Hi,
I believe that this is a good document and I support its approval.
I do have a number of issues which I suggest to take into consideration before
approval and publication:
1. In Section 4:
The SIP CLF is amenable to easy parsing and lends itself well to
creating other innovative tools.
I am not sure what this sentence really says. What does 'easy parsing' mean?
The previous paragraph referred to 'quick parsing (i.e., well-delimited
fields)' - quick parsing is a relative notion but at least there was an
example. Here, I do not know.
What does 'other innovative tools' means escapes me totally. Why 'other'?
'other' than what? And what 'innovative tools' means?
2. In Section 11
SIP CLF log files will take up substantive amount of disk space
depending on traffic volume at a processing entity and the amount of
information being logged. As such, any organization using SIP CLF
should establish operational procedures for file rollovers as
appropriate to the needs of the organization.
Procedures for file rollovers is not enough - actually there need to be in
place procedures for periodic retrieval of logs before rollover.
3. [RFC3261] needs to be a Normative Reference. All this document speaks about
logs for SIP, refers to SIP entities, messages, fields in the SIP messages - on
short it cannot be understood and the SIP-CLF cannot be implemented without a
good reading and understanding of [RFC3261].
Regards,
Dan
-----Original Message-----
From: sip-clf-bounces(_at_)ietf(_dot_)org
[mailto:sip-clf-bounces(_at_)ietf(_dot_)org] On
Behalf Of The IESG
Sent: Monday, December 03, 2012 10:45 PM
To: IETF-Announce
Cc: sip-clf(_at_)ietf(_dot_)org
Subject: [sip-clf] Last Call: <draft-ietf-sipclf-problem-statement-
11.txt> (The Common Log Format (CLF) for the Session Initiation Protocol
(SIP): Framework and Data Model) to Proposed Standard
The IESG has received a request from the SIP Common Log Format WG
(sipclf) to consider the following document:
- 'The Common Log Format (CLF) for the Session Initiation Protocol
(SIP):
Framework and Data Model'
<draft-ietf-sipclf-problem-statement-11.txt> as Proposed Standard
A previous version of this document was Last Called with an
Informational intended publication status. Issues with the document's
scope and technical concerns with internationalization were identified
during IESG evaluation and the document was returned to the working
group.
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2012-12-17. Exceptionally, comments
may
be sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
Well-known web servers such as Apache and web proxies like Squid
support event logging using a common log format. The logs produced
using these de-facto standard formats are invaluable to system
administrators for trouble-shooting a server and tool writers to
craft tools that mine the log files and produce reports and trends.
Furthermore, these log files can also be used to train anomaly
detection systems and feed events into a security event management
system. The Session Initiation Protocol (SIP) does not have a common
log format, and as a result, each server supports a distinct log
format that makes it unnecessarily complex to produce tools to do
trend analysis and security detection. We propose a common log file
format for SIP servers that can be used uniformly by user agents,
proxies, registrars, redirect servers as well as back-to-back user
agents.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem-statement/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem-
statement/ballot/
No IPR declarations have been submitted directly on this I-D.
_______________________________________________
sip-clf mailing list
sip-clf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/sip-clf