On Tue, Mar 31, 2009 at 5:42 PM, Hadriel Kaplan <HKaplan@xxxxxxxxxxxxxx> wrote: > That depends on what you think a "Common Log Format" would be useful for. The premise was that it's for troubleshooting and analysis systems. AFAICT, nothing short of the entire SIP message sequence, including contents, and even IP/UDP or TCP headers, would be sufficient for that in practice. i think perhaps what i'm, after isn't "common log format", and instead a "distributed event exporter/collector API" for network monitoring and Complex Event Processing systems, and is almost certainly a totally separate thing to be tackled another day :-) > But anyway, attached is an example CLF file using only the currently defined fields from draft-gurbani-sipping-clf-01, I think, encoded in a different format from the draft. The problem is this isn't really any different to the plain text format, except it includes an initial packet length header and thus you can skip over the whole record easily. You still need to parse the contents of the pacp record to match any information such as a specific via header or to tag. One thing that is nice about a fixed format like adam's is you can convert an input criteria filter into a set of opcodes that you can then further compile into local machine code to scan through in a very, very efficient way, similar to how packet capturing in the kernel or tcpdump (i.e, -dd) works. saying that, i do prefer pcap over the plain text method... ~ Theo Kaplan _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
