If the purpose of it is troubleshooting, or threat analysis type stuff, I think the following format satisfies the needs as well: http://wiki.wireshark.org/Development/LibpcapFileFormat The advantages: 1) There's running code 2) There's open source, on all operating systems, and also for commercial use 3) It's used by many people 4) There are many tools which accept/process it 5) It's fast to write/save 6) It supports a sub-second timestamp 7) It supports length encoding of packets, so you can skip past them 8) It supports truncated saving of packets, so you don't have to save all of very big ones 9) It records the method name or response code very early in the saved log entry for each packet Disadvantages: 1) Nothing much new to specify, except to document it? 2) It's a little tricky for SIP/TLS, where you basically have to create fake segments/packets for the low layers, and same may be true for SIP/TCP depending on when you record the log 3) It doesn't provide a way to report internal system events/actions/info (although we could fix that) 4) Afaik, there is no specific remote push/streaming mechanism for it defined (there was an attempt at it, but not final) -hadriel > -----Original Message----- > From: sipping-bounces@xxxxxxxx [mailto:sipping-bounces@xxxxxxxx] On Behalf > Of Vijay K. Gurbani > Sent: Wednesday, March 25, 2009 10:58 PM > > Adam Roach wrote: > > In the spirit of "send text," I've put together a straw-man proposal for > > an easy-to-generate and fast-to-process extensible format for saving SIP > > log messages: > > > > http://www.ietf.org/internet-drafts/draft-roach-sipping-clf-syntax- > 00.txt > [...] > > Adam: Essentially you are advocating for a table-of-content > type of approach where you read the ToC and index straight > to where you want to go. I have worked on SIP parsers > designed this way. > > The parsing is optimized, yes, when compared to the ASCII > version -- though perl can do wonders, but not to outperform > binary parsing. The disadvantage is that you loose readability > and would need specialized tools to, say, grep through such > a file. > > It will be interesting to see what others think... > > Thanks, > > - vijay > -- > Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent > 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA) > Email: vkg@{alcatel-lucent.com,bell-labs.com,acm.org} > Web: http://ect.bell-labs.com/who/vkg/ > _______________________________________________ > Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip > Use sip@xxxxxxxx for new developments of core SIP _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
