Re: [Sipping] Alternate CLF syntax proposal

[Hisham Khartabil <hisham.khartabil@gmail.com>]

Yeah, its for troubleshooting, but I suspect people will use it for charging.

Hisham

2009/3/27 Hadriel Kaplan <HKaplan@acmepacket.com>:
>
> If the purpose of it is troubleshooting, or threat analysis type stuff, I think the following format satisfies the needs as well:
> http://wiki.wireshark.org/Development/LibpcapFileFormat
>
> The advantages:
> 1) There's running code
> 2) There's open source, on all operating systems, and also for commercial use
> 3) It's used by many people
> 4) There are many tools which accept/process it
> 5) It's fast to write/save
> 6) It supports a sub-second timestamp
> 7) It supports length encoding of packets, so you can skip past them
> 8) It supports truncated saving of packets, so you don't have to save all of very big ones
> 9) It records the method name or response code very early in the saved log entry for each packet
>
> Disadvantages:
> 1) Nothing much new to specify, except to document it?
> 2) It's a little tricky for SIP/TLS, where you basically have to create fake segments/packets for the low layers, and same may be true for SIP/TCP depending on when you record the log
> 3) It doesn't provide a way to report internal system events/actions/info (although we could fix that)
> 4) Afaik, there is no specific remote push/streaming mechanism for it defined (there was an attempt at it, but not final)
>
> -hadriel
>
>> -----Original Message-----
>> From: sipping-bounces@ietf.org [mailto:sipping-bounces@ietf.org] On Behalf
>> Of Vijay K. Gurbani
>> Sent: Wednesday, March 25, 2009 10:58 PM
>>
>> Adam Roach wrote:
>> > In the spirit of "send text," I've put together a straw-man proposal for
>> > an easy-to-generate and fast-to-process extensible format for saving SIP
>> > log messages:
>> >
>> > http://www.ietf.org/internet-drafts/draft-roach-sipping-clf-syntax-
>> 00.txt
>> [...]
>>
>> Adam: Essentially you are advocating for a table-of-content
>> type of approach where you read the ToC and index straight
>> to where you want to go.  I have worked on SIP parsers
>> designed this way.
>>
>> The parsing is optimized, yes, when compared to the ASCII
>> version -- though perl can do wonders, but not to outperform
>> binary parsing.  The disadvantage is that you loose readability
>> and would need specialized tools to, say, grep through such
>> a file.
>>
>> It will be interesting to see what others think...
>>
>> Thanks,
>>
>> - vijay
>> --
>> Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
>> 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA)
>> Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org}
>> Web:   http://ect.bell-labs.com/who/vkg/
>> _______________________________________________
>> Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
>> This list is for NEW development of the application of SIP
>> Use sip-implementors@cs.columbia.edu for questions on current sip
>> Use sip@ietf.org for new developments of core SIP
> _______________________________________________
> Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
> This list is for NEW development of the application of SIP
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sip@ietf.org for new developments of core SIP
>