netconfcentral logo

ietf-i2nsf-nsf-monitoring-dm

HTML

ietf-i2nsf-nsf-monitoring-dm@2017-10-29



  module ietf-i2nsf-nsf-monitoring-dm {

    yang-version 1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring-dm";

    prefix monitoring-information;

    import ietf-inet-types {
      prefix inet;
    }
    import ietf-yang-types {
      prefix yang;
    }

    organization
      "IETF I2NSF (Interface to Network Security Functions)
     Working Group";

    contact
      "WG Web: <http://tools.ietf.org/wg/i2nsf>
     WG List: <mailto:i2nsf@ietf.org>

     WG Chair: Linda Dunbar
     <mailto:Linda.duhbar@huawei.com>

     Editor: Dongjin Hong
     <mailto:dong.jin@skku.edu>

     Editor: Jaehoon Paul Jeong
     <mailto:pauljeong@skku.edu>";

    description
      "This module defines a YANG data module for monitoring NSFs.";

    revision "2017-10-29" {
      description "Initial revision";
      reference
        "draft-zhang-i2nsf-info-model-monitoring-04";

    }


    typedef severity {
      type enumeration {
        enum "high" {
          value 0;
          description "high-level";
        }
        enum "middle" {
          value 1;
          description "middle-level";
        }
        enum "low" {
          value 2;
          description "low-level";
        }
      }
      description
        "This is used for indicating the severity";
    }

    typedef all-action {
      type enumeration {
        enum "allow" {
          value 0;
          description "TBD";
        }
        enum "alert" {
          value 1;
          description "TBD";
        }
        enum "block" {
          value 2;
          description "TBD";
        }
        enum "discard" {
          value 3;
          description "TBD";
        }
        enum "declare" {
          value 4;
          description "TBD";
        }
        enum "block-ip" {
          value 5;
          description "TBD";
        }
        enum "block-service" {
          value 6;
          description "TBD";
        }
      }
      description
        "This is used for protocol";
    }

    typedef dpi-type {
      type enumeration {
        enum "file-blocking" {
          value 0;
          description "TBD";
        }
        enum "data-filtering" {
          value 1;
          description "TBD";
        }
        enum "application-behavior-control" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for dpi type";
    }

    typedef operation-type {
      type enumeration {
        enum "login" {
          value 0;
          description "TBD";
        }
        enum "logout" {
          value 1;
          description "TBD";
        }
        enum "configuration" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for operation type";
    }

    typedef login-mode {
      type enumeration {
        enum "root" {
          value 0;
          description "TBD";
        }
        enum "user" {
          value 1;
          description "TBD";
        }
        enum "guest" {
          value 2;
          description "TBD";
        }
      }
      description
        "This is used for login mode";
    }

    grouping protocol {
      description "A set of protocols";
      container protocol {
        description
          "Protocol types:
       TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.";
        leaf tcp {
          type boolean;
          description "TCP protocol type.";
        }

        leaf udp {
          type boolean;
          description "UDP protocol type.";
        }

        leaf icmp {
          type boolean;
          description "ICMP protocol type.";
        }

        leaf icmpv6 {
          type boolean;
          description
            "ICMPv6 protocol type.";
        }

        leaf ip {
          type boolean;
          description "IP protocol type.";
        }

        leaf http {
          type boolean;
          description "HTTP protocol type.";
        }

        leaf ftp {
          type boolean;
          description "ftp protocol type.";
        }
      }  // container protocol
    }  // grouping protocol

    grouping traffic-rates {
      description
        "A set of traffic rates
      for statistics data";
      leaf total-traffic {
        type uint32;
        description "Total traffic";
      }

      leaf in-traffic-ave-rate {
        type uint32;
        description
          "Inbound traffic average rate in pps";
      }

      leaf in-traffic-peak-rate {
        type uint32;
        description
          "Inbound traffic peak rate in pps";
      }

      leaf in-traffic-ave-speed {
        type uint32;
        description
          "Inbound traffic average speed in bps";
      }

      leaf in-traffic-peak-speed {
        type uint32;
        description
          "Inbound traffic peak speed in bps";
      }

      leaf out-traffic-ave-rate {
        type uint32;
        description
          "Outbound traffic average rate in pps";
      }

      leaf out-traffic-peak-rate {
        type uint32;
        description
          "Outbound traffic peak rate in pps";
      }

      leaf out-traffic-ave-speed {
        type uint32;
        description
          "Outbound traffic average speed in bps";
      }

      leaf out-traffic-peak-speed {
        type uint32;
        description
          "Outbound traffic peak speed in bps";
      }
    }  // grouping traffic-rates

    grouping i2nsf-system-event-type-content {
      description
        "A set of system event type contents";
      leaf group {
        type string;
        mandatory true;
        description
          "Group to which a user belongs.";
      }

      leaf login-ip {
        type inet:ipv4-address;
        mandatory true;
        description
          "Login IP address of a user.";
      }

      container authentication-mode {
        description
          "User authentication mode. e.g., Local Authentication,
        Third-Party Server Authentication,
        Authentication Exemption, SSO Authentication.";
        leaf local-authentication {
          type boolean;
          mandatory true;
          description
            "Authentication-mode : local authentication.";
        }

        leaf third-part-server-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }

        leaf exemption-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }

        leaf sso-authentication {
          type boolean;
          mandatory true;
          description "TBD";
        }
      }  // container authentication-mode
    }  // grouping i2nsf-system-event-type-content

    grouping i2nsf-nsf-event-type-content {
      description
        "A set of nsf event type contents";
      leaf message {
        type string;
        description
          "The message for nsf events";
      }

      leaf src-ip {
        type inet:ipv4-address;
        description
          "The source IP address of the packet";
      }

      leaf dst-ip {
        type inet:ipv4-address;
        description
          "The destination IP address of the packet";
      }

      leaf src-port {
        type inet:port-number;
        description
          "The source port of the packet";
      }

      leaf dst-port {
        type inet:port-number;
        description
          "The destination port of the packet";
      }

      leaf src-zone {
        type string;
        description
          "The source security zone of the packet";
      }

      leaf dst-zone {
        type string;
        description
          "The destination security zone of the packet";
      }

      leaf rule-id {
        type uint8;
        mandatory true;
        description
          "The ID of the rule being triggered";
      }

      leaf rule-name {
        type string;
        mandatory true;
        description
          "The name of the rule being triggered";
      }

      leaf profile {
        type string;
        description
          "Security profile that traffic matches.";
      }

      leaf raw-info {
        type string;
        description
          "The information describing the packet
        triggering the event.";
      }
    }  // grouping i2nsf-nsf-event-type-content

    grouping i2nsf-system-counter-type-content {
      description
        "A set of system counter type contents";
      leaf interface-name {
        type string;
        description
          "Network interface name configured in NSF";
      }

      leaf in-total-traffic-pkts {
        type uint32;
        description "Total inbound packets";
      }

      leaf out-total-traffic-pkts {
        type uint32;
        description "Total outbound packets";
      }

      leaf in-total-traffic-bytes {
        type uint32;
        description "Total inbound bytes";
      }

      leaf out-total-traffic-bytes {
        type uint32;
        description "Total outbound bytes";
      }

      leaf in-drop-traffic-pkts {
        type uint32;
        description
          "Total inbound drop packets";
      }

      leaf out-drop-traffic-pkts {
        type uint32;
        description
          "Total outbound drop packets";
      }

      leaf in-drop-traffic-bytes {
        type uint32;
        description
          "Total inbound drop bytes";
      }

      leaf out-drop-traffic-bytes {
        type uint32;
        description
          "Total outbound drop bytes";
      }

      uses traffic-rates;
    }  // grouping i2nsf-system-counter-type-content

    grouping i2nsf-nsf-counters-type-content {
      description
        "A set of nsf counters type contents";
      leaf src-ip {
        type inet:ipv4-address;
        description
          "The source IP address of the packet";
      }

      leaf dst-ip {
        type inet:ipv4-address;
        description
          "The destination IP address of the packet";
      }

      leaf src-port {
        type inet:port-number;
        description
          "The source port of the packet";
      }

      leaf dst-port {
        type inet:port-number;
        description
          "The destination port of the packet";
      }

      leaf src-zone {
        type string;
        description
          "The source security zone of the packet";
      }

      leaf dst-zone {
        type string;
        description
          "The destination security zone of the packet";
      }

      leaf src-region {
        type string;
        description
          "Source region of the traffic";
      }

      leaf dst-region {
        type string;
        description
          "Destination region of the traffic";
      }

      leaf policy-id {
        type uint8;
        mandatory true;
        description
          "The ID of the policy being triggered";
      }

      leaf policy-name {
        type string;
        mandatory true;
        description
          "The name of the policy being triggered";
      }

      leaf src-user {
        type string;
        description
          "User who generates traffic";
      }

      uses protocol;

      uses traffic-rates;
    }  // grouping i2nsf-nsf-counters-type-content

    container monitoring-message {
      description
        "The message for monitoring information";
      list monitoring-messages {
        key "message-id";
        description
          "The messages according to monitoring information";
        leaf message-id {
          type uint8;
          mandatory true;
          description
            "This is message ID
           This is key for monitoring messages";
        }

        leaf message-version {
          type uint8;
          mandatory true;
          description
            "The version of message";
        }

        choice message-type {
          description "The type of message";
          case event {
            description
              "If the message type is event";
            leaf event-name {
              type string;
              mandatory true;
              description
                "The name of the event";
            }

            choice event-type {
              description
                "This is event type such as system event
              and nsf event.";
              case system-event {
                description
                  "If the event type is system event";
                container access-violation {
                  description
                    "If the system event is
                  access violation";
                  uses i2nsf-system-event-type-content;
                }  // container access-violation

                container config-change {
                  description
                    "If the system event is
                  config change violation";
                  uses i2nsf-system-event-type-content;
                }  // container config-change
              }  // case system-event

              case nsf-event {
                description
                  "If the event type is nsf event";
                leaf user-name {
                  type string;
                  description
                    "This is user name for NSF event";
                }

                container ddos-event {
                  description
                    "If the event type is DDoS event";
                  uses i2nsf-nsf-event-type-content;

                  container ddos-attack-type {
                    description
                      "Type of DDoS attack";
                    leaf syn-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      syn flood";
                    }

                    leaf ack-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      ack flood";
                    }

                    leaf syn-ack-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      syn ack flood";
                    }

                    leaf fin-rst-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      fin rst flood";
                    }

                    leaf tcp-connection-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      tcp connection flood";
                    }

                    leaf udp-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      udp flood";
                    }

                    leaf icmp-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      icmp flood";
                    }

                    leaf https-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      https flood";
                    }

                    leaf http-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      http flood";
                    }

                    leaf dns-reply-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      dns reply flood";
                    }

                    leaf dns-query-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      dns query flood";
                    }

                    leaf sip-flood {
                      type boolean;
                      description
                        "If the DDoS attack is
                      sip flood";
                    }
                  }  // container ddos-attack-type

                  leaf start-time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "The time stamp indicating
                    when the attack started";
                  }

                  leaf end-time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "The time stamp indicating
                    when the attack ended";
                  }

                  leaf attack-rate {
                    type uint32;
                    description
                      "The PPS of attack traffic";
                  }

                  leaf attack-speed {
                    type uint32;
                    description
                      "the bps of attack traffic";
                  }
                }  // container ddos-event

                container session-table-event {
                  description
                    "If the event type is session
                  table event";
                  leaf current-session {
                    type uint8;
                    description
                      "The number of concurrent
                     sessions";
                  }

                  leaf maximum-session {
                    type uint8;
                    description
                      "The maximum number of sessions
                     that the session table can
                     support";
                  }

                  leaf threshold {
                    type uint8;
                    description
                      "The threshold triggering
                     the event";
                  }

                  leaf message {
                    type string;
                    description
                      "The number of session table
                      exceeded the threshold";
                  }
                }  // container session-table-event

                container virus-event {
                  description
                    "If the event type is virus event";
                  uses i2nsf-nsf-event-type-content;

                  container virus-type {
                    description
                      "The type of virus";
                    leaf trajan {
                      type boolean;
                      description
                        "If the virus type is trajan";
                    }

                    leaf worm {
                      type boolean;
                      description
                        "If the virus type is worm";
                    }

                    leaf macro {
                      type boolean;
                      description
                        "If the virus type is macro";
                    }
                  }  // container virus-type

                  leaf virus-name {
                    type string;
                    description
                      "The name of virus";
                  }

                  leaf file-type {
                    type string;
                    description
                      "The type of file";
                  }

                  leaf file-name {
                    type string;
                    description
                      "The name of file";
                  }
                }  // container virus-event

                container intrusion-event {
                  description
                    "If the event type is intrusion event";
                  uses i2nsf-nsf-event-type-content;

                  uses protocol;

                  container intrusion-attack-type {
                    description
                      "The attack type of intrusion";
                    leaf brutal-force {
                      type boolean;
                      description
                        "The intrusion type is
                      brutal force";
                    }

                    leaf buffer-overflow {
                      type boolean;
                      description
                        "The intrusion type is
                      buffer overflow";
                    }
                  }  // container intrusion-attack-type
                }  // container intrusion-event

                container botnet-event {
                  description
                    "If the event type is botnet event";
                  uses i2nsf-nsf-event-type-content;

                  uses protocol;

                  leaf botnet-name {
                    type string;
                    description
                      "The name of the detected botnet";
                  }

                  leaf role {
                    type string;
                    description
                      "The role of the communicating
                    parties within the botnet";
                  }
                }  // container botnet-event

                container web-attack-event {
                  description
                    "If the event type is web
                  attack event";
                  uses i2nsf-nsf-event-type-content;

                  container web-attack-type {
                    description
                      "To determine the attack
                    type";
                    leaf sql-injection {
                      type boolean;
                      description
                        "If the web attack type is
                      sql injection";
                    }

                    leaf command-injection {
                      type boolean;
                      description
                        "If the web attack type is
                      command injection";
                    }

                    leaf xss {
                      type boolean;
                      description
                        "If the web attack type is
                      xss injection";
                    }

                    leaf csrf {
                      type boolean;
                      description
                        "If the web attack type is
                      csrf injection";
                    }
                  }  // container web-attack-type

                  container req-method {
                    description
                      "The method of requirement.
                    For instance, PUT or GET
                    in HTTP";
                    leaf put {
                      type boolean;
                      description
                        "If req method is PUT";
                    }

                    leaf get {
                      type boolean;
                      description
                        "If req method is GET";
                    }
                  }  // container req-method

                  leaf req-url {
                    type string;
                    description
                      "Requested URL";
                  }

                  leaf url-category {
                    type string;
                    description
                      "Matched URL category";
                  }

                  container filtering-type {
                    description
                      "URL filtering type,
                    e.g., Blacklist, Whitelist,
                    User-Defined, Predefined,
                    Malicious Category, Unknown";
                    leaf blacklist {
                      type boolean;
                      description
                        "The filtering type is
                      blacklist";
                    }

                    leaf whitelist {
                      type boolean;
                      description
                        "The filtering type is
                      whitelist";
                    }

                    leaf user-defined {
                      type boolean;
                      description
                        "The filtering type is
                      user defined";
                    }

                    leaf balicious-category {
                      type boolean;
                      description
                        "The filtering type is
                      balicious category";
                    }

                    leaf unknown {
                      type boolean;
                      description
                        "The filtering type is
                      unknown";
                    }
                  }  // container filtering-type
                }  // container web-attack-event
              }  // case nsf-event
            }  // choice event-type
          }  // case event

          case log {
            description
              "If the message type is log";
            choice log-type {
              description "The type of log";
              case system-log {
                description
                  "If the log type is system log";
                container access-logs {
                  description
                    "If the log is access logs
                  in system log";
                  leaf login-ip {
                    type inet:ipv4-address;
                    mandatory true;
                    description
                      "Login IP address of a user.";
                  }

                  leaf administartor {
                    type string;
                    description
                      "Administrator that
                    operates on the device";
                  }

                  leaf login-mode {
                    type login-mode;
                    description
                      "Specifies the
                    administrator logs in mode";
                  }

                  leaf operation-type {
                    type operation-type;
                    description
                      "The operation type that
                    the administrator execute";
                  }

                  leaf result {
                    type string;
                    description
                      "Command execution result";
                  }

                  leaf content {
                    type string;
                    description
                      "Operation performed by
                    an administrator after login.";
                  }
                }  // container access-logs

                container resource-utiliz-logs {
                  description
                    "If the log is resource utilize
                  logs in system log";
                  leaf system-status {
                    type string;
                    description "TBD";
                  }

                  leaf cpu-usage {
                    type uint8;
                    description
                      "specifies the amount of
                    cpu usage";
                  }

                  leaf memory-usage {
                    type uint8;
                    description
                      "specifies the amount of
                    memory usage";
                  }

                  leaf disk-usage {
                    type uint8;
                    description
                      "specifies the amount of
                    disk usage";
                  }

                  leaf disk-left {
                    type uint8;
                    description
                      "specifies the amount of
                    disk left";
                  }

                  leaf session-num {
                    type uint8;
                    description
                      "The total number of
                    sessions";
                  }

                  leaf process-num {
                    type uint8;
                    description
                      "The total number of
                    process";
                  }

                  leaf in-traffic-rate {
                    type uint32;
                    description
                      "The total inbound
                    traffic rate in pps";
                  }

                  leaf out-traffic-rate {
                    type uint32;
                    description
                      "The total outbound
                    traffic rate in pps";
                  }

                  leaf in-traffic-speed {
                    type uint32;
                    description
                      "The total inbound
                    traffic speed in bps";
                  }

                  leaf out-traffic-speed {
                    type uint32;
                    description
                      "The total outbound
                    traffic speed in bps";
                  }
                }  // container resource-utiliz-logs

                container user-activity-logs {
                  description
                    "If the log is user activity
                  logs in system log";
                  leaf user {
                    type string;
                    mandatory true;
                    description
                      "Name of a user";
                  }

                  leaf group {
                    type string;
                    mandatory true;
                    description
                      "Group to which a user belongs.";
                  }

                  leaf login-ip {
                    type inet:ipv4-address;
                    mandatory true;
                    description
                      "Login IP address of a user.";
                  }

                  container authentication-mode {
                    description
                      "User authentication mode. e.g.,
                    Local Authentication,
                    Third-Party Server Authentication,
                    Authentication Exemption, SSO Authentication.";
                    leaf local-authentication {
                      type boolean;
                      mandatory true;
                      description
                        "Authentication-mode : local authentication.";
                    }

                    leaf third-part-server-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }

                    leaf exemption-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }

                    leaf sso-authentication {
                      type boolean;
                      mandatory true;
                      description "TBD";
                    }
                  }  // container authentication-mode

                  container access-mode {
                    description "TBD";
                    leaf ppp {
                      type boolean;
                      description "TBD";
                    }

                    leaf svn {
                      type boolean;
                      description "TBD";
                    }

                    leaf local {
                      type boolean;
                      description "TBD";
                    }
                  }  // container access-mode

                  leaf online-duration {
                    type string;
                    description "TBD";
                  }

                  leaf logout-duration {
                    type string;
                    description "TBD";
                  }

                  leaf addtional-info {
                    type string;
                    description "TBD";
                  }
                }  // container user-activity-logs
              }  // case system-log

              case nsf-log {
                description
                  "If the log type is nsf log";
                container ddos-logs {
                  description
                    "If the log is DDoS logs
                  in nsf log";
                  leaf attack-type {
                    type string;
                    description "DDoS";
                  }

                  leaf attack-ave-rate {
                    type uint32;
                    description
                      "The ave PPS of
                    attack traffic";
                  }

                  leaf attack-ave-speed {
                    type uint32;
                    description
                      "the ave bps of
                    attack traffic";
                  }

                  leaf attack-pkt-num {
                    type uint32;
                    description
                      "the number of
                    attack packets";
                  }

                  leaf attack-src-ip {
                    type inet:ipv4-address;
                    description "TBD";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }
                }  // container ddos-logs

                container virus-logs {
                  description
                    "If the log is virus logs
                  in nsf log";
                  uses protocol;

                  leaf attack-type {
                    type string;
                    description "Virus";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }

                  leaf time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "Indicate the time when the
                    message is generated";
                  }
                }  // container virus-logs

                container intrusion-logs {
                  description
                    "If the log is intrusion logs
                  in nsf log";
                  leaf attack-type {
                    type string;
                    description "Intrusion";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf time {
                    type yang:date-and-time;
                    mandatory true;
                    description
                      "Indicate the time when the
                    message is generated";
                  }

                  leaf attack-rate {
                    type uint32;
                    description
                      "The PPS of attack traffic";
                  }

                  leaf attack-speed {
                    type uint32;
                    description
                      "the bps of attack traffic";
                  }
                }  // container intrusion-logs

                container botnet-logs {
                  description
                    "If the log is botnet logs
                  in nsf log";
                  leaf attack-type {
                    type string;
                    description "Botnet";
                  }

                  leaf botnet-pkt-num {
                    type uint8;
                    description
                      "The number of the packets
                    sent to or from the
                    detected botnet";
                  }

                  leaf action {
                    type all-action;
                    description "TBD";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }
                }  // container botnet-logs

                container dpi-logs {
                  description
                    "If the log is dpi logs
                  in nsf log";
                  leaf dpi-type {
                    type dpi-type;
                    description
                      "The type of dpi";
                  }

                  leaf src-ip {
                    type inet:ipv4-address;
                    description
                      "The source IP address of the packet";
                  }

                  leaf dst-ip {
                    type inet:ipv4-address;
                    description
                      "The destination IP address of the packet";
                  }

                  leaf src-port {
                    type inet:port-number;
                    description
                      "The source port of the packet";
                  }

                  leaf dst-port {
                    type inet:port-number;
                    description
                      "The destination port of the packet";
                  }

                  leaf src-zone {
                    type string;
                    description
                      "The source security zone of the packet";
                  }

                  leaf dst-zone {
                    type string;
                    description
                      "The destination security zone of the packet";
                  }

                  leaf src-region {
                    type string;
                    description
                      "Source region of the traffic";
                  }

                  leaf dst-region {
                    type string;
                    description
                      "Destination region of the traffic";
                  }

                  leaf policy-id {
                    type uint8;
                    mandatory true;
                    description
                      "The ID of the policy being triggered";
                  }

                  leaf policy-name {
                    type string;
                    mandatory true;
                    description
                      "The name of the policy being triggered";
                  }

                  leaf src-user {
                    type string;
                    description
                      "User who generates traffic";
                  }

                  uses protocol;

                  leaf file-type {
                    type string;
                    description
                      "The type of file";
                  }

                  leaf file-name {
                    type string;
                    description
                      "The name of file";
                  }
                }  // container dpi-logs

                list vulnerability-scanning-logs {
                  key "vulnerability-id";
                  description
                    "If the log is vulnerability
                  scanning logs in nsf log";
                  leaf vulnerability-id {
                    type uint8;
                    description
                      "The vulnerability id";
                  }

                  leaf victim-ip {
                    type inet:ipv4-address;
                    description
                      "IP address of the victim
                    host which has vulnerabilities";
                  }

                  uses protocol;

                  leaf port-num {
                    type inet:port-number;
                    description
                      "The port number";
                  }

                  leaf level {
                    type severity;
                    description
                      "The vulnerability severity";
                  }

                  leaf os {
                    type string;
                    description
                      "simple os information";
                  }

                  leaf addtional-info {
                    type string;
                    description "TBD";
                  }
                }  // list vulnerability-scanning-logs

                container web-attack-logs {
                  description
                    "If the log is web attack
                  logs in nsf log";
                  leaf attack-type {
                    type string;
                    description "Web Attack";
                  }

                  leaf rsp-code {
                    type string;
                    description
                      "Response code";
                  }

                  leaf req-clientapp {
                    type string;
                    description
                      "The client application";
                  }

                  leaf req-cookies {
                    type string;
                    description "Cookies";
                  }

                  leaf req-host {
                    type string;
                    description
                      "The domain name of the
                    requested host";
                  }

                  leaf raw-info {
                    type string;
                    description
                      "The information describing
                    the packet triggering the
                    event.";
                  }
                }  // container web-attack-logs
              }  // case nsf-log
            }  // choice log-type
          }  // case log

          case counters {
            description
              "If the message type is counters";
            choice counter-type {
              description
                "The type of counter";
              container interface-counters {
                description
                  "The system counter type is
                  interface counter";
                uses i2nsf-system-counter-type-content;
              }  // container interface-counters
              container firewall-counters {
                description
                  "The nsf counter type is
                  firewall counter";
                uses i2nsf-nsf-counters-type-content;

                container bound {
                  description
                    "Inbound or Outbound";
                  leaf in-interface {
                    type boolean;
                    description
                      "If the bound is inbound";
                  }

                  leaf out-interface {
                    type boolean;
                    description
                      "If the bound is outbound";
                  }
                }  // container bound
              }  // container firewall-counters
              container policy-hit-counters {
                description
                  "The counters of policy hit";
                uses i2nsf-nsf-counters-type-content;

                leaf hit-times {
                  type uint32;
                  description
                    "The hit times for policy";
                }
              }  // container policy-hit-counters
            }  // choice counter-type
          }  // case counters
        }  // choice message-type

        leaf message {
          type string;
          mandatory true;
          description
            "This is a message for monitoring information";
        }

        leaf time-stamp {
          type yang:date-and-time;
          mandatory true;
          description
            "Indicate the time when the message is generated";
        }

        leaf severity {
          type severity;
          mandatory true;
          description
            "The severity of the alarm such as
          critical, high, middle, low.";
        }
      }  // list monitoring-messages
    }  // container monitoring-message
  }  // module ietf-i2nsf-nsf-monitoring-dm

Summary

  
  
Organization IETF I2NSF (Interface to Network Security Functions) Working Group
  
Module ietf-i2nsf-nsf-monitoring-dm
Version 2017-10-29
File ietf-i2nsf-nsf-monitoring-dm@2017-10-29.yang
  
Prefix monitoring-information
Namespace urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring-dm
  
Cooked /cookedmodules/ietf-i2nsf-nsf-monitoring-dm/2017-10-29
YANG /src/ietf-i2nsf-nsf-monitoring-dm@2017-10-29.yang
XSD /xsd/ietf-i2nsf-nsf-monitoring-dm@2017-10-29.xsd
  
Abstract This module defines a YANG data module for monitoring NSFs.
  
Contact
WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>

WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>

Editor: Dongjin Hong
<mailto:dong.jin@skku.edu>

Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>

Description

 
This module defines a YANG data module for monitoring NSFs.

Typedefs

Typedef Base type Abstract
all-action enumeration This is used for protocol
dpi-type enumeration This is used for dpi type
login-mode enumeration This is used for login mode
operation-type enumeration This is used for operation type
severity enumeration This is used for indicating the severity

Groupings

Grouping Objects Abstract
i2nsf-nsf-counters-type-content src-ip dst-ip src-port dst-port src-zone dst-zone src-region dst-region policy-id policy-name src-user protocoltotal-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of nsf counters type contents
i2nsf-nsf-event-type-content message src-ip dst-ip src-port dst-port src-zone dst-zone rule-id rule-name profile raw-info A set of nsf event type contents
i2nsf-system-counter-type-content interface-name in-total-traffic-pkts out-total-traffic-pkts in-total-traffic-bytes out-total-traffic-bytes in-drop-traffic-pkts out-drop-traffic-pkts in-drop-traffic-bytes out-drop-traffic-bytes total-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of system counter type contents
i2nsf-system-event-type-content group login-ip authentication-mode A set of system event type contents
protocol protocol A set of protocols
traffic-rates total-traffic in-traffic-ave-rate in-traffic-peak-rate in-traffic-ave-speed in-traffic-peak-speed out-traffic-ave-rate out-traffic-peak-rate out-traffic-ave-speed out-traffic-peak-speed A set of traffic rates for statistics data

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
monitoring-message container The message for monitoring information
   monitoring-messages list The messages according to monitoring information
      message leaf This is a message for monitoring information
      message-id leaf This is message ID This is key for monitoring messages
      message-type choice The type of message
         counters case If the message type is counters
            counter-type choice The type of counter
               nsf-counter case firewall-counters
                  firewall-counters container The nsf counter type is firewall counter
                     bound container Inbound or Outbound
                        in-interface leaf If the bound is inbound
                        out-interface leaf If the bound is outbound
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                     total-traffic leaf Total traffic
               policy-hit-counters case policy-hit-counters
                  policy-hit-counters container The counters of policy hit
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     hit-times leaf The hit times for policy
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                     total-traffic leaf Total traffic
               system-counter case interface-counters
                  interface-counters container The system counter type is interface counter
                     in-drop-traffic-bytes leaf Total inbound drop bytes
                     in-drop-traffic-pkts leaf Total inbound drop packets
                     in-total-traffic-bytes leaf Total inbound bytes
                     in-total-traffic-pkts leaf Total inbound packets
                     in-traffic-ave-rate leaf Inbound traffic average rate in pps
                     in-traffic-ave-speed leaf Inbound traffic average speed in bps
                     in-traffic-peak-rate leaf Inbound traffic peak rate in pps
                     in-traffic-peak-speed leaf Inbound traffic peak speed in bps
                     interface-name leaf Network interface name configured in NSF
                     out-drop-traffic-bytes leaf Total outbound drop bytes
                     out-drop-traffic-pkts leaf Total outbound drop packets
                     out-total-traffic-bytes leaf Total outbound bytes
                     out-total-traffic-pkts leaf Total outbound packets
                     out-traffic-ave-rate leaf Outbound traffic average rate in pps
                     out-traffic-ave-speed leaf Outbound traffic average speed in bps
                     out-traffic-peak-rate leaf Outbound traffic peak rate in pps
                     out-traffic-peak-speed leaf Outbound traffic peak speed in bps
                     total-traffic leaf Total traffic
         event case If the message type is event
            event-name leaf The name of the event
            event-type choice This is event type such as system event and nsf event.
               nsf-event case If the event type is nsf event
                  botnet-event container If the event type is botnet event
                     botnet-name leaf The name of the detected botnet
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     raw-info leaf The information describing the packet triggering the event.
                     role leaf The role of the communicating parties within the botnet
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                  ddos-event container If the event type is DDoS event
                     attack-rate leaf The PPS of attack traffic
                     attack-speed leaf the bps of attack traffic
                     ddos-attack-type container Type of DDoS attack
                        ack-flood leaf If the DDoS attack is ack flood
                        dns-query-flood leaf If the DDoS attack is dns query flood
                        dns-reply-flood leaf If the DDoS attack is dns reply flood
                        fin-rst-flood leaf If the DDoS attack is fin rst flood
                        http-flood leaf If the DDoS attack is http flood
                        https-flood leaf If the DDoS attack is https flood
                        icmp-flood leaf If the DDoS attack is icmp flood
                        sip-flood leaf If the DDoS attack is sip flood
                        syn-ack-flood leaf If the DDoS attack is syn ack flood
                        syn-flood leaf If the DDoS attack is syn flood
                        tcp-connection-flood leaf If the DDoS attack is tcp connection flood
                        udp-flood leaf If the DDoS attack is udp flood
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     end-time leaf The time stamp indicating when the attack ended
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     start-time leaf The time stamp indicating when the attack started
                  intrusion-event container If the event type is intrusion event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     intrusion-attack-type container The attack type of intrusion
                        brutal-force leaf The intrusion type is brutal force
                        buffer-overflow leaf The intrusion type is buffer overflow
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                  session-table-event container If the event type is session table event
                     current-session leaf The number of concurrent sessions
                     maximum-session leaf The maximum number of sessions that the session table can support
                     message leaf The number of session table exceeded the threshold
                     threshold leaf The threshold triggering the event
                  user-name leaf This is user name for NSF event
                  virus-event container If the event type is virus event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     file-name leaf The name of file
                     file-type leaf The type of file
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     virus-name leaf The name of virus
                     virus-type container The type of virus
                        macro leaf If the virus type is macro
                        trajan leaf If the virus type is trajan
                        worm leaf If the virus type is worm
                  web-attack-event container If the event type is web attack event
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-zone leaf The destination security zone of the packet
                     filtering-type container URL filtering type, e.g., Blacklist, Whitelist, User-Defined, Predefined, Malicious Category, Unknown
                        balicious-category leaf The filtering type is balicious category
                        blacklist leaf The filtering type is blacklist
                        unknown leaf The filtering type is unknown
                        user-defined leaf The filtering type is user defined
                        whitelist leaf The filtering type is whitelist
                     message leaf The message for nsf events
                     profile leaf Security profile that traffic matches.
                     raw-info leaf The information describing the packet triggering the event.
                     req-method container The method of requirement. For instance, PUT or GET in HTTP
                        get leaf If req method is GET
                        put leaf If req method is PUT
                     req-url leaf Requested URL
                     rule-id leaf The ID of the rule being triggered
                     rule-name leaf The name of the rule being triggered
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-zone leaf The source security zone of the packet
                     url-category leaf Matched URL category
                     web-attack-type container To determine the attack type
                        command-injection leaf If the web attack type is command injection
                        csrf leaf If the web attack type is csrf injection
                        sql-injection leaf If the web attack type is sql injection
                        xss leaf If the web attack type is xss injection
               system-event case If the event type is system event
                  access-violation container If the system event is access violation
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
                  config-change container If the system event is config change violation
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
         log case If the message type is log
            log-type choice The type of log
               nsf-log case If the log type is nsf log
                  botnet-logs container If the log is botnet logs in nsf log
                     action leaf TBD
                     attack-type leaf Botnet
                     botnet-pkt-num leaf The number of the packets sent to or from the detected botnet
                     os leaf simple os information
                  ddos-logs container If the log is DDoS logs in nsf log
                     action leaf TBD
                     attack-ave-rate leaf The ave PPS of attack traffic
                     attack-ave-speed leaf the ave bps of attack traffic
                     attack-pkt-num leaf the number of attack packets
                     attack-src-ip leaf TBD
                     attack-type leaf DDoS
                     os leaf simple os information
                  dpi-logs container If the log is dpi logs in nsf log
                     dpi-type leaf The type of dpi
                     dst-ip leaf The destination IP address of the packet
                     dst-port leaf The destination port of the packet
                     dst-region leaf Destination region of the traffic
                     dst-zone leaf The destination security zone of the packet
                     file-name leaf The name of file
                     file-type leaf The type of file
                     policy-id leaf The ID of the policy being triggered
                     policy-name leaf The name of the policy being triggered
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     src-ip leaf The source IP address of the packet
                     src-port leaf The source port of the packet
                     src-region leaf Source region of the traffic
                     src-user leaf User who generates traffic
                     src-zone leaf The source security zone of the packet
                  intrusion-logs container If the log is intrusion logs in nsf log
                     action leaf TBD
                     attack-rate leaf The PPS of attack traffic
                     attack-speed leaf the bps of attack traffic
                     attack-type leaf Intrusion
                     time leaf Indicate the time when the message is generated
                  virus-logs container If the log is virus logs in nsf log
                     action leaf TBD
                     attack-type leaf Virus
                     os leaf simple os information
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     time leaf Indicate the time when the message is generated
                  vulnerability-scanning-logs list If the log is vulnerability scanning logs in nsf log
                     addtional-info leaf TBD
                     level leaf The vulnerability severity
                     os leaf simple os information
                     port-num leaf The port number
                     protocol container Protocol types: TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.
                        ftp leaf ftp protocol type.
                        http leaf HTTP protocol type.
                        icmp leaf ICMP protocol type.
                        icmpv6 leaf ICMPv6 protocol type.
                        ip leaf IP protocol type.
                        tcp leaf TCP protocol type.
                        udp leaf UDP protocol type.
                     victim-ip leaf IP address of the victim host which has vulnerabilities
                     vulnerability-id leaf The vulnerability id
                  web-attack-logs container If the log is web attack logs in nsf log
                     attack-type leaf Web Attack
                     raw-info leaf The information describing the packet triggering the event.
                     req-clientapp leaf The client application
                     req-cookies leaf Cookies
                     req-host leaf The domain name of the requested host
                     rsp-code leaf Response code
               system-log case If the log type is system log
                  access-logs container If the log is access logs in system log
                     administartor leaf Administrator that operates on the device
                     content leaf Operation performed by an administrator after login.
                     login-ip leaf Login IP address of a user.
                     login-mode leaf Specifies the administrator logs in mode
                     operation-type leaf The operation type that the administrator execute
                     result leaf Command execution result
                  resource-utiliz-logs container If the log is resource utilize logs in system log
                     cpu-usage leaf specifies the amount of cpu usage
                     disk-left leaf specifies the amount of disk left
                     disk-usage leaf specifies the amount of disk usage
                     in-traffic-rate leaf The total inbound traffic rate in pps
                     in-traffic-speed leaf The total inbound traffic speed in bps
                     memory-usage leaf specifies the amount of memory usage
                     out-traffic-rate leaf The total outbound traffic rate in pps
                     out-traffic-speed leaf The total outbound traffic speed in bps
                     process-num leaf The total number of process
                     session-num leaf The total number of sessions
                     system-status leaf TBD
                  user-activity-logs container If the log is user activity logs in system log
                     access-mode container TBD
                        local leaf TBD
                        ppp leaf TBD
                        svn leaf TBD
                     addtional-info leaf TBD
                     authentication-mode container User authentication mode. e.g., Local Authentication, Third-Party Server Authentication, Authentication Exemption, SSO Authentication.
                        exemption-authentication leaf TBD
                        local-authentication leaf Authentication-mode : local authentication.
                        sso-authentication leaf TBD
                        third-part-server-authentication leaf TBD
                     group leaf Group to which a user belongs.
                     login-ip leaf Login IP address of a user.
                     logout-duration leaf TBD
                     online-duration leaf TBD
                     user leaf Name of a user
      message-version leaf The version of message
      severity leaf The severity of the alarm such as critical, high, middle, low.
      time-stamp leaf Indicate the time when the message is generated