[sip-clf] Fw: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 overLunchon Friday
"Spencer Dawkins" <spencer@wonderhamster.org> Thu, 30 July 2009 12:20 UTC
Return-Path: <spencer@wonderhamster.org>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5644D3A7133 for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 05:20:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level:
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[AWL=0.594, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSluqDG+7i0M for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 05:20:07 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by core3.amsl.com (Postfix) with ESMTP id 28E3E3A6818 for <sip-clf@ietf.org>; Thu, 30 Jul 2009 05:20:07 -0700 (PDT)
Received: from S73602b (dhcp-63fb.meeting.ietf.org [130.129.99.251]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0MKp8S-1MWUcA2fb1-00010h; Thu, 30 Jul 2009 08:20:08 -0400
Message-ID: <F4D6A2AAC1E7457DA47243E75C3CE011@china.huawei.com>
From: Spencer Dawkins <spencer@wonderhamster.org>
To: SIP-CLF Mailing List <sip-clf@ietf.org>
Date: Thu, 30 Jul 2009 14:19:59 +0200
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="response"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Provags-ID: V01U2FsdGVkX19U+EPsVE7lkzg3Mq3K0nhyy0AUeVQ5QmOgFhY fy3tIHqbIci9tycNVMvpe3OQOZIIJBnUUDimS2WNTiQDcWHit0 tAEChBrcWnUf6xr3pUm9eriswXMB8quG6fcqXmWcWY=
Subject: [sip-clf] Fw: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 overLunchon Friday
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 12:20:08 -0000
My apologies - I mistyped the SIP-CLF mailing list userpart on my note below. Hopefully everyone is also subscribed to the DISPATCH mailing list, which I DID type correctly :-/ Thanks, Spencer ----- Original Message ----- From: "Spencer Dawkins" <spencer@wonderhamster.org> To: "dispatch mailing list" <dispatch@ietf.org> Cc: <clf@ietf.org> Sent: Thursday, July 30, 2009 12:14 AM Subject: Re: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 overLunchon Friday > The SIP-CLF DISPATCH ad hoc on Friday is intended to form a working group, > and we'll be noodling over charter text that Robert has produced (in > consultation with others) during the meeting. > > Just to make sure we're all on the same page, here's the charter text > we'll > be discussing - please look it over BEFORE the meeting (and if you want to > talk about it on the sip-clf@ietf.org mailing list before the meeting, > that's fine, too): > > The SIP Common Log Format (CLF) working group is chartered to define a > standard logging format for systems processing SIP messages. > > Well-known web servers such as Apache and web proxies like Squid support > event logging using a common log format. The logs produced using these > de-facto standard formats are invaluable to system administrators for > trouble-shooting a server and tool writers to craft tools that mine the > log > files to produce reports and trends and to search for a certain SIP > message > or messages, a transaction or a related set of transactions. Furthermore, > these log records can also be used to train anomaly detection systems and > feed events into a security event management system. > > The Session Initiation Protocol does not have a common log format. Diverse > element provide distinct log formats making it complex to produce tools to > analyze them. > > The CLF working group will produce a format suitable for logging from any > SIP element. The format will anticipate the need to search, merge, and > summarize the log records from diverse elements. The format will > anticipate > the need to correlate messages from multiple elements related to a given > request (that may fork) or a given dialog. The format will take SIP's > extensibility into consideration, providing a way to represent SIP message > components that are defined in the future. The format will anticipate > being > used both for off-line analysis and on-line real-time processing > applications. The working group will consider the need for efficient > creation of records and the need for efficient processing of the records. > > The working group will identify the fields to appear in a log record and > provide one or more formats for encoding those fields. The working group > is > not pre-constrained to producing either a bit-field oriented or > text-oriented format, and may choose to provide both. If the group chooses > to specify both, it must be possible to mechanically translate between the > formats without loss of information. > > Specifying the mechanics of exchanging, transporting, and storing SIP > Common Log Format records is explicitly out of scope. Specifying a > real-time > transfer mechanism for heuristic analysis is explicitly out of scope. > > The group will generate: > > A problem statement enunciating the motivation, and use cases for a SIP > Common Log Format. This analysis will identify the required minimal > information that must appear in any record. > > A specification of the SIP Common Log Format record > > The group will consider providing one or more reference implementations > for > decoding a CLF record. > > One more piece of logistics ... > > We'll need at least one, and preferably two, scribes and a jabber scribe > for > our CLF session on Friday during lunch. > > We'll call for volunteers at the meeting if necessary - we can't have the > meeting without producing minutes - but it would be great if you could > consider volunteering NOW. > > We have about an hour to get through some pretty important discussions, > and > every minute we DON'T spend gazing meaningfully at the attendees (us) and > looking down at computers trying not to make eye contact with the chairs > (you) is a minute that we can use more productively! > > Thanks, > > Spencer and Theo > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch
- [sip-clf] Fw: [dispatch] Room for DISPATCH ad-hoc… Spencer Dawkins