[Sipping] Meeting Minutes: Ad-hoc Common Log Format meeting
Hadriel Kaplan <HKaplan@acmepacket.com> Fri, 27 March 2009 13:41 UTC
Return-Path: <HKaplan@acmepacket.com>
X-Original-To: sipping@core3.amsl.com
Delivered-To: sipping@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B3D0E28C176 for <sipping@core3.amsl.com>; Fri, 27 Mar 2009 06:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.537
X-Spam-Level:
X-Spam-Status: No, score=-2.537 tagged_above=-999 required=5 tests=[AWL=0.062, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yevKsxTPjXir for <sipping@core3.amsl.com>; Fri, 27 Mar 2009 06:41:11 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by core3.amsl.com (Postfix) with ESMTP id AC26628C16D for <sipping@ietf.org>; Fri, 27 Mar 2009 06:41:11 -0700 (PDT)
Received: from mail.acmepacket.com (216.41.24.7) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.1.340.0; Fri, 27 Mar 2009 09:42:05 -0400
Received: from mail.acmepacket.com ([127.0.0.1]) by mail ([127.0.0.1]) with mapi; Fri, 27 Mar 2009 09:42:05 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: "sipping@ietf.org" <sipping@ietf.org>
Date: Fri, 27 Mar 2009 09:42:08 -0400
Thread-Topic: Meeting Minutes: Ad-hoc Common Log Format meeting
Thread-Index: Acmu4WY9jJXyd6vWTaygOVUW6YRECQ==
Message-ID: <E6C2E8958BA59A4FB960963D475F7AC314FF20859B@mail>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [Sipping] Meeting Minutes: Ad-hoc Common Log Format meeting
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipping>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2009 13:41:12 -0000
[re-send to fix email subject line] Howdy, Below are the rough minutes of the Sipping CLF Ad-Hoc meeting. I'm sure I missed some people's comments (I don't touch-type) - if you find I missed yours please email me and I'll update this. I also tried to record what I felt was consensus on specific issues, but this is clearly just subjective commentary and this was only an ad-hoc and no hmmm's were taken, etc. -hadriel Begin ------------------------------ Ad-hoc Common-Log-File format meeting Thursday, March 26, 2009 Attendees: many, many (room is packed) Eric Burger: [gave intro (go read ppt slides)]: Goal is to have usable log file format for tools, but not for billing nor a replacement for syslog or CDR's Francois: if I'm already doing CDR, why bother doing this? Umberto: Tools which do stateful parsing of SIP protocol would like this, for example anomaly/problem/IDS type things Hadriel: but this log file format isn't nearly enough info/detail for that Vijay: but we can add them or argue about what we need Adam Roach: ascii fixed format or space delimited is not efficient and tough to extend Daryl: how will we get enough detail, compared to CDR's/wireshark? Vijay: we think the 11 currently defined CLF headers are enough, but we want to learn if others agree Jiri: is this per message, or per transaction - what about retransmissions? Daryl: we'll need more detail, for example retransmissions may be important to log for troubleshooting Vijay: We weren't thinking this will record retransmissions Daryl: how do we correlate routed requests if b2bua's change call-id? Dean: stateless proxies will create multiple entries for retransmissions, no matter what Jason Fishl: no biggie - it records multiple times and we don't need to care [I think consensus reached: don't need to worry about stateless proxies doing/needing something different] Daryl: performance is a big deal, it will be some off-box process in some cases because impact on run-time systems won't cut it Adam R: really we need a TLV-type format, something binary/fast to write and fast to read, so you can seek and skip large chunks fast, and have optionality [Someone else]: and something which can record enough for troubleshooting and the like Hadriel: the only thing useful for that would be pcap format Francois: update the draft for format issues, because it's not decided yet and I'm not sure the format is right Vijay: are the current fields necessary and/or sufficient? Hadriel: insufficient fields in current CLF Adam: we need optional extensibility, because we'll never figure out the right fields right now Dale: To and From URI may not be useful Derek: need sub-second accuracy, not just seconds [people agree with that - I think consensus reached on that] Vijay: some security folks want privacy of IP/identity Daryl/Martin: nope, do post-processing to anonymize if you want, but the logs need to show it all Vijay: ok, we won't anonymize anything in the CLF [consensus reached: not important] Vijay: what about the issues with rfc3841, where UAC can make proxy act different Many people: don't care about that, not an issue [consensus reached: not important] Last words: need to update draft, discuss on mailing list ------------------------------End -hadriel
- [Sipping] Meeting Minutes: Ad-hoc Common Log Form… Hadriel Kaplan