Re: [sip-clf] draft CLF charter
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Mon, 20 July 2009 14:45 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF9523A6C34 for <sip-clf@core3.amsl.com>; Mon, 20 Jul 2009 07:45:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.367
X-Spam-Level:
X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6KwK5eXDbpn for <sip-clf@core3.amsl.com>; Mon, 20 Jul 2009 07:44:57 -0700 (PDT)
Received: from co300216-co-outbound.net.avaya.com (co300216-co-outbound.net.avaya.com [198.152.13.100]) by core3.amsl.com (Postfix) with ESMTP id D3B863A6941 for <sip-clf@ietf.org>; Mon, 20 Jul 2009 07:44:56 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.43,234,1246852800"; d="scan'208";a="177421382"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by co300216-co-outbound.net.avaya.com with ESMTP; 20 Jul 2009 10:44:56 -0400
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.12]) by co300216-co-erhwest-out.avaya.com with ESMTP; 20 Jul 2009 10:44:56 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 20 Jul 2009 16:44:29 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A0401892AF4@307622ANEX5.global.avaya.com>
In-Reply-To: <D5E606B8-0811-4D40-AA76-ED989B00FD02@nostrum.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [sip-clf] draft CLF charter
thread-index: AcoHI4kvZTPCiRUvRl6mSXW2RdOaGACI5ufg
References: <3B33A97D-7E19-4A08-A431-A085D53A2A6E@nostrum.com> <D5E606B8-0811-4D40-AA76-ED989B00FD02@nostrum.com>
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: Robert Sparks <rjsparks@nostrum.com>, sip-clf@ietf.org
Subject: Re: [sip-clf] draft CLF charter
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2009 14:45:01 -0000
A few comments after the first reading of the charter. - Is it Common Log File as it appears at the first instance, or Common Log Format? - What does 'efficient processing' mean? More clarity and details here would be welcome (is it at client, at server, both? Is it efficiency on storage, on transmission? etc.) - Would it be useful to include (maybe as part of the problem statement work, maybe as a separate item) a look at what is already available as standards for logging events (e.g. syslog is discussing rechartering at the same IETF meeting - can syslog format be used? pcap? Other? Are there any initial proposals?) - if the WG ends by doing both a bit-field oriented and a text-oriented format will these end being separate deliverables? Dan > -----Original Message----- > From: sip-clf-bounces@ietf.org > [mailto:sip-clf-bounces@ietf.org] On Behalf Of Robert Sparks > Sent: Saturday, July 18, 2009 12:14 AM > To: sip-clf@ietf.org > Subject: [sip-clf] draft CLF charter > > All - > > We are working on forming a CLF working group based on > DISPATCH's decision. > > Below is a proposed charter for this working group. Please > review and comment on this list. Depending on the feedback we > receive, we will target forming this group shortly after the > Stockholm meeting. > > We'll also be discussing this in Thursday's opsarea meeting. > > Thanks, > > RjS > > > > The SIP Common Log File (CLF) working group is chartered to > define a > > standard logging format for systems processing SIP messages. > > > > Well-known web servers such as Apache and web proxies like Squid > > support event logging using a common log format. The logs produced > > using these de-facto standard formats are invaluable to system > > administrators for trouble-shooting a server and tool > writers to craft > > tools that mine the log files to produce reports and trends and to > > search for a certain SIP message or messages, a transaction or a > > related set of transactions. Furthermore, these log > records can also > > be used to train anomaly detection systems and feed events into a > > security event management system. > > > > The Session Initiation Protocol does not have a common log format. > > Diverse element provide distinct log formats making it complex to > > produce tools to analyze them. > > > > The CLF working group will produce a format suitable for > logging from > > any SIP element. The format will anticipate the need to > search, merge, > > and summarize the log records from diverse elements. > > The format will anticipate the need to correlate messages from > > multiple elements related to a given request (that may fork) or a > > given dialog. The format will take SIP's extensibility into > > consideration, providing a way to represent SIP message components > > that are defined in the future. The format will anticipate > being used > > both for off-line analysis and on-line real-time processing > > applications. The working group will consider the need for > efficient > > processing in its design of this format. > > > > The working group is not pre-constrained to producing either a > > bit-field oriented or text-oriented format, and may choose > to provide > > both. If the group chooses to specify both, it must be possible to > > mechanically translate between the formats without loss of > > information. > > > > Specifying the mechanics of exchanging, transporting, and > storing SIP > > Common Log Format records is explicitly out of scope. Specifying a > > real-time transfer mechanism for heuristic analysis is > explicitly out > > of scope. > > > > The group will generate: > > > > - A problem statement enunciating the motivation, and use > cases for a > > SIP Common Log Format. This analysis will identify the required > > minimal information that must appear in any record. > > > > - A specification of the SIP Common Log Format record. > > > > The group will consider providing one or more reference > > implementations for decoding a CLF record. > > > > Goals and Milestones > > =========================== > > > > Nov 09 - Problem statement, motivation, and use cases to IESG > > (Informational) > > Feb 10 - SIP Common Log Format specification to IESG (PS) > > > > _______________________________________________ > sip-clf mailing list > sip-clf@ietf.org > https://www.ietf.org/mailman/listinfo/sip-clf >
- [sip-clf] draft CLF charter Robert Sparks
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter DRAGE, Keith (Keith)
- Re: [sip-clf] draft CLF charter Vijay K. Gurbani
- Re: [sip-clf] draft CLF charter Hadriel Kaplan
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter Robert Sparks
- Re: [sip-clf] draft CLF charter Vijay K. Gurbani
- Re: [sip-clf] draft CLF charter Vijay K. Gurbani
- Re: [sip-clf] draft CLF charter Spencer Dawkins
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter Robert Sparks
- Re: [sip-clf] draft CLF charter Theo Zourzouvillys
- Re: [sip-clf] draft CLF charter Hadriel Kaplan
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter Vijay K. Gurbani
- Re: [sip-clf] draft CLF charter David Harrington
- Re: [sip-clf] draft CLF charter Romascanu, Dan (Dan)
- Re: [sip-clf] draft CLF charter Juergen Quittek
- Re: [sip-clf] draft CLF charter Spencer Dawkins