[sip-clf] ASCII Logging
Peter Musgrave <peter.musgrave@magorcorp.com> Sun, 14 November 2010 10:45 UTC
Return-Path: <peter.musgrave@magorcorp.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 26BF93A6AC8 for <sip-clf@core3.amsl.com>; Sun, 14 Nov 2010 02:45:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yatDnHvNsfji for <sip-clf@core3.amsl.com>; Sun, 14 Nov 2010 02:45:50 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 9D2903A6B7A for <sip-clf@ietf.org>; Sun, 14 Nov 2010 02:45:49 -0800 (PST)
Received: by iwn40 with SMTP id 40so5796179iwn.31 for <sip-clf@ietf.org>; Sun, 14 Nov 2010 02:46:27 -0800 (PST)
Received: by 10.42.229.134 with SMTP id ji6mr4538056icb.125.1289731587601; Sun, 14 Nov 2010 02:46:27 -0800 (PST)
Received: from [172.22.12.171] ([220.229.255.7]) by mx.google.com with ESMTPS id fw4sm6092842ibb.13.2010.11.14.02.46.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 14 Nov 2010 02:46:26 -0800 (PST)
From: Peter Musgrave <peter.musgrave@magorcorp.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 14 Nov 2010 18:46:23 +0800
Message-Id: <B9952ED2-6B81-4C07-B9E8-40FD59F8FE3A@magorcorp.com>
To: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1082)
X-Mailer: Apple Mail (2.1082)
Subject: [sip-clf] ASCII Logging
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2010 10:45:51 -0000
(as individual) A couple of questions: 1) Do we want to keep this index pointers for this format (or was that just "index envy" to put the proposal on the same footing as IPFIX?) 2) If a field cannot be parsed a log entry would still be useful (src/dst should always be present). What should be logged for a field which failed to parse? "X" ? 3) (Admittedly an odd case). If a tag (or other field) is literally "-" then it will be interpreted as missing. (Likewise if "X" from above is adopted). Do we need to do an escape sequence for a literal "-" or "X" ?? Peter Musgrave
- [sip-clf] ASCII Logging Peter Musgrave
- Re: [sip-clf] ASCII Logging Hadriel Kaplan
- Re: [sip-clf] ASCII Logging Vijay K. Gurbani