Implementing Log Control in OSI Systems Management: A Guide to ISO/IEC 10164-6:1995/Amd 1:1999

Scope and Purpose of IEC 10164-6-95 (Amd 1:1999)

The standard ISO/IEC 10164-6:1995 (also designated IEC 10164-6-95), together with its Amendment 1:1999 (confirmed in 2013), defines the Log Control Function (LCF) within the OSI Systems Management framework (ISO/IEC 7498-4). It specifies a set of management services, protocols, and managed object definitions that enable the creation, suspension, resumption, and deletion of logs, as well as the querying and reporting of log records.

The primary scope of this standard includes:

Definition of the systems management function for log control at the application layer.
Specification of CMIP (Common Management Information Protocol) service primitives used for log manipulation.
Managed object classes and attributes for logs and log records, defined using GDMO (Guidelines for the Definition of Managed Objects) and ASN.1.
Amendment 1:1999 adds Implementation Conformance Statement (ICS) proformas and clarifies interaction with Event Report Management (ISO/IEC 10164-5).

This standard is essential for any OSI-based network management system that requires persistent, configurable storage of event data and audit trails.

Technical Requirements and Architectural Overview

The Log Control Function operates within the Systems Management Application Entity (SMAE) and relies on the Common Management Information Service Element (CMISE). It defines three roles: the Log Manager (managing system) and the Log Agent (managed system) that hosts the log objects.

Managed Object Classes

The standard introduces the following key managed object classes (MOCs):

log — Represents a generic log. Subclasses include discardLog (fixed-capacity log) and wrapLog (circular log).
logRecord — Abstract class for entries stored in a log. Concretised by specific record types (e.g., eventLogRecord, alarmLogRecord).
logManagement — Optional singleton that provides administrative controls (e.g., default discrimination, capacity policies).

Services and Operations

The following table summarises the main management services (CMIP operations) defined by ISO/IEC 10164-6:

Service	CMIP Operation	Description	Confirm
createLog	M-CREATE	Instantiate a new log managed object in the managed system	Yes
deleteLog	M-DELETE	Destroy an existing log and its records	Yes
suspendLog	M-ACTION	Temporarily stop the log from accepting new records	Yes
resumeLog	M-ACTION	Restart logging after a suspension	Yes
getLog	M-GET	Retrieve attributes of a log (e.g., capacity, state, filter)	Yes
logData	M-EVENT-REPORT	Notification emitted by the log when a record is added (optional)	No

All actions are defined with detailed parameters, including identifiers, discrimination filters, and capacity thresholds.

Amendment 1:1999 Additions

The amendment, approved in 1999 and reaffirmed in 2013, focuses on:

Adding PICS (Protocol Implementation Conformance Statement) proformas in tabular format.
Clarifying the relationship between logs and event discriminators (as defined in ISO/IEC 10164-5).
Defining additional conformance requirements for the use of discardLog and wrapLog.

Implementation Highlights

Tip: When implementing the Log Control Function, always encode log record content using ASN.1 (X.680 series) to ensure interoperability across heterogeneous systems. Use the LogRecordId attribute as a unique key for efficient retrieval.

Key implementation decisions include:

Choice of log type: Determine whether a discardLog (fixed size, oldest records discarded) or wrapLog (circular) best fits your capacity and audit requirements.
Discrimination filter: The discriminatorConstruct attribute of a log allows sophisticated filtering of which event records are stored. This can be based on event type, source, time, or severity.
Memory and persistence: While the standard does not mandate a storage engine, implementations should consider thread safety and journaling to prevent data loss during system failures.
Integration with other SMS functions: Logs typically receive records from Event Report Management (ISO/IEC 10164-5), Alarm Reporting (ISO/IEC 10164-4), or directly from CMISE notifications.

Warning: The suspendLog and resumeLog actions are not idempotent. Calling suspendLog on an already suspended log may produce an error. Developers should track log state reliably using the operationalState attribute.

Implementation of the amendment’s PICS proformas is strongly recommended to facilitate conformance testing and declaration of capability by vendors.

Compliance and Certification Notes

Conformance to ISO/IEC 10164-6:1995/Amd 1:1999 is assessed through:

Static conformance: The implementation must declare which services, managed object classes, and attributes are supported in a PICS document (now standardised by Amendment 1).
Dynamic conformance: Behavioural tests verify that the system correctly responds to CMIP operations under normal and error conditions.
Interoperability testing: Log records created by one vendor must be readable by the log management application of another, respecting the defined abstract syntax.

Success: Adhering to the full GDMO definitions ensures that management applications from different vendors can interoperate seamlessly—a key requirement for large-scale multi-vendor telecom and industrial networks.

Danger: Non-compliance with capacity behaviour rules (e.g., not discarding oldest records in a discardLog when full) can lead to undetected data loss and invalid audits. Always validate behaviour with the conformance test suite.

Although the standard is now considered a stable mature specification, operators managing legacy OSI management systems must ensure that any new implementation supporting LCF does not deviate from the 1995/1999 definitions. Products claiming support for IEC 10164-6-95 should undergo third-party testing by accredited OSI conformance laboratories.

Q: How does ISO/IEC 10164-6 relate to the Event Report Management function (ISO/IEC 10164-5)?
A: The two standards work closely together. ISO/IEC 10164-5 defines how event reports are forwarded from agents to managers; ISO/IEC 10164-6 defines how those reports can be stored persistently in logs. Event forward discriminators can direct event records to a log object’s discriminatorConstruct.

Q: Are there any new editions of this standard that supersede the 1995 version?
A: The ITU-T Recommendation X.735 (which is aligned with ISO/IEC 10164-6) was revised in 2007, but many industrial and telecom systems still operate based on the 1995 edition plus Amendment 1:1999 for reasons of backward compatibility. Always consult your procurement requirements to determine the valid edition.

Q: Can the Log Control Function be implemented without a full OSI stack?
A: The standard assumes the presence of a full CMISE protocol stack. However, some implementations map the LCF services to lightweight alternatives (e.g., SNMP proxies). This is considered a non-extension unless the proxy faithfully reproduces the GDMO behaviour. For strict conformance, a complete CMIP environment is required.

Q: What is the role of Amendment 1:1999 in conformance testing?
A: It provides the standardised PICS proforma tables, which list the mandatory and optional features of the log control function. Vendors fill out these tables in their conformance statements, which test labs use to design test cases. Without this amendment, conformance declarations were often inconsistent.

📥 Standard Documents Download

🔒

Please wait 10 seconds, the download links will appear after the ad loads