[sip-clf] SIP CLF -> IPFIX?

Benoit Claise <bclaise@cisco.com> Thu, 30 July 2009 13:38 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 093C128C258 for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 06:38:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.423
X-Spam-Level:
X-Spam-Status: No, score=-1.423 tagged_above=-999 required=5 tests=[AWL=-0.901, BAYES_00=-2.599, SUBJ_ALL_CAPS=2.077]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMF4273WxtmU for <sip-clf@core3.amsl.com>; Thu, 30 Jul 2009 06:38:05 -0700 (PDT)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by core3.amsl.com (Postfix) with ESMTP id 1358A3A6B62 for <sip-clf@ietf.org>; Thu, 30 Jul 2009 06:38:04 -0700 (PDT)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id n6UDc2pr006101; Thu, 30 Jul 2009 15:38:02 +0200 (CEST)
Received: from [10.61.94.150] (ams3-vpn-dhcp7831.cisco.com [10.61.94.150]) by strange-brew.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id n6UDc1H8026973; Thu, 30 Jul 2009 15:38:02 +0200 (CEST)
Message-ID: <4A71A239.4090806@cisco.com>
Date: Thu, 30 Jul 2009 15:38:01 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: vkg@belllabs.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: sip-clf@ietf.org
Subject: [sip-clf] SIP CLF -> IPFIX?
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 13:38:06 -0000

Hi Vijay,

During the OPSAREA, I asked you the following questions regarding your 
work at http://www.ietf.org/proceedings/75/slides/opsarea-2.pdf

QUESTION: if I understand correctly, you want a way to define 
Information Element types?

            Answer: Yes

QUESTION: just want to log the data locally, or if you want a push 
mechanism to a centralized point, or get the log file?

            Answer: So far, only local storing

If the answer to the second question changes to: one day we might want 
to export these Information Element to a centralized management, then 
IPFIX protocol (RFC5101) and IPFIX information model (RFC5102) is the 
right solution.
If the answer to the second question doesn't change: the IPFIX 
Information Model (RFC5102) might be the solution... just in case 
someone else would like to export the information. However, this is a 
less obvious case!

Btw, you should not see IPFIX as export only flow information in the 
sense of the 5 tuple (src IP, dst IP, protocol, src port, dst port), 
IPFIX is becoming a generic push mechanism.

Regards, Benoit.