Re: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt

"Elwell, John" <john.elwell@siemens-enterprise.com> Wed, 04 May 2011 10:37 UTC

Return-Path: <john.elwell@siemens-enterprise.com>
X-Original-To: sip-clf@ietfa.amsl.com
Delivered-To: sip-clf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2C3BE0727 for <sip-clf@ietfa.amsl.com>; Wed, 4 May 2011 03:37:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.147
X-Spam-Level:
X-Spam-Status: No, score=-105.147 tagged_above=-999 required=5 tests=[AWL=1.452, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ReEToNI+R5NL for <sip-clf@ietfa.amsl.com>; Wed, 4 May 2011 03:37:55 -0700 (PDT)
Received: from mail216.messagelabs.com (mail216.messagelabs.com [85.158.143.99]) by ietfa.amsl.com (Postfix) with SMTP id CB27BE0725 for <sip-clf@ietf.org>; Wed, 4 May 2011 03:37:51 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: john.elwell@siemens-enterprise.com
X-Msg-Ref: server-13.tower-216.messagelabs.com!1304505470!3998417!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: [62.134.46.9]
Received: (qmail 6166 invoked from network); 4 May 2011 10:37:50 -0000
Received: from unknown (HELO senmx11-mx) (62.134.46.9) by server-13.tower-216.messagelabs.com with SMTP; 4 May 2011 10:37:50 -0000
Received: from MCHP064A.global-ad.net (unknown [172.29.37.63]) by senmx11-mx (Server) with ESMTP id 5B16F1EB83D3; Wed, 4 May 2011 12:37:50 +0200 (CEST)
Received: from MCHP058A.global-ad.net ([172.29.37.55]) by MCHP064A.global-ad.net ([172.29.37.63]) with mapi; Wed, 4 May 2011 12:37:50 +0200
From: "Elwell, John" <john.elwell@siemens-enterprise.com>
To: Peter Musgrave <peter.musgrave@magorcorp.com>, "sip-clf@ietf.org Mailing" <sip-clf@ietf.org>
Date: Wed, 4 May 2011 12:37:48 +0200
Thread-Topic: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt
Thread-Index: Acv9/IOreUVRZrHnTQqksPPyvAtHjgMSEKbw
Message-ID: <A444A0F8084434499206E78C106220CA0876078C96@MCHP058A.global-ad.net>
References: <20110418143004.807.72505.idtracker@ietfc.amsl.com> <A4BBEEE4-4420-4A3A-BD0D-EE72430A6A64@magorcorp.com>
In-Reply-To: <A4BBEEE4-4420-4A3A-BD0D-EE72430A6A64@magorcorp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt
X-BeenThere: sip-clf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Common Log File format discussion list <sip-clf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip-clf>
List-Post: <mailto:sip-clf@ietf.org>
List-Help: <mailto:sip-clf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip-clf>, <mailto:sip-clf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2011 10:37:56 -0000

I wasn't able to do a complete review, but it looks in good shape. I noticed the following:

"From -  The From URI.  Whilst one may question the value of the From
      URI in light of RFC4744 [RFC4474], the From URI, nonetheless,
      imparts some information.  For one, the From tag is important and,
      in the case of a REGISTER request, the From URI can provide
      information on whether this was a third-party registration or a
      first-party one.  It is not necessary to log any URI parameters."
In fact the From tag is not part of the From URI. The From tag is covered in the next bullet, so we should not mention it here.

John


> -----Original Message-----
> From: sip-clf-bounces@ietf.org 
> [mailto:sip-clf-bounces@ietf.org] On Behalf Of Peter Musgrave
> Sent: 18 April 2011 20:12
> To: sip-clf@ietf.org Mailing
> Subject: [sip-clf] WGLC:draft-ietf-sipclf-problem-statement-06.txt
> 
> Greetings CLF-ers, 
> 
> I would like to start a two week WGLC on the problem 
> statement doc (in accordance with our discussion in Prague). 
> 
> Please make you comments on the list by Wed. May 4th (I have 
> added a few days to account for the Easter break). 
> 
> We need reviewers and fresh eyes - so if you can make time to 
> read this it is much appreciated!
> 
> Thanks, 
> 
> Peter Musgrave
> Chair, sip-clf
> 
> 
> Begin forwarded message:
> 
> 
> 	From: Internet-Drafts@ietf.org
> 	
> 	Date: April 18, 2011 10:30:04 AM EDT
> 	
> 	To: i-d-announce@ietf.org
> 	
> 	Cc: sip-clf@ietf.org
> 	
> 	Subject: [sip-clf] I-D 
> Action:draft-ietf-sipclf-problem-statement-06.txt
> 	
> 
> 	A New Internet-Draft is available from the on-line 
> Internet-Drafts directories.
> 	This draft is a work item of the SIP Common Log Format 
> Working Group of the IETF.
> 	
> 	
> 	Title           : The Common Log Format (CLF) for the 
> Session Initiation Protocol (SIP)
> 	Author(s)       : V. Gurbani, et al.
> 	Filename        : draft-ietf-sipclf-problem-statement-06.txt
> 	Pages           : 34
> 	Date            : 2011-04-18
> 	
> 	Well-known web servers such as Apache and web proxies like Squid
> 	support event logging using a common log format.  The 
> logs produced
> 	using these de-facto standard formats are invaluable to system
> 	administrators for trouble-shooting a server and tool writers to
> 	craft tools that mine the log files and produce reports 
> and trends.
> 	Furthermore, these log files can also be used to train anomaly
> 	detection systems and feed events into a security event 
> management
> 	system.  The Session Initiation Protocol does not have 
> a common log
> 	format, and as a result, each server supports a 
> distinct log format
> 	that makes it unnecessarily complex to produce tools to do trend
> 	analysis and security detection.  We propose a common 
> log file format
> 	for SIP servers that can be used uniformly by proxies, 
> registrars,
> 	redirect servers as well as back-to-back user agents.
> 	
> 	A URL for this Internet-Draft is:
> 	
> http://www.ietf.org/internet-drafts/draft-ietf-sipclf-problem-
> statement-06.txt
> 	
> 	Internet-Drafts are also available by anonymous FTP at:
> 	ftp://ftp.ietf.org/internet-drafts/
> 	
> 	Below is the data which will enable a MIME compliant mail reader
> 	implementation to automatically retrieve the ASCII 
> version of the
> 	Internet-Draft.
> 	
> 
>