netconfcentral logo

ietf-syslog

HTML

ietf-syslog@2017-12-12



  module ietf-syslog {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-syslog";

    prefix syslog;

    import ietf-inet-types {
      prefix inet;
      reference
        "RFC 6991: INET Types Model";


    }
    import ietf-interfaces {
      prefix if;
      reference
        "RFC 7223: Interfaces Model";


    }
    import ietf-tls-client {
      prefix tlsc;
      reference
        "RFC xxxx: Keystore Model";


    }
    import ietf-keystore {
      prefix ks;
      reference
        "RFC yyyy: TLS Client and Server Models";


    }

    organization
      "IETF
                NETMOD (Network Modeling) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netmod/>
     WG List:  <mailto:netmod@ietf.org>

     Editor:   Kiran Agrahara Sreenivasa
               <mailto:kirankoushik.agraharasreenivasa@
                       verizonwireless.com>

     Editor:   Clyde Wildes
               <mailto:cwildes@cisco.com>";

    description
      "This module contains a collection of YANG definitions
     for syslog configuration.

     Copyright (c) 2017 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
     'OPTIONAL' in the module text are to be interpreted as
     described in RFC 2119 (http://tools.ietf.org/html/rfc2119).

     This version of this YANG module is part of RFC zzzz
     (http://tools.ietf.org/html/rfczzzz); see the RFC itself for
     full legal notices.";

    revision "2017-12-12" {
      description "Initial Revision";
      reference
        "RFC zzzz: Syslog YANG Model";

    }


    feature console-action {
      description
        "This feature indicates that the local console action is
       supported.";
    }

    feature file-action {
      description
        "This feature indicates that the local file action is
       supported.";
    }

    feature file-limit-size {
      description
        "This feature indicates that file logging resources
       are managed using size and number limits.";
    }

    feature file-limit-duration {
      description
        "This feature indicates that file logging resources
       are managed using time based limits.";
    }

    feature remote-action {
      description
        "This feature indicates that the remote server action is
       supported.";
    }

    feature remote-source-interface {
      description
        "This feature indicates that source-interface is supported
       supported for the remote-action.";
    }

    feature select-adv-compare {
      description
        "This feature represents the ability to select messages
       using the additional comparison operators when comparing
       the syslog message severity.";
    }

    feature select-match {
      description
        "This feature represents the ability to select messages
       based on a Posix 1003.2 regular expression pattern match.";
    }

    feature structured-data {
      description
        "This feature represents the ability to log messages
       in structured-data format.";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    feature signed-messages {
      description
        "This feature represents the ability to configure signed
       syslog messages.";
      reference
        "RFC 5848: Signed Syslog Messages";

    }

    typedef syslog-severity {
      type enumeration {
        enum "emergency" {
          value 0;
          description
            "The severity level 'Emergency' indicating that the
           system is unusable.";
        }
        enum "alert" {
          value 1;
          description
            "The severity level 'Alert' indicating that an action
           must be taken immediately.";
        }
        enum "critical" {
          value 2;
          description
            "The severity level 'Critical' indicating a critical
           condition.";
        }
        enum "error" {
          value 3;
          description
            "The severity level 'Error' indicating an error
           condition.";
        }
        enum "warning" {
          value 4;
          description
            "The severity level 'Warning' indicating a warning
           condition.";
        }
        enum "notice" {
          value 5;
          description
            "The severity level 'Notice' indicating a normal but
           significant condition.";
        }
        enum "info" {
          value 6;
          description
            "The severity level 'Info' indicating an informational
           message.";
        }
        enum "debug" {
          value 7;
          description
            "The severity level 'Debug' indicating a debug-level
           message.";
        }
      }
      description
        "The definitions for Syslog message severity.";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity syslog-facility {
      base 
      description
        "This identity is used as a base for all syslog facilities.";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity kern {
      base syslog-facility;
      description
        "The facility for kernel messages (0).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity user {
      base syslog-facility;
      description
        "The facility for user-level messages (1).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity mail {
      base syslog-facility;
      description
        "The facility for the mail system (2).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity daemon {
      base syslog-facility;
      description
        "The facility for the system daemons (3).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity auth {
      base syslog-facility;
      description
        "The facility for security/authorization messages (4).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity syslog {
      base syslog-facility;
      description
        "The facility for messages generated internally by syslogd
       facility (5).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity lpr {
      base syslog-facility;
      description
        "The facility for the line printer subsystem (6).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity news {
      base syslog-facility;
      description
        "The facility for the network news subsystem (7).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity uucp {
      base syslog-facility;
      description
        "The facility for the UUCP subsystem (8).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity cron {
      base syslog-facility;
      description
        "The facility for the clock daemon (9).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity authpriv {
      base syslog-facility;
      description
        "The facility for privileged security/authorization messages
       (10).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity ftp {
      base syslog-facility;
      description
        "The facility for the FTP daemon (11).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity ntp {
      base syslog-facility;
      description
        "The facility for the NTP subsystem (12).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity audit {
      base syslog-facility;
      description
        "The facility for log audit messages (13).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity console {
      base syslog-facility;
      description
        "The facility for log alert messages (14).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity cron2 {
      base syslog-facility;
      description
        "The facility for the second clock daemon (15).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local0 {
      base syslog-facility;
      description
        "The facility for local use 0 messages (16).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local1 {
      base syslog-facility;
      description
        "The facility for local use 1 messages (17).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local2 {
      base syslog-facility;
      description
        "The facility for local use 2 messages (18).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local3 {
      base syslog-facility;
      description
        "The facility for local use 3 messages (19).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local4 {
      base syslog-facility;
      description
        "The facility for local use 4 messages (20).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local5 {
      base syslog-facility;
      description
        "The facility for local use 5 messages (21).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local6 {
      base syslog-facility;
      description
        "The facility for local use 6 messages (22).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    identity local7 {
      base syslog-facility;
      description
        "The facility for local use 7 messages (23).";
      reference
        "RFC 5424: The Syslog Protocol";

    }

    grouping severity-filter {
      description
        "This grouping defines the processing used to select
       log messages by comparing syslog message severity using
       the following processing rules:
        - if 'none', do not match.
        - if 'all', match.
        - else compare message severity with the specified severity
          according to the default compare rule (all messages of the
          specified severity and greater match) or if the
          select-adv-compare feature is present, the advance-compare
          rule.";
      leaf severity {
        type union {
          type syslog-severity;
          type enumeration {
            enum "none" {
              value 2147483647;
              description
                "This enum describes the case where no severities
               are selected.";
            }
            enum "all" {
              value -2147483648;
              description
                "This enum describes the case where all severities
               are selected.";
            }
          }
        }
        mandatory true;
        description
          "This leaf specifies the syslog message severity.";
      }

      container advanced-compare {
        when
          '../severity != "all" and
           ../severity != "none"' {
          description
            "The advanced compare container is not applicable for
           severity 'all' or severity 'none'";
        }
        if-feature select-adv-compare;
        description
          "This container describes additional severity compare
         operations that can be used in place of the default
         severity comparison. The compare leaf specifies the type of
         the compare that is done and the action leaf specifies the
         intended result.
         Example: compare->equals and action->no-match means
         messages that have a severity that is not equal to the
         specified severity will be logged.";
        leaf compare {
          type enumeration {
            enum "equals" {
              value 0;
              description
                "This enum specifies that the severity comparison
               operation will be equals.";
            }
            enum "equals-or-higher" {
              value 1;
              description
                "This enum specifies that the severity comparison
               operation will be equals or higher.";
            }
          }
          default 'equals-or-higher';
          description
            "The compare can be used to specify the comparison
           operator that should be used to compare the syslog message
           severity with the specified severity.";
        }

        leaf action {
          type enumeration {
            enum "log" {
              value 0;
              description
                "This enum specifies that if the compare operation is
               true the message will be logged.";
            }
            enum "block" {
              value 1;
              description
                "This enum specifies that if the compare operation is
               true the message will not be logged.";
            }
          }
          default 'log';
          description
            "The action can be used to spectify if the message should
           be logged or blocked based on the outcome of the compare
           operation.";
        }
      }  // container advanced-compare
    }  // grouping severity-filter

    grouping selector {
      description
        "This grouping defines a syslog selector which is used to
       select log messages for the log-actions (console, file,
       remote, etc.). Choose one or both of the following:
         facility [<facility> <severity>...]
         pattern-match regular-expression-match-string
       If both facility and pattern-match are specified, both must
       match in order for a log message to be selected.";
      container facility-filter {
        description
          "This container describes the syslog filter parameters.";
        list facility-list {
          key "facility severity";
          ordered-by user;
          description
            "This list describes a collection of syslog
           facilities and severities.";
          leaf facility {
            type union {
              type identityref {
                base syslog-facility;
              }
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "This enum describes the case where all
                   facilities are requested.";
                }
              }
            }
            description
              "The leaf uniquely identifies a syslog facility.";
          }

          uses severity-filter;
        }  // list facility-list
      }  // container facility-filter

      leaf pattern-match {
        if-feature select-match;
        type string;
        description
          "This leaf describes a Posix 1003.2 regular expression
         string that can be used to select a syslog message for
         logging. The match is performed on the SYSLOG-MSG field.";
        reference
          "RFC 5424: The Syslog Protocol
          Std-1003.1-2008 Regular Expressions";

      }
    }  // grouping selector

    grouping structured-data {
      description
        "This grouping defines the syslog structured data option
       which is used to select the format used to write log
       messages.";
      leaf structured-data {
        if-feature structured-data;
        type boolean;
        default 'false';
        description
          "This leaf describes how log messages are written.
         If true, messages will be written with one or more
         STRUCTURED-DATA elements; if false, messages will be
         written with STRUCTURED-DATA = NILVALUE.";
        reference
          "RFC 5424: The Syslog Protocol";

      }
    }  // grouping structured-data

    container syslog {
      presence "Enables logging.";
      description
        "This container describes the configuration parameters for
       syslog.";
      container actions {
        description
          "This container describes the log-action parameters
         for syslog.";
        container console {
          if-feature console-action;
          presence
            "Enables logging to the console";
          description
            "This container describes the configuration parameters
           for console logging.";
          uses selector;
        }  // container console

        container file {
          if-feature file-action;
          description
            "This container describes the configuration parameters for
           file logging. If file-archive limits are not supplied, it
           is assumed that the local implementation defined limits
           will be used.";
          list log-file {
            key "name";
            description
              "This list describes a collection of local logging
             files.";
            leaf name {
              type inet:uri {
                pattern 'file:.*';
              }
              description
                "This leaf specifies the name of the log file which
               MUST use the uri scheme file:.";
            }

            uses selector;

            uses structured-data;

            container file-rotation {
              description
                "This container describes the configuration
               parameters for log file rotation.";
              leaf number-of-files {
                if-feature file-limit-size;
                type uint32;
                default '1';
                description
                  "This leaf specifies the maximum number of log
                 files retained. Specify 1 for implementations
                 that only support one log file.";
              }

              leaf max-file-size {
                if-feature file-limit-size;
                type uint32;
                units "megabytes";
                description
                  "This leaf specifies the maximum log file size.";
              }

              leaf rollover {
                if-feature file-limit-duration;
                type uint32;
                units "minutes";
                description
                  "This leaf specifies the length of time that log
                 events should be written to a specific log file.
                 Log events that arrive after the rollover period
                 cause the current log file to be closed and a new
                 log file to be opened.";
              }

              leaf retention {
                if-feature file-limit-duration;
                type uint32;
                units "hours";
                description
                  "This leaf specifies the length of time that
                 completed/closed log event files should be stored
                 in the file system before they are deleted.";
              }
            }  // container file-rotation
          }  // list log-file
        }  // container file

        container remote {
          if-feature remote-action;
          description
            "This container describes the configuration parameters
           for forwarding syslog messages to remote relays or
           collectors.";
          list destination {
            key "name";
            description
              "This list describes a collection of remote logging
             destinations.";
            leaf name {
              type string;
              description
                "An arbitrary name for the endpoint to connect to.";
            }

            choice transport {
              mandatory true;
              description
                "This choice describes the transport option.";
              container tcp {
                description
                  "This container describes the TCP transport
                   options.";
                reference
                  "RFC 6587: Transmission of Syslog Messages over
                  TCP";

                leaf address {
                  type inet:host;
                  description
                    "The leaf uniquely specifies the address of
                     the remote host. One of the following must
                     be specified: an ipv4 address, an ipv6
                     address, or a host name.";
                }

                leaf port {
                  type inet:port-number;
                  default '514';
                  description
                    "This leaf specifies the port number used to
                     deliver messages to the remote server.";
                }
              }  // container tcp
              container udp {
                description
                  "This container describes the UDP transport
                   options.";
                reference
                  "RFC 5426: Transmission of Syslog Messages over
                  UDP";

                leaf address {
                  type inet:host;
                  description
                    "The leaf uniquely specifies the address of
                     the remote host. One of the following must be
                     specified: an ipv4 address, an ipv6 address,
                     or a host name.";
                }

                leaf port {
                  type inet:port-number;
                  default '514';
                  description
                    "This leaf specifies the port number used to
                     deliver messages to the remote server.";
                }
              }  // container udp
              container tls {
                description
                  "This container describes the TLS transport
                   options.";
                reference
                  "RFC 5425: Transport Layer Security (TLS)
                  Transport Mapping for Syslog ";

                leaf address {
                  type inet:host;
                  description
                    "The leaf uniquely specifies the address of
                     the remote host. One of the following must be
                     specified: an ipv4 address, an ipv6 address,
                     or a host name.";
                }

                leaf port {
                  type inet:port-number;
                  default '6514';
                  description
                    "TCP port 6514 has been allocated as the default
                     port for syslog over TLS.";
                }

                uses tlsc:tls-client-grouping;
              }  // container tls
            }  // choice transport

            uses selector;

            uses structured-data;

            leaf facility-override {
              type identityref {
                base syslog-facility;
              }
              description
                "If specified, this leaf specifies the facility used
               to override the facility in messages delivered to
               the remote server.";
            }

            leaf source-interface {
              if-feature remote-source-interface;
              type if:interface-ref;
              description
                "This leaf sets the source interface to be used to
               send messages to the remote syslog server. If not
               set, messages sent to a remote syslog server will
               contain the IP address of the interface the syslog
               message uses to exit the network element";
            }

            container signing-options {
              if-feature signed-messages;
              presence
                "If present, syslog-signing options is activated.";
              description
                "This container describes the configuration
               parameters for signed syslog messages.";
              reference
                "RFC 5848: Signed Syslog Messages";

              container cert-signers {
                description
                  "This container describes the signing certificate
                 configuration for Signature Group 0 which covers
                 the case for administrators who want all Signature
                 Blocks to be sent to a single destination.";
                list cert-signer {
                  key "name";
                  description
                    "This list describes a collection of syslog
                   message signers.";
                  leaf name {
                    type string;
                    description
                      "This leaf specifies the name of the syslog
                     message signer.";
                  }

                  container certificate {
                    description
                      "This is the certificate that is periodically
                    sent to the remote receiver. Selection of the
                    certificate also implicitly selects the private
                    key used to sign the syslog messages.";
                    uses ks:private-key-grouping;

                    uses ks:certificate-grouping;
                  }  // container certificate

                  leaf hash-algorithm {
                    type enumeration {
                      enum "SHA1" {
                        value 1;
                        description
                          "This enum describes the SHA1 algorithm.";
                      }
                      enum "SHA256" {
                        value 2;
                        description
                          "This enum describes the SHA256 algorithm.";
                      }
                    }
                    description
                      "This leaf describes the syslog signer hash
                     algorithm used.";
                  }
                }  // list cert-signer

                leaf cert-initial-repeat {
                  type uint32;
                  default '3';
                  description
                    "This leaf specifies the number of times each
                 Certificate Block should be sent before the first
                 message is sent.";
                }

                leaf cert-resend-delay {
                  type uint32;
                  units "seconds";
                  default '3600';
                  description
                    "This leaf specifies the maximum time delay in
                   seconds until resending the Certificate Block.";
                }

                leaf cert-resend-count {
                  type uint32;
                  default '0';
                  description
                    "This leaf specifies the maximum number of other
                   syslog messages to send until resending the
                   Certificate Block.";
                }

                leaf sig-max-delay {
                  type uint32;
                  units "seconds";
                  default '60';
                  description
                    "This leaf specifies when to generate a new
                   Signature Block. If this many seconds have
                   elapsed since the message with the first message
                   number of the Signature Block was sent, a new
                   Signature Block should be generated.";
                }

                leaf sig-number-resends {
                  type uint32;
                  default '0';
                  description
                    "This leaf specifies the number of times a
                   Signature Block is resent. (It is recommended to
                   select a value of greater than 0 in particular
                   when the UDP transport RFC 5426 is used.).";
                }

                leaf sig-resend-delay {
                  type uint32;
                  units "seconds";
                  default '5';
                  description
                    "This leaf specifies when to send the next
                   Signature Block transmission based on time. If
                   this many seconds have elapsed since the previous
                   sending of this Signature Block, resend it.";
                }

                leaf sig-resend-count {
                  type uint32;
                  default '0';
                  description
                    "This leaf specifies when to send the next
                   Signature Block transmission based on a count.
                   If this many other syslog messages have been
                   sent since the previous sending of this
                   Signature Block, resend it. A value of 0 means
                   that you don't resend based on the number of
                   messages.";
                }
              }  // container cert-signers
            }  // container signing-options
          }  // list destination
        }  // container remote
      }  // container actions
    }  // container syslog
  }  // module ietf-syslog

Summary

  
ietf-syslog  
  
Organization IETF NETMOD (NETCONF Data Modeling Language) Working Group
  
Module ietf-syslog
Version 2015-10-14
File ietf-syslog.yang
  
Prefix syslog
Namespace urn:ietf:params:xml:ns:yang:ietf-syslog
  
Cooked /cookedmodules/ietf-syslog/2015-10-14
YANG /src/ietf-syslog@2015-10-14.yang
XSD /xsd/ietf-syslog@2015-10-14.xsd
  
Abstract This module contains a collection of YANG definitions for Syslog configuration.
  
Contact
WG Web:   <http://tools.ietf.org/wg/netmod/>
WG List:  <mailto:netmod@ietf.org>

WG Chair: Tom Nadeau
	  <mailto:tnadeau@lucidvision.com>

WG Chair: Kent Watson
	  <mailto:kwatsen@juniper.net>

Editor:   Ladislav Lhotka
	  <mailto:lhotka@nic.cz>
  
ietf-syslog  
  
Organization IETF NETMOD (Network Modeling) Working Group
  
Module ietf-syslog
Version 2017-12-12
File ietf-syslog@2017-12-12.yang
  
Prefix syslog
Namespace urn:ietf:params:xml:ns:yang:ietf-syslog
  
Cooked /cookedmodules/ietf-syslog/2017-12-12
YANG /src/ietf-syslog@2017-12-12.yang
XSD /xsd/ietf-syslog@2017-12-12.xsd
  
Abstract This module contains a collection of YANG definitions for syslog configuration. Copyright (c) 2017 IETF Trust and the persons...
  
Contact
WG Web:   <http://tools.ietf.org/wg/netmod/>
WG List:  <mailto:netmod@ietf.org>

Editor:   Kiran Agrahara Sreenivasa
	  <mailto:kirankoushik.agraharasreenivasa@
		  verizonwireless.com>

Editor:   Clyde Wildes
	  <mailto:cwildes@cisco.com>

Description

 
ietf-syslog
This module contains a collection of YANG definitions
for Syslog configuration.
 
ietf-syslog
This module contains a collection of YANG definitions
for syslog configuration.

Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).

The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and
'OPTIONAL' in the module text are to be interpreted as
described in RFC 2119 (http://tools.ietf.org/html/rfc2119).

This version of this YANG module is part of RFC zzzz
(http://tools.ietf.org/html/rfczzzz); see the RFC itself for
full legal notices.

Typedefs

Typedef Base type Abstract
syslog-severity enumeration The definitions for Syslog message severity.

Groupings

Grouping Objects Abstract
selector facility-filter pattern-match This grouping defines a syslog selector which is used to select log messages for the log-actions (console, file, remote, etc.). Choose one or both of the following: facility [<facility> <severity>...] pattern-match regular-expression-match-string If b...
severity-filter severity advanced-compare This grouping defines the processing used to select log messages by comparing syslog message severity using the following processing rules: - if 'none', do not match. - if 'all', match. - else compare message severity with the specified severity acc...
structured-data structured-data This grouping defines the syslog structured data option which is used to select the format used to write log messages.
syslog-selector log-selector This grouping defines a Syslog selector which is used to select log messages for the log-action (buffer, file, etc). Choose one of the following: no-log-facility log-facility [<facility> <severity>...]
syslog-severity severity severity-operator This grouping defines the Syslog severity which is used to select log messages.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
syslog container This container describes the configuration parameters for Syslog.
syslog container This container describes the configuration parameters for syslog.
   actions container This container describes the log-action parameters for syslog.
      console container This container describes the configuration parameters for console logging.
         facility-filter container This container describes the syslog filter parameters.
            facility-list list This list describes a collection of syslog facilities and severities.
               advanced-compare container This container describes additional severity compare operations that can be used in place of the default severity comparison. The compare leaf specifies the type of the compare that is done and the action leaf specifies the intended result. Example: compa...
                  action leaf The action can be used to spectify if the message should be logged or blocked based on the outcome of the compare operation.
                  compare leaf The compare can be used to specify the comparison operator that should be used to compare the syslog message severity with the specified severity.
               facility leaf The leaf uniquely identifies a syslog facility.
               severity leaf This leaf specifies the syslog message severity.
         pattern-match leaf This leaf describes a Posix 1003.2 regular expression string that can be used to select a syslog message for logging. The match is performed on the SYSLOG-MSG field.
      file container This container describes the configuration parameters for file logging. If file-archive limits are not supplied, it is assumed that the local implementation defined limits will be used.
         log-file list This list describes a collection of local logging files.
            facility-filter container This container describes the syslog filter parameters.
               facility-list list This list describes a collection of syslog facilities and severities.
                  advanced-compare container This container describes additional severity compare operations that can be used in place of the default severity comparison. The compare leaf specifies the type of the compare that is done and the action leaf specifies the intended result. Example: compa...
                     action leaf The action can be used to spectify if the message should be logged or blocked based on the outcome of the compare operation.
                     compare leaf The compare can be used to specify the comparison operator that should be used to compare the syslog message severity with the specified severity.
                  facility leaf The leaf uniquely identifies a syslog facility.
                  severity leaf This leaf specifies the syslog message severity.
            file-rotation container This container describes the configuration parameters for log file rotation.
               max-file-size leaf This leaf specifies the maximum log file size.
               number-of-files leaf This leaf specifies the maximum number of log files retained. Specify 1 for implementations that only support one log file.
               retention leaf This leaf specifies the length of time that completed/closed log event files should be stored in the file system before they are deleted.
               rollover leaf This leaf specifies the length of time that log events should be written to a specific log file. Log events that arrive after the rollover period cause the current log file to be closed and a new log file to be opened.
            name leaf This leaf specifies the name of the log file which MUST use the uri scheme file:.
            pattern-match leaf This leaf describes a Posix 1003.2 regular expression string that can be used to select a syslog message for logging. The match is performed on the SYSLOG-MSG field.
            structured-data leaf This leaf describes how log messages are written. If true, messages will be written with one or more STRUCTURED-DATA elements; if false, messages will be written with STRUCTURED-DATA = NILVALUE.
      remote container This container describes the configuration parameters for forwarding syslog messages to remote relays or collectors.
         destination list This list describes a collection of remote logging destinations.
            facility-filter container This container describes the syslog filter parameters.
               facility-list list This list describes a collection of syslog facilities and severities.
                  advanced-compare container This container describes additional severity compare operations that can be used in place of the default severity comparison. The compare leaf specifies the type of the compare that is done and the action leaf specifies the intended result. Example: compa...
                     action leaf The action can be used to spectify if the message should be logged or blocked based on the outcome of the compare operation.
                     compare leaf The compare can be used to specify the comparison operator that should be used to compare the syslog message severity with the specified severity.
                  facility leaf The leaf uniquely identifies a syslog facility.
                  severity leaf This leaf specifies the syslog message severity.
            facility-override leaf If specified, this leaf specifies the facility used to override the facility in messages delivered to the remote server.
            name leaf An arbitrary name for the endpoint to connect to.
            pattern-match leaf This leaf describes a Posix 1003.2 regular expression string that can be used to select a syslog message for logging. The match is performed on the SYSLOG-MSG field.
            signing-options container This container describes the configuration parameters for signed syslog messages.
               cert-signers container This container describes the signing certificate configuration for Signature Group 0 which covers the case for administrators who want all Signature Blocks to be sent to a single destination.
                  cert-initial-repeat leaf This leaf specifies the number of times each Certificate Block should be sent before the first message is sent.
                  cert-resend-count leaf This leaf specifies the maximum number of other syslog messages to send until resending the Certificate Block.
                  cert-resend-delay leaf This leaf specifies the maximum time delay in seconds until resending the Certificate Block.
                  cert-signer list This list describes a collection of syslog message signers.
                     certificate container This is the certificate that is periodically sent to the remote receiver. Selection of the certificate also implicitly selects the private key used to sign the syslog messages.
                        algorithm leaf Identifies the key's algorithm. More specifically, this leaf specifies how the 'private-key' and 'public-key' binary leafs are encoded.
                        certificates container Certificates associated with this key. More than one certificate supports, for instance, a TPM-protected key that has both IDevID and LDevID certificates associated.
                           certificate list A certificate for this private key.
                              name leaf An arbitrary name for the certificate.
                              value leaf A PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, containing just certificates (no content, signatures, or CRLs), encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690. This structure contains the cert...
                        private-key leaf A binary that contains the value of the private key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPrivateKey as defined in [RFC3447], and an Elliptic Curve Crypt...
                        public-key leaf A binary that contains the value of the public key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPublicKey as defined in [RFC3447], and an Elliptic Curve Cryptog...
                     hash-algorithm leaf This leaf describes the syslog signer hash algorithm used.
                     name leaf This leaf specifies the name of the syslog message signer.
                  sig-max-delay leaf This leaf specifies when to generate a new Signature Block. If this many seconds have elapsed since the message with the first message number of the Signature Block was sent, a new Signature Block should be generated.
                  sig-number-resends leaf This leaf specifies the number of times a Signature Block is resent. (It is recommended to select a value of greater than 0 in particular when the UDP transport RFC 5426 is used.).
                  sig-resend-count leaf This leaf specifies when to send the next Signature Block transmission based on a count. If this many other syslog messages have been sent since the previous sending of this Signature Block, resend it. A value of 0 means that you don't resend based on the...
                  sig-resend-delay leaf This leaf specifies when to send the next Signature Block transmission based on time. If this many seconds have elapsed since the previous sending of this Signature Block, resend it.
            source-interface leaf This leaf sets the source interface to be used to send messages to the remote syslog server. If not set, messages sent to a remote syslog server will contain the IP address of the interface the syslog message uses to exit the network element
            structured-data leaf This leaf describes how log messages are written. If true, messages will be written with one or more STRUCTURED-DATA elements; if false, messages will be written with STRUCTURED-DATA = NILVALUE.
            transport choice This choice describes the transport option.
               tcp case tcp
                  tcp container This container describes the TCP transport options.
                     address leaf The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name.
                     port leaf This leaf specifies the port number used to deliver messages to the remote server.
               tls case tls
                  tls container This container describes the TLS transport options.
                     address leaf The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name.
                     client-identity container The credentials used by the client to authenticate to the TLS server.
                        auth-type choice The authentication type.
                           certificate case certificate
                              certificate container Choice statement for future augmentations.
                                 algorithm leaf Identifies the key's algorithm. More specifically, this leaf specifies how the 'private-key' and 'public-key' binary leafs are encoded.
                                 certificates container Certificates associated with this key. More than one certificate supports, for instance, a TPM-protected key that has both IDevID and LDevID certificates associated.
                                    certificate list A certificate for this private key.
                                       name leaf An arbitrary name for the certificate.
                                       value leaf A PKCS #7 SignedData structure, as specified by Section 9.1 in RFC 2315, containing just certificates (no content, signatures, or CRLs), encoded using ASN.1 distinguished encoding rules (DER), as specified in ITU-T X.690. This structure contains the cert...
                                 private-key leaf A binary that contains the value of the private key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPrivateKey as defined in [RFC3447], and an Elliptic Curve Crypt...
                                 public-key leaf A binary that contains the value of the public key. The interpretation of the content is defined by the key algorithm. For example, a DSA key is an integer, an RSA key is represented as RSAPublicKey as defined in [RFC3447], and an Elliptic Curve Cryptog...
                     hello-params container Configurable parameters for the TLS hello message.
                        cipher-suites container Parameters regarding cipher suites.
                           cipher-suite leaf-list Acceptable cipher suites in order of descending preference. If this leaf-list is not configured (has zero elements) the acceptable cipher suites are implementation- defined.
                        tls-versions container Parameters regarding TLS versions.
                           tls-version leaf-list Acceptable TLS protocol versions. If this leaf-list is not configured (has zero elements) the acceptable TLS protocol versions are implementation- defined.
                     port leaf TCP port 6514 has been allocated as the default port for syslog over TLS.
                     server-auth container Trusted server identities.
                        pinned-ca-certs leaf A reference to a list of certificate authority (CA) certificates used by the TLS client to authenticate TLS server certificates. A server certificate is authenticated if it has a valid chain of trust to a configured pinned CA certificate.
                        pinned-server-certs leaf A reference to a list of server certificates used by the TLS client to authenticate TLS server certificates. A server certificate is authenticated if it is an exact match to a configured pinned server certificate.
               udp case udp
                  udp container This container describes the UDP transport options.
                     address leaf The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name.
                     port leaf This leaf specifies the port number used to deliver messages to the remote server.
   log-actions container This container describes the log-action parameters for Syslog.
      buffer container This container describes the configuration parameters for local memory buffer logging. The buffer is circular in nature, so newer messages overwrite older messages after the buffer is filled.
         log-buffer list This list describes a collection of local logging memory buffers.
            buffer-size-bytes leaf This leaf configures the amount of memory (in bytes) that will be dedicated to the local memory logging buffer. The default value varies by implementation.
            buffer-size-messages leaf This leaf configures the amount number of log messages that can be stored in the local memory logging buffer. The default value varies by implementation.
            log-selector container This container describes the log selector parameters for Syslog.
               pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
               selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
                  log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                     log-facility list This list describes a collection of Syslog facilities and severities.
                        facility leaf The leaf uniquely identifies a Syslog facility.
                        severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                        severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
                  no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                     no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
            name leaf This leaf specifies the name of the log buffer.
      console container This container describes the configuration parameters for console logging.
         log-selector container This container describes the log selector parameters for Syslog.
            pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
            selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
               log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                  log-facility list This list describes a collection of Syslog facilities and severities.
                     facility leaf The leaf uniquely identifies a Syslog facility.
                     severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                     severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
               no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                  no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
      file container This container describes the configuration parameters for file logging.
         log-file list This list describes a collection of local logging files.
            file-archive container This container describes the configuration parameters for log file archiving.
               max-file-size leaf This leaf specifies the maximum log file size.
               number-of-files leaf This leaf specifies the maximum number of log files retained. Specify 1 for implementations that only support one log file.
               retention leaf This leaf specifies the length of time that completed/closed log event files should be stored in the file system before they are deleted.
               rollover leaf This leaf specifies the length of time that log events should be written to a specific log file. Log events that arrive after the rollover period cause the current log file to be closed and a new log file to be opened.
            log-selector container This container describes the log selector parameters for Syslog.
               pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
               selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
                  log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                     log-facility list This list describes a collection of Syslog facilities and severities.
                        facility leaf The leaf uniquely identifies a Syslog facility.
                        severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                        severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
                  no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                     no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
            name leaf This leaf specifies the name of the log file which MUST use the uri scheme file:.
            structured-data leaf This leaf describes how log messages are written to the log file. If true, messages will be written with one or more STRUCTURED-DATA elements as per RFC5424; if false, messages will be written with STRUCTURED-DATA = NILVALUE.
      remote container This container describes the configuration parameters for remote logging.
         destination list This list describes a collection of remote logging destinations.
            destination-facility leaf This leaf specifies the facility used in messages delivered to the remote server.
            log-selector container This container describes the log selector parameters for Syslog.
               pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
               selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
                  log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                     log-facility list This list describes a collection of Syslog facilities and severities.
                        facility leaf The leaf uniquely identifies a Syslog facility.
                        severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                        severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
                  no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                     no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
            name leaf An arbitrary name for the endpoint to connect to.
            source-interface leaf This leaf sets the source interface for the remote Syslog server. Either the interface name or the interface IP address can be specified. If not set, messages sent to a remote syslog server will contain the IP address of the interface the syslog message u...
            syslog-sign container This container describes the configuration parameters for signed syslog messages as described by RFC 5848.
               cert-initial-repeat leaf This leaf specifies the number of times each Certificate Block should be sent before the first message is sent.
               cert-resend-count leaf This leaf specifies the maximum number of other syslog messages to send until resending the Certificate Block.
               cert-resend-delay leaf This leaf specifies the maximum time delay in seconds until resending the Certificate Block.
               sig-max-delay leaf This leaf specifies when to generate a new Signature Block. If this many seconds have elapsed since the message with the first message number of the Signature Block was sent, a new Signature Block should be generated.
               sig-number-resends leaf This leaf specifies the number of times a Signature Block is resent. (It is recommended to select a value of greater than 0 in particular when the UDP transport [RFC5426] is used.).
               sig-resend-count leaf This leaf specifies when to send the next Signature Block transmission based on a count. If this many other syslog messages have been sent since the previous sending of this Signature Block, resend it.
               sig-resend-delay leaf This leaf specifies when to send the next Signature Block transmission based on time. If this many seconds have elapsed since the previous sending of this Signature Block, resend it.
            transport choice This choice describes the transport option.
               tcp case tcp
                  tcp container This container describes the TCP transport options.
                     address leaf The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name.
                     port leaf This leaf specifies the port number used to deliver messages to the remote server.
               udp case udp
                  udp container This container describes the UDP transport options.
                     address leaf The leaf uniquely specifies the address of the remote host. One of the following must be specified: an ipv4 address, an ipv6 address, or a host name.
                     port leaf This leaf specifies the port number used to deliver messages to the remote server.
      terminal container This container describes the configuration parameters for the terminal logging configuration.
         user-scope choice This choice describes the option to specify all users or a specific user. The all users case implies that messages will be sent to all terminals
            all-users case This case specifies all users.
               all-users container This container describes the configuration parameters for all users.
                  log-selector container This container describes the log selector parameters for Syslog.
                     pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
                     selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
                        log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                           log-facility list This list describes a collection of Syslog facilities and severities.
                              facility leaf The leaf uniquely identifies a Syslog facility.
                              severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                              severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
                        no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                           no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
            per-user case This case specifies a specific user.
               user-name list This list describes a collection of user names.
                  log-selector container This container describes the log selector parameters for Syslog.
                     pattern-match leaf This leaf desribes a Posix 1003.2 regular expression string that can be used to select a Syslog message for logging. The match is performed on the RFC 5424 SYSLOG-MSG field.
                     selector-facility choice This choice describes the option to specify no facilities, or a specific facility which can be all for all facilities.
                        log-facility case This case specifies one or more specified facilities will match when comparing the Syslog message facility.
                           log-facility list This list describes a collection of Syslog facilities and severities.
                              facility leaf The leaf uniquely identifies a Syslog facility.
                              severity leaf This leaf specifies the Syslog message severity. When severity is specified, the default severity comparison is all messages of the specified severity and greater are logged. 'all' is a special case which means all severities are requested. 'none' is a sp...
                              severity-operator leaf This leaf describes the option to specify how the severity comparison is performed.
                        no-log-facility case This case specifies no facilities will match when comparing the Syslog message facility. This is a method that can be used to effectively disable a particular log-action (buffer, file, etc).
                           no-facilities leaf This leaf specifies that no facilities are selected for this log-action.
                  uname leaf This leaf uniquely describes a user name which is the login name of the user whose terminal session is to receive log messages.