1
0
mirror of https://github.com/moparisthebest/xeps synced 2024-12-21 23:28:51 -05:00
This commit is contained in:
Peter Saint-Andre 2013-12-02 18:33:55 -07:00
parent 496018222b
commit 7b53988278

View File

@ -8,15 +8,7 @@
<header>
<title>Event Logging over XMPP</title>
<abstract>This specification provides a common framework for sending events to event logs over XMPP networks.</abstract>
<legal>
<copyright>This XMPP Extension Protocol is copyright (c) 1999 - 2013 by the XMPP Standards Foundation (XSF).</copyright>
<permissions>Permission is hereby granted, free of charge, to any person obtaining a copy of this specification (the &quot;Specification&quot;), to make use of the Specification without restriction, including without limitation the rights to implement the Specification in a software program, deploy the Specification in a network service, and copy, modify, merge, publish, translate, distribute, sublicense, or sell copies of the Specification, and to permit persons to whom the Specification is furnished to do so, subject to the condition that the foregoing copyright notice and this permission notice shall be included in all copies or substantial portions of the Specification. Unless separate permission is granted, modified works that are redistributed shall not contain misleading information regarding the authors, title, number, or publisher of the Specification, and shall not claim endorsement of the modified works by the authors, any organization or project to which the authors belong, or the XMPP Standards Foundation.</permissions>
<warranty>## NOTE WELL: This Specification is provided on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. In no event shall the XMPP Standards Foundation or the authors of this Specification be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the Specification or the implementation, deployment, or other use of the Specification. ##</warranty>
<liability>In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall the XMPP Standards Foundation or any author of this Specification be liable for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising out of the use or inability to use the Specification (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if the XMPP Standards Foundation or such author has been advised of the possibility of such damages.</liability>
<conformance>
This XMPP Extension Protocol has been contributed in full conformance with the XSF's Intellectual Property Rights Policy (a copy of which may be found at &lt;<link url='http://www.xmpp.org/extensions/ipr-policy.shtml'>http://www.xmpp.org/extensions/ipr-policy.shtml</link>&gt; or obtained by writing to XSF, P.O. Box 1641, Denver, CO 80201 USA).
</conformance>
</legal>
&LEGALNOTICE;
<number>xxxx</number>
<status>ProtoXEP</status>
<type>Standards Track</type>
@ -28,7 +20,7 @@
</dependencies>
<supersedes/>
<supersededby/>
<shortname>eventlog</shortname>
<shortname>eventlogging</shortname>
<author>
<firstname>Peter</firstname>
<surname>Waher</surname>
@ -36,6 +28,14 @@
<jid>peter.waher@jabber.org</jid>
<uri>http://www.linkedin.com/in/peterwaher</uri>
</author>
<revision>
<version>0.0.2</version>
<date>2013-12-02</date>
<initials>pw</initials>
<remark>
<p>Addressed pre-publication feedback from the XMPP Council.</p>
</remark>
</revision>
<revision>
<version>0.0.1</version>
<date>2013-11-10</date>
@ -56,10 +56,16 @@
analyze it accordingly.
</p>
<p>
There are various event log packages available, but none yet defined for XMPP or using a well defined and known XML format. Therefore, this document defines
There are various event log packages available, but none yet defined for XMPP or using a well-defined and known XML format. Therefore, this document defines
such an XML format. This format is able to store <link url='https://tools.ietf.org/html/rfc5424'>Syslog</link> <note>
RFC-5424: The Syslog Protocol &lt;<link url='https://tools.ietf.org/html/rfc5424'>https://tools.ietf.org/html/rfc5424</link>&gt;
</note> compliant event information, even though the Syslog event model has been somewhat extended.
</note> compliant event information, even though the <link url='https://tools.ietf.org/html/rfc5424'>Syslog</link> event model has been somewhat extended.
Also, in the use of the facility attribute, this XEP does not have the same restrictions compared to the <link url='https://tools.ietf.org/html/rfc5424'>Syslog</link> specification.
</p>
<p>
This document does not restrict the use of event messages to directed message stanzas alone. It may be envisioned that some would like to publish event information through
&xep0060; or other mechanisms. It is not in the scope of this document to specify such transports however, as it only deals with direct messages, but a brief list is provided
in the <link url='#transportoptions'>Security Considerations</link> section.
</p>
</section1>
<section1 topic='Glossary' anchor='glossary'>
@ -103,7 +109,7 @@
<di>
<dt>Stack Trace</dt>
<dd>
Exact position in the code from whice the event was reported or error occurred. Reporting it in a separate attribute unclutters the message, and removes the need
Exact position in the code from which the event was reported or where the error occurred. Reporting it in a separate attribute unclutters the message, and removes the need
to define custom tags.
</dd>
</di>
@ -122,126 +128,139 @@
</dl>
</section1>
<section1 topic='Use Cases' anchor='usecases'>
<section2 topic='Sending a simple event message'>
<section2 topic='Sending a simple event message' anchor='simpleevent'>
<p>
The following example shows how to send a simple event using a normal message to an event log. There are only two parameters that are required:
<strong>message</strong> and <strong>timestamp</strong>. This message will be treated as a <strong>Minor Informational</strong> message by the
recipient.
The following example shows how to send a simple event using a normal message to an event log. Only two parameters are required:
The timestamp of the message goes into the <strong>timestamp</strong> attribute, and the actual messages goes into a child element
named <strong>message</strong>. This event will be treated as a <strong>Minor Informational</strong> event by the recipient.
</p>
<example caption='Simple event message'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Something happened.'
timestamp='2013-11-10T15:52:23Z'/>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T15:52:23Z'>
<message>Something happened.</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Specifying type and level'>
<section2 topic='Sending a multi-line event message' anchor='multilinemessage'>
<p>
The following example shows how to send a multi-line event.
</p>
<example caption='Multi-line event message'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-12T11:47:12Z'>
<message>10 objects deleted:
Object 1
...
Object 10</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Specifying type and level' anchor='typelevel'>
<p>
The following example shows how an event message can be categorized with an event type and level.
</p>
<example caption='Specifying type and level'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Low on memory.'
timestamp='2013-11-10T15:54:55Z'
type='Warning'
level='Major'/>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T15:54:55Z' type='Warning' level='Major'>
<message>Low on memory.</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Specifying object and subject'>
<section2 topic='Specifying object and subject' anchor='objectsubject'>
<p>
The following example shows how an event message can be further enhanced by providing object and subject information.
</p>
<example caption='Specifying object and subject'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Object deleted'
timestamp='2013-11-10T15:58:12Z'
type='Informational'
level='Major'
object='Towel'
subject='Arhur Dent'/>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T15:58:12Z' type='Informational' level='Major' object='Towel' subject='Arthur Dent'>
<message>Object deleted.</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Specifying an event ID'>
<section2 topic='Specifying an event ID' anchor='eventids'>
<p>
The following example shows how an event message can receive an ID that can be singled out later to be analyzed by administrators, for instance.
The following example shows how to send an event message with an event ID that can be singled out later to be analyzed by administrators, for instance.
</p>
<example caption='Specifying an event ID'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
id='LoginFailed'
message='User attempted to login but provided incorrect password.'
timestamp='2013-11-10T16:04:45Z'
type='Warning'
level='Minor'
object='user1'
subject='10.0.0.1'/>
<log xmlns='urn:xmpp:eventlog' id='LoginFailed' timestamp='2013-11-10T16:04:45Z' type='Warning' level='Minor' object='user1' subject='10.0.0.1'>
<message>User attempted to login but provided incorrect password.</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Tagging events with custom information'>
<section2 topic='Tagging events with custom information' anchor='tags'>
<p>
The following example shows how to tag an event using custom information in a way that is easy to interpret and process.
</p>
<example caption='Tagging events with custom information'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Current resources.'
timestamp='2013-11-10T16:07:01Z'
type='Informational'
level='Minor'>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T16:07:01Z' type='Informational' level='Minor'>
<message>Current resources.</message>
<tag name='RAM' value='1655709892' type='xs:long'/>
<tag name='CPU' value='75.45' type='xs:double'/>
<tag name='HardDrive' value='163208757248' type='xs:long'/>
</log>
</message>]]>
</example>
<strong>Note:</strong> Any <strong>tag</strong> elements must come after the <strong>message</strong> element.
</section2>
<section2 topic='Specifying program module'>
<section2 topic='Specifying program module' anchor='modules'>
<p>
The following example shows how module information can be provided in events to more easilly be able to single out information
The following example shows how module information can be provided in events to more easily be able to single out information
relating to the same application running on different machines.
</p>
<example caption='Specifying program module'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Something horrible happened.'
timestamp='2013-11-10T16:17:56Z'
type='Error'
level='Major'
object='object1'
subject='user1'
module='applicaiton1'/>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T16:17:56Z' type='Error' level='Major' object='object1' subject='user1' module='application1'>
<message>Something horrible happened.</message>
</log>
</message>]]>
</example>
</section2>
<section2 topic='Sending debug information'>
<section2 topic='Sending debug information' anchor='debug'>
<p>
The following example shows how to send a debug message with a stack trace, module and custom inforation.
The following example shows how to send a debug message with a stack trace, module and custom information.
</p>
<example caption='Sending debug information'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog'
message='Something is rotten in the state of Denmark.'
timestamp='2013-11-10T16:12:25Z'
type='Debug'
level='Major'
module='My new application'
stackTrace='file1, line 1, ...'>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T16:12:25Z' type='Debug' level='Major' module='My new application' stackTrace='file1, line 1, ...'>
<message>Something is rotten in the state of Denmark.</message>
<tag name='a' value='1' type='xs:int'/>
<tag name='b' value='10' type='xs:int'/>
<tag name='s' value='Hello World!' type='xs:string'/>
<stackTrace>File1, Line1, ...
File2, Line2, ...
...</stackTrace>
</log>
</message>]]>
</example>
<strong>Note:</strong> Any <strong>stackTrace</strong> element must come after the <strong>message</strong> element and any <strong>tag</strong> elements.
</section2>
<section2 topic='Sending multiple events' anchor='multipleevents'>
<p>
The following example shows how multiple events can be sent in a single message. The receiver should interpret this as two different events having been received.
</p>
<example caption='Sending multiple events'>
<![CDATA[
<message from='device@clayster.com/device' to='eventlog@clayster.com' type='normal' xml:lang='en'>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T15:52:23Z'>
<message>Something happened.</message>
</log>
<log xmlns='urn:xmpp:eventlog' timestamp='2013-11-10T15:54:23Z'>
<message>Something else happened.</message>
</log>
</message>]]>
</example>
@ -277,10 +296,10 @@
</p>
</section1>
<section1 topic='Implementation Notes' anchor='impl'>
<section2 topic='Event Types'>
<section2 topic='Event Type' anchor='eventtype'>
<p>
The following table lists possible event types that can be used. If none is specified for an event, it is assumed that the event is <strong>Informational</strong>.
It is largely based on the severity levels of Syslog.
It is largely based on the severity levels of <link url='https://tools.ietf.org/html/rfc5424'>Syslog</link>.
</p>
<table caption='Event Types'>
<tr>
@ -309,7 +328,7 @@
</tr>
<tr>
<td>Critical</td>
<td>A ciritical condition. An error so great that it could escalate into something graver if not addressed.</td>
<td>A critical condition. An error so great that it could escalate into something graver if not addressed.</td>
</tr>
<tr>
<td>Alert</td>
@ -321,7 +340,7 @@
</tr>
</table>
</section2>
<section2 topic='Event Levels'>
<section2 topic='Event Level' anchor='eventlevel'>
<p>
Given an Event Type, an event level can provide additional information about the extent or importance of the event (a second dimension).
</p>
@ -340,58 +359,55 @@
</tr>
<tr>
<td>Major</td>
<td>More substantial events or affecting larger parts of the system.</td>
<td>More substantial events or events that are affecting larger parts of the system.</td>
</tr>
</table>
</section2>
<section2 topic='Event IDs'>
<section2 topic='Event ID' anchor='eventid'>
<p>
Using Event IDs the application can provide a machine understandable classification of the event. Examples could be "Login"-events, "ConnectionProblem"-events, etc.
Using Event IDs, the application can provide a machine understandable classification of the event. Examples could be "Login"-events, "ConnectionProblem"-events, etc.
It is easier to group, parse or interpret events and their tags if you know what type of event it is. Event IDs are manufacturer specific, and only provide a means
to more easilly extract subsets of events for processing without having to parse message texts (which should be allowed to be localizable).
to more easily extract subsets of events for processing without having to parse message texts (which should be allowed to be localizable).
</p>
<p>
<strong>Note:</strong> To avoid problems when running applications using different locales, event IDs should never be localized.
</p>
</section2>
<section2 topic='Objects'>
<section2 topic='Object' anchor='object'>
<p>
An event is often linked to an object, i.e. on which object an action was performed, or which object is reporting a condition. The object field permits
An event is often linked to an object, e.g. on which object an action was performed, or which object is reporting a condition. The object field permits
the tagging of objects in a common way. It is later easy to extract all events relating to a specific object by using this attribute.
</p>
</section2>
<section2 topic='Subjects'>
<section2 topic='Subject' anchor='subject'>
<p>
An event is often also linked to a subject, i.e. who or what performed a given action resulting in the event or condition. The subject field permits
the tagging of subjects in a common way. It is later easy to extract all events relating to a specific subbject by using this attribute.
the tagging of subjects in a common way. It is later easy to extract all events relating to a specific subject by using this attribute.
</p>
</section2>
<section2 topic='Facilities'>
<section2 topic='Facility' anchor='facility'>
<p>
Facility can be either a facility in the network sense or in the system sense. This document does not restrict its use to the possible choices defined by
other protocols such as Syslog, and leaves it open. However, it is left as a special attribute since it is important in monitoring applications.
other protocols such as <link url='https://tools.ietf.org/html/rfc5424'>Syslog</link>, and leaves it open. However, it is left as a special attribute since
it is important in monitoring applications.
</p>
</section2>
<section2 topic='Modules'>
<section2 topic='Module' anchor='module'>
<p>
A module is part of a larger software package. Using the module attribute makes it easier to attribute events to specific parts of a distributed
application and analyze them separately.
</p>
</section2>
<section2 topic='Stack Traces'>
<section2 topic='Stack Trace' anchor='stacktrace'>
<p>
Stack Traces can be important information to developers and correlate events to actual locations in the code that generated the event. This document
does not specify any particular format for stack traces.
</p>
<p>
Note that stack traces can be divided into multiple lines separated by CRLF. It is important to encode such strings correctly to avoid problems in
XML parsers.
</p>
</section2>
<section2 topic='Tags'>
<section2 topic='Tag' anchor='tag'>
<p>
Any event can have a custom set of tags attached to it. A tag is required to have a name and a value. It can also optionally specify a data type.
Data Types are specified using Qualified Names (QNames). If possible, they should adher to the list of
Data types are specified using Qualified Names (QNames). If possible, they should adhere to the list of
<link url='http://xmpp.org/registrar/xdv-datatypes.html'>Data Forms Validation Datatypes</link> <note>
Data Forms Validation Datatypes &lt;<link url='http://xmpp.org/registrar/xdv-datatypes.html'>http://xmpp.org/registrar/xdv-datatypes.html</link>&gt;
</note> that is maintained by the XMPP Registrar.
@ -400,7 +416,7 @@
<strong>Note:</strong> To avoid problems when running applications using different locales, tag names should never be localized.
</p>
</section2>
<section2 topic='Normalized tables'>
<section2 topic='Normalized tables' anchor='normalizedtables'>
<p>
If persisting received events in a database, care should be taken if normalized tables are used for storage of tags names and values, event IDs, objects, subjects,
facilities and modules. If this is the case, the receiver should look for types of values that can be incompatible with normalized tables (such as floating point values or numbers
@ -408,13 +424,20 @@
databases because of devices implemented by third parties.
</p>
<p>
It is still valid to send such information (like sequence numbers, unique GUIDs, resource names in JIDs etc., measurements, etc.) in tags names and values, but should be avoided in
event IDs, objects, subjects, facilities and modules, as they can cause problems further down the line.
It is still valid to send information like sequence numbers, unique GUIDs, measurements, resource names in JIDs etc. in tag names and values, but such information
should be avoided in event IDs, objects, subjects, facilities and modules, as they can cause problems further down the line.
</p>
</section2>
<section2 topic='Multi-line messages and stack traces' anchor='multilinemessagesstacktraces'>
<p>
The messag text and stack trace parts of an event message lie as simple type valued child elements (xs:string). This allows for simple encoding of multi-line text
information into these two parameters. However, do not indent new lines when serializing multi-line text to these parameters to make the XML look nicer. The recipient
cannot know what whitespace is indenting and what is part of the actual information.
</p>
</section2>
</section1>
<section1 topic='Internationalization Considerations' anchor='i18n'>
<section2 topic='Time Zones'>
<section2 topic='Time Zones' anchor='timezones'>
<p>
All timestamps and dateTime values use the XML data type xs:dateTime to specify values. These values include a date, an optional time and an optional time zone.
</p>
@ -426,22 +449,44 @@
If devices report time zone, this information should be propagated throughout the system. Otherwise, comparing timestamps from different time zones will be impossible.
</p>
</section2>
<section2 topic='xml:lang'>
<section2 topic='xml:lang' anchor='lang'>
<p>
Event messages SHOULD contain an <strong>xml:lang</strong> attribute on the message stanza to specify the language
used in message texts, etc. If language information is not available (for instance, if relaying messages not created by the device itself,
the <strong>xml:lang</strong> attribute can be omitted).
used in message texts, etc. If language information is not available, e.g. if relaying messages are not created by the device itself,
the <strong>xml:lang</strong> attribute can be omitted.
</p>
</section2>
</section1>
<section1 topic='Security Considerations' anchor='security'>
<section2 topic='Zero configuration' anchor='zeroconf'>
<p>
Even though this document permits zero-configuration of devices to event logs, this might not always be the best option. Event information might be sensitive
and should not be sent to anybody just because they support the event log feature as defined in this document.
</p>
</section2>
<section2 topic='Sensitive information' anchor='sensitiveinfo'>
<p>
<strong>Never</strong> log information that should be handled securely or encrypted, such as passwords.
</p>
</section2>
<section2 topic='Transport options' anchor='transportoptions'>
<p>
The following subsections lists different transport options together with security considerations for each one.
</p>
<section3 topic='Direct messages'>
<p>
This document explicitly describes how to send event messages in direct messages. If sensitive information is being sent,
end-to-end encryption should be considered.
</p>
</section3>
<section3 topic='Publish/Subscribe'>
<p>
Event messages could be published using <link url='http://xmpp.org/extensions/xep-0060.html'>Publish-Subscribe</link>. But, even more care should
be taken to log only information that can be published openly. If there's risk for sensitive information to be logged, the publish/subscribe pattern
should be avoided.
</p>
</section3>
</section2>
</section1>
<section1 topic='IANA Considerations' anchor='iana'>
<p>This document requires no interaction with &IANA;.</p>
@ -463,16 +508,17 @@
<xs:element name='log'>
<xs:complexType>
<xs:choice minOccurs='0' maxOccurs='unbounded'>
<xs:element name='tag'>
<xs:sequence>
<xs:element name='message' type='xs:string' minOccurs='1' maxOccurs='1'/>
<xs:element name='tag' minOccurs='0' maxOccurs='unbounded'>
<xs:complexType>
<xs:attribute name='name' type='xs:string' use='required'/>
<xs:attribute name='value' type='xs:string' use='required'/>
<xs:attribute name='type' type='xs:QName' use='optional' default='xs:string'/>
</xs:complexType>
</xs:element>
</xs:choice>
<xs:attribute name='message' type='xs:string' use='required'/>
<xs:element name='stackTrace' type='xs:string' minOccurs='0' maxOccurs='1'/>
</xs:sequence>
<xs:attribute name='timestamp' type='xs:dateTime' use='required'/>
<xs:attribute name='id' type='xs:string' use='optional'/>
<xs:attribute name='type' type='EventType' use='optional' default='Informational'/>
@ -481,7 +527,6 @@
<xs:attribute name='subject' type='xs:string' use='optional'/>
<xs:attribute name='facility' type='xs:string' use='optional'/>
<xs:attribute name='module' type='xs:string' use='optional'/>
<xs:attribute name='stackTrace' type='xs:string' use='optional'/>
</xs:complexType>
</xs:element>
@ -510,6 +555,6 @@
</code>
</section1>
<section1 topic='Acknowledgements' anchor='ack'>
<p>Thanks in alphabetical order to Joachim Lindborg, Markus Kohlhase, Matthew Wild, Mike Taylor, Robert Kosten, Steffen Larsen, and Yusuke DOI for all valuable feedback.</p>
<p>Thanks in alphabetical order to Dave Cridland, Joachim Lindborg, Karin Forsell, Ludovic Bocquet, Markus Kohlhase, Matthew Wild, Mike Taylor, Philipp Hancke, Robert Kosten, Steffen Larsen, and Yusuke DOI for all valuable feedback.</p>
</section1>
</xep>