Re: [sip-clf] A syslog approach to sip logging
"Rainer Gerhards" <rgerhards@hq.adiscon.com> Thu, 04 February 2010 11:57 UTC
Return-Path: <rgerhards@hq.adiscon.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 998E83A6C0B for <sip-clf@core3.amsl.com>;
Thu, 4 Feb 2010 03:57:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOmc2mrPeEBM for
<sip-clf@core3.amsl.com>; Thu, 4 Feb 2010 03:57:26 -0800 (PST)
Received: from mailin.adiscon.com (hetzner.adiscon.com [85.10.198.18]) by
core3.amsl.com (Postfix) with ESMTP id AEECB28C10E for <sip-clf@ietf.org>;
Thu, 4 Feb 2010 03:57:26 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailin.adiscon.com
(Postfix) with ESMTP id 933D8241C005; Thu, 4 Feb 2010 12:43:55 +0100 (CET)
Received: from mailin.adiscon.com ([127.0.0.1]) by localhost (localhost
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KS6xqd1O5MMI;
Thu, 4 Feb 2010 12:43:55 +0100 (CET)
Received: from GRFEXC.intern.adiscon.com (pd95c774a.dip0.t-ipconnect.de
[217.92.119.74]) by mailin.adiscon.com (Postfix) with ESMTP id 5727A241C004;
Thu, 4 Feb 2010 12:43:55 +0100 (CET)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 4 Feb 2010 12:58:09 +0100
Message-ID: <9B6E2A8877C38245BFB15CC491A11DA710380B@GRFEXC.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [sip-clf] A syslog approach to sip logging
Thread-Index: AcqlWOUojoEIU7wST/ePlnjBRs+YaAAOD2ZA
References: <013201caa438$f19aac50$0600a8c0@china.huawei.com> <4D9AD174-7E0A-4E47-BB53-32428C4803A9@cisco.com><430FC6BDED356B4C8498F634416644A917E5E0E07F@mail>
<4B6A5781.6050903@nostrum.com>
From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
To: "Adam Roach" <adam@nostrum.com>, "Hadriel Kaplan" <HKaplan@acmepacket.com>
Cc: David B Harrington <dbharrington@comcast.net>,
SIP-CLF Mailing List <sip-clf@ietf.org>
Subject: Re: [sip-clf] A syslog approach to sip logging
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>,
<mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>,
<mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2010 11:57:27 -0000
> -----Original Message----- > From: sip-clf-bounces@ietf.org [mailto:sip-clf-bounces@ietf.org] On > Behalf Of Adam Roach > Sent: Thursday, February 04, 2010 6:14 AM > To: Hadriel Kaplan > Cc: David B Harrington; 'SIP-CLF Mailing List' > Subject: Re: [sip-clf] A syslog approach to sip logging > > On 02/03/2010 10:16 PM, Hadriel Kaplan wrote: > > > > > >> -----Original Message----- > >> From: sip-clf-bounces@ietf.org [mailto:sip-clf-bounces@ietf.org] On > Behalf > >> Of Cullen Jennings > >> Sent: Wednesday, February 03, 2010 6:39 PM > >> > >> One requirement that I suspect you will find fairly universal about > >> transporting around SIP log like informations is that > >> > >> 1) it is reliable > >> > >> 2) we can include complete SIP messages. These can get very large. > (Magnus > >> posted a 40k SDP to the mmusic awhile back, don't even ask how large > >> MESSAGE messages get in the wild) > >> > > Also, if it is required for it to support including complete SIP > messages, then it has to support binary content, since those can be in > SIP message bodies (e.g., ISUP, QSIG). > > > > > And even if it isn't required to transport complete messages, the > various fields that are clearly within the scope of even the most basic > logging can contain UTF-8 characters, which means *almost* any octets > can potentially appear in these fields anyway. UTF-8 is well defined, and not any sequence of octets is a valid UTF-8 sequence. syslog supports UTF-8 (but only the minority of currently existing implementations do support it well!), but syslog demands proper UTF-8 sequences for security reasons. Rainer
- [sip-clf] A syslog approach to sip logging David B Harrington
- Re: [sip-clf] A syslog approach to sip logging Spencer Dawkins
- Re: [sip-clf] A syslog approach to sip logging Vijay K. Gurbani
- Re: [sip-clf] A syslog approach to sip logging Spencer Dawkins
- Re: [sip-clf] A syslog approach to sip logging Rainer Gerhards
- Re: [sip-clf] A syslog approach to sip logging Spencer Dawkins
- Re: [sip-clf] A syslog approach to sip logging Cullen Jennings
- Re: [sip-clf] A syslog approach to sip logging Vijay K. Gurbani
- Re: [sip-clf] A syslog approach to sip logging Hadriel Kaplan
- Re: [sip-clf] A syslog approach to sip logging Adam Roach
- Re: [sip-clf] A syslog approach to sip logging Rainer Gerhards
- Re: [sip-clf] A syslog approach to sip logging Rainer Gerhards
- Re: [sip-clf] A syslog approach to sip logging Rainer Gerhards
- Re: [sip-clf] A syslog approach to sip logging Rainer Gerhards
- Re: [sip-clf] A syslog approach to sip logging Vijay K. Gurbani