[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Syslog-sec] SNMP parameters in syslog message (renamed subject)
Hi all,
I have added the sequenceID and sysUpTime to the draft:
####
7.3 meta
The SD-ID "meta" MAY be used to provide meta-information about the
message. The following parameters can be used. All parameters are
optional. If the "meta" SD-ID is used, at least one parameter SHOULD
be specified.
7.3.1 sequenceID
The "sequenceID" parameter allows to track the sequence in which the
sender sent the messages. It is an integer that MUST be reset to 0
at reboot and MUST be monotnically incremented with each message
sent. Its maximum value is 4,294,967,295. If that value is reached,
the next message must be emited with a sequenceID of 0.
7.3.2 sysUpTime
The "sysUpTime" parameter MAY be used to include the SNMP "sysUpTime"
parameter in the message. Its syntax and semantics are as defined in
RFC 3418 [12].
####
While I did this, I got an idea that I would like to ask for feedback
on. Would't it be a good idea to define an "snmp" SD-ID? As parameters,
it could contain any MIB value that a vendor sees fit. Probably this
would be a good umbrella for all sorts of things. We could also move the
software identification from the origin SD-ID over to this one.
I am sure there are a number of subleties if we do this. I would
especially appreciate if those familiar with SNMP could comment and
eventually provide a text suggestion (if they like the idea).
Thanks,
Rainer
> -----Original Message-----
> From: syslog-sec-bounces@www.employees.org
> [mailto:syslog-sec-bounces@www.employees.org] On Behalf Of
> David B Harrington
> Sent: Thursday, April 07, 2005 10:15 PM
> To: 'Tom Petch'; 'syslog'
> Subject: RE: [Syslog-sec] Detailed Review Comments on Syslog
> Protocol -09-Part III
>
> Hi,
>
> Please note that the starting epoch for SysUpTime is the
> reinitialization of the network management system (e.g. the SNMP
> agent). This may be different than "boot" which typically refers to
> reinitialization of the hardware device. Granularity is in hundredths,
> not thousandths of a second.
>
> If you want the amount of time in TimeTicks since the device was last
> initialized, you might consider hrSystemUptime from the Host Resources
> MIB [RFC 2790].
>
> > > ><snip>
> > > > As far as sysUptime is concerned, I think we should stick
> > with the SNMP
> > > > definition of the number of milliseconds since boot, with
> > a max value of
> > > > 4294967295 and automatic reset to zero thereafter. Is
> > this understanding
> > > > correct?
> > > >
> > > I think not; [RFC 3418] defines sysUpTime as having a
> > SYNTAX of TimeTicks and
> > > [RFC 2578] defines TimeTicks as
> > > "...represents a non-negative integer which represents
> > > the time, modulo 2^32 (4294967296 decimal), in
> > hundredths of a second
> > > between two epochs."
>
> David Harrington
> dbharrington@comcast.net
> co-chair IETF SNMPv3 WG, concluded
>
>
> _______________________________________________
> Syslog-sec mailing list
> Syslog-sec@www.employees.org
> http://www.employees.org/mailman/listinfo/syslog-sec
>
_______________________________________________
Syslog-sec mailing list
Syslog-sec@www.employees.org
http://www.employees.org/mailman/listinfo/syslog-sec