{"draft":"draft-ietf-sipclf-problem-statement-13","doc_id":"RFC6872","title":"The Common Log Format (CLF) for the Session Initiation Protocol (SIP): Framework and Information Model","authors":["V. Gurbani, Ed.","E. Burger, Ed.","T. Anjali","H. Abdelnur","O. Festor"],"format":["ASCII","HTML"],"page_count":"39","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"SIP Common Log Format","abstract":"Well-known web servers such as Apache and web proxies like Squid\r\nsupport event logging using a common log format.  The logs produced\r\nusing these de facto standard formats are invaluable to system\r\nadministrators for troubleshooting a server and tool writers to craft\r\ntools that mine the log files and produce reports and trends.\r\nFurthermore, these log files can also be used to train anomaly\r\ndetection systems and feed events into a security event management\r\nsystem.  The Session Initiation Protocol (SIP) does not have a common\r\nlog format, and, as a result, each server supports a distinct log\r\nformat that makes it unnecessarily complex to produce tools to do\r\ntrend analysis and security detection.  This document describes a\r\nframework, including requirements and analysis of existing\r\napproaches, and specifies an information model for development of a\r\nSIP common log file format that can be used uniformly by user agents,\r\nproxies, registrars, and redirect servers as well as back-to-back\r\nuser agents.","pub_date":"February 2013","keywords":["logging","analytics","information model"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6872","errata_url":null}