syslog最新协议RFC5424资源-CSDN文库

4星 · 超过85%的资源需积分: 50 32 浏览量 2011-01-11 12:29:51 上传评论 1 收藏 57KB PDF 举报

### Syslog最新协议 RFC5424 #### 概述 Syslog协议是网络设备、服务器及各种系统组件之间用于传输日志数据的一种标准方法。它最初被设计为一种简单的日志消息传送机制，但随着时间的发展和技术的进步，其功能与安全性也得到了显著提升。RFC5424作为最新的Syslog协议标准，对之前的版本（如RFC3164）进行了重大改进，并引入了更为现代的技术特性。 #### 主要改进 **1. 格式** RFC5424中的Syslog消息格式更加规范化且支持更多的结构化扩展。相较于之前的标准，新格式允许在不破坏兼容性的情况下添加额外的信息字段。这种改进使得开发者可以更容易地在日志消息中包含特定于应用的数据，同时保持消息的标准化。 **2. 传输层** RFC5424支持多种传输协议，包括但不限于UDP、TLS等。这为用户提供了更多的选择，可以根据具体的应用场景和安全需求来选择最合适的传输方式。例如，在需要保证消息可靠传输时可以选择使用TLS；而在对性能要求较高但可以接受一定程度数据丢失的情况下，则可以选择使用UDP。 **3. 安全性** 相比于早期的Syslog协议，RFC5424在安全性方面有了显著提升。通过支持TLS传输，它能够提供端到端的安全连接，确保日志数据在传输过程中的保密性和完整性。此外，该协议还定义了一些安全策略来防止常见的攻击，如中间人攻击等。 **4. 可扩展性** 新协议的设计考虑到了未来可能的需求变化，因此具有很好的可扩展性。它允许在不影响现有系统的前提下添加新的功能和服务。这种设计思路不仅增强了Syslog协议本身的灵活性，也为未来的标准更新提供了便利。 #### 核心概念与术语 - **Syslog消息**：由源设备发送的日志条目，包含了事件的详细信息。 - **日志设施**：用于标识日志消息所属的软件或硬件组件类别。 - **日志严重级别**：用以表示消息的重要程度，从紧急到调试级别不等。 - **传输协议**：负责将Syslog消息从源设备传输到目的地的协议。 - **结构化数据**：在Syslog消息中以键值对形式出现的附加信息，用于提供更详细的上下文。 #### 技术细节 - **消息格式**：RFC5424定义的消息格式包括时间戳、主机名、进程ID、日志设施和严重级别等基本信息，以及一个可选的结构化数据部分。这些信息共同构成了一个完整的Syslog消息。 - **结构化数据字段**：为了提高灵活性，RFC5424引入了一个名为“Structured Data”的字段，允许发送方以标准化的方式嵌入自定义信息。这些信息通常用于记录额外的事件详情，如错误代码、用户ID等。 - **传输层协议的选择**：根据不同的应用场景和需求，可以选择不同的传输层协议。UDP因其低开销而适用于大多数情况下的日志传输；而TLS则提供了更高的安全性，适合于那些对数据保护有更高要求的环境。 #### 实施建议 - **评估安全需求**：在实施新的Syslog配置时，应首先评估组织的安全需求，确定是否需要启用TLS或其他加密措施。 - **选择合适的传输协议**：基于性能和安全性的考量选择最合适的传输协议。 - **利用结构化数据**：尽可能利用结构化数据字段来丰富日志信息，以便于后续分析和故障排查。 RFC5424通过一系列改进措施提升了Syslog协议的功能性和安全性，使其更适合当前复杂的网络环境。无论是对于开发人员还是运维团队来说，掌握这一标准都是十分必要的。

资源推荐

资源详情

资源评论

Network Working Group R. Gerhards

Request for Comments: 5424 Adiscon GmbH

Obsoletes: 3164 March 2009

Category: Standards Track

The Syslog Protocol

Status of This Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

This document is subject to BCP 78 and the IETF Trust’s Legal

Provisions Relating to IETF Documents in effect on the date of

publication of this document (http://trustee.ietf.org/license-info).

Please review these documents carefully, as they describe your rights

and restrictions with respect to this document.

This document may contain material from IETF Documents or IETF

Contributions published or made publicly available before November

10, 2008. The person(s) controlling the copyright in some of this

material may not have granted the IETF Trust the right to allow

modifications of such material outside the IETF Standards Process.

Without obtaining an adequate license from the person(s) controlling

the copyright in such materials, this document may not be modified

outside the IETF Standards Process, and derivative works of it may

not be created outside the IETF Standards Process, except to format

it for publication as an RFC or to translate it into languages other

than English.

Gerhards Standards Track [Page 1]

RFC 5424 The Syslog Protocol March 2009

Abstract

This document describes the syslog protocol, which is used to convey

event notification messages. This protocol utilizes a layered

architecture, which allows the use of any number of transport

protocols for transmission of syslog messages. It also provides a

message format that allows vendor-specific extensions to be provided

in a structured way.

This document has been written with the original design goals for

traditional syslog in mind. The need for a new layered specification

has arisen because standardization efforts for reliable and secure

syslog extensions suffer from the lack of a Standards-Track and

transport-independent RFC. Without this document, each other

standard needs to define its own syslog packet format and transport

mechanism, which over time will introduce subtle compatibility

issues. This document tries to provide a foundation that syslog

extensions can build on. This layered architecture approach also

provides a solid basis that allows code to be written once for each

syslog feature rather than once for each transport.

This document obsoletes RFC 3164.

Table of Contents

1. Introduction ....................................................4

2. Conventions Used in This Document ...............................4

3. Definitions .....................................................4

4. Basic Principles ................................................5

4.1. Example Deployment Scenarios ...............................6

5. Transport Layer Protocol ........................................7

5.1. Minimum Required Transport Mapping .........................7

6. Syslog Message Format ...........................................8

6.1. Message Length .............................................9

6.2. HEADER .....................................................9

6.2.1. PRI .................................................9

6.2.2. VERSION ............................................11

6.2.3. TIMESTAMP ..........................................11

6.2.4. HOSTNAME ...........................................13

6.2.5. APP-NAME ...........................................14

6.2.6. PROCID .............................................14

6.2.7. MSGID ..............................................14

6.3. STRUCTURED-DATA ...........................................15

6.3.1. SD-ELEMENT .........................................15

6.3.2. SD-ID ..............................................15

6.3.3. SD-PARAM ...........................................16

6.3.4. Change Control .....................................17

6.3.5. Examples ...........................................17

Gerhards Standards Track [Page 2]

RFC 5424 The Syslog Protocol March 2009

6.4. MSG .......................................................18

6.5. Examples ..................................................19

7. Structured Data IDs ............................................20

7.1. timeQuality ...............................................20

7.1.1. tzKnown ............................................21

7.1.2. isSynced ...........................................21

7.1.3. syncAccuracy .......................................21

7.1.4. Examples ...........................................21

7.2. origin ....................................................22

7.2.1. ip .................................................22

7.2.2. enterpriseId .......................................22

7.2.3. software ...........................................23

7.2.4. swVersion ..........................................23

7.2.5. Example ............................................23

7.3. meta ......................................................24

7.3.1. sequenceId .........................................24

7.3.2. sysUpTime ..........................................24

7.3.3. language ...........................................24

8. Security Considerations ........................................24

8.1. UNICODE ...................................................24

8.2. Control Characters ........................................25

8.3. Message Truncation ........................................26

8.4. Replay ....................................................26

8.5. Reliable Delivery .........................................26

8.6. Congestion Control ........................................27

8.7. Message Integrity .........................................28

8.8. Message Observation .......................................28

8.9. Inappropriate Configuration ...............................28

8.10. Forwarding Loop ..........................................29

8.11. Load Considerations ......................................29

8.12. Denial of Service ........................................29

9. IANA Considerations ............................................30

9.1. VERSION ...................................................30

9.2. SD-IDs ....................................................30

10. Working Group .................................................31

11. Acknowledgments ...............................................31

12. References ....................................................32

12.1. Normative References .....................................32

12.2. Informative References ...................................33

Appendix A. Implementer Guidelines ...............................34

A.1. Relationship with BSD Syslog ..............................34

A.2. Message Length ............................................35

A.3. Severity Values ..........................................36

A.4. TIME-SECFRAC Precision ....................................36

A.5. Case Convention for Names ................................36

A.6. Syslog Applications Without Knowledge of Time ............37

A.7. Notes on the timeQuality SD-ID ............................37

A.8. UTF-8 Encoding and the BOM ................................37

Gerhards Standards Track [Page 3]

RFC 5424 The Syslog Protocol March 2009

1. Introduction

This document describes a layered architecture for syslog. The goal

of this architecture is to separate message content from message

transport while enabling easy extensibility for each layer.

This document describes the standard format for syslog messages and

outlines the concept of transport mappings. It also describes

structured data elements, which can be used to transmit easily

parseable, structured information, and allows for vendor extensions.

This document does not describe any storage format for syslog

messages. It is beyond of the scope of the syslog protocol and is

unnecessary for system interoperability.

This document has been written with the original design goals for

traditional syslog in mind. The need for a new layered specification

has arisen because standardization efforts for reliable and secure

syslog extensions suffer from the lack of a Standards-Track and

transport-independent RFC. Without this document, each other

standard would need to define its own syslog packet format and

transport mechanism, which over time will introduce subtle

compatibility issues. This document tries to provide a foundation

that syslog extensions can build on. This layered architecture

approach also provides a solid basis that allows code to be written

once for each syslog feature instead of once for each transport.

This document obsoletes RFC 3164, which is an Informational document

describing some implementations found in the field.

2. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in RFC 2119 [RFC2119].

3. Definitions

Syslog utilizes three layers:

o "syslog content" is the management information contained in a

syslog message.

o The "syslog application" layer handles generation, interpretation,

routing, and storage of syslog messages.

o The "syslog transport" layer puts messages on the wire and takes

them off the wire.

Gerhards Standards Track [Page 4]

剩余38页未读，继续阅读

评论收藏

内容反馈

weberwzl

2018-08-11

好用，真不错，谢谢楼主。
VC_Derry

2011-10-12

文档很好就是右边怎么那么多无关的图不解~
macapplestudy

2014-07-09

以前用RFC3164，这个是最新，不知道兼容不兼容RFC3164。
skrase

2013-01-27

文档不错，要是中文的就更好了
guhong5153

2015-06-17

顶。。。。。。这些协议都好难找的...

前往

页

yueyunfengqing

粉丝: 5
资源: 2

syslog最新协议 RFC5424

最新资源