SIP Common Log Format
SIP Common Log Format WG
||SIP Common Log Format
||Charter Edit AD
||Send notices to
The SIP Common Log Format (SIPCLF) working group is chartered to define
a standard logging format for systems processing SIP messages.
Well-known web servers such as Apache and web proxies like Squid
support event logging using a common log format. The logs produced
using these de-facto standard formats are invaluable to system
administrators for trouble-shooting a server and tool writers to
craft tools that mine the log files to produce reports and trends
and to search for a certain message or messages, a transaction
or a related set of transactions. Furthermore, these log records
can also be used to train anomaly detection systems and feed events
into a security event management system.
The Session Initiation Protocol does not have a common log
format. Diverse elements provide distinct log formats making
it complex to produce tools to analyze them.
The SIPCLF working group will produce a format suitable for logging
from any SIP element. The working group will take into account
* the need to search, merge, and summarize the log records
from one or more possibly diverse elements.
* the need to correlate messages from multiple elements
related to a given request (that may fork) or a
The format will take SIP's extensibility into consideration, providing
a way to represent SIP message components that are defined in the
future. The format will anticipate being used both for off-line
analysis and on-line real-time processing applications. The working
group will consider the need for efficient creation of records and the
need for efficient processing of the records.
The working group will identify the fields to appear in a log
record and provide one or more formats for encoding those fields.
The working group is not pre-constrained to producing either a
bit-field oriented or text-oriented format, and may choose to
provide both. If the group chooses to specify both, it must be
possible to mechanically translate between the formats without loss
Specifying the mechanics of exchanging, transporting, and storing
SIP Common Log Format records is explicitly out of scope. However,
the working group will document as part of the definition of the
log record format:
* operational guidance considering log file management
addressing size, rollover, aggregation and
* guidance for correlating SIP CLF records with events
reported via other log mechanisms such as syslog or
* security guidance for storage, access, and transporting
SIP CLF log records, addressing information privacy
The group will generate:
- A problem statement enunciating the motivation,
and use cases for a SIP Common Log Format. This analysis
will identify the required minimal information that must
appear in any record.
- A specification of the SIP Common Log Format record