Re: [sip-clf] ASCII Logging
"Vijay K. Gurbani" <vkg@bell-labs.com> Mon, 22 November 2010 21:43 UTC
Return-Path: <vkg@bell-labs.com>
X-Original-To: sip-clf@core3.amsl.com
Delivered-To: sip-clf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5BA583A6AA5 for <sip-clf@core3.amsl.com>; Mon, 22 Nov 2010 13:43:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.399
X-Spam-Level:
X-Spam-Status: No, score=-105.399 tagged_above=-999 required=5 tests=[AWL=1.200, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18K2888XLsL9 for <sip-clf@core3.amsl.com>; Mon, 22 Nov 2010 13:43:35 -0800 (PST)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by core3.amsl.com (Postfix) with ESMTP id 25E3128C167 for <sip-clf@ietf.org>; Mon, 22 Nov 2010 13:43:34 -0800 (PST)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id oAMLiT5J006694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <sip-clf@ietf.org>; Mon, 22 Nov 2010 15:44:29 -0600 (CST)
Received: from shoonya.ih.lucent.com (Knoppix-135185238233.ih.lucent.com [135.185.238.233]) by umail.lucent.com (8.13.8/TPES) with ESMTP id oAMLiTgX019633 for <sip-clf@ietf.org>; Mon, 22 Nov 2010 15:44:29 -0600 (CST)
Message-ID: <4CEAE4B5.50500@bell-labs.com>
Date: Mon, 22 Nov 2010 15:46:29 -0600
From: "Vijay K. Gurbani" <vkg@bell-labs.com>
Organization: Bell Laboratories, Alcatel-Lucent
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Fedora/3.0.10-1.fc12 Thunderbird/3.0.10
MIME-Version: 1.0
To: sip-clf@ietf.org
References: <B9952ED2-6B81-4C07-B9E8-40FD59F8FE3A@magorcorp.com>
In-Reply-To: <B9952ED2-6B81-4C07-B9E8-40FD59F8FE3A@magorcorp.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Subject: Re: [sip-clf] ASCII Logging
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2010 21:43:36 -0000
On 11/14/2010 04:46 AM, Peter Musgrave wrote: > (as individual) > > A couple of questions: > > 1) Do we want to keep this index pointers for this format (or was > that just "index envy" to put the proposal on the same footing as > IPFIX?) No, it was not index envy. IPFIX discussions arose much later in the evolution of the work. Whether or not to keep the index pointers is now for the WG to decide. There are advantages and disadvantages that folks are already aware of and I am okay with going either way (i.e., with indexes or without.) However, at the very least I think that we should keep the length index to allow a reader to skip the entire record expeditiously it does not match the Call-ID or dialogue-ID that is being sought. > 2) If a field cannot be parsed a log entry would still be useful > (src/dst should always be present). What should be logged for a field > which failed to parse? "X" ? We could put a "?" in fields that could not be parsed. A "?" can appear in a SIP-URI production rule, however, an un-adorned "?" as the only character in a SIPCLF field probably is a good indication that something went wrong. > 3) (Admittedly an odd case). If a tag (or other field) is literally > "-" then it will be interpreted as missing. (Likewise if "X" from > above is adopted). Do we need to do an escape sequence for a literal > "-" or "X" ?? The "?" cannot appear in a tag. Thanks, - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA) Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org} Web: http://ect.bell-labs.com/who/vkg/
- [sip-clf] ASCII Logging Peter Musgrave
- Re: [sip-clf] ASCII Logging Hadriel Kaplan
- Re: [sip-clf] ASCII Logging Vijay K. Gurbani