SIP Common Log Format
charter-ietf-sipclf-01

Document Charter SIP Common Log Format WG (sipclf)
Title SIP Common Log Format
Last updated 2009-09-15
State Approved
WG State Concluded
IESG Responsible AD Robert Sparks
Charter Edit AD (None)
Send notices to (None)

Charter
charter-ietf-sipclf-01

The SIP Common Log Format (SIPCLF) working group is chartered to define
  a standard logging format for systems processing SIP messages.
  
  Well-known web servers such as Apache and web proxies like Squid
  support event logging using a common log format.  The logs produced
  using these de-facto standard formats are invaluable to system
  administrators for trouble-shooting a server and tool writers to
  craft tools that mine the log files to produce reports and trends
  and to search for a certain message or messages, a transaction
  or a related set of transactions.  Furthermore, these log records
  can also be used to train anomaly detection systems and feed events
  into a security event management system.
  
  The Session Initiation Protocol does not have a common log
  format. Diverse elements provide distinct log formats making
  it complex to produce tools to analyze them.
  
  The SIPCLF working group will produce a format suitable for logging
  from any SIP element. The working group will take into account
   * the need to search, merge, and summarize the log records 
     from one or more possibly diverse elements.
   * the need to correlate messages from multiple elements 
     related to a given request (that may fork) or a
     given dialog. 
  
  The format will take SIP's extensibility into consideration, providing
  a way to represent SIP message components that are defined in the
  future.  The format will anticipate being used both for off-line
  analysis and on-line real-time processing applications.  The working
  group will consider the need for efficient creation of records and the
  need for efficient processing of the records.
  
  The working group will identify the fields to appear in a log
  record and provide one or more formats for encoding those fields.
  The working group is not pre-constrained to producing either a
  bit-field oriented or text-oriented format, and may choose to
  provide both. If the group chooses to specify both, it must be
  possible to mechanically translate between the formats without loss
  of information.
  
  Specifying the mechanics of exchanging, transporting, and storing
  SIP Common Log Format records is explicitly out of scope. However,
  the working group will document as part of the definition of the
  log record format:
  
    * operational guidance considering log file management 
      addressing size, rollover, aggregation and
      filtering. 
    * guidance for correlating SIP CLF records with events
      reported via other log mechanisms such as syslog or
      SNMP notifications.
    * security guidance for storage, access, and transporting
      SIP CLF log records, addressing information privacy
  
  The group will generate:
  
  - A problem statement enunciating the motivation,
  and use cases for a SIP Common Log Format. This analysis
  will identify the required minimal information that must
  appear in any record.
  
  - A specification of the SIP Common Log Format record