IETF56 SyslogMIB

50 %
50 %
Information about IETF56 SyslogMIB

Published on July 20, 2007

Author: dinesh


Slide1:  Glenn Mansfield Keeni SysLog-MIB Syslog-WG, IETF-56 March, 2003 Purpose:  Purpose Monitoring Syslog operation : Stats on messages, received, processed, relayed System wide Parameters, (Process-wise) Message selection and actions (Process-wise) run-time parameters Configuring/Control Syslog processes Syslog :  Syslog man pages- syslogd, syslog.conf, syslog  RFC3164 The MIB Design:  The MIB Design syslog System Group syslog Process Group syslog Control Group System Group:  System Group DefaultTransport DefaultService DefaultFacility DefaultSeverity MaxMessageSize Syslog Process Group:  Syslog Process Group Process Table [syslogProcessIndex] Params Table [syslogProcessIndex] Allowed Hosts Table [syslogProcessIndex] Process Table [syslogProcessIndex]:  Process Table [syslogProcessIndex] MsgsReceived MsgsRelayed MsgsDropped MsgsIllFormed MsgsIgnored MsgsRejected LastMsgRecdTime LastMsgDeliveredTime StartTime LastError LastErrorTime Params Table [syslogProcessIndex]:  Params Table [syslogProcessIndex] ProcDescr BindAddrType BindAddr SendToAllAddresses Compression ConfFileName FacilityTranslation PIDFileName DNSLookUp SeverityCompOp SecuritySpecs ProcessStatus* ProcessStorageType RowStatus *Process Start/Stop Allowed Hosts Table [syslogProcessIndex]:  Allowed Hosts Table [syslogProcessIndex] HostsAddrType HostsAddr HostsMaskLen HostsTransport HostsPort RowStatus syslog Control Group cf. syslog.conf:  syslog Control Group cf. syslog.conf Selection Action Selection: list of facility:level Actions: log, display, relay, pipe Selection and Action:  Selection and Action Selection Log Action User Action Relay Action Pipe Action Selection Table [syslogProcessIndex, ActionIndex, SelectionIndex]:  Selection Table [syslogProcessIndex, ActionIndex, SelectionIndex] ActionIndex SelectionIndex Descr HostNameIncl HostName ProgNameIncl ProgName PriorityIncl Facility Severity SeverityCompOP RowStatus Action Tables:  Action Tables UserActionTable [ProcessIndex,ActionIndex,UserActionIndex] FwdActionTable [ProcessIndex,ActionIndex,FwdActionIndex] PipeActionTable [ProcessIndex,ActionIndex] LogActionTable [ProcessIndex,ActionIndex] Slide14:  Log Action Table [syslogProcessIndex, ActionIndex]:  Log Action Table [syslogProcessIndex, ActionIndex] LogActionFileName RowStatus User Action Table [syslogProcessIndex, ActionIndex, UserActionIndex]:  User Action Table [syslogProcessIndex, ActionIndex, UserActionIndex] UserActionIndex UserID RowStatus Fwd Action Table [syslogProcessIndex, ActionIndex, FwdActionIndex]:  Fwd Action Table [syslogProcessIndex, ActionIndex, FwdActionIndex] FwdActionIndex ActionDescr SrcAddrType SrcAddr DstAddrType DstAddr Transport Port Facility Severity RowStatus Pipe Action Table [syslogProcessIndex, ActionIndex]:  Pipe Action Table [syslogProcessIndex, ActionIndex] PipeActionCommand RowStatus Security Considerations(SET):  Security Considerations(SET) ParamsTable : Configure, Start/Stop AllowedHostsTable: Loss/Flood of messages AllowedHostsTable: Loss/Flood of messages Selection Table: Loss of Messaages Log Action Table: Loss of messages UserActionTable: Spam a user’s console FwdActionTable: Attack a collector PipeActionTable: Invoke 'sh' commands Security Considerations (GET):  Security Considerations (GET) ProcTable : Counters may reveal IDS info The draft:  The draft draft-ietf-syslog-device-mib-03.txt To Be Done:  To Be Done  DESCRIPTION clauses  Editorial nits  REFERENCE clauses  Implement  SET requirements

Add a comment

Related presentations

Related pages

Glenn Mansfield Keeni SysLog-MIB Cyber Solutions Inc ...

Glenn Mansfield Keeni SysLog-MIB Cyber Solutions Inc., Japan Syslog-WG, IETF-56 March, 2003. by bertina-flowers
Read more - 2003/03/18

[15:30] * mrose has changed the subject to: ietf56 / hilton / continental 8-9 [15:34] %% smb has arrived. ... SYSLOG MIB module. I need to document this more.
Read more

Apsitti99 - employees

SysLog-MIB Glenn Mansfield Keeni Cyber Solutions Inc., Japan Syslog-WG, IETF-56 March, 2003 Purpose Monitoring Syslog operation : Syslog man pages- syslogd ...
Read more

Recovery Requirements, Fault Notification Protocol, and ...

Recovery Requirements, Fault Notification Protocol, and LMP CCAMP WG (IETF-56) March 19, 2003. Peter Czezowski Outline. 3 drafts on ...
Read more

... 8 m Review of syslog-mib - 40 m Wrap Up - 10 m Syslog WG Charter (1/3) Syslog is a de-facto standard for logging system events. However, the protocol ...
Read more