rfc9742v1.txt   rfc9742.txt 
Internet Engineering Task Force (IETF) J. Clarke, Ed. Internet Engineering Task Force (IETF) J. Clarke, Ed.
Request for Comments: 9742 Cisco Request for Comments: 9742 Cisco
Category: Standards Track M. Jethanandani, Ed. Category: Standards Track M. Jethanandani, Ed.
ISSN: 2070-1721 Kloud Services ISSN: 2070-1721 Kloud Services
C. Wildes, Ed. C. Wildes, Ed.
Cisco Systems Inc. Cisco Systems Inc.
K. Koushik, Ed. K. Koushik, Ed.
Verizon Wireless Verizon Wireless
March 2025 April 2025
A YANG Data Model for Syslog Configuration A YANG Data Model for Syslog Management
Abstract Abstract
This document defines a YANG data model for the configuration of a This document defines a YANG data model for the management of a
syslog process. It is intended that this data model be used by syslog process. It is intended that this data model be used by
vendors who implement syslog collectors in their systems. vendors who implement syslog collectors in their systems.
Status of This Memo Status of This Memo
This is an Internet Standards Track document. This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has (IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the received public review and has been approved for publication by the
skipping to change at line 80 skipping to change at line 80
A.1. Complete Tree Diagram A.1. Complete Tree Diagram
Appendix B. Implementer Guidelines Appendix B. Implementer Guidelines
B.1. Extending Facilities B.1. Extending Facilities
B.2. Syslog Terminal Output B.2. Syslog Terminal Output
B.3. Syslog File Naming Convention B.3. Syslog File Naming Convention
Acknowledgements Acknowledgements
Authors' Addresses Authors' Addresses
1. Introduction 1. Introduction
This document defines a YANG [RFC7950] configuration data model that This document defines a YANG [RFC7950] data model that may be used to
may be used to configure the syslog feature running on a system. configure the syslog feature running on a system. YANG data models
YANG data models can be used with network management protocols such can be used with network management protocols such as NETCONF
as NETCONF [RFC6241] to install, manipulate, and delete the [RFC6241] to install, manipulate, and delete the configuration of
configuration of network devices. network devices.
The data model makes use of the YANG "feature" construct that allows The data model makes use of the YANG "feature" construct that allows
implementations to support only those syslog features that lie within implementations to support only those syslog features that lie within
their capabilities. their capabilities.
This module can be used to configure the syslog application This module can be used to configure the syslog application
conceptual layers as implemented on the syslog collector. conceptual layers as implemented on the syslog collector.
Essentially, a syslog process receives messages (from the kernel, Essentially, a syslog process receives messages (from the kernel,
processes, applications, or other syslog processes) and processes processes, applications, or other syslog processes) and processes
skipping to change at line 148 skipping to change at line 148
The syslog model was designed by comparing various syslog features The syslog model was designed by comparing various syslog features
implemented by various vendors in different implementations. implemented by various vendors in different implementations.
The module defines leafs that are common across implementations. Its The module defines leafs that are common across implementations. Its
simple design is meant to offer maximum flexibility. However, not simple design is meant to offer maximum flexibility. However, not
all optional features defined in this document are present in all all optional features defined in this document are present in all
vendor implementations. Therefore, vendors need to use the feature vendor implementations. Therefore, vendors need to use the feature
statements to specify the optional features they support. At the statements to specify the optional features they support. At the
same time, vendors can augment the model to add proprietary features. same time, vendors can augment the model to add proprietary features.
Extending Facilities (Appendix B.1) shows an examples of how that can "Extending Facilities" (Appendix B.1) shows an example of how that
be realized. can be realized.
Syslog consists of originators and collectors. The following diagram Syslog consists of originators and collectors. The following diagram
shows syslog messages flowing from originators to collectors where shows the syslog processing flow from originators to collectors where
filtering can take place. filtering can take place.
Originators Originators
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| Various | | OS | | | | Remote | | Various | | OS | | | | Remote |
| Components | | Kernel | | Line Cards | | Servers | | Components | | Kernel | | Line Cards | | Servers |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| SNMP | | Interface | | Standby | | Syslog | | SNMP | | Interface | | Standby | | Syslog |
| Events | | Events | | Supervisor | | Itself | | Events | | Events | | Supervisor | | Itself |
+-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+ +-------------+
| | | |
+----------------------------------------------------------------+ +----------------------------------------------------------------+
| |
| |
| |
| |
+-------------+--------------+ +-------------+--------------+
| | | | | |
v v v v v v
Collectors Collectors
+----------+ +----------+ +----------------+ +----------+ +----------+ +----------------+
| | | Log | |Remote Relay(s)/| | | | Log | |Remote Relay(s)/|
| Console | | File(s) | |Collector(s) | | Console | | File(s) | |Collector(s) |
+----------+ +----------+ +----------------+ +----------+ +----------+ +----------------+
Figure 1: Syslog Processing Flow Figure 1: Syslog Processing Flow
Collectors are configured using the leaves in the syslog model Collectors are configured using the leafs in the syslog model
"actions" container that correspond to each message collector: "actions" container that correspond to each message collector:
* console * console
* log file(s) * log file(s)
* remote relay(s)/collector(s) * remote relay(s)/collector(s)
Within each action, a selector is used to filter syslog messages. A Within each action, a selector is used to filter syslog messages. A
selector consists of a list of one or more filters specified by selector consists of a list of one or more filters specified by
facility-severity pairs, and, if supported via the select-match facility-severity pairs, and, if supported via the select-match
feature, an optional regular expression pattern match that is feature, an optional regular expression pattern match that is
performed on the [RFC5424] field. performed on the MSG field described in Section 6.4 of [RFC5424].
A syslog message is processed if:
There is an element of facility-list (F, S) where A syslog message is processed if there is an element
the message facility matches F of facility-list (F, S) where
and the message severity matches S the message facility matches F,
and/or the message text matches the regex pattern (if it the message severity matches S,
is present) and/or the message text matches the regex pattern (if it
is present)
The facility is one of a specific syslog-facility or all facilities. The facility is one of a specific syslog-facility or all facilities.
The model offers the ability to select a transport that a user might The model offers the ability to select a transport that a user might
want to use for a remote relay or collector. The choice is between want to use for a remote relay or collector. The choice is between
using UDP or TLS-based sessions. The user can configure multiple using UDP or TLS-based sessions. The user can configure multiple
relays or collectors, but they have to use the same transport. relays or collectors, but they have to use the same transport.
The severity is one of type syslog-severity, all severities, or none. The severity is one of type syslog-severity, all severities, or none.
None is a special case that can be used to disable a filter. When None is a special case that can be used to disable a filter. When
skipping to change at line 231 skipping to change at line 230
select messages of the specified severity and higher. Actions are select messages of the specified severity and higher. Actions are
used to log the message, block the message, or stop the message from used to log the message, block the message, or stop the message from
being logged. being logged.
Many vendors extend the list of facilities available for logging in Many vendors extend the list of facilities available for logging in
their implementation. An example is included in "Extending their implementation. An example is included in "Extending
Facilities" (Appendix B.1). Facilities" (Appendix B.1).
4.1. Syslog Module 4.1. Syslog Module
A simplified tree representation of the data model is used in this A simplified tree representation of the data model is shown in
document. Please see [RFC8340] for tree diagram notation. Figure 2. Please see [RFC8340] for tree diagram notation.
module: ietf-syslog module: ietf-syslog
+--rw syslog! +--rw syslog!
+--rw actions +--rw actions
+--rw console! {console-action}? +--rw console! {console-action}?
| +--rw filter | +--rw filter
| | +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity]
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? identityref | | +--rw action? identityref
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
+--rw file {file-action}? +--rw file {file-action}?
| +--rw log-file* [name] | +--rw log-file* [name]
| +--rw name inet:uri | +--rw name inet:uri
| +--rw filter | +--rw filter
| | +--rw facility-list* [facility severity] | | +--rw facility-list* [facility severity]
| | +--rw facility union | | +--rw facility union
| | +--rw severity union | | +--rw severity union
| | +--rw advanced-compare {select-adv-compare}? | | +--rw advanced-compare {select-adv-compare}?
| | +--rw compare? enumeration | | +--rw compare? enumeration
| | +--rw action? identityref | | +--rw action? identityref
| +--rw pattern-match? string {select-match}? | +--rw pattern-match? string {select-match}?
| +--rw structured-data? boolean {structured-data}? | +--rw structured-data? boolean {structured-data}?
| +--rw file-rotation | +--rw file-rotation
| +--rw number-of-files? uint32 {file-limit-size}? | +--rw number-of-files? uint32 {file-limit-size}?
| +--rw max-file-size? uint32 {file-limit-size}? | +--rw max-file-size? uint32 {file-limit-size}?
| +--rw rollover? uint32 | +--rw rollover? uint32
| | {file-limit-duration}? | | {file-limit-duration}?
| +--rw retention? uint32 | +--rw retention? uint32
| {file-limit-duration}? | {file-limit-duration}?
+--rw remote {remote-action}? +--rw remote {remote-action}?
+--rw destination* [name] +--rw destination* [name]
+--rw name string +--rw name string
+--rw (transport) +--rw (transport)
| +--:(udp) | +--:(udp)
| | +--rw udp | | +--rw udp
| | +--rw udp* [address] | | +--rw udp* [address]
| | +--rw address inet:host | | +--rw address inet:host
| | +--rw port? inet:port-number | | +--rw port? inet:port-number
| +--:(tls) | +--:(tls)
| +--rw tls | +--rw tls
| +--rw tls* [address] | +--rw tls* [address]
| +--rw address inet:host | +--rw address inet:host
| +--rw port? | +--rw port?
| | inet:port-number | | inet:port-number
| +--rw client-identity! | +--rw client-identity!
| | +--rw (auth-type) | | +--rw (auth-type)
| | ... | | ...
| +--rw server-authentication | +--rw server-authentication
| | +--rw ca-certs! {server-auth-x509-cert}? | | +--rw ca-certs! {server-auth-x509-cert}?
| | | ... | | | ...
| | +--rw ee-certs! {server-auth-x509-cert}? | | +--rw ee-certs! {server-auth-x509-cert}?
| | | ... | | | ...
| | +--rw raw-public-keys! | | +--rw raw-public-keys!
| | | {server-auth-raw-public-key}? | | | {server-auth-raw-public-key}?
| | | ... | | | ...
| | +--rw tls12-psks? empty | | +--rw tls12-psks? empty
| | | {server-auth-tls12-psk}? | | | {server-auth-tls12-psk}?
| | +--rw tls13-epsks? empty | | +--rw tls13-epsks? empty
| | {server-auth-tls13-epsk}? | | {server-auth-tls13-epsk}?
| +--rw hello-params {tlscmn:hello-params}? | +--rw hello-params {tlscmn:hello-params}?
| | +--rw tls-versions | | +--rw tls-versions
| | | ... | | | ...
| | +--rw cipher-suites | | +--rw cipher-suites
| | ... | | ...
| +--rw keepalives {tls-client-keepalives}? | +--rw keepalives {tls-client-keepalives}?
| +--rw peer-allowed-to-send? empty | +--rw peer-allowed-to-send? empty
| +--rw test-peer-aliveness! | +--rw test-peer-aliveness!
| ... | ...
+--rw filter +--rw filter
| +--rw facility-list* [facility severity] | +--rw facility-list* [facility severity]
| +--rw facility union | +--rw facility union
| +--rw severity union | +--rw severity union
| +--rw advanced-compare {select-adv-compare}? | +--rw advanced-compare {select-adv-compare}?
| +--rw compare? enumeration | +--rw compare? enumeration
| +--rw action? identityref | +--rw action? identityref
+--rw pattern-match? string {select-match}? +--rw pattern-match? string {select-match}?
+--rw structured-data? boolean {structured-data}? +--rw structured-data? boolean {structured-data}?
+--rw facility-override? identityref +--rw facility-override? identityref
+--rw source-interface? if:interface-ref +--rw source-interface? if:interface-ref
| {remote-source-interface}? | {remote-source-interface}?
+--rw signing! {signed-messages}? +--rw signing! {signed-messages}?
+--rw cert-signers +--rw cert-signers
+--rw cert-signer* [name] +--rw cert-signer* [name]
| +--rw name string | +--rw name string
| +--rw cert | +--rw cert
| | +--rw public-key-format? | | +--rw public-key-format?
| | | identityref | | | identityref
| | +--rw public-key? binary | | +--rw public-key? binary
| | +--rw private-key-format? | | +--rw private-key-format?
| | | identityref | | | identityref
| | +--rw (private-key-type) | | +--rw (private-key-type)
| | | +--:(cleartext-private-key) | | | +--:(cleartext-private-key)
| | | | {cleartext-private-keys}? | | | | {cleartext-private-keys}?
| | | | ... | | | | ...
| | | +--:(hidden-private-key) | | | +--:(hidden-private-key)
| | | | {hidden-private-keys}? | | | | {hidden-private-keys}?
| | | | ... | | | | ...
| | | +--:(encrypted-private-key) | | | +--:(encrypted-private-key)
| | | {encrypted-private-keys}? | | | {encrypted-private-keys}?
| | | ... | | | ...
| | +--rw cert-data? | | +--rw cert-data?
| | | end-entity-cert-cms | | | end-entity-cert-cms
| | +---n certificate-expiration | | +---n certificate-expiration
| | | {certificate-expiration-notification}? | | | {certificate-expiration-notificati\
| | | +-- expiration-date on}?
| | | yang:date-and-time | | | +-- expiration-date
| | +---x generate-csr {csr-generation}? | | | yang:date-and-time
| | +---w input | | +---x generate-csr {csr-generation}?
| | | ... | | +---w input
| | +--ro output | | | ...
| | ... | | +--ro output
| +--rw hash-algorithm? enumeration | | ...
+--rw cert-initial-repeat? uint32 | +--rw hash-algorithm? enumeration
+--rw cert-resend-delay? uint32 +--rw cert-initial-repeat? uint32
+--rw cert-resend-count? uint32 +--rw cert-resend-delay? uint32
+--rw sig-max-delay? uint32 +--rw cert-resend-count? uint32
+--rw sig-number-resends? uint32 +--rw sig-max-delay? uint32
+--rw sig-resend-delay? uint32 +--rw sig-number-resends? uint32
+--rw sig-resend-count? uint32 +--rw sig-resend-delay? uint32
+--rw sig-resend-count? uint32
Figure 2: Tree Diagram for Syslog Model Figure 2: Tree Diagram for Syslog Model
5. Syslog YANG Module 5. Syslog YANG Module
5.1. The ietf-syslog Module 5.1. The ietf-syslog Module
This module imports typedefs from [RFC6991], [RFC8343], groupings This module imports typedefs from [RFC6991], [RFC8343], groupings
from [RFC9640], and [RFC9645]. It references [RFC5424], [RFC5425], from [RFC9640], and [RFC9645]. It references [RFC5424], [RFC5425],
[RFC5426], [RFC5848], [RFC8089], [RFC8174], and [Std-1003.1-2008]. [RFC5426], [RFC5848], [RFC8089], [RFC8174], and [Std-1003.1-2024].
<CODE BEGINS> file "ietf-syslog@2025-03-03.yang" <CODE BEGINS> file "ietf-syslog@2025-03-03.yang"
module ietf-syslog { module ietf-syslog {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog";
prefix syslog; prefix syslog;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
reference reference
"RFC 8343: A YANG Data Model for Interface Management"; "RFC 8343: A YANG Data Model for Interface Management";
} }
import ietf-tls-client { import ietf-tls-client {
prefix tlsc; prefix tlsc;
reference reference
"RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; "RFC 9645: YANG Groupings for TLS Clients and TLS Servers";
} }
import ietf-crypto-types { import ietf-crypto-types {
prefix ct; prefix ct;
reference reference
"RFC 9640: YANG Data Types and Groupings for Cryptography"; "RFC 9640: YANG Data Types and Groupings for Cryptography";
} }
organization organization
"IETF NETMOD (Network Modeling) Working Group"; "IETF NETMOD (Network Modeling) Working Group";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/netmod/> "WG Web: <https://datatracker.ietf.org/wg/netmod/>
WG List: <mailto:netmod@ietf.org> WG List: <mailto:netmod@ietf.org>
Editor: Mahesh Jethanandani Editor: Mahesh Jethanandani
<mailto:mjethanandani@gmail.com> <mailto:mjethanandani@gmail.com>
Editor: Joe Clarke Editor: Joe Clarke
<mailto:jclarke@cisco.com> <mailto:jclarke@cisco.com>
Editor: Kiran Agrahara Sreenivasa Editor: Kiran Agrahara Sreenivasa
<mailto:kirankoushik.agraharasreenivasa@verizonwireless.com> <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com>
Editor: Clyde Wildes Editor: Clyde Wildes
<mailto:clyde@clydewildes.com>"; <mailto:clyde@clydewildes.com>";
description description
"This module contains a collection of YANG definitions "This module contains a collection of YANG definitions
for syslog configuration. for syslog management.
Copyright (c) 2025 IETF Trust and the persons identified as Copyright (c) 2025 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal set forth in Section 4.c of the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 9742 This version of this YANG module is part of RFC 9742
(https://www.rfc-editor.org/info/rfc9742); (https://www.rfc-editor.org/info/rfc9742);
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
are to be interpreted as described in BCP 14 (RFC 2119) are to be interpreted as described in BCP 14 (RFC 2119)
(RFC 8174) when, and only when, they appear in all capitals, (RFC 8174) when, and only when, they appear in all capitals,
as shown here."; as shown here.";
revision 2025-03-03 { revision 2025-03-03 {
description description
"Initial Revision"; "Initial Revision";
reference reference
"RFC 9742: Syslog YANG Module"; "RFC 9742: Syslog YANG Module";
} }
feature console-action { feature console-action {
description description
"This feature indicates that the local console action is "This feature indicates that the local console action is
supported."; supported.";
} }
feature file-action { feature file-action {
description description
"This feature indicates that the local file action is "This feature indicates that the local file action is
supported."; supported.";
} }
feature file-limit-size { feature file-limit-size {
description description
"This feature indicates that file logging resources "This feature indicates that file logging resources
are managed using size and number limits."; are managed using size and number limits.";
} }
feature file-limit-duration { feature file-limit-duration {
description description
"This feature indicates that file logging resources "This feature indicates that file logging resources
are managed using time based limits."; are managed using time based limits.";
} }
feature remote-action { feature remote-action {
description description
"This feature indicates that the remote server action is "This feature indicates that the remote server action is
supported."; supported.";
} }
feature remote-source-interface { feature remote-source-interface {
description description
"This feature indicates that source-interface is supported "This feature indicates that source-interface is supported
for the remote-action."; for the remote-action.";
} }
feature select-adv-compare { feature select-adv-compare {
description description
"This feature represents the ability to select messages "This feature represents the ability to select messages
using the additional comparison operators when comparing using the additional comparison operators when comparing
the syslog message severity."; the syslog message severity.";
} }
feature select-match { feature select-match {
description description
"This feature represents the ability to select messages "This feature represents the ability to select messages
based on a Posix 1003.2 regular expression pattern based on a Posix 1003.2 regular expression pattern
match."; match.";
} }
feature structured-data { feature structured-data {
description description
"This feature represents the ability to log messages "This feature represents the ability to log messages
in structured-data format."; in structured-data format.";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
} }
feature signed-messages { feature signed-messages {
description description
"This feature represents the ability to configure signed "This feature represents the ability to configure signed
syslog messages."; syslog messages.";
reference reference
"RFC 5848: Signed Syslog Messages"; "RFC 5848: Signed Syslog Messages";
} }
typedef syslog-severity { typedef syslog-severity {
type enumeration { type enumeration {
enum emergency { enum emergency {
value 0; value 0;
description description
"The severity level 'Emergency' indicates that the "The severity level 'Emergency' indicates that the
system is unusable."; system is unusable.";
} }
enum alert { enum alert {
value 1; value 1;
description description
"The severity level 'Alert' indicates that an "The severity level 'Alert' indicates that an
action must be taken immediately."; action must be taken immediately.";
} }
enum critical { enum critical {
value 2; value 2;
description description
"The severity level 'Critical' indicates a "The severity level 'Critical' indicates a
critical condition."; critical condition.";
} }
enum error { enum error {
value 3; value 3;
description description
"The severity level 'Error' indicates an error "The severity level 'Error' indicates an error
condition."; condition.";
} }
enum warning { enum warning {
value 4; value 4;
description description
"The severity level 'Warning' indicates a warning "The severity level 'Warning' indicates a warning
condition."; condition.";
} }
enum notice { enum notice {
value 5; value 5;
description description
"The severity level 'Notice' indicates a normal "The severity level 'Notice' indicates a normal
but significant condition."; but significant condition.";
} }
enum info { enum info {
value 6; value 6;
description description
"The severity level 'Info' indicates an "The severity level 'Info' indicates an
informational message."; informational message.";
} }
enum debug { enum debug {
value 7; value 7;
description description
"The severity level 'Debug' indicates a "The severity level 'Debug' indicates a
debug-level message."; debug-level message.";
} }
} }
description description
"The definitions for Syslog message severity. "The definitions for Syslog message severity.
Note that a lower value is a higher severity. Comparisons Note that a lower value is a higher severity. Comparisons
of equal-or-higher severity mean equal-or-lower numeric of equal-or-higher severity mean equal-or-lower numeric
value"; value";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
} }
identity syslog-facility { identity syslog-facility {
description description
"This identity is used as a base for all syslog "This identity is used as a base for all syslog
facilities."; facilities.";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
} }
identity kern { identity kern {
base syslog-facility; base syslog-facility;
description description
"The facility for kernel messages (0)."; "The facility for kernel messages (numerical code 0).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity user { identity user {
base syslog-facility; base syslog-facility;
description description
"The facility for user-level messages (1)."; "The facility for user-level messages (numerical code 1).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity mail { identity mail {
base syslog-facility; base syslog-facility;
description description
"The facility for the mail system (2)."; "The facility for the mail system (numerical code 2).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity daemon { identity daemon {
base syslog-facility; base syslog-facility;
description description
"The facility for the system daemons (3)."; "The facility for the system daemons (numerical code 3).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity auth { identity auth {
base syslog-facility; base syslog-facility;
description description
"The facility for security/authorization messages (4)."; "The facility for security/authorization messages (numerical
reference code 4).";
"RFC 5424: The Syslog Protocol"; reference
} "RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity syslog { identity syslog {
base syslog-facility; base syslog-facility;
description description
"The facility for messages generated internally by a syslogd "The facility for messages generated internally by a syslog
facility (5)."; daemon facility (numerical code 5).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity lpr { identity lpr {
base syslog-facility; base syslog-facility;
description description
"The facility for the line printer subsystem (6)."; "The facility for the line printer subsystem (numerical code
reference 6).";
"RFC 5424: The Syslog Protocol"; reference
} "RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity news { identity news {
base syslog-facility; base syslog-facility;
description description
"The facility for the network news subsystem (7)."; "The facility for the network news subsystem (numerical code
reference 7).";
"RFC 5424: The Syslog Protocol"; reference
} "RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity uucp { identity uucp {
base syslog-facility; base syslog-facility;
description description
"The facility for the Unix-to-Unix Copy (UUCP) subsystem (8)."; "The facility for the Unix-to-Unix Copy (UUCP) subsystem
reference (numerical code 8).";
"RFC 5424: The Syslog Protocol"; reference
} "RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity cron { identity cron {
base syslog-facility; base syslog-facility;
description description
"The facility for the clock daemon (9)."; "The facility for the clock daemon (numerical code 9).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity authpriv { identity authpriv {
base syslog-facility; base syslog-facility;
description description
"The facility for privileged security/authorization "The facility for privileged security/authorization messages
messages (10)."; (numerical code 10).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity ftp { identity ftp {
base syslog-facility; base syslog-facility;
description description
"The facility for the FTP daemon (11)."; "The facility for the FTP daemon (numerical code 11).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity ntp { identity ntp {
base syslog-facility; base syslog-facility;
description description
"The facility for the NTP subsystem (12)."; "The facility for the NTP subsystem (numerical code 12).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity audit { identity audit {
base syslog-facility; base syslog-facility;
description description
"The facility for log audit messages (13)."; "The facility for log audit messages (numerical code 13).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity console { identity console {
base syslog-facility; base syslog-facility;
description description
"The facility for log alert messages (14)."; "The facility for log alert messages (numerical code 14).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity cron2 { identity cron2 {
base syslog-facility; base syslog-facility;
description description
"The facility for the second clock daemon (15)."; "The facility for the second clock daemon (numerical code
reference 15).";
"RFC 5424: The Syslog Protocol"; reference
} "RFC 5424: The Syslog Protocol, Section 6.2.1.";
}
identity local0 { identity local0 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 0 messages (16)."; "The facility for local use 0 messages (numerical code 16).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local1 { identity local1 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 1 messages (17)."; "The facility for local use 1 messages (numerical code 17).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local2 { identity local2 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 2 messages (18)."; "The facility for local use 2 messages (numerical code 18).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local3 { identity local3 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 3 messages (19)."; "The facility for local use 3 messages (numerical code 19).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
} }
identity local4 { identity local4 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 4 messages (20)."; "The facility for local use 4 messages (numerical code 20).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local5 { identity local5 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 5 messages (21)."; "The facility for local use 5 messages (numerical code 21).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local6 { identity local6 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 6 messages (22)."; "The facility for local use 6 messages (numerical code 22).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity local7 { identity local7 {
base syslog-facility; base syslog-facility;
description description
"The facility for local use 7 messages (23)."; "The facility for local use 7 messages (numerical code 23).";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol, Section 6.2.1.";
} }
identity action { identity action {
description description
"Base identity for action for how a message will be "Base identity for action for how a message will be
handled."; handled.";
} }
identity log { identity log {
base action; base action;
description description
"This identity specifies that if the compare operation is "This identity specifies that if the compare operation is
true, the message will be logged."; true, the message will be logged.";
} }
identity block { identity block {
base action; base action;
description description
"This identity specifies that if the compare operation is "This identity specifies that if the compare operation is
true, the message will not be logged."; true, the message will not be logged.";
} }
identity stop { identity stop {
base action; base action;
description description
"This identity specifies that if the compare operation is "This identity specifies that if the compare operation is
true, the message will not be logged and no further true, the message will not be logged and no further
processing will occur for it."; processing will occur for it.";
} }
grouping severity-filter { grouping severity-filter {
description description
"This grouping defines the processing used to select "This grouping defines the processing used to select
log messages by comparing syslog message severity using log messages by comparing syslog message severity using
the following processing rules: the following processing rules:
- if 'none', do not match. - if 'none', do not match.
- if 'all', match. - if 'all', match.
- else, compare message severity with the specified - else, compare message severity with the specified
severity according to the default compare rule (all severity according to the default compare rule (all
messages of the specified severity and greater match) messages of the specified severity and greater match)
or if the select-adv-compare feature is present, use or if the select-adv-compare feature is present, use
the advance-compare rule."; the advance-compare rule.";
leaf severity { leaf severity {
type union { type union {
type syslog-severity; type syslog-severity;
type enumeration { type enumeration {
enum none { enum none {
value 2147483647; value 2147483647;
description description
"This enum describes the case where no "This enum describes the case where no
severities are selected."; severities are selected.";
} }
enum all { enum all {
value -2147483648; value -2147483648;
description description
"This enum describes the case where all "This enum describes the case where all
severities are selected."; severities are selected.";
} }
} }
} }
mandatory true; mandatory true;
description description
"This leaf specifies the syslog message severity."; "This leaf specifies the syslog message severity.";
} }
container advanced-compare { container advanced-compare {
when "../severity != \"all\" and when "../severity != \"all\" and
../severity != \"none\"" { ../severity != \"none\"" {
description description
"The advanced compare container is not applicable "The advanced compare container is not applicable
for severity 'all' or severity 'none'"; for severity 'all' or severity 'none'";
} }
if-feature "select-adv-compare"; if-feature "select-adv-compare";
leaf compare { leaf compare {
type enumeration { type enumeration {
enum equals { enum equals {
description description
"This enum specifies that the severity "This enum specifies that the severity
comparison operation will be equals."; comparison operation will be equals.";
} }
enum equals-or-higher { enum equals-or-higher {
description description
"This enum specifies that the severity "This enum specifies that the severity
comparison operation will be equals or comparison operation will be equals or
higher."; higher.";
} }
} }
default "equals-or-higher"; default "equals-or-higher";
description description
"The compare can be used to specify the comparison "The compare operation can be used to specify the comparison
operator that should be used to compare the syslog operator that should be used to compare the syslog
message severity with the specified severity."; message severity with the specified severity.";
} }
leaf action { leaf action {
type identityref { type identityref {
base action; base action;
} }
default "log"; default "log";
description description
"The action can be used to specify how the message "The action can be used to specify how the message
should be handled. This may include logging the should be handled. This may include logging the
message, not logging the message (i.e., blocking message, not logging the message (i.e., blocking
it), or stopping further processing."; it), or stopping further processing.";
} }
description description
"This container describes additional severity compare "This container describes additional severity compare
operations that can be used in place of the default operations that can be used in place of the default
severity comparison. The compare leaf specifies the severity comparison. The compare leaf specifies the
type of the compare that is done and the action leaf type of compare operation that is done and the
specifies the intended result. action leaf specifies the intended result.
Example: compare->equals and action->block means Example: compare->equals and action->block means
messages that have a severity that are equal to the messages that have a severity that are equal to the
specified severity will not be logged."; specified severity will not be logged.";
} }
} }
grouping selector { grouping selector {
description description
"This grouping defines a syslog selector, which is used to "This grouping defines a syslog selector, which is used to
select log messages for the log-actions (console, file, select log messages for the log-actions (console, file,
remote, etc.). Choose one or both of the following: remote, etc.). Choose one or both of the following:
facility [<facility> <severity>...] facility [<facility> <severity>...]
pattern-match regular-expression-match-string pattern-match regular-expression-match-string
If both facility and pattern-match are specified, both If both facility and pattern-match are specified, both
must match in order for a log message to be selected."; must match in order for a log message to be selected.";
container filter { container filter {
description description
"This container describes the syslog filter "This container describes the syslog filter
parameters."; parameters.";
list facility-list { list facility-list {
key "facility severity"; key "facility severity";
ordered-by user; ordered-by user;
description description
"This list describes a collection of syslog "This list describes a collection of syslog
facilities and severities."; facilities and severities.";
leaf facility { leaf facility {
type union { type union {
type identityref { type identityref {
base syslog-facility; base syslog-facility;
} }
type enumeration { type enumeration {
enum all { enum all {
description description
"This enum describes the case where "This enum describes the case where
all facilities are requested."; all facilities are requested.";
} }
} }
} }
description description
"The leaf uniquely identifies a syslog "The leaf uniquely identifies a syslog
facility."; facility.";
} }
uses severity-filter; uses severity-filter;
} }
} }
leaf pattern-match { leaf pattern-match {
if-feature "select-match"; if-feature "select-match";
type string; type string;
description description
"This leaf describes a Posix 1003.2 regular expression "This leaf describes a Posix 1003.2 regular expression
string that can be used to select a syslog message for string that can be used to select a syslog message for
logging. The match is performed on the SYSLOG-MSG logging. The match is performed on the SYSLOG-MSG
field."; field.";
reference reference
"RFC 5424: The Syslog Protocol "RFC 5424: The Syslog Protocol
Std-1003.1-2008 Regular Expressions"; Std-1003.1-2024 Regular Expressions";
} }
} }
grouping structured-data { grouping structured-data {
description description
"This grouping defines the syslog structured data option, "This grouping defines the syslog structured data option,
which is used to select the format used to write log which is used to select the format used to write log
messages."; messages.";
leaf structured-data { leaf structured-data {
if-feature "structured-data"; if-feature "structured-data";
type boolean; type boolean;
default "false"; default "false";
description description
"This leaf describes how log messages are written. "This leaf describes how log messages are written.
If true, messages will be written with one or more If true, messages will be written with one or more
STRUCTURED-DATA elements; if false, messages will be STRUCTURED-DATA elements; if false, messages will be
written with STRUCTURED-DATA = NILVALUE."; written with STRUCTURED-DATA = NILVALUE.";
reference reference
"RFC 5424: The Syslog Protocol"; "RFC 5424: The Syslog Protocol";
} }
} }
container syslog { container syslog {
presence "Enables logging."; presence "Enables logging.";
description description
"This container describes the configuration parameters for "This container describes the configuration parameters for
syslog."; syslog.";
container actions { container actions {
description description
"This container describes the log-action parameters "This container describes the log-action parameters
for syslog."; for syslog.";
container console { container console {
if-feature "console-action"; if-feature "console-action";
presence "Enables logging to the console"; presence "Enables logging to the console";
description description
"This container describes the configuration "This container describes the configuration
parameters for console logging."; parameters for console logging.";
uses selector; uses selector;
} }
container file { container file {
if-feature "file-action"; if-feature "file-action";
description description
"This container describes the configuration "This container describes the configuration
parameters for file logging. If file-archive parameters for file logging. If file-archive
limits are not supplied, it is assumed that limits are not supplied, it is assumed that
the local implementation defined limits will the local implementation defined limits will
be used."; be used.";
list log-file { list log-file {
key "name"; key "name";
description description
"This list describes a collection of local "This list describes a collection of local
logging files."; logging files.";
leaf name { leaf name {
type inet:uri { type inet:uri {
pattern 'file:.*'; pattern 'file:.*';
} }
description description
"This leaf specifies the name of the log "This leaf specifies the name of the log
file, which MUST use the uri scheme file, which MUST use the uri scheme
file:."; file:.";
reference reference
"RFC 8089: The file URI Scheme"; "RFC 8089: The file URI Scheme";
} }
uses selector; uses selector;
uses structured-data; uses structured-data;
container file-rotation { container file-rotation {
description description
"This container describes the configuration "This container describes the configuration
parameters for log file rotation."; parameters for log file rotation.";
leaf number-of-files { leaf number-of-files {
if-feature "file-limit-size"; if-feature "file-limit-size";
type uint32; type uint32;
default "1"; default "1";
description description
"This leaf specifies the maximum number "This leaf specifies the maximum number
of log files retained. Specify 1 for of log files retained. Specify 1 for
implementations that only support one implementations that only support one
log file."; log file.";
} }
leaf max-file-size { leaf max-file-size {
if-feature "file-limit-size"; if-feature "file-limit-size";
type uint32; type uint32;
units "megabytes"; units "megabytes";
description description
"This leaf specifies the maximum log "This leaf specifies the maximum log
file size."; file size.";
} }
leaf rollover { leaf rollover {
if-feature "file-limit-duration"; if-feature "file-limit-duration";
type uint32; type uint32;
units "minutes"; units "minutes";
description description
"This leaf specifies the length of time "This leaf specifies the length of time
that log events should be written to a that log events should be written to a
specific log file. Log events that specific log file. Log events that
arrive after the rollover period cause arrive after the rollover period cause
the current log file to be closed and the current log file to be closed and
a new log file to be opened."; a new log file to be opened.";
} }
leaf retention { leaf retention {
if-feature "file-limit-duration"; if-feature "file-limit-duration";
type uint32; type uint32;
units "minutes"; units "minutes";
description description
"This leaf specifies the length of time "This leaf specifies the length of time
that completed/closed log event files that completed/closed log event files
should be stored in the file system should be stored in the file system
before they are removed."; before they are removed.";
} }
} }
} }
} }
container remote { container remote {
if-feature "remote-action"; if-feature "remote-action";
description description
"This container describes the configuration "This container describes the configuration
parameters for forwarding syslog messages parameters for forwarding syslog messages
to remote relays or collectors."; to remote relays or collectors.";
list destination { list destination {
key "name"; key "name";
description description
"This list describes a collection of remote logging "This list describes a collection of remote logging
destinations."; destinations.";
leaf name { leaf name {
type string; type string;
description description
"An arbitrary name for the endpoint to connect to."; "An arbitrary name for the endpoint to connect to.";
} }
choice transport { choice transport {
mandatory true; mandatory true;
description description
"This choice describes the transport option."; "This choice describes the transport option.";
case udp { case udp {
container udp { container udp {
description description
"This container describes the UDP transport "This container describes the UDP transport
options."; options.";
reference reference
"RFC 5426: Transmission of Syslog Messages over "RFC 5426: Transmission of Syslog Messages over
UDP"; UDP";
list udp { list udp {
key "address"; key "address";
description description
"List of all UDP sessions."; "List of all UDP sessions.";
leaf address { leaf address {
type inet:host; type inet:host;
description description
"The leaf uniquely specifies the address of the "The leaf uniquely specifies the address of the
remote host. One of the following must be remote host. One of the following must be
specified: specified:
- an ipv4 address, - an ipv4 address,
- an ipv6 address, or a - an ipv6 address, or a
- host name."; - host name.";
} }
leaf port { leaf port {
type inet:port-number; type inet:port-number;
default "514"; default "514";
description description
"This leaf specifies the port number used to "This leaf specifies the port number used to
deliver messages to the remote server."; deliver messages to the remote server.";
} }
} }
} }
} }
case tls { case tls {
container tls { container tls {
description description
"This container describes the TLS transport "This container describes the TLS transport
options."; options.";
reference reference
"RFC 5425: Transport Layer Security (TLS) Transport "RFC 5425: Transport Layer Security (TLS) Transport
Mapping for Syslog "; Mapping for Syslog ";
list tls { list tls {
key "address"; key "address";
description description
"List of all TLS-based sessions."; "List of all TLS-based sessions.";
leaf address { leaf address {
type inet:host; type inet:host;
description description
"The leaf uniquely specifies the address of the "The leaf uniquely specifies the address of the
remote host. One of the following must be remote host. One of the following must be
specified: an ipv4 address, an ipv6 address, specified: an ipv4 address, an ipv6 address,
or a host name."; or a host name.";
} }
leaf port { leaf port {
type inet:port-number; type inet:port-number;
default "6514"; default "6514";
description description
"TCP port 6514 has been allocated as the "TCP port 6514 has been allocated as the
default port for syslog over TLS."; default port for syslog over TLS.";
} }
uses tlsc:tls-client-grouping; uses tlsc:tls-client-grouping;
} }
} }
} }
} }
uses selector; uses selector;
uses structured-data; uses structured-data;
leaf facility-override { leaf facility-override {
type identityref { type identityref {
base syslog-facility; base syslog-facility;
} }
description description
"If specified, this leaf specifies the facility used "If specified, this leaf specifies the facility used
to override the facility in messages delivered to the to override the facility in messages delivered to the
remote server."; remote server.";
} }
leaf source-interface { leaf source-interface {
if-feature "remote-source-interface"; if-feature "remote-source-interface";
type if:interface-ref; type if:interface-ref;
description description
"This leaf sets the source interface to be used to "This leaf sets the source interface to be used to
send messages to the remote syslog server. If not set, send messages to the remote syslog server. If not set,
messages can be sent on any interface."; messages can be sent on any interface.";
} }
container signing { container signing {
if-feature "signed-messages"; if-feature "signed-messages";
presence "If present, syslog-signing options is presence "If present, syslog-signing options is
activated."; activated.";
description description
"This container describes the configuration "This container describes the configuration
parameters for signed syslog messages."; parameters for signed syslog messages.";
reference reference
"RFC 5848: Signed Syslog Messages"; "RFC 5848: Signed Syslog Messages";
container cert-signers { container cert-signers {
description description
"This container describes the signing certificate "This container describes the signing certificate
configuration for Signature Group 0, which covers configuration for Signature Group 0, which covers
the case for administrators who want all Signature the case for administrators who want all Signature
Blocks to be sent to a single destination."; Blocks to be sent to a single destination.";
list cert-signer { list cert-signer {
key "name"; key "name";
description description
"This list describes a collection of syslog message "This list describes a collection of syslog message
signers."; signers.";
leaf name { leaf name {
type string; type string;
description description
"This leaf specifies the name of the syslog "This leaf specifies the name of the syslog
message signer."; message signer.";
} }
container cert { container cert {
uses ct:asymmetric-key-pair-with-cert-grouping; uses ct:asymmetric-key-pair-with-cert-grouping;
description description
"This is the certificate that is periodically "This is the certificate that is periodically
sent to the remote receiver. The certificate is sent to the remote receiver. The certificate is
inherently associated with its private inherently associated with its private
and public keys."; and public keys.";
} }
leaf hash-algorithm { leaf hash-algorithm {
type enumeration { type enumeration {
enum SHA1 { enum SHA1 {
value 1; value 1;
description description
"This enum describes the SHA1 algorithm."; "This enum describes the SHA1 algorithm.";
} }
enum SHA256 { enum SHA256 {
value 2; value 2;
description description
"This enum describes the SHA256 algorithm."; "This enum describes the SHA256 algorithm.";
} }
} }
description description
"This leaf describes the syslog signer hash "This leaf describes the syslog signer hash
algorithm used."; algorithm used.";
} }
} }
leaf cert-initial-repeat { leaf cert-initial-repeat {
type uint32; type uint32;
default "3"; default "3";
description description
"This leaf specifies the number of times each "This leaf specifies the number of times each
Certificate Block should be sent before the first Certificate Block should be sent before the first
message is sent."; message is sent.";
} }
leaf cert-resend-delay { leaf cert-resend-delay {
type uint32; type uint32;
units "seconds"; units "seconds";
default "3600"; default "3600";
description description
"This leaf specifies the maximum time delay in "This leaf specifies the maximum time delay in
seconds until resending the Certificate Block."; seconds until resending the Certificate Block.";
} }
leaf cert-resend-count { leaf cert-resend-count {
type uint32; type uint32;
default "0"; default "0";
description description
"This leaf specifies the maximum number of other "This leaf specifies the maximum number of other
syslog messages to send until resending the syslog messages to send until resending the
Certificate Block."; Certificate Block.";
} }
leaf sig-max-delay { leaf sig-max-delay {
type uint32; type uint32;
units "seconds"; units "seconds";
default "60"; default "60";
description description
"This leaf specifies when to generate a new "This leaf specifies when to generate a new
Signature Block. If this many seconds have elapsed Signature Block. If this many seconds have elapsed
since the message with the first message number since the message with the first message number
of the Signature Block was sent, a new Signature of the Signature Block was sent, a new Signature
Block should be generated."; Block should be generated.";
} }
leaf sig-number-resends { leaf sig-number-resends {
type uint32; type uint32;
default "0"; default "0";
description description
"This leaf specifies the number of times a "This leaf specifies the number of times a
Signature Block is resent. (It is recommended to Signature Block is resent. (It is recommended to
select a value of greater than 0 in particular select a value of greater than 0 in particular
when the UDP transport as in RFC 5426 is used.)"; when the UDP transport as in RFC 5426 is used.)";
} }
leaf sig-resend-delay { leaf sig-resend-delay {
type uint32; type uint32;
units "seconds"; units "seconds";
default "5"; default "5";
description description
"This leaf specifies when to send the next "This leaf specifies when to send the next
Signature Block transmission based on time. If Signature Block transmission based on time. If
this many seconds have elapsed since the previous this many seconds have elapsed since the previous
sending of this Signature Block, resend it."; sending of this Signature Block, resend it.";
} }
leaf sig-resend-count { leaf sig-resend-count {
type uint32; type uint32;
default "0"; default "0";
description description
"This leaf specifies when to send the next "This leaf specifies when to send the next
Signature Block transmission based on a count. Signature Block transmission based on a count.
If this many other syslog messages have been sent If this many other syslog messages have been sent
since the previous sending of this Signature since the previous sending of this Signature
Block, resend it. A value of 0 means that you Block, resend it. A value of 0 means that you
don't resend based on the number of messages."; don't resend based on the number of messages.";
} }
} }
} }
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
Figure 3: Syslog YANG Module Figure 3: Syslog YANG Module
6. Usage Examples 6. Usage Examples
6.1. Syslog Configuration for Severity Critical The following examples are in XML [W3C.REC-xml-20081126].
[note: '\' line wrapping for formatting only] 6.1. Syslog Configuration for Severity Critical
<!-- This example shows how the console logging of syslog of severity
Enable console logging of syslogs of severity critical critical can be enabled.
-->
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<console> <console>
<filter> <filter>
<facility-list> <facility-list>
<facility>all</facility> <facility>all</facility>
<severity>critical</severity> <severity>critical</severity>
</facility-list> </facility-list>
</filter> </filter>
</console> </console>
</actions> </actions>
</syslog> </syslog>
Figure 4: Syslog Configuration for Severity Critical Figure 4: Syslog Configuration for Severity Critical
6.2. Remote Syslog Configuration 6.2. Remote Syslog Configuration
[note: '\' line wrapping for formatting only] This example shows how the remote logging of syslogs to UDP
destination foo.example.com for facility auth and severity error can
be enabled.
<!--
Enable remote logging of syslogs to udp destination
foo.example.com for facility auth, severity error
-->
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog"> <syslog xmlns="urn:ietf:params:xml:ns:yang:ietf-syslog">
<actions> <actions>
<remote> <remote>
<destination> <destination>
<name>remote1</name> <name>remote1</name>
<udp> <udp>
<udp> <udp>
<address>foo.example.com</address> <address>foo.example.com</address>
</udp> </udp>
</udp> </udp>
<filter> <filter>
<facility-list> <facility-list>
<facility>auth</facility> <facility>auth</facility>
<severity>error</severity> <severity>error</severity>
</facility-list> </facility-list>
</filter> </filter>
</destination> </destination>
</remote> </remote>
</actions> </actions>
</syslog> </syslog>
Figure 5: Remote Syslog Configuration Figure 5: Remote Syslog Configuration
7. IANA Considerations 7. IANA Considerations
7.1. The IETF XML Registry 7.1. The IETF XML Registry
This document registers one URI in the "IETF XML Registry", following This document registers one URI in the "IETF XML Registry", following
the format defined in [RFC3688]: the format defined in [RFC3688]:
skipping to change at line 1357 skipping to change at line 1359
This document registers one YANG module in the "YANG Module Names" This document registers one YANG module in the "YANG Module Names"
registry [RFC8525], following the format in [RFC7950]: registry [RFC8525], following the format in [RFC7950]:
Name: ietf-syslog Name: ietf-syslog
Namespace: urn:ietf:params:xml:ns:yang:ietf-syslog Namespace: urn:ietf:params:xml:ns:yang:ietf-syslog
Prefix: syslog Prefix: syslog
Reference: RFC 9742 Reference: RFC 9742
8. Security Considerations 8. Security Considerations
This section is modeled after the template defined in Section 3.7.1 This section is modeled after the template defined in
of [RFC8407]. [YANG-GUIDELINES].
The YANG module specified in this document defines a schema for data The "ietf-syslog" YANG module defines a data model that is designed
that is designed to be accessed via network management protocols such to be accessed via YANG-based management protocols, such as NETCONF
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer [RFC6241] and RESTCONF [RFC8040]. These protocols have to use a
is the secure transport layer, and the mandatory-to-implement secure secure transport layer (e.g., SSH [RFC4252], TLS [RFC8446], and QUIC
transport is Secure Shell (SSH) [RFC4252]. The lowest RESTCONF layer [RFC9000]) and have to use mutual authentication.
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446].
The Network Configuration Access Control Model (NACM) [RFC8341] The Network Configuration Access Control Model (NACM) [RFC8341]
provides the means to restrict access for particular NETCONF or provides the means to restrict access for particular NETCONF or
RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or
RESTCONF protocol operations and content. RESTCONF protocol operations and content.
This module imports groupings from ietf-crypto-types YANG module This module imports groupings from ietf-crypto-types YANG module
defined in YANG Groupings for Crypto Types [RFC9640]. Security defined in YANG Groupings for Crypto Types [RFC9640]. Security
considerations described in that document apply to this module also. considerations described in that document apply to this module also.
There are a number of data nodes defined in this YANG module that are There are a number of data nodes defined in this YANG module that are
writable/creatable/deletable (i.e., config true, which is the writable/creatable/deletable (i.e., "config true", which is the
default). These data nodes should be considered sensitive or default). All writable data nodes are likely to be reasonably
vulnerable in all network environments. Logging in particular is sensitive or vulnerable in some network environments. Write
used to assess the state of systems and can be used to indicate a operations (e.g., edit-config) and delete operations to these data
network compromise. If logging were to be disabled through malicious nodes without proper protection or authentication can have a negative
means, attacks may not be readily detectable. Therefore, write effect on network operations. The following subtrees and data nodes
operations (e.g., edit-config) to these data nodes without proper have particular sensitivities/vulnerabilities:
protection can have a negative effect on network operations and on
network security.
In addition, there are data nodes that require careful analysis and
review. These are the subtrees and data nodes and their sensitivity/
vulnerability:
facility-filter/pattern-match: When writing this node, facility-filter/pattern-match: When writing this node,
implementations MUST ensure that the regular expression pattern implementations MUST ensure that the regular expression pattern
match is not constructed to cause a regular expression denial-of- match is not constructed to cause a regular expression denial-of-
service attack due to a pattern that causes the regular expression service attack due to a pattern that causes the regular expression
implementation to work very slowly (exponentially related to input implementation to work very slowly (exponentially related to input
size). size).
remote/destination/signing/cert-signer: When writing this subtree, remote/destination/signing/cert-signer: When writing this subtree,
implementations MUST NOT specify a private key that is used for implementations MUST NOT specify a private key that is used for
any other purpose. any other purpose.
Some of the readable data nodes in this YANG module may be considered Some of the readable data nodes in this YANG module may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control read access (e.g., via get, get-config, or important to control read access (e.g., via get, get-config, or
notification) to these data nodes. These are the subtrees and data notification) to these data nodes. Specifically, the following
nodes and their sensitivity/vulnerability: subtrees and data nodes have particular sensitivities/
vulnerabilities:
remote/destination/transport: This subtree contains information remote/destination/transport: This subtree contains information
about other hosts in the network, the services available on those about other hosts in the network, the services available on those
hosts, and the TLS transport certificate properties if TLS is hosts, and the TLS transport certificate properties if TLS is
selected as the transport protocol. Knowing that a service like selected as the transport protocol. Knowing that a service like
syslog (udp/514) is enabled on the host will allow a malicious syslog (udp/514) is enabled on the host will allow a malicious
user to spam the host on that port. user to spam the host on that port.
remote/destination/signing: This subtree contains information about remote/destination/signing: This subtree contains information about
the syslog message signing properties, including signing the syslog message signing properties, including signing
certificate information. certificate information.
There are no RPC operations defined in this YANG module. There are no particularly sensitive RPC or action operations.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
January 2006, <https://www.rfc-editor.org/info/rfc4252>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424, [RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424,
DOI 10.17487/RFC5424, March 2009, DOI 10.17487/RFC5424, March 2009,
<https://www.rfc-editor.org/info/rfc5424>. <https://www.rfc-editor.org/info/rfc5424>.
[RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed., [RFC5425] Miao, F., Ed., Ma, Y., Ed., and J. Salowey, Ed.,
"Transport Layer Security (TLS) Transport Mapping for "Transport Layer Security (TLS) Transport Mapping for
Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009, Syslog", RFC 5425, DOI 10.17487/RFC5425, March 2009,
<https://www.rfc-editor.org/info/rfc5425>. <https://www.rfc-editor.org/info/rfc5425>.
[RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP", [RFC5426] Okmianski, A., "Transmission of Syslog Messages over UDP",
RFC 5426, DOI 10.17487/RFC5426, March 2009, RFC 5426, DOI 10.17487/RFC5426, March 2009,
<https://www.rfc-editor.org/info/rfc5426>. <https://www.rfc-editor.org/info/rfc5426>.
[RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog [RFC5848] Kelsey, J., Callas, J., and A. Clemm, "Signed Syslog
Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010, Messages", RFC 5848, DOI 10.17487/RFC5848, May 2010,
<https://www.rfc-editor.org/info/rfc5848>. <https://www.rfc-editor.org/info/rfc5848>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013, RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>. <https://www.rfc-editor.org/info/rfc6991>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089, [RFC8089] Kerwin, M., "The "file" URI Scheme", RFC 8089,
DOI 10.17487/RFC8089, February 2017, DOI 10.17487/RFC8089, February 2017,
<https://www.rfc-editor.org/info/rfc8089>. <https://www.rfc-editor.org/info/rfc8089>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018, DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>. <https://www.rfc-editor.org/info/rfc8341>.
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface [RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>. <https://www.rfc-editor.org/info/rfc8343>.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of
Documents Containing YANG Data Models", BCP 216, RFC 8407,
DOI 10.17487/RFC8407, October 2018,
<https://www.rfc-editor.org/info/rfc8407>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525, and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019, DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>. <https://www.rfc-editor.org/info/rfc8525>.
[RFC9640] Watsen, K., "YANG Data Types and Groupings for [RFC9640] Watsen, K., "YANG Data Types and Groupings for
Cryptography", RFC 9640, DOI 10.17487/RFC9640, October Cryptography", RFC 9640, DOI 10.17487/RFC9640, October
2024, <https://www.rfc-editor.org/info/rfc9640>. 2024, <https://www.rfc-editor.org/info/rfc9640>.
[RFC9645] Watsen, K., "YANG Groupings for TLS Clients and TLS [RFC9645] Watsen, K., "YANG Groupings for TLS Clients and TLS
Servers", RFC 9645, DOI 10.17487/RFC9645, October 2024, Servers", RFC 9645, DOI 10.17487/RFC9645, October 2024,
<https://www.rfc-editor.org/info/rfc9645>. <https://www.rfc-editor.org/info/rfc9645>.
[Std-1003.1-2008] [Std-1003.1-2024]
The Open Group, ""Chapter 9: Regular Expressions" The Open The Open Group, ""Chapter 9: Regular Expressions" The Open
Group Base Specifications Issue 6, IEEE Std 1003.1-2008, Group Base Specifications Issue 8, IEEE Std 1003.1-2024",
2016 Edition", September 2016, 2024, <https://pubs.opengroup.org/onlinepubs/9799919799>.
<https://pubs.opengroup.org/
onlinepubs/9699919799.2016edition/>. [W3C.REC-xml-20081126]
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E.,
and F. Yergeau, "Extensible Markup Language (XML) 1.0
(Fifth Edition)", World Wide Web Consortium
Recommendation REC-xml-20081126, November 2008,
<https://www.w3.org/TR/2008/REC-xml-20081126/>.
9.2. Informative References 9.2. Informative References
[RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
January 2006, <https://www.rfc-editor.org/info/rfc4252>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>. <https://www.rfc-editor.org/info/rfc8342>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>.
[YANG-GUIDELINES]
Bierman, A., Boucadair, M., and Q. Wu, "Guidelines for
Authors and Reviewers of Documents Containing YANG Data
Models", Work in Progress, Internet-Draft, draft-ietf-
netmod-rfc8407bis-24, 18 April 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-netmod-
rfc8407bis-24>.
Appendix A. Tree Diagrams Appendix A. Tree Diagrams
A.1. Complete Tree Diagram A.1. Complete Tree Diagram
[note: '\' line wrapping for formatting only] [note: '\' line wrapping for formatting only]
module: ietf-syslog module: ietf-syslog
+--rw syslog! +--rw syslog!
+--rw actions +--rw actions
+--rw console! {console-action}? +--rw console! {console-action}?
 End of changes. 92 change blocks. 
1102 lines changed or deleted 1110 lines changed or added

This html diff was produced by rfcdiff 1.48.