[sip-clf] Next revision for the proposed CLF charter
Robert Sparks <rjsparks@nostrum.com> Fri, 31 July 2009 10:07 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E65D3A6960; Fri, 31 Jul 2009 03:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, SPF_PASS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4whub+KjX2f; Fri, 31 Jul 2009 03:07:18 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id 2046A3A68B7; Fri, 31 Jul 2009 03:07:17 -0700 (PDT)
Received: from dhcp-26f2.meeting.ietf.org (dhcp-26f2.meeting.ietf.org [130.129.38.242]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id n6VA7G1m052659 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 31 Jul 2009 05:07:17 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-Id: <DDC1E758-32DB-41B0-B3F3-254334341FB4@nostrum.com>
From: Robert Sparks <rjsparks@nostrum.com>
To: dispatch mailing list <dispatch@ietf.org>, sip-clf@ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Fri, 31 Jul 2009 12:07:14 +0200
X-Mailer: Apple Mail (2.935.3)
Received-SPF: pass (nostrum.com: 130.129.38.242 is authenticated by a trusted mechanism)
Subject: [sip-clf] Next revision for the proposed CLF charter
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2009 10:07:19 -0000
The SIP Common Log Format (CLF) working group is chartered to define a standard logging format for systems processing SIP messages. Well-known web servers such as Apache and web proxies like Squid support event logging using a common log format. The logs produced using these de-facto standard formats are invaluable to system administrators for trouble-shooting a server and tool writers to craft tools that mine the log files to produce reports and trends and to search for a certain message or messages, a transaction or a related set of transactions. Furthermore, these log records can also be used to train anomaly detection systems and feed events into a security event management system. The Session Initiation Protocol does not have a common log format. Diverse elements provide distinct log formats making it complex to produce tools to analyze them. The CLF working group will produce a format suitable for logging from any SIP element. The format will anticipate the need to search, merge, and summarize the log records from diverse elements. The format will anticipate the need to correlate messages from multiple elements related to a given request (that may fork) or a given dialog. The format will take SIP's extensibility into consideration, providing a way to represent SIP message components that are defined in the future. The format will anticipate being used both for off-line analysis and on-line real-time processing applications. The working group will consider the need for efficient creation of records and the need for efficient processing of the records. The working group will identify the fields to appear in a log record and provide one or more formats for encoding those fields. The working group is not pre-constrained to producing either a bit-field oriented or text-oriented format, and may choose to provide both. If the group chooses to specify both, it must be possible to mechanically translate between the formats without loss of information. Specifying the mechanics of exchanging, transporting, and storing SIP Common Log Format records is explicitly out of scope. Specifying a real-time transfer mechanism for heuristic analysis is explicitly out of scope. The group will generate: - A problem statement enunciating the motivation, and use cases for a SIP Common Log Format. This analysis will identify the required minimal information that must appear in any record. - A specification of the SIP Common Log Format record The group will consider providing one or more reference implementations for decoding a CLF record. Goals and Milestones =========================== Oct 09 - Problem statement, motivation, and use cases WGLC Nov 09 - Problem statement, motivation, and use cases to IESG (Informational) Jan 10 - SIP Common Log Format specification WGLC Feb 10 - SIP Common Log Format specification to IESG (PS)
- [sip-clf] Next revision for the proposed CLF char… Robert Sparks
- Re: [sip-clf] Next revision for the proposed CLF … Robert Sparks
- Re: [sip-clf] Next revision for the proposed CLF … Atsushi Kobayashi
- Re: [sip-clf] [dispatch] Next revision for the pr… Vijay K. Gurbani