Re: [sip-clf] [dispatch] Next revision for the proposed CLF charter

"Vijay K. Gurbani" <vkg@alcatel-lucent.com> Thu, 06 August 2009 14:13 UTC

Return-Path: <vkg@alcatel-lucent.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E6FC228C105 for <sip-clf@core3.amsl.com>; Thu, 6 Aug 2009 07:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.516
X-Spam-Level:
X-Spam-Status: No, score=-2.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MkmyeMnzv46L for <sip-clf@core3.amsl.com>; Thu, 6 Aug 2009 07:13:17 -0700 (PDT)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id E35DF28C122 for <sip-clf@ietf.org>; Thu, 6 Aug 2009 07:13:16 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-61.lucent.com [135.3.40.61]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id n76EDIl2020769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Aug 2009 09:13:18 -0500 (CDT)
Received: from [135.185.236.17] (il0015vkg1.ih.lucent.com [135.185.236.17]) by umail.lucent.com (8.13.8/TPES) with ESMTP id n76EDGL3000564; Thu, 6 Aug 2009 09:13:18 -0500 (CDT)
Message-ID: <4A7AE4FC.6040501@alcatel-lucent.com>
Date: Thu, 06 Aug 2009 09:13:16 -0500
From: "Vijay K. Gurbani" <vkg@alcatel-lucent.com>
Organization: Bell Labs Security Technology Research Group
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Atsushi Kobayashi <akoba@nttv6.net>
References: <DDC1E758-32DB-41B0-B3F3-254334341FB4@nostrum.com> <20090801130506.288A.17391CF2@nttv6.net>
In-Reply-To: <20090801130506.288A.17391CF2@nttv6.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Cc: sip-clf@ietf.org
Subject: Re: [sip-clf] [dispatch] Next revision for the proposed CLF charter
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2009 14:13:18 -0000

Atsushi Kobayashi wrote:
> Dear all,
> 
> I have one question.

Atsushi: Thank you for your interest in this.  More inline.

> Does this charter include the media description part, i.e. SDP?
> I understood this motivation, however regarding security and trouble
> shooting, we need to track signaling and media as well.
> If SIP-CLF outputs the media description, we can correlate SIP signaling
> and media traffic data. The media traffic data may be outputted by IPFIX
> or other protocols.
> 
> Otherwise, is it future work?

At this point, the charter does not mention SDP explicitly,
although if the extensibility portion of the sip-clf is done
right, you will be able to save the SDP as well in a log file.
Now correlating the SDP and the actual media to the particular
signaling messages is an orthogonal process to collecting the
information elements in the sip-clf.

Thank you.

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web:   http://ect.bell-labs.com/who/vkg/