idnits 2.17.1 

draft-hallam-http-logfile-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in
     this document.

     Expected boilerplate is as follows today (2024-04-23) according to
     https://trustee.ietf.org/license-info :

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.a:
        This Internet-Draft is submitted in full conformance with the provisions
        of BCP 78 and BCP 79.

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2:
        Copyright (c) 2024 IETF Trust and the persons identified as the document
        authors.  All rights reserved.

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3:
        This document is subject to BCP 78 and the IETF Trust's Legal Provisions
        Relating to IETF Documents
        (https://trustee.ietf.org/license-info) in effect on the date of
        publication of this document.  Please review these documents
        carefully, as they describe your rights and restrictions with
        respect to this document.  Code Components extracted from this
        document must include Simplified BSD License text as described in
        Section 4.e of the Trust Legal Provisions and are provided
        without warranty as described in the Simplified BSD License.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 8
     longer pages, the longest (page 2) being 59 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack a Security Considerations section.

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** There are 4 instances of too long lines in the document, the longest one
     being 6 characters in excess of 72.

  ** There are 11 instances of lines with control characters in the document.

  ** The abstract seems to contain references ([Luotonen95], [Hallam96a],
     [Hallam96b], [RFC1738], [RFC1808]), which it shouldn't.  Please replace
     those with straight textual mentions of the documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == Line 111 has weird spacing: '...cribing  sessi...'

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 1996) is 10295 days in the past.  Is this
     intentional?

  -- Found something which looks like a code comment -- if you have code
     sections in the document, please surround them with '<CODE BEGINS>' and
     '<CODE ENDS>' lines.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Missing reference section? 'Hallam96a' on line 411 looks like a reference

  -- Missing reference section? 'Hallam96b' on line 415 looks like a reference

  -- Missing reference section? 'RFC1808' on line 400 looks like a reference

  -- Missing reference section? 'RFC1738' on line 403 looks like a reference

  -- Missing reference section? 'Luotonen95' on line 407 looks like a
     reference


     Summary: 11 errors (**), 0 flaws (~~), 3 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	   INTERNET DRAFT                           Phillip M. Hallam-Baker, W3C
2	   Expires in six months                          email: <hallam@w3.org>
3	                                                         Brian Behlendorf
4	                                               email: <brian@organic.com>
5	                                                      21st February 1996

7	                          Extended Log File Format

9	                      <draft-hallam-http-logfile-00.txt>

11	Status of this Memo

13	   This document is an Internet draft. Internet drafts are working
14	   documents of the Internet Engineering Task Force (IETF), its areas
15	   and its working groups. Note that other groups may also distribute
16	   working information as Internet drafts.

18	   Internet Drafts are draft documents valid for a maximum of six
19	   months and can be updated, replaced or obsoleted by other documents
20	   at any time. It is inappropriate to use Internet drafts as reference
21	   material or to cite them as other than as "work in progress".

23	   To learn the current status of any Internet draft please check the
24	   "lid-abstracts.txt" listing contained in the Internet drafts shadow
25	   directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
26	   munnari.oz.au (Pacific Rim), ds.internic.net (US East coast) or
27	   ftp.isi.edu (US West coast). Further information about the IETF can
28	   be found at URL: http://www.cnri.reston.va.us/

30	   Distribution of this document is unlimited. Please send comments to
31	   the HTTP working group (HTTP-WG) of the Internet Engineering Task
32	   Force (IETF) at < http://www.ics.uci.edu/pub/ietf/http/. This note
33	   is also avaliable as a World Wide Web Consortium Working Draft
34	   WD-logfile-960221, archived at
35	   http://www.w3.org/pub/WWW/TR/WD-logfile-960221.html

37	   Extended Log File Format

39	                                                             WD-logfile-960221

41	                          Extended Log File Format

43	                    W3C Working Draft _WD-logfile-960221_

45	   This version:
46	        http://www.w3.org/pub/WWW/TR/WD-logfile-960221.html

48	   Latest version:
49	        http://www.w3.org/pub/WWW/TR/WD-logfile.html

51	   Authors:
52	       Phillip M. Hallam-Baker <hallam@w3.org>

54	Extended Log File Format

56	       Brian Behlendorf  <brian@organic.com>

58	------------------------------------------------------------------------------
59	Status of this document

61	   This is a W3C Working Draft for review by W3C members and other
62	   interested parties. It is a draft document and may be updated,
63	   replaced or obsoleted by other documents at any time. It is
64	   inappropriate to use W3C Working Drafts as reference material or to
65	   cite them as other than "work in progress". A list of current W3C
66	   working drafts can be found at: http://www.w3.org/pub/WWW/TR

68	   Note: since working drafts are subject to frequent change, you are
69	   advised to reference the above URL, rather than the URLs for working
70	   drafts themselves.

72	Extended Log File Format

74	Abstract

76	   An improved format for Web server log files is presented. The format
77	   is extensible, permitting a wider range of data to be captured. This
78	   proposal is motivated by the need to capture a wider range of data
79	   for demographic analysis and also the needs of proxy caches.

81	Introduction

83	   Most Web servers offer the option to store logfiles in either the
84	   common log format or a proprietary format. The common log file
85	   format is supported by the majority of analysis tools but the
86	   information about each server transaction is fixed. In many cases it
87	   is desirable to record more information. Sites sensitive to personal
88	   data issues may wish to omit the recording of certain data. In
89	   addition ambiguities arise in analysing the common log file format
90	   since field separator characters may in some cases occur within
91	   fields. The extended log file format is designed to meet the
92	   following needs:

94	   *   Permit control over the data recorded.

96	   *   Support needs of proxies, clients and servers in a common format

98	   *   Provide robust handling of character escaping issues

100	   *   Allow exchange of demographic data.

102	   *   Allow summary data to be expressed.

104	   The log file format described permits customized logfiles to be
105	   recorded in a format readable by generic analysis tools. A header
106	   specifying the data types recorded is written out at the start of
107	   each log.

109	   This work is in part motivated by the need to support collection of
110	   demographic data. This work is discussed at greater length in
111	   companion drafts describing  session identifier URIs [Hallam96a] and
112	   more consistent proxy behaviour [Hallam96b].

114	Format

116	   A extended log file contains a sequence of _lines_ containing ASCII
117	   characters terminated by either the sequence CR or CRLF. Log file
118	   generators should follow the line termination convention for the
119	   platform on which they are executed. Analysers should accept either
120	   form. Each line may contain either a _directive_ or an _entry_.

122	   Entries consist of a sequence of _fields_ relating to a single HTTP
123	   transaction. Fields are separated by whitespace, the use of tab
124	   characters for this purpose is encouraged. If a field is unused in a
125	   particular entry dash "-" marks the omitted field. Directives record
126	   information about the logging process itself.

128	Extended Log File Format

130	   The following directives are defined:

132	   Version: _<integer>_._<integer>_
133	       The version of the extended log file format used. This draft
134	       defines version 1.0.

136	   Fields: [_<specifier>_...]
137	       Specifies the fields recorded in the log.

139	   Software: _string_
140	       Identifies the software which generated the log.

142	   Start-Date: _<date>_ _<time>_
143	       The date and time at which the log was started.

145	   End-Date:_<date>_ _<time>_
146	       The date and time at which the log was finished.

148	   Date:_<date>_ _<time>_
149	       The date and time at which the entry was added.

151	   Remark: _<text>_
152	       Comment information. Data recorded in this field should be
153	       ignored by analysis tools.

155	   The directives Version and Fields are required and should preceed
156	   all entries in the log. The Fields directive specifies the data
157	   recorded in the fields of each entry.

159	Example

161	   The following is an example file in the extended log format:

163	   #Version: 1.0
164	   #Date: 12-Jan-1996
165	   #Fields: time cs-method cs-uri
166	   00:34:23 GET /foo/bar.html
167	   12:21:16 GET /foo/bar.html
168	   12:45:52 GET /foo/bar.html
169	   12:57:34 GET /foo/bar.html

171	Fields

173	   The #Fields directive lists a sequence of _field identifiers_
174	   specifying the information recorded in each entry. Field identifiers
175	   may have one of the following forms:

177	   _identifier_
178	       Identifier relates to the transaction as a whole.

180	   _prefix_-_identifier_

182	Extended Log File Format

184	       Identifier relates to information transfer between parties
185	       defined by the value _prefix_.

187	   _prefix_(_header_)
188	       Identifies the value of the HTTP header field _header_ for
189	       transfer between parties defined by the value _prefix_. Fields
190	       specified in this manner always have the value <string>.

192	   The following prefixes are defined:

194	   cs
195	       Client to Server.

197	   sc
198	       Server to Client.

200	   sr
201	       Server to Remote Server, this prefix is used by proxies.

203	   rs
204	       Remote Server to Server, this prefix is used by proxies.

206	   x
207	       Application specific identifier.

209	   The identifier cs-method thus refers to the method in the request
210	   sent by the client to the server while sc(Content-Type) refers to
211	   the content type field of the reply.

213	Identifiers.

215	   The following identifiers do not require a prefix

217	   date
218	       Date at which transaction completed, field has type <date>

220	   time
221	       Time at which transaction completed, field has type <time>

223	   time-taken
224	       Time taken for transaction to complete in seconds, field has
225	       type <fixed>

227	   bytes
228	       bytes transfered, field has type <integer>

230	   cached
231	       Records wether a cache hit occured, field has type <integer> 0
232	       indicates a cache miss.

234	   The following identifiers require a prefix

236	   ip

238	Extended Log File Format

240	       IP address and port, field has type <address>

242	   dns
243	       DNS name, field has type <name>

245	   status
246	       Status code, field has type <integer>

248	   comment
249	       Comment returned with status code, field has type <>

251	   method
252	       Method, field has type <name>

254	   uri
255	       URI, field has type <uri>

257	   uri-stem
258	       Stem protion alone of URI (omitting query), field has type <uri>

260	   uri-query
261	       Query portion alone of URI, field has type <uri>

263	   host
264	       DNS hostname used, field has type <name>

266	Special fields for log summaries.

268	   Analysis tools may generate log summaries. A log summary lists the
269	   number of operations performed on a URI but omits information
270	   specific to a particular transaction.

272	   The following field is mandatory and must preceed all others:

274	   count
275	       The number of entries for which the listed data, field has type
276	       <>

278	   The following fields may be used in place of time to allow
279	   aggregation of log file entries over intervals of time.

281	   time-from
282	       Time at which sampling began, field has type <time>

284	   time-to
285	       Time at which sampling ended, field has type <time>

287	   interval
288	       Time over which sampling occurred in seconds, field has type
289	       <integer>

291	Entries
292	Extended Log File Format

294	   This section describes the data formats for log file field entries.
295	   These formats are chosen so as to avoid ambiguity, minimize the
296	   difficulty of generation and parsing and provide for human
297	   readability.

299	   Each logfile entry consists of a sequence of fields separated by
300	   whitespace and terminated by a CR or CRLF sequence. The meanings of
301	   the fields are defined by a preceeding #Fields directive. If a field
302	   is ommitted for a particular entry a single dash "-" is substituted.

304	   Log file parsers should be tolerant of errors. If an entry contains
305	   corrupt data or is terminated unexpectedly the parser should
306	   resynchronize using the end of line marker and continue to parse the
307	   following entries. Entries must not contain any ASCII control
308	   characters.

310	   <entry> = <field>* <end-of-line>

312	   <field> = <integer> | <fixed> | <uri> | <date> | <time> | <string>

314	   <digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"

316	Integer

318	   <integer>	= <digit> +

320	   Integers are represented as a sequence of digits.

322	Fixed Format Float

324	   <float>	= <digit> [. <digit>*]

326	URI

328	   A URI as specified by RFC1738, relative URIs are specified by
329	   RFC1808. URIs cannot by definition include whitespace or ASCII
330	   control characters. Consequently no ambiguity arises from their use.

332	Date

334	   <date>	= <digit> <digit> <digit> <digit>
335	   			"-" <digit> <digit> "-" <digit> <digit>

337	   Dates are recorded in the format YYYY-MM-DD where YYYY, MM and DD
338	   stand for the numeric year, month and day respectively. This format

340	Extended Log File Format

342	   is chosen to assist collation using sort.

344	Time

346	   <time>	= <digit> <digit> ":" <digit> <digit>
347	   			[":" <digit> <digit> ["." <digit>*]

349	   Times are recorded in the form HH:MM, HH:MM:SS or HH:MM:SS.S where
350	   HH is the hour in 24 hour format, MM is minutes and SS is seconds.

352	String

354	   <string>	= '"' <schar>* '"'

356	   <schar>	= xchar | '"' '"'

358	   Strings are output in quoted form. If a string contains a quotation
359	   character the character is repeated. This format is unambiguous
360	   since fields are by definition separated by whitespace.

362	   No mechanism for incorporating control characters is defined.

364	Text

366	   <text>	=  <char>*

368	   The text field is used only by directives.

370	Name

372	   <name>	=  <alpha> [ "." <alpha> * ]

374	   DNS name.

376	Address

378	   <name>	=  <integer> [ "." <integer> * ] [ ":" <integer> ]

380	   Numeric IP address and optional port specifier.

382	Acknowledgements.

384	Extended Log File Format

386	   Robert Thau provided usefull advice and some code. John Mallery and
387	   Roger Hurwitz helped develop many of the ideas.

389	   Phillip M. Hallam-Baker
390	   hallam@w3.org
391	   World Wid Web Consortium
392	   Cambridge MA

394	   Brian Behlendorf
395	   brian@organic.com
396	   Organic Online

398	References.

400	   [RFC1808]
401	       R. Fielding _ Relative Uniform Resource Locators_, June 1995

403	   [RFC1738]
404	       T. Berners-Lee, L. Masinter, _ Uniform Resource Locators (URL)_,
405	       December 1994

407	   [Luotonen95]
408	       A. luotonen, _ The Common Logfile Format_, 1995,
409	       http://www.w3.org/pub/WWW/Daemon/User/Config/Logging.html

411	   [Hallam96a]
412	       P. M. Hallam-Baker _ Session Identification URI_ World Wide Web
413	       Consortium Working Draft, WD-session-id.

415	   [Hallam96b]
416	       P. M. Hallam-Baker _ Notification for Proxy Caches_ World Wide
417	       Web Consortium Working Draft, WD-proxy.