[sip-clf] Fw: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 overLunchon Friday

"Spencer Dawkins" <spencer@wonderhamster.org> Thu, 30 July 2009 12:20 UTC

Return-Path: <spencer@wonderhamster.org>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5644D3A7133 for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 05:20:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level:
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[AWL=0.594, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSluqDG+7i0M for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 05:20:07 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by core3.amsl.com (Postfix) with ESMTP id 28E3E3A6818 for <sip-clf@ietf.org>; Thu, 30 Jul 2009 05:20:07 -0700 (PDT)
Received: from S73602b (dhcp-63fb.meeting.ietf.org [130.129.99.251]) by mrelay.perfora.net (node=mrus0) with ESMTP (Nemesis) id 0MKp8S-1MWUcA2fb1-00010h; Thu, 30 Jul 2009 08:20:08 -0400
Message-ID: <F4D6A2AAC1E7457DA47243E75C3CE011@china.huawei.com>
From: "Spencer Dawkins" <spencer@wonderhamster.org>
To: "SIP-CLF Mailing List" <sip-clf@ietf.org>
Date: Thu, 30 Jul 2009 14:19:59 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Provags-ID: V01U2FsdGVkX19U+EPsVE7lkzg3Mq3K0nhyy0AUeVQ5QmOgFhY fy3tIHqbIci9tycNVMvpe3OQOZIIJBnUUDimS2WNTiQDcWHit0 tAEChBrcWnUf6xr3pUm9eriswXMB8quG6fcqXmWcWY=
Subject: [sip-clf] Fw: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 overLunchon Friday
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 12:20:08 -0000

My apologies - I mistyped the SIP-CLF mailing list userpart on my note 
below. Hopefully everyone is also subscribed to the DISPATCH mailing list, 
which I DID type correctly :-/

Thanks,

Spencer

----- Original Message ----- 
From: "Spencer Dawkins" <spencer@wonderhamster.org>
To: "dispatch mailing list" <dispatch@ietf.org>
Cc: <clf@ietf.org>
Sent: Thursday, July 30, 2009 12:14 AM
Subject: Re: [dispatch] Room for DISPATCH ad-hoc on CLF : Room 300 
overLunchon Friday


> The SIP-CLF DISPATCH ad hoc on Friday is intended to form a working group,
> and we'll be noodling over charter text that Robert has produced (in
> consultation with others) during the meeting.
>
> Just to make sure we're all on the same page, here's the charter text 
> we'll
> be discussing - please look it over BEFORE the meeting (and if you want to 
> talk about it on the sip-clf@ietf.org mailing list before the meeting, 
> that's fine, too):
>
> The SIP Common Log Format (CLF) working group is chartered to define a
> standard logging format for systems processing SIP messages.
>
> Well-known web servers such as Apache and web proxies like Squid support
> event logging using a common log format. The logs produced using these
> de-facto standard formats are invaluable to system administrators for
> trouble-shooting a server and tool writers to craft tools that mine the 
> log
> files to produce reports and trends and to search for a certain SIP 
> message
> or messages, a transaction or a related set of transactions. Furthermore,
> these log records can also be used to train anomaly detection systems and
> feed events into a security event management system.
>
> The Session Initiation Protocol does not have a common log format. Diverse
> element provide distinct log formats making it complex to produce tools to
> analyze them.
>
> The CLF working group will produce a format suitable for logging from any
> SIP element. The format will anticipate the need to search, merge, and
> summarize the log records from diverse elements. The format will 
> anticipate
> the need to correlate messages from multiple elements related to a given
> request (that may fork) or a given dialog. The format will take SIP's
> extensibility into consideration, providing a way to represent SIP message
> components that are defined in the future. The format will anticipate 
> being
> used both for off-line analysis and on-line real-time processing
> applications. The working group will consider the need for efficient
> creation of records and the need for efficient processing of the records.
>
> The working group will identify the fields to appear in a log record and
> provide one or more formats for encoding those fields. The working group 
> is
> not pre-constrained to producing either a bit-field oriented or
> text-oriented format, and may choose to provide both. If the group chooses
> to specify both, it must be possible to mechanically translate between the
> formats without loss of information.
>
> Specifying the mechanics of exchanging, transporting, and storing SIP
> Common Log Format records is explicitly out of scope. Specifying a 
> real-time
> transfer mechanism for heuristic analysis is explicitly out of scope.
>
> The group will generate:
>
> A problem statement enunciating the motivation, and use cases for a SIP
> Common Log Format. This analysis will identify the required minimal
> information that must appear in any record.
>
> A specification of the SIP Common Log Format record
>
> The group will consider providing one or more reference implementations 
> for
> decoding a CLF record.
>
> One more piece of logistics ...
>
> We'll need at least one, and preferably two, scribes and a jabber scribe 
> for
> our CLF session on Friday during lunch.
>
> We'll call for volunteers at the meeting if necessary - we can't have the
> meeting without producing minutes - but it would be great if you could
> consider volunteering NOW.
>
> We have about an hour to get through some pretty important discussions, 
> and
> every minute we DON'T spend gazing meaningfully at the attendees (us) and
> looking down at computers trying not to make eye contact with the chairs
> (you) is a minute that we can use more productively!
>
> Thanks,
>
> Spencer and Theo
>
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch