[Syslog] Mib-09- review, part 2
"David Harrington" <ietfdbh@comcast.net> Wed, 25 October 2006 08:28 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gce7E-0004sV-Kn; Wed, 25 Oct 2006 04:28:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gce7D-0004sL-1F for syslog@ietf.org; Wed, 25 Oct 2006 04:27:59 -0400
Received: from sccrmhc14.comcast.net ([63.240.77.84]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gce7B-0007zn-QY for syslog@ietf.org; Wed, 25 Oct 2006 04:27:59 -0400
Received: from harrington73653 (unknown[83.71.141.73]) by comcast.net (sccrmhc14) with SMTP id <2006102508275601400q543me>; Wed, 25 Oct 2006 08:27:57 +0000
From: David Harrington <ietfdbh@comcast.net>
To: syslog@ietf.org
Date: Wed, 25 Oct 2006 09:25:29 +0100
Message-ID: <001201c6f80f$22b39470$22021eac@china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: Acb3yrMS6ODMYCInS4KDym8acG1uew==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc:
Subject: [Syslog] Mib-09- review, part 2
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
Continued ... 1) syslEntCtlTable should describe what type of information is stored in the table, and the description should be more than "static info". 2) syslEntCtlEnty - what type of parameters? What process? 3) syslEntCtlBindAddress - does this field contain an address or a hostname? What does the seond sentence mean? 4) syslEntCtlTransport - why is this "default" transport instead of just transport? 5) is there a mismatch between transportaddresstype and syslEntCtlService? Is there a transportAddressType for this type of "address"? 6) syslEntCtlConfFileName - using lots of abbreviations in the name makes it hard for people to remember how the words were abbreviated. It would be better to use something like syslogEntCtlFilename. Why do we need Ent in the name? we never deal with anything other than entities, do we? syslogControlFile would be much easier to remember than syslEntCtlConfFileName. 7) syslEntCtlConfFileName refers to syslogCtlSelectionTable and syslogCtlActionTable - where are these defined? 8) syslEntCtlStatus - again, what process? 9) syslEntCtlStorageType - is this definition exactly the same as the StorageType T-C? 10) ...RowStatus - spelling "iff" 11) syslEntStarted and syslEntStopped - spell out MO. I don't understand the second sentence; how does the manager know what syslEntOpsIndex is used? 12) It would be much better to use consistent naming between the objects/tables and the conformance clauses. The table refers to syslEnt, but conformance is for syslogDev; the objects are syslogDefault but the conformance is syslogSystem. Let'e make it easy to work with by being more consistent. 13) why are notifications not mandatory for compliance? 14) The MIB module exposes some info from syslog, such as last error. The security considerations talk about securing snmp, but that does not make sense if you do not also secure the syslog transport. The security considerations should recommend securing syslog to match the snmp security. 15) iana considerations talks about a base arc; this would be better reworded. 16) I thik rfc3164 is informative, no tnormative. 17) I suspect you are not usinng xml2rfc. If not, you need to make sure all the boilerplates are up-to-date. Please check the funding statement and the intellectual property clauses. 18) the change log is most effective if you track the chnages from published version to published version, not by MIB revision dates. David Harrington dharrington@huawei.com dbharrington@comcast.net ietfdbh@comcast.net _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- [Syslog] Mib-09- review, part 2 David Harrington
- [Syslog] Dbh re-review of Mib-11-, part 2 David B Harrington