WG Review: SIP Common Log Format (sipclf)

IESG Secretary <iesg-secretary@ietf.org> Tue, 01 September 2009 19:01 UTC

Return-Path: <wwwrun@core3.amsl.com>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id 29B3B28C9B1; Tue, 1 Sep 2009 12:01:58 -0700 (PDT)
From: IESG Secretary <iesg-secretary@ietf.org>
To: IETF Announcement list <ietf-announce@ietf.org>
Subject: WG Review: SIP Common Log Format (sipclf)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0
Message-Id: <20090901190158.29B3B28C9B1@core3.amsl.com>
Date: Tue, 01 Sep 2009 12:01:58 -0700
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: iesg@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2009 19:01:58 -0000

A new IETF working group has been proposed in the Real-time Applications
and Infrastructure Area.  The IESG has not made any determination as yet.
The following draft charter was submitted, and is provided for
informational purposes only.  Please send your comments to the IESG
mailing list (iesg@ietf.org) by Tuesday, September 8, 2009.

SIP Common Log Format (sipclf)
Current Status: Proposed Working Group

Last Modified: 2009-08-27


Real-time Applications and Infrastructure Area Director(s):

Robert Sparks <rjsparks@nostrum.com>
Cullen Jennings <fluffy@cisco.com>

Real-time Applications and Infrastructure Area Advisor:

Mailing Lists:

Description of Working Group:

The SIP Common Log Format (SIPCLF) working group is chartered to define
a standard logging format for systems processing SIP messages.

Well-known web servers such as Apache and web proxies like Squid
support event logging using a common log format. The logs produced
using these de-facto standard formats are invaluable to system
administrators for trouble-shooting a server and tool writers to
craft tools that mine the log files to produce reports and trends
and to search for a certain message or messages, a transaction
or a related set of transactions. Furthermore, these log records
can also be used to train anomaly detection systems and feed events
into a security event management system.

The Session Initiation Protocol does not have a common log
format. Diverse elements provide distinct log formats making
it complex to produce tools to analyze them.

The SIPCLF working group will produce a format suitable for logging
from any SIP element. The working group will take into account
* the need to search, merge, and summarize the log records
from one or more possibly diverse elements.
* the need to correlate messages from multiple elements
related to a given request (that may fork) or a
given dialog.

The format will take SIP's extensibility into consideration, providing
a way to represent SIP message components that are defined in the
future. The format will anticipate being used both for off-line
analysis and on-line real-time processing applications. The working
group will consider the need for efficient creation of records and the
need for efficient processing of the records.

The working group will identify the fields to appear in a log
record and provide one or more formats for encoding those fields.
The working group is not pre-constrained to producing either a
bit-field oriented or text-oriented format, and may choose to
provide both. If the group chooses to specify both, it must be
possible to mechanically translate between the formats without loss
of information.

Specifying the mechanics of exchanging, transporting, and storing
SIP Common Log Format records is explicitly out of scope. However,
the working group will document as part of the definition of the
log record format:

* operational guidance considering log file management
addressing size, rollover, aggregation and
* guidance for correlating SIP CLF records with events
reported via other log mechanisms such as syslog or
SNMP traps.
* security guidance for storage, access, and transporting
SIP CLF log records, addressing information privacy

The group will generate:

- A problem statement enunciating the motivation,
and use cases for a SIP Common Log Format. This analysis
will identify the required minimal information that must
appear in any record.

- A specification of the SIP Common Log Format record

Goals and Milestones

Dec 09 - Problem statement, motivation, and use cases WGLC
Jan 10 - Problem statement, motivation, and use cases to IESG 
Mar 10 - SIP Common Log Format specification WGLC
Apr 10 - SIP Common Log Format specification to IESG (PS)