\
eference?
| | | | ks:central-symme\
tric-key-ref
| | | +--rw id?
| | | string
| | +--:(tls13-epsk)
| | {client-ident-tls13-epsk}?
| | +--rw tls13-epsk
| | +--rw (inline-or-keystore)
| | | +--:(inline)
| | | | {inline-definition\
s-supported}?
| | | | +--rw inline-definition
| | | | +--rw key-format?
| | | | | identityref
| | | | +--rw (key-type)
| | | | +--:(cleartext-sym\
metric-key)
| | | | | +--rw cleartext\
-symmetric-key?
| | | | | binary
| | | | | {cleart\
ext-symmetric-keys}?
| | | | +--:(hidden-symmet\
ric-key)
| | | | | {hidden-s\
ymmetric-keys}?
| | | | | +--rw hidden-sy\
mmetric-key?
| | | | | empty
| | | | +--:(encrypted-sym\
metric-key)
| | | | {encrypte\
d-symmetric-keys}?
| | | | +--rw encrypted\
-symmetric-key
| | | | +--rw encryp\
ted-by
| | | | +--rw encryp\
ted-value-format
| | | | | iden\
tityref
| | | | +--rw encryp\
ted-value
| | | | bina\
ry
| | | +--:(central-keystore)
| | | {central-keystore-\
supported,symmetric-keys}?
| | | +--rw central-keystore-r\
eference?
| | | ks:central-symme\
tric-key-ref
| | +--rw external-identity
| | | string
| | +--rw hash?
| | | tlscmn:epsk-supported-\
hash
| | +--rw context?
| | | string
| | +--rw target-protocol?
| | | uint16
| | +--rw target-kdf?
| | uint16
| +--rw server-authentication
| | +--rw ca-certs! {server-auth-x509-cert}\
?
| | | +--rw (inline-or-truststore)
| | | +--:(inline)
| | | | {inline-definitions-supp\
orted}?
| | | | +--rw inline-definition
| | | | +--rw certificate* [name]
| | | | +--rw name
| | | | | string
| | | | +--rw cert-data
| | | | | trust-anchor-cer\
t-cms
| | | | +---n certificate-expira\
tion
| | | | {certificate-exp\
iration-notification}?
| | | | +-- expiration-date
| | | | yang:date-and\
-time
| | | +--:(central-truststore)
| | | {central-truststore-supp\
orted,certificates}?
| | | +--rw central-truststore-refer\
ence?
| | | ts:central-certificate\
-bag-ref
| | +--rw ee-certs! {server-auth-x509-cert}\
?
| | | +--rw (inline-or-truststore)
| | | +--:(inline)
| | | | {inline-definitions-supp\
orted}?
| | | | +--rw inline-definition
| | | | +--rw certificate* [name]
| | | | +--rw name
| | | | | string
| | | | +--rw cert-data
| | | | | trust-anchor-cer\
t-cms
| | | | +---n certificate-expira\
tion
| | | | {certificate-exp\
iration-notification}?
| | | | +-- expiration-date
| | | | yang:date-and\
-time
| | | +--:(central-truststore)
| | | {central-truststore-supp\
orted,certificates}?
| | | +--rw central-truststore-refer\
ence?
| | | ts:central-certificate\
-bag-ref
| | +--rw raw-public-keys!
| | | {server-auth-raw-public-key}?
| | | +--rw (inline-or-truststore)
| | | +--:(inline)
| | | | {inline-definitions-supp\
orted}?
| | | | +--rw inline-definition
| | | | +--rw public-key* [name]
| | | | +--rw name
| | | | | string
| | | | +--rw public-key-format
| | | | | identityref
| | | | +--rw public-key
| | | | binary
| | | +--:(central-truststore)
| | | {central-truststore-supp\
orted,public-keys}?
| | | +--rw central-truststore-refer\
ence?
| | | ts:central-public-key-\
bag-ref
| | +--rw tls12-psks? empty
| | | {server-auth-tls12-psk}?
| | +--rw tls13-epsks? empty
| | {server-auth-tls13-epsk}?
| +--rw hello-params {tlscmn:hello-params}?
| | +--rw tls-versions
| | | +--rw min? identityref
| | | +--rw max? identityref
| | +--rw cipher-suites
| | +--rw cipher-suite*
| | tlscsa:tls-cipher-suite-algo\
rithm
| +--rw keepalives {tls-client-keepalives}?
| +--rw peer-allowed-to-send? empty
| +--rw test-peer-aliveness!
| +--rw max-wait? uint16
| +--rw max-attempts? uint8
+--rw filter
| +--rw facility-list* [facility severity]
| +--rw facility union
| +--rw severity union
| +--rw advanced-compare {select-adv-compare}?
| +--rw compare? enumeration
| +--rw action? identityref
+--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref
+--rw source-interface? if:interface-ref
| {remote-source-interface}?
+--rw signing! {signed-messages}?
+--rw cert-signers
+--rw cert-signer* [name]
| +--rw name string
| +--rw cert
| | +--rw public-key-format?
| | | identityref
| | +--rw public-key? binar\
y
| | +--rw private-key-format?
| | | identityref
| | +--rw (private-key-type)
| | | +--:(cleartext-private-key)
| | | | {cleartext-private-keys}?
| | | | +--rw cleartext-private-key? binar\
y
| | | +--:(hidden-private-key)
| | | | {hidden-private-keys}?
| | | | +--rw hidden-private-key? empty\
| | | +--:(encrypted-private-key)
| | | {encrypted-private-keys}?
| | | +--rw encrypted-private-key
| | | +--rw encrypted-by
| | | +--rw encrypted-value-format
| | | | identityref
| | | +--rw encrypted-value
| | | binary
| | +--rw cert-data?
| | | end-entity-cert-cms
| | +---n certificate-expiration
| | | {certificate-expiration-notificati\
on}?
| | | +-- expiration-date
| | | yang:date-and-time
| | +---x generate-csr {csr-generation}?
| | +---w input
| | | +---w csr-format identityref
| | | +---w csr-info csr-info
| | +--ro output
| | +--ro (csr-type)
| | +--:(p10-csr)
| | +--ro p10-csr? p10-csr
| +--rw hash-algorithm? enumeration
+--rw cert-initial-repeat? uint32
+--rw cert-resend-delay? uint32
+--rw cert-resend-count? uint32
+--rw sig-max-delay? uint32
+--rw sig-number-resends? uint32
+--rw sig-resend-delay? uint32
+--rw sig-resend-count? uint32
Many vendors extend the list of facilities available for logging in their implementation. Additional facilities may not work with the syslog protocol as defined in [RFC5424]. Thus, such facilities apply for local syslog-like logging functionality.
多くのベンダーは、実装をログに記録できる施設のリストを拡張しています。追加の施設は、[RFC5424]で定義されているように、Syslogプロトコルで動作しない場合があります。したがって、そのような施設は、地元のSyslogのような伐採機能に適用されます。
The following is an example that shows how additional facilities could be added to the list of available facilities (two facilities are added in this example):
以下は、利用可能な施設のリストに追加の施設をどのように追加できるかを示す例です(この例では2つの施設が追加されています):
module example-vendor-syslog-types {
namespace "http://example.com/ns/vendor-syslog-types";
prefix vendor-syslogtypes;
import ietf-syslog {
prefix syslog;
}
organization
"Example, Inc.";
contact
"Example, Inc.
Customer Service
Email: syslog-yang@example.com";
description
"This module contains a collection of vendor-specific YANG type
definitions for Syslog.";
revision 2025-04-30 {
description
"Version 1.0";
reference
"Vendor Syslog Types: Syslog YANG Module";
}
identity vendor_specific_type_1 {
base syslog:syslog-facility;
description
"Adding vendor-specific type 1 to syslog-facility";
}
identity vendor_specific_type_2 {
base syslog:syslog-facility;
description
"Adding vendor-specific type 2 to syslog-facility";
}
}
Terminal output with requirements more complex than the console subtree currently provides are expected to be supported via vendor extensions rather than handled via the file subtree.
現在提供されているコンソールサブツリーよりも複雑な要件を備えた端子出力は、ファイルサブツリーを介して処理されるのではなく、ベンダー拡張機能を介してサポートされると予想されます。
The syslog/file/log-file/file-rotation container contains configuration parameters for syslog file rotation. This section describes how these fields might be used by an implementer to name syslog files in a rotation process. This information is offered as an informative guide only.
syslog/file/log-file/file-rotationコンテナには、syslogファイル回転の構成パラメーターが含まれています。このセクションでは、これらのフィールドが回転プロセスでSyslogファイルを名前を付けるためにこれらのフィールドを使用する方法について説明します。この情報は、有益なガイドとしてのみ提供されます。
When an active syslog file with a name specified by log-file/name reaches log-file/max-file-size and/or syslog events arrive after the period specified by log-file/rollover, the logging system can close the file, compress it, and name the archive file <log-file/ name>.0.gz. The logging system can then open a new active syslog file <log-file/name>.
ログファイル/名前で指定された名前を持つアクティブなsyslogファイルが、log-file/max-file-sizeおよび/またはsyslogイベントに到達した場合、ログファイル/ロールオーバーで指定された期間後に到着すると、ロギングシステムはファイルを閉じて圧縮し、アーカイブファイル<log-file/name> name> .0.gzに名前を付けることができます。ロギングシステムは、新しいActive Syslogファイル<log-file/name>を開くことができます。
When the new syslog file reaches either of the size limits referenced above, <log-file/name>.0.gz can be renamed <log-file/name>.1.gz and the new syslog file can be closed, compressed, and renamed <log-file/ name>.0.gz. Each time that a new syslog file is closed, each of the prior syslog archive files named <log-file/name>.<n>.gz can be renamed to <log-file/name>.<n + 1>.gz.
新しいsyslogファイルが上記のサイズ制限のいずれかに到達すると、<log-file/name> .0.gzに変更できます<log-file/name> .1.gz、および新しいsyslogファイルを閉じ、圧縮し、<log-file/name> name> .0.gzに変更できます。新しいsyslogファイルが閉じられるたびに、<log-file/name>
Removal of archive log files could occur when either or both:
アーカイブログファイルの削除は、どちらかまたは両方の場合に発生する可能性があります。
* log-file/number-of-files is specified. The logging system can create up to log-file/number-of-files syslog archive files, after which the contents of the oldest archived file could be overwritten.
* log-file/of-filesが指定されています。ロギングシステムは、log-file/of-of-files syslogアーカイブファイルまで作成できます。その後、最も古いアーカイブされたファイルの内容を上書きできます。
* log-file/retention is specified. The logging system can remove those syslog archive files whose file expiration time (file creation time plus the specified log-file/retention time) is prior to the current time.
* ログファイル/保持が指定されています。ロギングシステムは、ファイルの有効期限(ファイルの作成時間と指定されたログファイル/保持時間)が現在の時間より前のSyslogアーカイブファイルを削除できます。
The authors wish to thank the following who commented on this proposal:
著者は、この提案についてコメントした以下に感謝したいと思います。
Andy Bierman, Martin Bjorklund, Alex Campbell, Alex Clemm, Francis Dupont, Jim Gibson, Jeffrey Haas, Bob Harold, John Heasley, Giles Heron, Lisa Huang, Mahesh Jethanandani, Warren Kumari, Jeffrey K Lange, Jan Lindblad, Chris Lonvick, Alexey Melnikov, Kathleen Moriarty, Tom Petch, Adam Roach, Juergen Schoenwaelder, Phil Shafer, Yaron Sheffer, Jason Sterne, Peter Van Horne, Kent Watsen, Bert Wijnen, Dale R Worley, and Aleksandr Zhdankin.
アンディ・ビアマン、マーティン・ビョルクランド、アレックス・キャンベル、アレックス・クレム、フランシス・デュポン、ジム・ギブソン、ジェフリー・ハース、ボブ・ハロルド、ジョン・ヒースリー、ジャイルズ・ヘロン、リサ・ファン、マヘシュ・ジェタナンダニ、ウォーレン・クマリ、ジェフリー・クマリ、ヤン・リンドブラッド、ヤフレッド・メルンモリアーティ、トム・ペッチ、アダム・ローチ、ジュエルゲン・シェーンワールダー、フィル・シェーファー、ヤロン・シェファー、ジェイソン・スターン、ピーター・ヴァン・ホーン、ケント・ワッツェン、バート・ウィジネン、デール・R・ウォーリー、アレクサンドル・zhdankin。
Joe Clarke (editor)
Cisco
United States of America
Email: jclarke@cisco.com
Mahesh Jethanandani (editor)
Kloud Services
United States of America
Email: mjethanandani@gmail.com
Clyde Wildes (editor)
Cisco Systems Inc.
170 West Tasman Drive
San Jose, CA 95134
United States of America
Phone: +1 415 819-6111
Email: clyde@clydewildes.com
Kiran Koushik (editor)
Verizon Wireless
500 W Dove Rd.
Southlake, TX 76092
United States of America
Phone: +1 512 650-0210
Email: kirankoushik.agraharasreenivasa@verizonwireless.com