Re: [sip-clf] ASCII Logging
Hadriel Kaplan <HKaplan@acmepacket.com> Sun, 14 November 2010 19:12 UTC
Return-Path: <HKaplan@acmepacket.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DB413A6C37 for <sip-clf@core3.amsl.com>; Sun, 14 Nov 2010 11:12:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.222
X-Spam-Level:
X-Spam-Status: No, score=-1.222 tagged_above=-999 required=5 tests=[AWL=-0.352, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tU0Is7qugSRi for <sip-clf@core3.amsl.com>; Sun, 14 Nov 2010 11:12:40 -0800 (PST)
Received: from ETMail2.acmepacket.com (host9.216.41.24.conversent.net [216.41.24.9]) by core3.amsl.com (Postfix) with ESMTP id C9F693A6C34 for <sip-clf@ietf.org>; Sun, 14 Nov 2010 11:12:39 -0800 (PST)
Received: from mail.acmepacket.com (216.41.24.7) by ETMail2.acmepacket.com (216.41.24.9) with Microsoft SMTP Server (TLS) id 8.1.240.5; Sun, 14 Nov 2010 14:13:17 -0500
Received: from mail.acmepacket.com ([127.0.0.1]) by mail ([127.0.0.1]) with mapi; Sun, 14 Nov 2010 14:13:17 -0500
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Peter Musgrave <peter.musgrave@magorcorp.com>
Date: Sun, 14 Nov 2010 14:13:06 -0500
Thread-Topic: [sip-clf] ASCII Logging
Thread-Index: AcuEL/ih33TYHyJyQGmf1sGyrbptnQ==
Message-ID: <AA233BAA-B35B-4401-B06A-3C6A9714DEF3@acmepacket.com>
References: <B9952ED2-6B81-4C07-B9E8-40FD59F8FE3A@magorcorp.com>
In-Reply-To: <B9952ED2-6B81-4C07-B9E8-40FD59F8FE3A@magorcorp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAUA=
Cc: "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Subject: Re: [sip-clf] ASCII Logging
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2010 19:12:40 -0000
On Nov 14, 2010, at 5:46 AM, Peter Musgrave wrote: > > 1) Do we want to keep this index pointers for this format (or was that just "index envy" to put the proposal on the same footing as IPFIX?) No, get rid of the index line. Make it easily readable by humans and grep. (since that's the main benefit of ascii) > 2) If a field cannot be parsed a log entry would still be useful (src/dst should always be present). What should be logged for a field which failed to parse? "X" ? Yeah we should pick one. The character X makes as much sense as anything. > 3) (Admittedly an odd case). If a tag (or other field) is literally "-" then it will be interpreted as missing. (Likewise if "X" from above is adopted). Do we need to do an escape sequence for a literal "-" or "X" ?? That's because the fields aren't being wrapped with a "", which is what Apache's CLF does for fields which are strings from the message. That way a received dash would be "-", whereas a indication of none would be just the dash -, and indication of unparseable would be just the character X. I propose that the ascii format make all fields which are interpreted/derived not use "", but all fields which are the literal string use "". So a log entry would look like: <allOneLine> 0000000000.010 1 INVITE - "sip:192.168.217.74;foo=bar" 192.168.217.74:5060 192.168.217.117:56485 "sip:192.168.217.74" - "sip:1001@petermac.magor.local" "DL88360fa5fc" "DL70dff590c1-1079051554@petermac.magor.local" server-tx client-tx </allOneLine>
- [sip-clf] ASCII Logging Peter Musgrave
- Re: [sip-clf] ASCII Logging Hadriel Kaplan
- Re: [sip-clf] ASCII Logging Vijay K. Gurbani