1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
======================================
Logging Requirements for NETCONF APK
======================================
:Author:
A. Wilcox
:Copyright:
© 2020 Adélie Software in the Public Benefit, Inc. NCSA license.
:Status:
Draft
Introduction
============
This document defines the logging requirements for the NETCONF for APK
Distributions system.
Definition of terms
-------------------
* ``NETCONF APK``: The NETCONF for APK Distributions system, including the
base server and modules contained in the netconfapk source distribution.
* ``stderr``: The standard error output stream as defined by POSIX.
Intended audience
-----------------
This document is primarily intended to be read by the implementors of
NETCONF APK. It may additionally be useful for documentation writers to
inform network administrators who are interacting with NETCONF APK about
how its logging system functions.
Architecture
============
The logging system processes messages with three fields: Category, Level,
and Message. The message's Category indicates what subsystem is emitting
the message. The message's Level indicates the urgency of the message,
and may be one of the following six values: Critical, Error, Warning,
Notice, Info, and Debug. The message's Message is the text being logged.
The system outputs every message processed to ``stderr``, with the
following format:
::
<iso-date> : <device> : <category> : <level> : <message>
iso-date is defined as an ISO 8601 extended timestamp, of the format:
::
YYYY-MM-DDThh:mm:ss
``device`` is the hostname of the device running the logging system.
Configuration
=============
The ``netconf.conf`` YAML configuration file will be read for a scalar
``loglevel`` present in the top-level ``server`` node, which defines the
lowest log level to output. The default, if the ``loglevel`` scalar is
not set, is ``notice``.
The ``loglevel`` node is case-insensitive.
Categories and Log Messages
===========================
Each following section defines a logging category for the NETCONF APK
system. Under each logging category, each event that would generate a
message in that category will be described.
This list is not exclusive. Underlying system libraries may log
additional messages that are not included in this list.
auth
----
Messages in this category concern authentication. This includes both
successful and failed authentication attempts to the server.
Connection established
``````````````````````
This event is triggered when a connection is established, before
authentication is attempted.
:Format:
Connection from %{ip}:%{srcport} established with client %{client_ver}
:Level:
Info
Authentication succeess
```````````````````````
This event is triggered when authentication is successful and a user is
granted access to the system.
:Format:
Authentication granted to %{user} from %{ip}:%{srcport}, session %{sessid}
:Level:
Notice
Authentication failure
``````````````````````
This event is triggered when authentication has failed.
:Format:
Authentication failed for %{user} from %{ip}:%{srcport}
:Level:
Error
Connection closed
`````````````````
This event is triggered when a client disconnects.
:Format:
Session %{sessid} for %{user} closed
:Level:
Info
operational
-----------
Messages in this category concern operations carried out. This includes
standard operations such as ``edit-config`` and also RPCs such as
``system-restart``.
RPC executed
````````````
This event is triggered when any RPC is sent to the system.
:Format:
RPC %{rpc} invoked by %{user} on session %{sessid}
:Level:
Info
RPC unknown
```````````
This event is triggered when an RPC is received that the system does not
recognise as a valid RPC.
:Format:
RPC %{rpc} invoked by %{user} on session %{sessid} is unknown
:Level:
Warning
RPC failure
```````````
This event is triggered when an RPC encounters an error during execution.
:Format:
RPC %{rpc} invoked by %{user} on session %{sessid} encountered error %{error}
:Level:
Error
RPC success
```````````
This event is triggered when an RPC is executed successfully.
:Format:
RPC %{rpc} invoked by %{user} on session %{sessid} completed successfully
:Level:
Info
config
------
Messages in this category concern configuration data. This includes
reading and writing to any NETCONF datastore.
Configuration editing
`````````````````````
This event is triggered just before ``edit-config`` is executed.
:Format:
%{user} on session %{sessid} is editing configuration: %{xml}
:Level:
Debug
Configuration edited
````````````````````
This event is triggered when ``edit-config`` nodes are being processed by
their respective NETCONF modules.
:Format:
%{user} on session %{sessid} is editing %{node}: %{module-specific information}
:Level:
Notice
Configuration reading
`````````````````````
This event is triggered just before ``get-config`` or ``get`` is executed.
:Format:
%{user} on session %{sessid} is requesting configuration: %{xml}
:Level:
Debug
Configuration operation denied
``````````````````````````````
This event is triggered when a user attempts an operation on a datastore
that is not permitted by the current NACM policy.
:Format:
%{user} on session %{sessid} attempted %{operation} on %{node}, not permitted by NACM
:Level:
Error
|
