[OPS-AREA] FW: [dispatch] Fwd: draft CLF charter

["Romascanu, Dan (Dan)" <dromasca at avaya.com>]

The CLF charter is on the agenda of the OPSAREA meeting in Stockholm. Comments are welcome on the sip-slf list.

 

Dan

 

---

From: dispatch-bounces at ietf.org [mailto:dispatch-bounces at ietf.org] On Behalf Of Robert Sparks
Sent: Saturday, July 18, 2009 12:16 AM
To: sip-ops at ietf.org; dispatch mailing list
Subject: [dispatch] Fwd: draft CLF charter

Please follow and participate in this discussion on the sip-clf list if you are interested.

RjS

Begin forwarded message:

From: Robert Sparks <rjsparks at nostrum.com>

Date: July 17, 2009 4:13:58 PM CDT

To: sip-clf at ietf.org

Subject: draft CLF charter

All -

We are working on forming a CLF working group based on DISPATCH's decision.

Below is a proposed charter for this working group. Please review and comment
on this list. Depending on the feedback we receive, we will target forming this
group shortly after the Stockholm meeting.

We'll also be discussing this in Thursday's opsarea meeting.

Thanks,

RjS

The SIP Common Log File (CLF) working group is chartered to define

a standard logging format for systems processing SIP messages.

Well-known web servers such as Apache and web proxies like Squid

support event logging using a common log format.  The logs produced

using these de-facto standard formats are invaluable to system

administrators for trouble-shooting a server and tool writers to

craft tools that mine the log files to produce reports and trends

and to search for a certain SIP message or messages, a transaction

or a related set of transactions.  Furthermore, these log records

can also be used to train anomaly detection systems and feed events

into a security event management system.

The Session Initiation Protocol does not have a common log

format. Diverse element provide distinct log formats making

it complex to produce tools to analyze them.

The CLF working group will produce a format suitable for logging

from any SIP element. The format will anticipate the need to

search, merge, and summarize the log records from diverse elements.

The format will anticipate the need to correlate messages from

multiple elements related to a given request (that may fork)

or a given dialog. The format will take SIP's extensibility into

consideration, providing a way to represent SIP message components

that are defined in the future.  The format will anticipate being

used both for off-line analysis and on-line real-time processing

applications. The working group will consider the need for

efficient processing in its design of this format.

The working group is not pre-constrained to producing either a

bit-field oriented or text-oriented format, and may choose to

provide both. If the group chooses to specify both, it must be

possible to mechanically translate between the formats without

loss of information.

Specifying the mechanics of exchanging, transporting, and storing

SIP Common Log Format records is explicitly out of scope. Specifying

a real-time transfer mechanism for heuristic analysis is explicitly

out of scope.

The group will generate:

- A problem statement enunciating the motivation,

and use cases for a SIP Common Log Format. This analysis

will identify the required minimal information that must

appear in any record.

- A specification of the SIP Common Log Format record.

The group will consider providing one or more reference

implementations for decoding a CLF record.

Goals and Milestones

===========================

Nov 09 - Problem statement, motivation, and use cases to IESG (Informational)

Feb 10 - SIP Common Log Format specification to IESG (PS)

_______________________________________________
dispatch mailing list
dispatch at ietf.org
https://www.ietf.org/mailman/listinfo/dispatch