RE: [sip-clf] Last Call: <draft-ietf-sipclf-problem-statement-11.txt> (The Common Log Format (CLF) for the Session Initiation Protocol (SIP): Framework and Data Model) to Proposed Standard
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Mon, 17 December 2012 16:02 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38BED21F8B37; Mon, 17 Dec 2012 08:02:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.381
X-Spam-Level:
X-Spam-Status: No, score=-103.381 tagged_above=-999 required=5 tests=[AWL=0.218, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MCqFlmTBnwf; Mon, 17 Dec 2012 08:02:50 -0800 (PST)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id D706621F8B39; Mon, 17 Dec 2012 08:02:49 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEKAKUvoFDGmAcF/2dsb2JhbABEgmzAaYEBB4IeAQEBAQMBAQEPKDQLDAQCAQgNBAQBAQsUBQQHJwsUCQgCBA4FCBqHaAEKniacAIwVhWlhA5cYhHGKNoJvghk
X-IronPort-AV: E=Sophos;i="4.80,759,1344225600"; d="scan'208";a="336707118"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 17 Dec 2012 10:56:03 -0500
Received: from unknown (HELO AZ-FFEXHC01.global.avaya.com) ([135.64.58.11]) by co300216-co-erhwest-out.avaya.com with ESMTP; 17 Dec 2012 10:59:37 -0500
Received: from AZ-FFEXMB04.global.avaya.com ([fe80::6db7:b0af:8480:c126]) by AZ-FFEXHC01.global.avaya.com ([135.64.58.11]) with mapi id 14.02.0318.004; Mon, 17 Dec 2012 11:02:40 -0500
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: [sip-clf] Last Call: <draft-ietf-sipclf-problem-statement-11.txt> (The Common Log Format (CLF) for the Session Initiation Protocol (SIP): Framework and Data Model) to Proposed Standard
Thread-Topic: [sip-clf] Last Call: <draft-ietf-sipclf-problem-statement-11.txt> (The Common Log Format (CLF) for the Session Initiation Protocol (SIP): Framework and Data Model) to Proposed Standard
Thread-Index: AQHN0Zcqqd06/SGCyUe0bHqFyrUH+ZgdOdKw
Date: Mon, 17 Dec 2012 16:02:40 +0000
Message-ID: <9904FB1B0159DA42B0B887B7FA8119CA042028@AZ-FFEXMB04.global.avaya.com>
References: <20121203204501.12217.39525.idtracker@ietfa.amsl.com>
In-Reply-To: <20121203204501.12217.39525.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.64.58.46]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sip-clf@ietf.org" <sip-clf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 16:02:51 -0000
Hi, I believe that this is a good document and I support its approval. I do have a number of issues which I suggest to take into consideration before approval and publication: 1. In Section 4: The SIP CLF is amenable to easy parsing and lends itself well to creating other innovative tools. I am not sure what this sentence really says. What does 'easy parsing' mean? The previous paragraph referred to 'quick parsing (i.e., well-delimited fields)' - quick parsing is a relative notion but at least there was an example. Here, I do not know. What does 'other innovative tools' means escapes me totally. Why 'other'? 'other' than what? And what 'innovative tools' means? 2. In Section 11 SIP CLF log files will take up substantive amount of disk space depending on traffic volume at a processing entity and the amount of information being logged. As such, any organization using SIP CLF should establish operational procedures for file rollovers as appropriate to the needs of the organization. Procedures for file rollovers is not enough - actually there need to be in place procedures for periodic retrieval of logs before rollover. 3. [RFC3261] needs to be a Normative Reference. All this document speaks about logs for SIP, refers to SIP entities, messages, fields in the SIP messages - on short it cannot be understood and the SIP-CLF cannot be implemented without a good reading and understanding of [RFC3261]. Regards, Dan > -----Original Message----- > From: sip-clf-bounces@ietf.org [mailto:sip-clf-bounces@ietf.org] On > Behalf Of The IESG > Sent: Monday, December 03, 2012 10:45 PM > To: IETF-Announce > Cc: sip-clf@ietf.org > Subject: [sip-clf] Last Call: <draft-ietf-sipclf-problem-statement- > 11.txt> (The Common Log Format (CLF) for the Session Initiation Protocol > (SIP): Framework and Data Model) to Proposed Standard > > > The IESG has received a request from the SIP Common Log Format WG > (sipclf) to consider the following document: > - 'The Common Log Format (CLF) for the Session Initiation Protocol > (SIP): > Framework and Data Model' > <draft-ietf-sipclf-problem-statement-11.txt> as Proposed Standard > > A previous version of this document was Last Called with an > Informational intended publication status. Issues with the document's > scope and technical concerns with internationalization were identified > during IESG evaluation and the document was returned to the working > group. > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2012-12-17. Exceptionally, comments may > be sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > Well-known web servers such as Apache and web proxies like Squid > support event logging using a common log format. The logs produced > using these de-facto standard formats are invaluable to system > administrators for trouble-shooting a server and tool writers to > craft tools that mine the log files and produce reports and trends. > Furthermore, these log files can also be used to train anomaly > detection systems and feed events into a security event management > system. The Session Initiation Protocol (SIP) does not have a common > log format, and as a result, each server supports a distinct log > format that makes it unnecessarily complex to produce tools to do > trend analysis and security detection. We propose a common log file > format for SIP servers that can be used uniformly by user agents, > proxies, registrars, redirect servers as well as back-to-back user > agents. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem-statement/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem- > statement/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > _______________________________________________ > sip-clf mailing list > sip-clf@ietf.org > https://www.ietf.org/mailman/listinfo/sip-clf
- RE: [sip-clf] Last Call: <draft-ietf-sipclf-probl… Romascanu, Dan (Dan)
- Re: [sip-clf] Last Call: <draft-ietf-sipclf-probl… Vijay K. Gurbani