论文信息 - Internet Engineering Task Force (ietf) the Common Log Format (clf) for the Session Initiation Protocol (sip): Framework and Information Model

Internet Engineering Task Force (ietf) the Common Log Format (clf) for the Session Initiation Protocol (sip): Framework and Information Model

Well-known web servers such as Apache and web proxies like Squid support event logging using a common log format. The logs produced using these de facto standard formats are invaluable to system administrators for troubleshooting a server and tool writers to craft tools that mine the log files and produce reports and trends. Furthermore, these log files can also be used to train anomaly detection systems and feed events into a security event management system. The Session Initiation Protocol (SIP) does not have a common log format, and, as a result, each server supports a distinct log format that makes it unnecessarily complex to produce tools to do trend analysis and security detection. This document describes a framework, including requirements and analysis of existing approaches, and specifies an information model for development of a SIP common log file format that can be used uniformly by user agents, proxies, registrars, and redirect servers as well as back-to-back user agents.

[1] Bruce Schneier,et al. Secure audit logs to support computer forensics , 1999, TSEC.

[2] Klaus-Robert Müller,et al. A Self-learning System for Detection of Anomalous SIP Messages , 2008, IPTComm.

[3] Vijay K. Gurbani,et al. Format for the Session Initiation Protocol (SIP) Common Log Format (CLF) , 2013, RFC.

[4] Scott O. Bradner,et al. Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[5] Mark Handley,et al. SIP: Session Initiation Protocol , 1999, RFC.

[6] Tatu Ylönen,et al. The Secure Shell (ssh) Transport Layer Protocol , 2006 .

[7] Benoit Claise,et al. Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information , 2008, RFC.

[8] Tim Dierks,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[9] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[10] Sean Turner,et al. Transport Layer Security , 2014, IEEE Internet Computing.

[11] Rainer Gerhards,et al. The Syslog Protocol , 2009, RFC.