IETF Logo Mail Archive

Re: [sip-clf] Defining Pros and Cons of ASCII/IPFIX

"Vijay K. Gurbani" <vkg@bell-labs.com> Wed, 27 October 2010 17:46 UTC

Return-Path: <vkg@bell-labs.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE5B93A6A2D for <sip-clf@core3.amsl.com>; Wed, 27 Oct 2010 10:46:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.517
X-Spam-Level:
X-Spam-Status: No, score=-102.517 tagged_above=-999 required=5 tests=[AWL=0.082, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cR5yZOVVxfi for <sip-clf@core3.amsl.com>; Wed, 27 Oct 2010 10:46:12 -0700 (PDT)
Received: from ihemail3.lucent.com (ihemail3.lucent.com [135.245.0.37]) by core3.amsl.com (Postfix) with ESMTP id CD9DD3A69C8 for <sip-clf@ietf.org>; Wed, 27 Oct 2010 10:46:11 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id o9RHm1BV004010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <sip-clf@ietf.org>; Wed, 27 Oct 2010 12:48:01 -0500 (CDT)
Received: from shoonya.ih.lucent.com (Knoppix-135185238233.ih.lucent.com [135.185.238.233]) by umail.lucent.com (8.13.8/TPES) with ESMTP id o9RHm1v1015082 for <sip-clf@ietf.org>; Wed, 27 Oct 2010 12:48:01 -0500 (CDT)
Message-ID: <4CC86642.8060305@bell-labs.com>
Date: Wed, 27 Oct 2010 12:49:54 -0500
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.0.7-1.fc12 Thunderbird/3.0.7
MIME-Version: 1.0
To: sip-clf@ietf.org
References: <AANLkTin3+_+-ARa29=o4V8-Pp-TS0Xc5S04CYhy0sT=r@mail.gmail.com>
In-Reply-To: <AANLkTin3+_+-ARa29=o4V8-Pp-TS0Xc5S04CYhy0sT=r@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
Subject: Re: [sip-clf] Defining Pros and Cons of ASCII/IPFIX
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2010 17:46:15 -0000

On 10/27/2010 10:23 AM, Peter Musgrave wrote:
> Hi all,
>
> As co-chair I am looking for a way to make a determination about how
> to meet the groups decision to move forward with just one format in a
> WG which has good support for two formats.

Peter: I know I am beating a dead horse, but I do want to point out
that it seems incongruous to come up with one format in a WG that has
good support for two.

Anyway, please see inline.

> In my (personal) opinion I think the objective is to develop
> something that will be widely implemented. I would like to solicit
> input from a larger audience - but first I think we need to frame the
> pros and cons.
>
> I would like to suggest the following:
>
> 1) Use the list and the Beijing meeting to come to a consensus on the
>  pros and cons of each and the applications which may favour one
> format vs another.
>
> 2) Place these pros/cons on the WG Wiki [I can act as editor]

OK to above.

> 3) Solicit input from SIP Implementors - referring them to the WG
> WIki - use the Columbia sip-implementors, sipforum list and SIPT27

We need to solicit input from the larger log analysis community besides
groups related only to the IETF.

There is a Linked In group called "Log Analysis Professionals" group; we
could consider posting a survey there.  Plus, Usenix holds system log-
related workshops every year (see http://systemloganalysis.com/).  I
am sure that we can get some names of researchers (commercial as well
as academics) that work with system logs on a daily basis and approach
them for viewpoints (I would be willing to do this if we decide to
follow through with 3 above.)

> 4) Review the feedback and try to come to a conclusion on the list
> (or failing that, in Prague at IETF80)
>
> I will be at SIPIT27 - so I can raise awareness of this discussion in
>  that community.
>
> How do people feel about this approach?
>
> I welcome any other/additional ways to resolve this issue.

My $0.02 --- have both.  At the risk of raising RjS's ire, the
hum we took in the Anaheim meeting [1] indicated support for
both (at least it does to my sensibilities.)  For reasons I
don't quite understand, we went against that hum in Maastricht [2].

Both representations have good reasons to move forward as
they do backers and people who are willing to work on them.  I
understand the need to avoid the H.248/Megaco debate, but we
should not be blind to the fact that SIP CLF maybe a different
nail that should not be hit by the same hammer.

Having constant arguments on which is better and why we should
only pick one when two seem a better option are simply
counter-productive.

[1] http://www.ietf.org/proceedings/77/minutes/sipclf.htm
[2] http://www.ietf.org/proceedings/78/minutes/sipclf.txt

- vijay
-- 
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
Web:   http://ect.bell-labs.com/who/vkg/

v2.23.0 | Report a Bug | By Email