glenn mansfield keeni syslog-mib cyber solutions inc., japan syslog-wg, ietf-56 march, 2003
TRANSCRIPT
Glenn Mansfield Keeni
SysLog-MIB
Cyber Solutions Inc., Japan
Syslog-WG, IETF-56
March, 2003
Cyber Solutions
Purpose Monitoring Syslog operation :
Stats on messages, received, processed, relayed
System wide Parameters,
(Process-wise) Message selection and actions
(Process-wise) run-time parameters
Configuring/Control Syslog processes
Cyber Solutions
Syslog
man pages- syslogd, syslog.conf, syslog
RFC3164
Cyber Solutions
The MIB Design
syslog System Group
syslog Process Group
syslog Control Group
Cyber Solutions
System Group
DefaultTransportDefaultServiceDefaultFacilityDefaultSeverityMaxMessageSize
Cyber Solutions
Syslog Process Group
Process Table [syslogProcessIndex]
Params Table [syslogProcessIndex]
Allowed Hosts Table [syslogProcessIndex]
Cyber Solutions
Process Table [syslogProcessIndex]
MsgsReceivedMsgsRelayedMsgsDroppedMsgsIllFormedMsgsIgnoredMsgsRejected
LastMsgRecdTimeLastMsgDeliveredTimeStartTimeLastErrorLastErrorTime
Cyber Solutions
Params Table [syslogProcessIndex]
ProcDescrBindAddrTypeBindAddrSendToAllAddressesCompressionConfFileNameFacilityTranslation
PIDFileNameDNSLookUpSeverityCompOpSecuritySpecsProcessStatus*ProcessStorageTypeRowStatus
*Process Start/Stop
Cyber Solutions
Allowed Hosts Table [syslogProcessIndex]
HostsAddrTypeHostsAddrHostsMaskLenHostsTransportHostsPortRowStatus
Cyber Solutionssyslog Control Group cf. syslog.conf
Selection Action
Selection: list of facility:level
Actions: log, display, relay, pipe
Cyber Solutions
Selection and Action
Selection
Log Action
User Action
Relay Action
Pipe Action
Cyber Solutions
Selection Table [syslogProcessIndex, ActionIndex,
SelectionIndex]
ActionIndexSelectionIndexDescrHostNameInclHostNameProgNameIncl
ProgNamePriorityInclFacilitySeveritySeverityCompOPRowStatus
Cyber Solutions
Action Tables
UserActionTable [ProcessIndex,ActionIndex,UserActionIndex]
FwdActionTable [ProcessIndex,ActionIndex,FwdActionIndex]
PipeActionTable [ProcessIndex,ActionIndex]
LogActionTable [ProcessIndex,ActionIndex]
Cyber Solutions
(ActionIndex)LogFileName,RowStatus
LogActionTable
ActionIndexSelection Parameters
selectionTable
(ActionIndex)UserActionIndexUserID,RowStatus
UserActionTable
(ActionIndex)PipeCommandName,…RowStatus
PipeActionTable(ActionIndex)FwdActionIndexSrcAddrType….,RowStatus
FwdActionTable
Cyber Solutions
Log Action Table [syslogProcessIndex,
ActionIndex]
LogActionFileNameRowStatus
Cyber SolutionsUser Action Table [syslogProcessIndex, ActionIndex,
UserActionIndex]
UserActionIndexUserIDRowStatus
Cyber SolutionsFwd Action Table [syslogProcessIndex, ActionIndex,
FwdActionIndex]
FwdActionIndexActionDescrSrcAddrTypeSrcAddrDstAddrType
DstAddrTransportPortFacilitySeverityRowStatus
Cyber Solutions
Pipe Action Table [syslogProcessIndex,
ActionIndex]
PipeActionCommandRowStatus
Cyber Solutions
Security Considerations(SET) ParamsTable : Configure, Start/Stop AllowedHostsTable: Loss/Flood of messages AllowedHostsTable: Loss/Flood of messages Selection Table: Loss of Messaages Log Action Table: Loss of messages UserActionTable: Spam a user’s console FwdActionTable: Attack a collector PipeActionTable: Invoke “sh” commands
Cyber Solutions
Security Considerations (GET)
ProcTable : Counters may reveal IDS info
Cyber Solutions
The draft
draft-ietf-syslog-device-mib-03.txt
Cyber Solutions
To Be Done
DESCRIPTION clauses
Editorial nits
REFERENCE clauses
Implement
SET requirements