Re: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt

Peter Musgrave <peter.musgrave@magorcorp.com> Wed, 04 May 2011 13:39 UTC

Return-Path: <peter.musgrave@magorcorp.com>
X-Original-To: sip-clf@ietfa.amsl.com
Delivered-To: sip-clf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EBE3E0762 for <sip-clf@ietfa.amsl.com>; Wed, 4 May 2011 06:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.066
X-Spam-Level:
X-Spam-Status: No, score=-103.066 tagged_above=-999 required=5 tests=[AWL=0.532, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTOq8+nfUZWH for <sip-clf@ietfa.amsl.com>; Wed, 4 May 2011 06:39:47 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0F8DAE0682 for <sip-clf@ietf.org>; Wed, 4 May 2011 06:39:46 -0700 (PDT)
Received: by ywi6 with SMTP id 6so469366ywi.31 for <sip-clf@ietf.org>; Wed, 04 May 2011 06:39:46 -0700 (PDT)
Received: by 10.151.69.24 with SMTP id w24mr1067555ybk.263.1304516385897; Wed, 04 May 2011 06:39:45 -0700 (PDT)
Received: from petermac.magor.local ([72.1.217.106]) by mx.google.com with ESMTPS id u20sm507765yba.0.2011.05.04.06.39.44 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 04 May 2011 06:39:44 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary=Apple-Mail-52--208331340
From: Peter Musgrave <peter.musgrave@magorcorp.com>
In-Reply-To: <8CB1F01A-91E7-4A02-A984-718AEC84EE0B@magorcorp.com>
Date: Wed, 4 May 2011 09:39:43 -0400
Message-Id: <96B28772-470F-4010-A372-7432A43CBB0F@magorcorp.com>
References: <20110418143004.807.72505.idtracker@ietfc.amsl.com> <A4BBEEE4-4420-4A3A-BD0D-EE72430A6A64@magorcorp.com> <8CB1F01A-91E7-4A02-A984-718AEC84EE0B@magorcorp.com>
To: Peter Musgrave <peter.musgrave@magorcorp.com>
X-Mailer: Apple Mail (2.1084)
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2011 13:39:48 -0000

As promised here my "as individual" review of the examples:

In section 9.2:
        To: sip:bob@example.net
        R-URI: sip:bob@bob1.example.net
I am trying to reconcile these. It is not stated in the start that bob is registered to p2. I am assuming that p2 is authoritative for bob (Hence the value in the To: header) ?
Should the intro state that Bob is registered to p2?

Went through the rest fairly carefully. All looks good. 

Cheers, 

Peter Musgrave

On 2011-04-27, at 2:42 PM, Peter Musgrave wrote:

> (as individual)
> 
> Overall, I think this is in excellent shape. I have a few specific observations/questions:
> 
> Last sentence of abstract could be simplified just to SIP devices? (In section 4 UA is explicitly mentioned - and it's not in the abstract which has a list of SIP server type devices). 
> 
> 8.1 From/To Header
> Both contain the statement "it is not necessary to log any URI parameters". 
> Perhaps this should be in normative language? URI parameters MUST NOT be logged (they can be logged separately using an option field)
> 
> R-URI: URI parameters MUST be logged?
> 
> 8.2 Is it necessary to indicate what a UAS-half and UAC-half are? I can see that for a proxy a request is both received and forwarded (although I am not sure I would use the term UAC-half for the sent side of a message.) As for a B2BUA I tend to think of the two sides as a UAC and a UAS (and not a "half")
> 
> [I have set aside the examples for now - I will finish reviewing that before the WGLC ends].
> 
> Cheers, 
> 
> Peter
> 
> 
> 
> 
> 
> On 2011-04-18, at 3:11 PM, Peter Musgrave wrote:
> 
>> Greetings CLF-ers,
>> 
>> I would like to start a two week WGLC on the problem statement doc (in accordance with our discussion in Prague). 
>> 
>> Please make you comments on the list by Wed. May 4th (I have added a few days to account for the Easter break). 
>> 
>> We need reviewers and fresh eyes - so if you can make time to read this it is much appreciated!
>> 
>> Thanks, 
>> 
>> Peter Musgrave
>> Chair, sip-clf
>> 
>> Begin forwarded message:
>> 
>>> From: Internet-Drafts@ietf.org
>>> Date: April 18, 2011 10:30:04 AM EDT
>>> To: i-d-announce@ietf.org
>>> Cc: sip-clf@ietf.org
>>> Subject: [sip-clf] I-D Action:draft-ietf-sipclf-problem-statement-06.txt
>>> 
>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> This draft is a work item of the SIP Common Log Format Working Group of the IETF.
>>> 
>>> 
>>> 	Title           : The Common Log Format (CLF) for the Session Initiation Protocol (SIP)
>>> 	Author(s)       : V. Gurbani, et al.
>>> 	Filename        : draft-ietf-sipclf-problem-statement-06.txt
>>> 	Pages           : 34
>>> 	Date            : 2011-04-18
>>> 
>>> Well-known web servers such as Apache and web proxies like Squid
>>> support event logging using a common log format.  The logs produced
>>> using these de-facto standard formats are invaluable to system
>>> administrators for trouble-shooting a server and tool writers to
>>> craft tools that mine the log files and produce reports and trends.
>>> Furthermore, these log files can also be used to train anomaly
>>> detection systems and feed events into a security event management
>>> system.  The Session Initiation Protocol does not have a common log
>>> format, and as a result, each server supports a distinct log format
>>> that makes it unnecessarily complex to produce tools to do trend
>>> analysis and security detection.  We propose a common log file format
>>> for SIP servers that can be used uniformly by proxies, registrars,
>>> redirect servers as well as back-to-back user agents.
>>> 
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-sipclf-problem-statement-06.txt
>>> 
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>> 
>>> Below is the data which will enable a MIME compliant mail reader
>>> implementation to automatically retrieve the ASCII version of the
>>> Internet-Draft.
>> <Mail Attachment>
>>> _______________________________________________
>>> sip-clf mailing list
>>> sip-clf@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sip-clf
>> 
>