[sip-clf] draft CLF charter

Robert Sparks <rjsparks@nostrum.com> Fri, 17 July 2009 21:13 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 438443A68EC for <sip-clf@core3.amsl.com>; Fri, 17 Jul 2009 14:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRbGNmCF2WyQ for <sip-clf@core3.amsl.com>; Fri, 17 Jul 2009 14:13:30 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id B56193A6AE5 for <sip-clf@ietf.org>; Fri, 17 Jul 2009 14:13:26 -0700 (PDT)
Received: from dn3-232.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id n6HLDVaE097908 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <sip-clf@ietf.org>; Fri, 17 Jul 2009 16:13:58 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-Id: <D5E606B8-0811-4D40-AA76-ED989B00FD02@nostrum.com>
From: Robert Sparks <rjsparks@nostrum.com>
To: sip-clf@ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Fri, 17 Jul 2009 16:13:58 -0500
References: <3B33A97D-7E19-4A08-A431-A085D53A2A6E@nostrum.com>
X-Mailer: Apple Mail (2.935.3)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Subject: [sip-clf] draft CLF charter
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2009 21:13:34 -0000

All -

We are working on forming a CLF working group based on DISPATCH's  
decision.

Below is a proposed charter for this working group. Please review and  
comment
on this list. Depending on the feedback we receive, we will target  
forming this
group shortly after the Stockholm meeting.

We'll also be discussing this in Thursday's opsarea meeting.

Thanks,

RjS


> The SIP Common Log File (CLF) working group is chartered to define
> a standard logging format for systems processing SIP messages.
>
> Well-known web servers such as Apache and web proxies like Squid
> support event logging using a common log format.  The logs produced
> using these de-facto standard formats are invaluable to system
> administrators for trouble-shooting a server and tool writers to
> craft tools that mine the log files to produce reports and trends
> and to search for a certain SIP message or messages, a transaction
> or a related set of transactions.  Furthermore, these log records
> can also be used to train anomaly detection systems and feed events
> into a security event management system.
>
> The Session Initiation Protocol does not have a common log
> format. Diverse element provide distinct log formats making
> it complex to produce tools to analyze them.
>
> The CLF working group will produce a format suitable for logging
> from any SIP element. The format will anticipate the need to
> search, merge, and summarize the log records from diverse elements.
> The format will anticipate the need to correlate messages from
> multiple elements related to a given request (that may fork)
> or a given dialog. The format will take SIP's extensibility into
> consideration, providing a way to represent SIP message components
> that are defined in the future.  The format will anticipate being
> used both for off-line analysis and on-line real-time processing
> applications. The working group will consider the need for
> efficient processing in its design of this format.
>
> The working group is not pre-constrained to producing either a
> bit-field oriented or text-oriented format, and may choose to
> provide both. If the group chooses to specify both, it must be
> possible to mechanically translate between the formats without
> loss of information.
>
> Specifying the mechanics of exchanging, transporting, and storing
> SIP Common Log Format records is explicitly out of scope. Specifying
> a real-time transfer mechanism for heuristic analysis is explicitly
> out of scope.
>
> The group will generate:
>
> - A problem statement enunciating the motivation,
>  and use cases for a SIP Common Log Format. This analysis
>  will identify the required minimal information that must
>  appear in any record.
>
> - A specification of the SIP Common Log Format record.
>
> The group will consider providing one or more reference
> implementations for decoding a CLF record.
>
> Goals and Milestones
> ===========================
>
> Nov 09 - Problem statement, motivation, and use cases to IESG  
> (Informational)
> Feb 10 - SIP Common Log Format specification to IESG (PS)
>