Re: [sip-clf] draft CLF charter

Robert Sparks <rjsparks@nostrum.com> Wed, 22 July 2009 17:23 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 53AB73A6820 for <sip-clf@core3.amsl.com>; Wed, 22 Jul 2009 10:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dI0N4BzxCWN for <sip-clf@core3.amsl.com>; Wed, 22 Jul 2009 10:23:14 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id EF4133A67DA for <sip-clf@ietf.org>; Wed, 22 Jul 2009 10:23:13 -0700 (PDT)
Received: from dn3-232.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id n6MHNAed068478 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 22 Jul 2009 12:23:10 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-Id: <AA6EC7DD-8331-41B6-AFC8-866CF5C73088@nostrum.com>
From: Robert Sparks <rjsparks@nostrum.com>
To: "DRAGE, Keith (Keith)" <drage@alcatel-lucent.com>
In-Reply-To: <EDC0A1AE77C57744B664A310A0B23AE20707CECC@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Wed, 22 Jul 2009 12:23:10 -0500
References: <3B33A97D-7E19-4A08-A431-A085D53A2A6E@nostrum.com> <D5E606B8-0811-4D40-AA76-ED989B00FD02@nostrum.com> <EDC0A1AE77C57744B664A310A0B23AE20707CECC@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
X-Mailer: Apple Mail (2.935.3)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: "sip-clf@ietf.org" <sip-clf@ietf.org>
Subject: Re: [sip-clf] draft CLF charter
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2009 17:23:15 -0000

This is just getting input from the opsarea. Conversation will  
continue on sip-clf.

RjS

On Jul 20, 2009, at 11:21 AM, DRAGE, Keith (Keith) wrote:

> Just to note that previously the input from the other area director  
> was to provide separate milestones for taking a draft to WGLC and  
> publication request to IESG.
>
>> We'll also be discussing this in Thursday's opsarea meeting.
>>
>
> Can you clarify what you mean by this? All discussion will  
> henceforward be in opsarea or just seeking their input to continuing  
> discussion on the dispatch mailing list.
>
> regards
>
> Keith
>
>> -----Original Message-----
>> From: sip-clf-bounces@ietf.org
>> [mailto:sip-clf-bounces@ietf.org] On Behalf Of Robert Sparks
>> Sent: Friday, July 17, 2009 10:14 PM
>> To: sip-clf@ietf.org
>> Subject: [sip-clf] draft CLF charter
>>
>> All -
>>
>> We are working on forming a CLF working group based on
>> DISPATCH's decision.
>>
>> Below is a proposed charter for this working group. Please
>> review and comment on this list. Depending on the feedback we
>> receive, we will target forming this group shortly after the
>> Stockholm meeting.
>>
>> We'll also be discussing this in Thursday's opsarea meeting.
>>
>> Thanks,
>>
>> RjS
>>
>>
>>> The SIP Common Log File (CLF) working group is chartered to
>> define a
>>> standard logging format for systems processing SIP messages.
>>>
>>> Well-known web servers such as Apache and web proxies like Squid
>>> support event logging using a common log format.  The logs produced
>>> using these de-facto standard formats are invaluable to system
>>> administrators for trouble-shooting a server and tool
>> writers to craft
>>> tools that mine the log files to produce reports and trends and to
>>> search for a certain SIP message or messages, a transaction or a
>>> related set of transactions.  Furthermore, these log
>> records can also
>>> be used to train anomaly detection systems and feed events into a
>>> security event management system.
>>>
>>> The Session Initiation Protocol does not have a common log format.
>>> Diverse element provide distinct log formats making it complex to
>>> produce tools to analyze them.
>>>
>>> The CLF working group will produce a format suitable for
>> logging from
>>> any SIP element. The format will anticipate the need to
>> search, merge,
>>> and summarize the log records from diverse elements.
>>> The format will anticipate the need to correlate messages from
>>> multiple elements related to a given request (that may fork) or a
>>> given dialog. The format will take SIP's extensibility into
>>> consideration, providing a way to represent SIP message components
>>> that are defined in the future.  The format will anticipate
>> being used
>>> both for off-line analysis and on-line real-time processing
>>> applications. The working group will consider the need for
>> efficient
>>> processing in its design of this format.
>>>
>>> The working group is not pre-constrained to producing either a
>>> bit-field oriented or text-oriented format, and may choose
>> to provide
>>> both. If the group chooses to specify both, it must be possible to
>>> mechanically translate between the formats without loss of
>>> information.
>>>
>>> Specifying the mechanics of exchanging, transporting, and
>> storing SIP
>>> Common Log Format records is explicitly out of scope. Specifying a
>>> real-time transfer mechanism for heuristic analysis is
>> explicitly out
>>> of scope.
>>>
>>> The group will generate:
>>>
>>> - A problem statement enunciating the motivation,  and use
>> cases for a
>>> SIP Common Log Format. This analysis  will identify the required
>>> minimal information that must  appear in any record.
>>>
>>> - A specification of the SIP Common Log Format record.
>>>
>>> The group will consider providing one or more reference
>>> implementations for decoding a CLF record.
>>>
>>> Goals and Milestones
>>> ===========================
>>>
>>> Nov 09 - Problem statement, motivation, and use cases to IESG
>>> (Informational)
>>> Feb 10 - SIP Common Log Format specification to IESG (PS)
>>>
>>
>> _______________________________________________
>> sip-clf mailing list
>> sip-clf@ietf.org
>> https://www.ietf.org/mailman/listinfo/sip-clf
>>