Re: [sip-clf] A syslog approach to sip logging

Adam Roach <adam@nostrum.com> Thu, 04 February 2010 05:13 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6249B28C147 for <sip-clf@core3.amsl.com>; Wed, 3 Feb 2010 21:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4btzqIrDGCVP for <sip-clf@core3.amsl.com>; Wed, 3 Feb 2010 21:13:00 -0800 (PST)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id 9AE1628C142 for <sip-clf@ietf.org>; Wed, 3 Feb 2010 21:12:59 -0800 (PST)
Received: from [192.168.0.128] (ppp-70-249-147-216.dsl.rcsntx.swbell.net [70.249.147.216]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id o145DbhF065754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 3 Feb 2010 23:13:38 -0600 (CST) (envelope-from adam@nostrum.com)
Message-ID: <4B6A5781.6050903@nostrum.com>
Date: Wed, 03 Feb 2010 23:13:37 -0600
From: Adam Roach <adam@nostrum.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090715 Thunderbird/3.0b3
MIME-Version: 1.0
To: Hadriel Kaplan <HKaplan@acmepacket.com>
References: <013201caa438$f19aac50$0600a8c0@china.huawei.com> <4D9AD174-7E0A-4E47-BB53-32428C4803A9@cisco.com> <430FC6BDED356B4C8498F634416644A917E5E0E07F@mail>
In-Reply-To: <430FC6BDED356B4C8498F634416644A917E5E0E07F@mail>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass (nostrum.com: 70.249.147.216 is authenticated by a trusted mechanism)
Cc: David B Harrington <dbharrington@comcast.net>, 'SIP-CLF Mailing List' <sip-clf@ietf.org>
Subject: Re: [sip-clf] A syslog approach to sip logging
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2010 05:13:01 -0000

On 02/03/2010 10:16 PM, Hadriel Kaplan wrote:
>
>    
>> -----Original Message-----
>> From: sip-clf-bounces@ietf.org [mailto:sip-clf-bounces@ietf.org] On Behalf
>> Of Cullen Jennings
>> Sent: Wednesday, February 03, 2010 6:39 PM
>>
>> One requirement that I suspect you will find fairly universal about
>> transporting around SIP log like informations is that
>>
>> 1) it is reliable
>>
>> 2) we can include complete SIP messages. These can get very large. (Magnus
>> posted a 40k SDP to the mmusic awhile back, don't even ask how large
>> MESSAGE messages get in the wild)
>>      
> Also, if it is required for it to support including complete SIP messages, then it has to support binary content, since those can be in SIP message bodies (e.g., ISUP, QSIG).
>    


And even if it isn't required to transport complete messages, the 
various fields that are clearly within the scope of even the most basic 
logging can contain UTF-8 characters, which means *almost* any octets 
can potentially appear in these fields anyway.

/a