This module contains a collection of YANG definitions for syslog management. Copyright (c) 2025 IETF Trust and the persons iden...
Version: 2025-04-30
module ietf-syslog { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-syslog"; prefix syslog; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A YANG Data Model for Interface Management"; } import ietf-tls-client { prefix tlsc; reference "RFC 9645: YANG Groupings for TLS Clients and TLS Servers"; } import ietf-crypto-types { prefix ct; reference "RFC 9640: YANG Data Types and Groupings for Cryptography"; } organization "IETF NETMOD (Network Modeling) Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/netmod/> WG List: <mailto:netmod@ietf.org> Editor: Mahesh Jethanandani <mailto:mjethanandani@gmail.com> Editor: Joe Clarke <mailto:jclarke@cisco.com> Editor: Kiran Agrahara Sreenivasa <mailto:kirankoushik.agraharasreenivasa@verizonwireless.com> Editor: Clyde Wildes <mailto:clyde@clydewildes.com>"; description "This module contains a collection of YANG definitions for syslog management. Copyright (c) 2025 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC 9742 (https://www.rfc-editor.org/info/rfc9742); see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; revision "2025-04-30" { description "Initial Revision"; reference "RFC 9742: Syslog YANG Module"; } feature console-action { description "This feature indicates that the local console action is supported."; } feature file-action { description "This feature indicates that the local file action is supported."; } feature file-limit-size { description "This feature indicates that file logging resources are managed using size and number limits."; } feature file-limit-duration { description "This feature indicates that file logging resources are managed using time based limits."; } feature remote-action { description "This feature indicates that the remote server action is supported."; } feature remote-source-interface { description "This feature indicates that source-interface is supported for the remote-action."; } feature select-adv-compare { description "This feature represents the ability to select messages using the additional comparison operators when comparing the syslog message severity."; } feature select-match { description "This feature represents the ability to select messages based on a Posix 1003.2 regular expression pattern match."; } feature structured-data { description "This feature represents the ability to log messages in structured-data format."; reference "RFC 5424: The Syslog Protocol"; } feature signed-messages { description "This feature represents the ability to configure signed syslog messages."; reference "RFC 5848: Signed Syslog Messages"; } typedef syslog-severity { type enumeration { enum "emergency" { value 0; description "The severity level 'Emergency' indicates that the system is unusable."; } enum "alert" { value 1; description "The severity level 'Alert' indicates that an action must be taken immediately."; } enum "critical" { value 2; description "The severity level 'Critical' indicates a critical condition."; } enum "error" { value 3; description "The severity level 'Error' indicates an error condition."; } enum "warning" { value 4; description "The severity level 'Warning' indicates a warning condition."; } enum "notice" { value 5; description "The severity level 'Notice' indicates a normal but significant condition."; } enum "info" { value 6; description "The severity level 'Info' indicates an informational message."; } enum "debug" { value 7; description "The severity level 'Debug' indicates a debug-level message."; } } description "The definitions for Syslog message severity. Note that a lower value is a higher severity. Comparisons of equal-or-higher severity mean equal-or-lower numeric value"; reference "RFC 5424: The Syslog Protocol"; } identity syslog-facility { description "This identity is used as a base for all syslog facilities."; reference "RFC 5424: The Syslog Protocol"; } identity kern { base syslog-facility; description "The facility for kernel messages (numerical code 0)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity user { base syslog-facility; description "The facility for user-level messages (numerical code 1)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity mail { base syslog-facility; description "The facility for the mail system (numerical code 2)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity daemon { base syslog-facility; description "The facility for the system daemons (numerical code 3)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity auth { base syslog-facility; description "The facility for security/authorization messages (numerical code 4)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity syslog { base syslog-facility; description "The facility for messages generated internally by a syslog daemon facility (numerical code 5)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity lpr { base syslog-facility; description "The facility for the line printer subsystem (numerical code 6)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity news { base syslog-facility; description "The facility for the network news subsystem (numerical code 7)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity uucp { base syslog-facility; description "The facility for the Unix-to-Unix Copy (UUCP) subsystem (numerical code 8)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity cron { base syslog-facility; description "The facility for the clock daemon (numerical code 9)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity authpriv { base syslog-facility; description "The facility for privileged security/authorization messages (numerical code 10)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity ftp { base syslog-facility; description "The facility for the FTP daemon (numerical code 11)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity ntp { base syslog-facility; description "The facility for the NTP subsystem (numerical code 12)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity audit { base syslog-facility; description "The facility for log audit messages (numerical code 13)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity console { base syslog-facility; description "The facility for log alert messages (numerical code 14)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity cron2 { base syslog-facility; description "The facility for the second clock daemon (numerical code 15)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local0 { base syslog-facility; description "The facility for local use 0 messages (numerical code 16)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local1 { base syslog-facility; description "The facility for local use 1 messages (numerical code 17)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local2 { base syslog-facility; description "The facility for local use 2 messages (numerical code 18)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local3 { base syslog-facility; description "The facility for local use 3 messages (numerical code 19)."; reference "RFC 5424: The Syslog Protocol"; } identity local4 { base syslog-facility; description "The facility for local use 4 messages (numerical code 20)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local5 { base syslog-facility; description "The facility for local use 5 messages (numerical code 21)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local6 { base syslog-facility; description "The facility for local use 6 messages (numerical code 22)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity local7 { base syslog-facility; description "The facility for local use 7 messages (numerical code 23)."; reference "RFC 5424: The Syslog Protocol, Section 6.2.1."; } identity action { description "Base identity for action for how a message will be handled."; } identity log { base action; description "This identity specifies that if the compare operation is true, the message will be logged."; } identity block { base action; description "This identity specifies that if the compare operation is true, the message will not be logged."; } identity stop { base action; description "This identity specifies that if the compare operation is true, the message will not be logged and no further processing will occur for it."; } grouping severity-filter { description "This grouping defines the processing used to select log messages by comparing syslog message severity using the following processing rules: - if 'none', do not match. - if 'all', match. - else, compare message severity with the specified severity according to the default compare rule (all messages of the specified severity and greater match) or if the select-adv-compare feature is present, use the advance-compare rule."; leaf severity { type union { type syslog-severity; type enumeration { enum "none" { value 2147483647; description "This enum describes the case where no severities are selected."; } enum "all" { value -2147483648; description "This enum describes the case where all severities are selected."; } } } mandatory true; description "This leaf specifies the syslog message severity."; } container advanced-compare { when "../severity != \"all\" and ../severity != \"none\"" { description "The advanced compare container is not applicable for severity 'all' or severity 'none'"; } if-feature select-adv-compare; description "This container describes additional severity compare operations that can be used in place of the default severity comparison. The compare leaf specifies the type of compare operation that is done and the action leaf specifies the intended result. Example: compare->equals and action->block means messages that have a severity that are equal to the specified severity will not be logged."; leaf compare { type enumeration { enum "equals" { value 0; description "This enum specifies that the severity comparison operation will be equals."; } enum "equals-or-higher" { value 1; description "This enum specifies that the severity comparison operation will be equals or higher."; } } default "equals-or-higher"; description "The compare operation can be used to specify the comparison operator that should be used to compare the syslog message severity with the specified severity."; } leaf action { type identityref { base action; } default "log"; description "The action can be used to specify how the message should be handled. This may include logging the message, not logging the message (i.e., blocking it), or stopping further processing."; } } // container advanced-compare } // grouping severity-filter grouping selector { description "This grouping defines a syslog selector, which is used to select log messages for the log-actions (console, file, remote, etc.). Choose one or both of the following: facility [<facility> <severity>...] pattern-match regular-expression-match-string If both facility and pattern-match are specified, both must match in order for a log message to be selected."; container filter { description "This container describes the syslog filter parameters."; list facility-list { key "facility severity"; ordered-by user; description "This list describes a collection of syslog facilities and severities."; leaf facility { type union { type identityref { base syslog-facility; } type enumeration { enum "all" { value 0; description "This enum describes the case where all facilities are requested."; } } } description "The leaf uniquely identifies a syslog facility."; } uses severity-filter; } // list facility-list } // container filter leaf pattern-match { if-feature select-match; type string; description "This leaf describes a Posix 1003.2 regular expression string that can be used to select a syslog message for logging. The match is performed on the SYSLOG-MSG field."; reference "RFC 5424: The Syslog Protocol Std-1003.1-2024 Regular Expressions"; } } // grouping selector grouping structured-data { description "This grouping defines the syslog structured data option, which is used to select the format used to write log messages."; leaf structured-data { if-feature structured-data; type boolean; default "false"; description "This leaf describes how log messages are written. If true, messages will be written with one or more STRUCTURED-DATA elements; if false, messages will be written with STRUCTURED-DATA = NILVALUE."; reference "RFC 5424: The Syslog Protocol"; } } // grouping structured-data container syslog { presence "Enables logging."; description "This container describes the configuration parameters for syslog."; container actions { description "This container describes the log-action parameters for syslog."; container console { if-feature console-action; presence "Enables logging to the console"; description "This container describes the configuration parameters for console logging."; uses selector; } // container console container file { if-feature file-action; description "This container describes the configuration parameters for file logging. If file-archive limits are not supplied, it is assumed that the local implementation defined limits will be used."; list log-file { key "name"; description "This list describes a collection of local logging files."; leaf name { type inet:uri { pattern 'file:.*'; } description "This leaf specifies the name of the log file, which MUST use the uri scheme file:."; reference "RFC 8089: The file URI Scheme"; } uses selector; uses structured-data; container file-rotation { description "This container describes the configuration parameters for log file rotation."; leaf number-of-files { if-feature file-limit-size; type uint32; default "1"; description "This leaf specifies the maximum number of log files retained. Specify 1 for implementations that only support one log file."; } leaf max-file-size { if-feature file-limit-size; type uint32; units "megabytes"; description "This leaf specifies the maximum log file size."; } leaf rollover { if-feature file-limit-duration; type uint32; units "minutes"; description "This leaf specifies the length of time that log events should be written to a specific log file. Log events that arrive after the rollover period cause the current log file to be closed and a new log file to be opened."; } leaf retention { if-feature file-limit-duration; type uint32; units "minutes"; description "This leaf specifies the length of time that completed/closed log event files should be stored in the file system before they are removed."; } } // container file-rotation } // list log-file } // container file container remote { if-feature remote-action; description "This container describes the configuration parameters for forwarding syslog messages to remote relays or collectors."; list destination { key "name"; description "This list describes a collection of remote logging destinations."; leaf name { type string; description "An arbitrary name for the endpoint to connect to."; } choice transport { mandatory true; description "This choice describes the transport option."; container udp { description "This container describes the UDP transport options."; reference "RFC 5426: Transmission of Syslog Messages over UDP"; list udp { key "address"; description "List of all UDP sessions."; leaf address { type inet:host; description "The leaf uniquely specifies the address of the remote host. One of the following must be specified: - an ipv4 address, - an ipv6 address, or a - host name."; } leaf port { type inet:port-number; default "514"; description "This leaf specifies the port number used to deliver messages to the remote server."; } } // list udp } // container udp container tls { description "This container describes the TLS transport options."; reference "RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog "; list tls { key "address"; description "List of all TLS-based sessions."; leaf address { type inet:host; description "The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name."; } leaf port { type inet:port-number; default "6514"; description "TCP port 6514 has been allocated as the default port for syslog over TLS."; } uses tlsc:tls-client-grouping; } // list tls } // container tls } // choice transport uses selector; uses structured-data; leaf facility-override { type identityref { base syslog-facility; } description "If specified, this leaf specifies the facility used to override the facility in messages delivered to the remote server."; } leaf source-interface { if-feature remote-source-interface; type if:interface-ref; description "This leaf sets the source interface to be used to send messages to the remote syslog server. If not set, messages can be sent on any interface."; } container signing { if-feature signed-messages; presence "If present, syslog-signing options is activated."; description "This container describes the configuration parameters for signed syslog messages."; reference "RFC 5848: Signed Syslog Messages"; container cert-signers { description "This container describes the signing certificate configuration for Signature Group 0, which covers the case for administrators who want all Signature Blocks to be sent to a single destination."; list cert-signer { key "name"; description "This list describes a collection of syslog message signers."; leaf name { type string; description "This leaf specifies the name of the syslog message signer."; } container cert { description "This is the certificate that is periodically sent to the remote receiver. The certificate is inherently associated with its private and public keys."; uses ct:asymmetric-key-pair-with-cert-grouping; } // container cert leaf hash-algorithm { type enumeration { enum "SHA1" { value 1; description "This enum describes the SHA1 algorithm."; } enum "SHA256" { value 2; description "This enum describes the SHA256 algorithm."; } } description "This leaf describes the syslog signer hash algorithm used."; } } // list cert-signer leaf cert-initial-repeat { type uint32; default "3"; description "This leaf specifies the number of times each Certificate Block should be sent before the first message is sent."; } leaf cert-resend-delay { type uint32; units "seconds"; default "3600"; description "This leaf specifies the maximum time delay in seconds until resending the Certificate Block."; } leaf cert-resend-count { type uint32; default "0"; description "This leaf specifies the maximum number of other syslog messages to send until resending the Certificate Block."; } leaf sig-max-delay { type uint32; units "seconds"; default "60"; description "This leaf specifies when to generate a new Signature Block. If this many seconds have elapsed since the message with the first message number of the Signature Block was sent, a new Signature Block should be generated."; } leaf sig-number-resends { type uint32; default "0"; description "This leaf specifies the number of times a Signature Block is resent. (It is recommended to select a value of greater than 0 in particular when the UDP transport as in RFC 5426 is used.)"; } leaf sig-resend-delay { type uint32; units "seconds"; default "5"; description "This leaf specifies when to send the next Signature Block transmission based on time. If this many seconds have elapsed since the previous sending of this Signature Block, resend it."; } leaf sig-resend-count { type uint32; default "0"; description "This leaf specifies when to send the next Signature Block transmission based on a count. If this many other syslog messages have been sent since the previous sending of this Signature Block, resend it. A value of 0 means that you don't resend based on the number of messages."; } } // container cert-signers } // container signing } // list destination } // container remote } // container actions } // container syslog } // module ietf-syslog
© 2024 YumaWorks, Inc. All rights reserved.