ISO/IEC 10164-6:1993

INTERNATIONAL lSO/IEC
STANDARD 10164-6
First edition
1993-11-01
Information technology - Open Systems
Interconnection - Systems Management:
Log control function
Technologies de I’informa tion - Interconnexion de systemes ouverts
- Gestion-Systeme: Fonction de contr6le de journal
(OSI)
ISO/IEC 10164=6:1993(E)
Contents
Page
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Scope
2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1 Identical Recommendations I International Standards. . . . . . . . . . . . . . . . . . . . . . 2
2.2 Paired Recommendations I International Standards equivalent in
technical content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 Additional references . 3
3 Defini tions . 3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Basic reference model definitions
3.2 Service convention definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
................................................ 3
3.3 Management framework definitions
3.4 Systems management overview definitions . 3
................................. 3
3.5 Event report management function definitions
..................... 4
3.6 Common management information Service definitions
................................................
3.7 OS1 conformance testing definitions
3.8 Additional definitions .
4 Abbreviations .
5 Conventions .
6 Requirements .
7 Model for the log control function .
................................................................................... 5
7.1 Introduction
7.2 The log model .
0 ISO/EC 1993
All rights reserved. No part of this publication may be reproduccd or utilized in any forrn or
by any means, electronie or mechanical, including photocopying and microfilm, without
permission in writing fiom the publisher.
ISO/IEC Copyright Office l Case postale 56 l CH-121 1 Genkve 20 l Switzerland
Printed in Switzerland
ii
ISO/IEC 10164=6:1993(E)
8 Gcncric dcfinitions . . . . . . . . . . . . . . . . . . . . . .~.~.~.~”. 7
.......................................................................... 7
8.1 Managed objcc ts
8.2 Importcd gcncric definitions .
9 Scrvicc dcfinition .
9.1 Introduction . . . . .~.
9.2 Initiation of logging . . . . . . . . . . . . . . . . . . . . . . . . .~.~.
9.3 Termination of logging .
9.4 Modification of logging attributes and suspcnsion and resumption of
logging .
9.5 Rctrieving logging attributes .
................................................................ 13
9.6 Retricval of log rccords
Y.7 Delction of log records .
. . . . . . . . . . . . . . . . . . . . .~.~.*. 13
10 Functional units
11 Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .~.
11.1 Elcmcnts of proccdurcs . . . . . . . . . . . . . . . . . .*.
. . . . . . . . . . . . . . .r. 14
11.2 Abstract Syntax
11.3 Negotiation of functional units . 15
................................................. 15
12 Relationship with other functions
13 Conformance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.................................... 16
13.1 General conformancc class requircments
13.2 Dependent conformancc class rcquirements . 16
13.3 Conformance to support managcd Object dcfinitions . . . . . . . . . . . . . . . . . . . .
Annexes
A Considcrations for System Implemcntation Capabilities Statements 17
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
n Conditions on attributc valucs for logging
. . .
ISO/IEC 10164=6:1993(E)
Foreword
ISO (the International Organization for Standardization) and IEC (thc Intcr-
national Electrotechnical Commission) form the specialized System for world-
wide standardization. National bodi.es that are members of ISO or IEC participate
in the development of International Standards through tcchnical committecs
established by the rcspective organization to deal with particular f’iclds of
technical activity. ISO and IEC technical committees collaboratc in ficlds of
mutual interest. Other international organizations, governmental and non-
governmental, in liaison with ISO and IEC, also take part in thc work.
In the field of information technology, ISO and IEC havc established a joint
technical committee, ISO/IEC JTC 1. Draft International Standards adoptcd by
the joint technical committee are circulated to national bodies for voting. Publi-
cation as an International Standard requires approval by at least 75% of thc
national bodies casting a vote.
International Standard ISO/IEC 10164-6 was preparcd by Joint Technical Com-
mittee ISO/IEC JTC 1, Information technology, Sub-Committce SC21, Open
Systems interconnection, data management and open distributed processing, in
collaboration with CCITT. The identical text is publishcd as CCITT
Recommendation X.735.
ISO/IEC 10164 consists of the following Parts, under the gcncral title hfor-
mation technology - Open Systems Interconnection - Systems Management:
-
Part 1: Object management function
-
Part 2: State management function
-
Part 3: Attributes for representing relationships
-
Part 4: Alarm reporting function
-
Part 5: Event report management function
-
Part 6: Log control function
-
Part 7: Security alarm reporting function
-
Part 8: Security audit trail function
-
Part 9: Objects and attributes for access control
-
Part 10: Accounting metering function
-
Part 11: Workload monitoring function
-
Part 12: Test management function
-
Part 13: Summarization function
-
Part 14: Confidence and diagnostic test categories
-
Part 1.5: Scheduling function
Annexes A and B of this International Standard are for information only.
iv
ISO/IEC 1016406:1993(E)
Introduction
ISO/IEC 10164 is a multipart Standard developed according to ISO 7498 and
ISO/IEC 7498-4. ISO/IEC 10164 is related to the following International Stan-
dards
-
ISO/IEC 9595: 199 1, Information technology - Open Systems Interconnection
- Common management information Service definition;
-
ISO/IEC 9596-1: 199 1, Information technology - Open Systems Interconnec-
tion - Common management information protocol - Part 1: Specification;
-.
ISO/IEC 10040: 1992, Information technology - Open Systems Interconnec-
tion - Systems management overview;
-
ISO/IEC 10165: 1992, Information technology - Open Systems Interconnec-
tion - Structure of management information.

This page intentionally left blank

ISOLIEC 10164-6 : 1993 (E)
INTERNATIONAL STANDARD
CCITT RECOMMENDATION
INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION -
SYSTEMS MANAGEMENT: LOG CONTROL FUNCTION
1 Scope
This Recommendation I International Standard defines a Systems Management Function which may be used by an
application process in a centralized or decentralized management environment to interact for the purpose of Systems
management, as defined by CUM’ Rec. X.700 I ISO/lEC 7498-4. This CCIT’T’ Recommendation I International
Standard defines the Log Control function and consists of Services and two functional units. This function is positioned
in the application layer of the CCITI’ Rec. X.200 I ISO/IEC 7498-1 and is defined according to the model provided by
ISO/IEC 9545. The role of Systems management functions is described by CCITT Rec. X.701 I ISO/IEC 10040.
This CCITT Recommendation I International Standard
establishes user requirements for the Log Control function;
-
establishes models that relate the Services provided by the function to user requirements;
-
defines the Services provided by the function;
-
specifies the protocol that is necessary in Order to provide the Services;
-
defines the relationship between the Services and SM1 operations and notifications;
-
defines relationships with other Systems management functions;
-
specifies conformance requirements.
This CCITT Recommendation l International Standard does not
-
define the nature of any implementation interded to provide the Log Control function;
-
specify the manner in which management is accomplished by the user of the Log Control function;
-
define the nature of any interactions which result in the use of the Log Control function;
-
specify the Services necessary for the establishment, normal and abnormal release of a management
association;
-
specify the authorization requirements for the use of the Log Control function or for any associated
activity;
-
define the definitions of managed objects related to the management of particular protocol machines.
2 Normative references
The following CCITT Recommendations and International Standards contaic provisions which, through reference in
this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions
indicated were valid. All Recommendations and Standards are subject to revision, and Parties to agreements based on
this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent
editions of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently
valid Intemationczl Standards. The CCITT Secretariat maintains a list of currently valid CCITT Recommendations.
CCITT Rec. X.735 (1992 E) 1
ISOnEC 10164-6 : 1993 (E)
21 . Identical Recommendations I International Standards
-
CCITT Recommendation X.701 (1992) l ISOKEXZ 10040: 1992, Information technology - Open Systems
Interconnection - Systems management overview.
-
CCITT Recommendation X.721 (1992) I ISQ/UEC 101652:1992, Information technology - Open
Systems Interconnectior, - Structure of management information - Part 2: Definition of management
inforrnation.
-
CCITT Recommendation X.730 (1992) I ISOIIEC 10164-111993, Information technology - Open
Systems Interconnection - Systems Management - Part 1: Object management function.
-
CCITT Recommendation X.731 (1992) I ISOIIEC 10164-2:1993, Information technology - Open
- Part 2: State management function.
Systems Interconnection - Systems Management
-
CCITT Recommendation X.733 (1992) I ISOLIEC 10164-411992, Information technology - Open
Systems Interconnection - Systems Management - Part 4: Alarm reportingfilnction.
-
CCITT Recommendation X.734 (1992) I ISOKEC 10164-5: 1993, Information technology - Open
Systems Interconnection - Systems Management - Part 5: Event report managementfiuzction.
22 . Paired Recommendations 1 International Standards equivalent in technical content
-
CCITT Recommendation X.200 (1988), Reference Mode2 of Open Systems Interconn.ection for CCITT
Applications.
ISO 7498:1984, Information processing systems - Open Svstems Interconnection - Basic Reference
r,
Model.
-
CCITT Recommendation X.210 (1988), Open Systems Interconnection Luyer Service Definition
Conventions.
ISOfIR 8509: 1987, Information processing systems - Open Systems Interconnection - Service
conventions.
-
CCITT Recommendation X.208 (1988), Specification of Abstract Syntax Notation One (ASV. 1).
- Open Systems Interconnection - Specification of Abstract
ISO/IEC 8824: 1990, Information technology
Syntax Notation One (ASN. I).
-
CCITT Recommendation X.209 (1988), Specijication of Busic Encoding Rules for Abstract Syntax
Notation One (ASN. 1).
ISOKEC 8825: 1990, Information technology - Open Systems Interconnection - Specification of Basic
Encoding Rules for Abstract Syntax Notation One (ASN. 1).
-
CCITT Recommendation X.700 (1992), Management Framework Definition for Open Systems
Interconnection for CCITT Applicutions.
ISO/IEC 7498-4: 1989, Information processing systems - Open Systems Interconnection - Basic
Reference Model -Part 4: Managementframework.
-
CCITT Recommendation X.7 10 (1991), Common Management Information Service Definition for
CCITTApplications.
Open Systems Interconnection - Common munagement
ISODEC 9595: 1991, Information technology -
inforrnation Service defintion.
-
CCITT Recommendation X.290 (1992), OSI Conforrnance Testing Methodology and Framework for
protocol Recommendations for CCITT applications - General concepts.
ISO/IEC 9646- 1: 199 1, Information technology - Open Systems Interconnection - Corformance testing
methodology andfiamework - Part 1: General con.cepts.
CCITT Rec. X.735 (1992 E)
ISO/IEC 10164-6 : 1993 (E)
23 . Addi tional references
-
ISOAEC 9545: 1989, Information technology -- Open Systems Interconnection - Application Luyer
structure.
3 Definitions
For the purposes of this Recommendation I International Standard, the following definitions apply.
31 . Basic reference model defini tions
This Recommendation I International Standard makes use of the following term defined in Recommendation X.200 I
ISO 7498.
Systems management
32 . Service convention definitions
This Recommendation l International Standard makes use of the following term defined in CCITT Rec. X.210 I
ISO/TR 8509.
primitive
Management framework definitions
33 .
This Recommendation I International Standard makes use of the following terms defined in CCITT Rec. X.700 l
ISOIIEC 7498-4.
managemen t information;
a>
b) m‘anaged Object;
Systems-management-application-en tity.
d
Systems management overview definitions
34 .
This Recon-unendation I International Standard m‘akes use of the following terms defined in CCITT Rec. X.701 I
ISOnEC 10040.
a) agent role;
b) dependent confonnance;
general conformance;
C>
d) manager role;
management application protocol;
d
management support Object;
fl
g) notification;
h) Systems management Operation;
Systems managerneut functional unit.
Event report management function definitions
35 .
This Recommendation I International Standard m,ikes use of the following term defined in CCITT Rec. X.734 I
ISOIIEC 10164-5.
discriminator input Object
CCITT Rec. X.735 (1992 E) 3
ISO/IEC 10164-6 : 1993 (E)
36 . Common management information service definitio
This Recommendation I International Standard makes use of the following term defined in CCITT Rec. X.710 I
1s0/IEc 9595.
attribute
37 . OS1 conformance testing definitions
This Recommendation I International Standard makes use sf the following term defmed in CCITT Rec. X.290 1
ISOLEC 9646- 1 a
System conformance Statement
38 . Additional definitions
3.8.1 log: A management support Object class that models resources used as a repository for log records.
3.8.2 log record: A management support Object class that models units of information stored in a log.
3.8.3 potential log record: A type of discriminator input Object that is defined for the purpose of discriminating
information to be included in the log. A potentkal log record consists of all information required for the inclusion of a
log record in the log.
4 Abbreviations
Abstract Syntax Notation One
ASN. 1
CMIS Common management information Service
CMISE Common management information Service element
Id iden tifier
m‘anagement application protocol data unit
MAPDU
PDU Protocol data unit
SMAE Systems management application entity
SMFU Systems management functional unit
SM1 structure of management information
5 Conventions
This Recommendation I International Standard uses some of the descriptive conventions in the OSI Service
Conventions in ISO/IEC TR 8509.
6 Requirements
For the purpose of many management functions it is necessary to be able to preserve information about events that may
have occurred or operations that may have been performed by or on various objects. In a real open System various
resources may be allocated to store such information. In OS1 management these resources arc modeled by logs and log
records contained in the logs.
The management needs for the type of information that is to be logged may Change from tirne to time. Furthermore,
when such information is retrieved from a log the manager must be able to determine whether any records were lost or
whether the characteristics of the records stored in the log where modified at any time.
4 CCITT Rec. X.735 (1992 E)
ISO/IEC 10164-6 : 1993 (E)
The above needs give rise to the following requirements to be satisfied:
a) the definition sf a flexible log control Service which will Show selection of records that are to be logged
by a management System in a particular log;
b) the ability for an extemal System to modify the criteria used in logging records;
c) the ability for an extemal System to determine whether the logging characteristics were modified or
whether log records have been lost;
d) specification of a mechanism to control the time during which logging occurs, for example, by
suspending and resuming logging;
e) the ability for an extemal System to retrieve and delete log records;
f) the ability for an extemal System to create and delete logs.
Model for the log control function
. Introduction
The model for the log control function describes the conceptual components that provide for the logging of information
in open Systems. The model also describes the messages for the control of these components. Figure 1 is a schematic
description of the logging capability of a System.
~~~
log reports
Event reports
A
Responses 4 1 Controi
TIS00630-92
Figure 1 - Log management model
Conceptually, logs store incoming event reports and local System notifications. However, logs tan be used to store
information that is derived from notifications in the local open System, incoming event reports and PDUs received or
transmitted by the open System. These three sources of information are modelled in two basic ways, so that
conceptually the log only deals with event reports and local System notifications.
-
The conceptual log preprocessing function receives notifications from managed objects within the local
System and forms potential log records. Conceptually these potential log records are distributed to all
logs that are contained within the local open System. A potential log record is perceived as a
discriminator input Object for the purpose of discrimination by the log only and is not visible outside the
local System.
CCITT Rec. X.735 (1992 E) 5
ISOIIEC 10164-6 : 1993 (E)
PDUs (other than Systems management event reports) that are to be logged are modelled cas giving rise to
local System notifications that are processed as described above. The resource generating these PDUs
must, therefore, be represented by a managed object. This results in treating PDUs exactly like local
System notifications.
NOTE - It is the responsib2ity sf the particulax Bayer groups in defining managed objects that represent protocol
entities to define which PDUs generate notifications and the Parameters to be associated with that notification. In
particular it is viewed that Systems management application Plus will give rise to notifications that may have to
be logged.
To allow the logging of incoming PDUs in the log it is necessary to define a subclass of the log record
managed Object class that tan contain the internal notifications and associated parameters.
-
Systems management event reports, on the other hand, are not modelled as giving rise to notifications,
but are presented directly to be processed for logging.
Incoming event reports are conceptually distributed to all logs within the receiving open System.
The log in addition to conceptually storing the logged information determines which information is to be logge& Esch
log contains a discriminator construct which specifies the characteristics a potential log record or received event report
must have in Order to be selected for logging. Information that is selected for logging is supplemented with additional
information generated as a part of the logging process (e.g. record identifiers and logging time). Esch record has an
identifier attribute value assigned on record creation. Values are assigned locally in ascending sequential Order. The
identifier attribute tan, therefore, be used to determine t_41e Order of record creation in the log.
72 . The log model
The log is a repository for records, and is the OS1 abstraction of logging resources in real open Systems. Records
contain information that is logged.
The log managed Object class is characterised by a mandatory package ‘and several conditional packages; these
packages provide the log with the following capabilities:
-
the mandatory log package
This package is characterised by the following:
-
a Ilsg identifier, uniquely identifying an instance of a log relative to its superior managed Object;
-
an Administrative state and an Operatisnai state, representing the state of the log;
-
a description of the type of information to be logged, this property is supported by the discriminator
construct attribute;
-
the behaviour of the log when its mCaxitnum capacity is reached. This property is supported by the
log full action attribute;
-
notifications generated when the log is created, deleted, suspended, resumed and modified.
This property is supported by the Object creation, Object deletion, state Change and attribute
value Change notifications of CCITT Rec. X.730 I ISOKEC 10164-1 and CCITT Rec. X.73 1 I
ISO/rEC 10164-2.
the finite log size conditional package
This package is characterised by the following:
-
a maximum log maximum log
size (which may be indeterminate), this is supported by ehe
ProPertY
size attribute;
-
the current log size, supported by the current log size attribute;
-
the number of records currently in the log. Together with the current log size, this may be used to
obtain an estimate of the average record size and, therefore, of the number of records that c be logged. This property is supported by the number of records attribute.
-
the scheduling conditional packages
The log control function uses several conditional packages that provide various levels of sophistication
in scheduling the activity ofth e log. These packages are ch‘aracterised by the foll .owing :
-
the time during which logging is active, this property is supported by time-related attributes in the
conditional packages that contain information related to scheduling.
the log alarm conditional package
CCITT Rec. X.735 (1992 E)
ISO/IEC 10164-6 : 1993 (E)
This package is characterised by the following:
-
capacity alarm thresholds defined as percentages of the maximum log size. The capacity alarm
thresholds are used to generate events that will indicate that various levels of the log full condition
have been approached. This property is supported by the capacity alarm threshold attribute.
8 Generic definitions
This Recommendation I International Standard provides generic definitions of managed obj ects, attributes, and
notifications associated with the log and log record managed fobjects.
81 . Managed objects
8.1.1 The log managed Object
8.1.1.1 Mandatory log package
The following mandatofy attributes are defined for the log class.
8.1.1.1.1 Log Id
This attribute is used to uniquely identify the instance of a log.
8.1.1.1.2 Discriminator construct
This attribute specifies tests on the information that is to be logged. The discriminator construct may operate on any of
the Parameters of the information to be logged.
8.1.1.1.3 Administrative state
This attribute represents the administrative capability of thelog to perform its function. The following AdnkW.rative
states are defined:
a) Unlocked - Use of the log has been permitted by a managing System. Information from subordinate
records may be retrieved and, conditional on the values of other state and Status attributes, new records
may be created;
b) Locked - Use of the log has been prohibited by a managing System. Information from subordinate
records may be retrieved but new records shall not be created. Records may be deleted.
8.1.1.1.4 Operational state
This attribute represents the operational capability of the log to perform its function. The following Operational states
are defined:
Enabled - The log is operational and is ready for use. Information from subordinate records may be
a)
retrieved and, conditional on the values of other state and status attributes, new records may be created;
Disabled - The log is not available for use. New records cannot be created.
b)
8.1.1.1.5 Log full action
This attribute specifies the action to be taken when the maximum size of the log has been reached. Options are
wrap - The oldest records in the log, as determined by the log record identifier, will be deleted to free
a>
resources for the creation of new records;
halt - No more records will be logged. Records already in the log will be retained.
b)
Both Options shall be supported by any log.
CCITT Rec. X.735 (1992 E) 7
ISOIIEC 10164-6 : 1993 (E)
8.1.1.1.6 Availability Status
Chis attribute reflects the availability Status of the managed Object. The attribute may indicate a “log-full” condition;
indicating that records tan be retrieved but that no new records tan be added.
8.1.1.2 Finite log size package
This package provides additional information regarding the current Status of finite sized logs. It shall be present
whenever supported by the underlying resource.
f 8.1.1.2.1 Max log size
This attribute specifies the size of the log measured in number of octets. A log may have an indeterminate size. A max
log size of zero shall be used to specify that the log size has no predefined limit.
NOTE - Since the log size is specified in octets the actual amount of information that is contained in a log will be
determined by data representation used in the log. This data representation is not subject to standardization. The maximum log size
does not include the System overhead involved in establishing the log. Thus, immediat
...