I'm wondering what folks think about this the Common Log File (CLF) activity in the IETF? http://www.ietf.org/internet-drafts/draft-gurbani-sipping-clf-01.txt http://tools.ietf.org/html/draft-roach-sipping-clf-syntax-00 Comments to me or directly to the authors welcome. -jiri Abstract Well-known web servers such as Apache and web proxies like Squid support event logging using a common log format. The logs produced using these de-facto standard formats are invaluable to system administrators for trouble-shooting a server and tool writers to craft tools that mine the log files and produce reports and trends. Furthermore, these log files can also be used to train anomaly detection systems and feed events into a security event management system. The Session Initiation Protocol does not have a common log format, and as a result, each server supports a distinct log format that makes it unnecessarily complex to produce tools to do trend analysis and security detection. We propose a common log file format for SIP servers that can be used uniformly for proxies, registrars, redirect servers as well as back-to-back user agents.