Re: [BEHAVE] logging drafts
Tom Taylor <tom.taylor.stds@gmail.com> Sat, 13 April 2013 22:52 UTC
Return-Path: <tom.taylor.stds@gmail.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9D1F21F84F9 for <behave@ietfa.amsl.com>; Sat, 13 Apr 2013 15:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.048
X-Spam-Level:
X-Spam-Status: No, score=0.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lucikm0rrqKi for <behave@ietfa.amsl.com>; Sat, 13 Apr 2013 15:52:50 -0700 (PDT)
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by ietfa.amsl.com (Postfix) with ESMTP id F2AE921F84E7 for <behave@ietf.org>; Sat, 13 Apr 2013 15:52:49 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id x14so317869ief.21 for <behave@ietf.org>; Sat, 13 Apr 2013 15:52:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=NIh5/ZzfMgmy9hkUtXoue7tpuBad9j8Hp+rLlfudiV0=; b=Nie+jQpaBhceXv3M9BJ35ttC93TsphwMy9vV/dPqD/9hrJCcbnZ9H5HCeNrB1VzlOG bf4zGh1Zx28s0YKp0lnwEWMhA4ZgCRFxvvyUo9nHJwG+cIdtTLpqY58q7MxFTBZHuz1v GYQp7xbGUhANK5qDqMEEaGTTtwFev5zndj17mIrqptDpJsTg+8eewjbo8r/zCkPH6trO jmAgfafwMlhs4YXfgDUKMJ0ay36MbNzx6eHwiZwd4J+6fXouM6edkntHdkhEgBHYqOxD PwFVYWI3Iacrx76f/kzLJUP1CFFOaHFHevXR44jmYvo30O47HuR6X2AWd0SVxKe60EhJ 0RSw==
X-Received: by 10.50.17.166 with SMTP id p6mr2272001igd.12.1365893569452; Sat, 13 Apr 2013 15:52:49 -0700 (PDT)
Received: from [192.168.1.65] (dsl-173-206-2-115.tor.primus.ca. [173.206.2.115]) by mx.google.com with ESMTPS id ip2sm4568098igc.5.2013.04.13.15.52.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 13 Apr 2013 15:52:48 -0700 (PDT)
Message-ID: <5169E1BF.6000202@gmail.com>
Date: Sat, 13 Apr 2013 18:52:47 -0400
From: Tom Taylor <tom.taylor.stds@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <65DAA8E7-B1A8-4581-80F2-D1734999BA1A@cisco.com>
In-Reply-To: <65DAA8E7-B1A8-4581-80F2-D1734999BA1A@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "behave@ietf.org" <behave@ietf.org>, behave-chairs@tools.ietf.org
Subject: Re: [BEHAVE] logging drafts
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Apr 2013 22:52:50 -0000
I propose the following: (1) Record exactly the same events and parameters in SYSLOG as in IPFIX. I have arguments for why this is reasonable. (2) Add a Deployment Considerations section that provides a context for the use of the fields that have been defined. As an example, it would cover what logging would include for different transition methods. As another example, it might explore different architectures in which log collection would happen. As a sub-case of the latter, some events in some situations happen at provisioning time and are reasonably collected or reported by AAA. Comments? Tom Taylor On 13/03/2013 2:11 PM, Dan Wing wrote: > The two NAT logging drafts were presented at the BEHAVE meeting at IETF86 (draft-sivakumar-behave-nat-logging-06 and draft-ietf-behave-syslog-nat-logging-00). They are both WG documents and based on the feedback at the meeting, we would like to see: > > * an update of the table presented at the meeting (slide 6 of http://tools.ietf.org/agenda/86/slides/slides-86-behave-2.pdf). > * text added to the SYSLOG and IPFIX documents explaining their applicability. > * discussion on the list to reach consensus that SYSLOG and IPFIX should, or should not, send different events because of their different applicability. > > -d > > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave >
- [BEHAVE] logging drafts Dan Wing
- Re: [BEHAVE] logging drafts Mikael Abrahamsson
- Re: [BEHAVE] logging drafts Tom Taylor
- Re: [BEHAVE] logging drafts Tom Taylor
- Re: [BEHAVE] logging drafts Dan Wing