# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. cisco_vpnconcentrator = { plugin_version = "1.9" info.1.manufacturer = "Cisco" info.1.device = "VPN Concentrator" info.1.version.1 = "3000" # 2006-03-19 - 1.1 - ??? - added vpn_sessions field, to track sessions; added "decomposition" style parsing # filter for disconnect lines, to handle more variants. # 2007-01-12 - 1.2 - GMF - Restored duration tracking when duration is on line by itself. # 2007-02-15 - 1.3 - GMF - added support for extracting source IP in formats where Group/User is on the # second line. # 2007-02-22 - 1.4 - GMF - Reinstated Duration line filter, to support formats where Duration is alone # on a line. # 2008-04-24 - 1.5 - GMF - Added support for ARP request and reply lines # 2008-04-25 - 1.6 - GMF - Added support for a slight variant # 2011-02-16 - 1.7 - MSG - Made a comma after User in connected lines optional # 2011-07-18 - 1.8 - KBB - Integrated support for multi-line and single-line formats. Some types of lines # are only supported in the single line format, even though the same types of data are in the multi-line # examples, because we have had no recent requests for multi-line and it may be obsolete. # 2011-07-19 - 1.9 - KBB - Added (restored?) sessions. Grouped reports in menu. # The name of the log format log.format.format_label = "Cisco VPN Concentrator" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "network_device" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "SEV=[0-9]+ [A-Z]+/[0-9]+ RPT=[0-9]+ [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Don't throw away the last line entry. log.format.discard_expired_entries = false # There's no maximum duration or session timeout-- sessions just timeout # when the connection is terminated. statistics.miscellaneous.maximum_session_duration = "0" statistics.miscellaneous.session_timeout = "0" # These are no longer supported # statistics.miscellaneous.session_logout_regexp = "(disconnected:)" # statistics.miscellaneous.session_logout_regexp = "(Connection terminated)" # Log fields log.fields = { severity = "" operation = "" user = "" group = "" cn = "" sn = "" sa = "" status = "" payload = "" login_protocol = "" remote_protocol = "" local_protocol = "" local_port = "" remote_port = "" source_host.type = "host" inbound_spi = "" outbound_spi = "" server_host = "" local_proxy_host = "" local_proxy_subnet = "" local_proxy_mask = "" remote_proxy_host = "" remote_proxy_subnet = "" remote_proxy_mask = "" bytes_sent = "" bytes_received = "" duration = "" reason = "" server = "" domain = "" handle = "" peer = "" session_type = "" arp_ip = "" arp_mac = "" # vpn_sessions = "" session_events = "" last_date = "" last_time = "" } # log.fields log.filter_initialization = ` bool is_multi_line = false; ` # Log Parsing Filters log.parsing_filters.parse = ` if (v.syslog_message ne '') then ( v.message = v.syslog_message; ); # in multi-line stand-alone format, date and time will automatically carry over as set by # cisco_vpnconcentrator_syslog plug-in else ( v.message = current_log_line(); ); v.line = v.message; if (v.message ne '') then ( # Skip blank lines # Chop off leading integer if (matches_regular_expression(v.message, '^[0-9]+ (.*)$')) then ( v.message = $1; ); # Extract date/time, if present if (matches_regular_expression(v.message, '^([0-9][0-9]/[0-9][0-9]/[0-9][0-9][0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\\\.[0-9][0-9][0-9] (.*)$')) then ( set_collected_field('', 'date', $1); set_collected_field('', 'time', $2); v.message = $3; ); if (matches_regular_expression(v.message, "SEV=([0-9] [^ ]*) RPT=[0-9]+( +([^ ].*))? *$")) then ( # We have to do this either way because on the first line we don't know whether this is multi line yet v.last_date = get_collected_field('save', 'last_date'); v.last_time = get_collected_field('save', 'last_time'); v.date = get_collected_field('', 'date'); v.time = get_collected_field('', 'time'); if ((v.date ne '') and (v.time ne '')) then ( set_collected_field('save', 'last_date', v.date); set_collected_field('save', 'last_time', v.time); ); # Change the date and accept the previous entry if (is_multi_line and v.last_date ne '' and v.last_time ne '' and get_collected_field('', 'operation') ne '(empty)') then ( set_collected_field('', 'date', v.last_date); set_collected_field('', 'time', v.last_time); # There are some events with no user, so prevent the session ID from being "(empty)" if (get_collected_field('', 'user') ne '(empty)') then ( set_collected_field('', 'session_events', 1); # Accept disconnect event and create logout event for sessions # (session_events is still 1 after accept) if (get_collected_field('', 'operation') eq 'disconnected') then ( accept_collected_entry('', true); set_collected_field('', 'operation', '(logout)'); ); ); accept_collected_entry('', false); ); else if (is_multi_line) then ( set_collected_field('', 'datetime', ''); # Deliberately corrupt the date to discard the collected fields set_collected_field('', 'date', ''); set_collected_field('', 'time', ''); accept_collected_entry('', false); set_collected_field('', 'date', v.date); set_collected_field('', 'time', v.time); ); set_collected_field('', 'severity', $1); v.message = $3; if (matches_regular_expression(v.message, "^([0-9.]+)( +([^ ].*))? *$")) then ( set_collected_field('', 'source_host', $1); v.message = $3; ); # If there's nothing else to the line, this is multi line if (matches_regular_expression(v.message, '^ *$')) then ( is_multi_line = true; ); ); else ( is_multi_line = true; ); v.user = ''; # Group may precede User or vice versa if (matches_regular_expression(v.message, '^ *Group \\\\[([^]]*)\\\\] User \\\\[([^]]*)\\\\]( +([^ ].*))?$')) then ( set_collected_field('', 'group', $1); v.user = $2; v.message = $4; ); # KBB - There are no current examples of a comma after the User, but I am preserving it, just in case. else if (matches_regular_expression(v.message, '^ *User \\\\[([^]]*)\\\\],? Group \\\\[([^]]*)\\\\]( +([^ ].*))?$')) then ( v.user = $1; set_collected_field('', 'group', $2); v.message = $4; ); #User [ stuart ] Protocol [ HTTP ] attempted ADMIN logon. #User [stuart] connected #Management user stuart disconnected: duration 0:43:14 #User (stuart) authenticated. #Mar 28 09:34:58 172.18.6.251 47451 03/28/2008 09:32:49.710 SEV=5 AUTH/36 RPT=2 172.18.10.11 User [ stuart ] Protocol [ Telnet ] attempted ADMIN logon.. Status: ! #Mar 28 09:34:58 172.12.2.222 47453 03/28/2008 09:32:49.710 SEV=4 AUTH/22 RPT=107 User stuart connected #Mar 28 09:41:01 172.12.2.222 47463 03/28/2008 09:38:52.850 SEV=4 AUTH/29 RPT=1 Management user stuart disconnected: duration 0:13:22 #Mar 28 09:41:04 172.12.2.222 47466 03/28/2008 09:38:55.740 SEV=5 AUTH/36 RPT=3 172.18.10.11 User [ stuart ] Protocol [ HTTP ] attempted ADMIN logon.. Status: ! #Mar 28 09:41:04 172.12.2.222 47467 03/28/2008 09:38:55.740 SEV=4 AUTH/22 RPT=108 User stuart connected if (matches_regular_expression(v.message, '^ *(Management )?[uU]ser [[( ]*([^][(), ]+)[]), ]*( +([^][(), ].*))?$')) then ( v.user = $2; v.message = $4; ); if (matches_regular_expression(v.message, '^ *disconnected:( +([^ ].*))?$')) then ( set_collected_field('', 'operation', 'disconnected'); # set_collected_field('', 'vpn_sessions', 1); v.message = $2; ); if (matches_regular_expression(v.message, '^ *connected(, ([^ ].*))?$')) then ( set_collected_field('', 'operation', 'connected'); v.message = $2; ); #11898 12/10/2006 17:04:19.670 SEV=4 AUTH/28 RPT=7183 207.255.94.236 #User [mary] Group [newport] disconnected: # Session Type: SSL VPN Client # Duration: 1:10:54 # Bytes xmt: 722014 # Bytes rcv: 437252 # Reason: User Requested # #Feb 13 08:06:31 here.there.net 1971790 02/13/2011 10:03:02.720 SEV=4 AUTH/22 RPT=4949 User [harry] Group [newport] connected, Session Type: IPSec # #Feb 13 08:50:44 here.there.net 1971884 02/13/2011 10:47:15.910 SEV=4 AUTH/28 RPT=412 55.66.77.88 User [client-user1] Group [client-group] disconnected: Session Type: IPSec/NAT-T Duration: 0:44:13 Bytes xmt: 88254696 Bytes rcv: 9001704 Reason: User Requested if ((matches_regular_expression(v.message, '^ *Session Type: ([^:]*)$')) or (matches_regular_expression(v.message, '^ *Session Type: ([^ ]+)( +([^ ].*))?$'))) then ( set_collected_field('', 'session_type', $1); v.message = $3; ); #Mar 28 09:41:42 172.12.2.222 47471 03/28/2008 09:39:34.100 SEV=4 AUTH/29 RPT=3 Management user stuart disconnected: duration 0:00:38 #Mar 28 21:22:28 172.12.2.222 48311 03/28/2008 21:20:20.900 SEV=4 AUTH/28 RPT=106 222.82.222.122 User [mary] disconnected: Duration: 0:07:55 Bytes xmt: 1501816 Bytes rcv: 46872 Reason: User Requested #if (matches_regular_expression(v.message, '^ *Duration: ([0-9:]+)( +([^ ].*))?$')) then ( if (matches_regular_expression(v.message, '^ *[dD]uration: *(([0-9]+d )?[0-9:]+)( +([^ ].*))?$')) then ( v.duration = $1; v.message = $4; # Convert duration to seconds # KBB - There currently are no examples of durations that are not simply hh:mm:ss... if (contains(v.duration, ':')) then ( if (matches_regular_expression(v.duration, '^([0-9]+)d ([0-9]+):([0-9]+):([0-9]+)')) then set_collected_field('', 'duration', $4 + ($3 * 60) + ($2 * 3600) + ($1 * 86400)); else if (matches_regular_expression(v.duration, '^([0-9]+):([0-9]+):([0-9]+)')) then set_collected_field('', 'duration', $3 + ($2 * 60) + ($1 * 3600)); ); ); # if duration if (matches_regular_expression(v.message, '^ *Bytes xmt: ([0-9]+)( +([^ ].*))?$')) then ( set_collected_field('', 'bytes_sent', $1); v.message = $3; ); if (matches_regular_expression(v.message, '^ *Bytes rcv: ([0-9]+)( +([^ ].*))?$')) then ( set_collected_field('', 'bytes_received', $1); v.message = $3; ); #Mar 28 09:34:58 172.18.6.251 47451 03/28/2008 09:32:49.710 SEV=5 AUTH/36 RPT=2 172.18.10.11 User [ stuart ] Protocol [ Telnet ] attempted ADMIN logon.. Status: ! #Mar 28 09:41:04 172.12.2.222 47466 03/28/2008 09:38:55.740 SEV=5 AUTH/36 RPT=3 172.12.12.12 User [ stuart ] Protocol [ HTTP ] attempted ADMIN logon.. Status: ! if (matches_regular_expression(v.message, '^ *Protocol \\\\[ ([^ ]+) \\\\] (.*[^ .])([. ]+)(Status.*)?$')) then ( set_collected_field('', 'login_protocol', $1); set_collected_field('', 'operation', $2); v.message = $4; ); #Authentication rejected: Reason = Simultaneous logins exceeded for user #handle = 795, server = 192.168.2.222, user = grace, domain = #Authentication failed: Reason = Logon Failure #handle = 772, server = 192.168.2.222, user = stuart #Mar 6 04:10:28 172.12.2.222 24176 03/06/2008 04:07:12.220 SEV=3 AUTH/5 RPT=6 22.222.22.122 Authentication rejected: Reason = Unspecified handle = 151, server = 172.12.2.22, user = cb960132, domain = if (matches_regular_expression(v.message, '(Authentication (failed|rejected)): Reason = (.*)( (handle = .*))?$')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'reason', $3); v.message = $5; ); # All of these are ends of lines, or complete lines, so they are in else if parts, not new ifs if (matches_regular_expression(v.message, '^ *Reason: (.*)$')) then ( set_collected_field('', 'reason', $1); v.message = ''; ); else if (starts_with(v.message, '^handle = ')) then ( collect_listed_fields('', v.message, ' ,', ' = ', ''); v.message = ''; ); #Mar 28 09:41:04 172.12.2.222 47466 03/28/2008 09:38:55.740 SEV=5 AUTH/36 RPT=3 172.12.12.12 User [ stuart ] Protocol [ HTTP ] attempted ADMIN logon.. Status: ! #Status: else if (matches_regular_expression(v.message, 'Status: <([^>]+)>')) then ( set_collected_field('', 'status', $1); v.message = ''; ); #11678 12/10/2006 13:52:12.020 SEV=4 IKE/52 RPT=6757 122.122.222.82 #Group [newport] User [mary] #User (mary) authenticated. # #Feb 13 08:06:24 here.there.net 1971785 02/13/2011 10:02:56.100 SEV=4 IKE/52 RPT=415 55.66.77.88 Group [newport] User [harry] User (harry) authenticated. else if (matches_regular_expression(v.message, "^ *authenticated\\\\.$")) then ( set_collected_field('', 'operation', 'authenticated'); v.message = ''; ); #Feb 13 08:06:31 here.there.net 1971807 02/13/2011 10:03:02.820 SEV=4 IKE/120 RPT=220759 55.66.77.88 Group [newport] User [harry] PHASE 2 COMPLETED (msgid=57a77a33) else if (matches_regular_expression(v.message, '(PHASE [0-9]+ COMPLETED)')) then ( set_collected_field('', 'operation', $1); v.message = ''; ); # (There is no example of this line in the current samples.) # Parse a 'Validation of certificate successful' line else if (matches_regular_expression(v.message, '(Validation of certificate successful) \\\\(CN=([^,]*), SN=([A-F0-9]*)\\\\)')) then ( set_collected_field('', 'group', $1); set_collected_field('', 'operation', $2); set_collected_field('', 'cn', $3); set_collected_field('', 'sn', $4); v.message = ''; ); # The remaining events have only been implemented for the single line format. # 2008-04-24 - GMF - Parse a 'ARP request' or ARP reply line # Mar 28 09:34:58 12.34.56.78 47454 03/28/2008 09:32:49.750 SEV=7 IPDBG/14 RPT=7599 ARP request for 98.76.54.32 with 1 second timeout else if (matches_regular_expression(v.message, '(ARP request) for ([^ ]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'arp_ip', $2); v.message = ''; ); # Mar 28 11:54:38 12.34.56.78 47617 03/28/2008 11:52:29.390 SEV=7 IPDBG/15 RPT=6077 ARP reply for 98.76.54.32 from MAC 123456789ABC else if (matches_regular_expression(v.message, '(ARP reply) for ([^ ]*) from MAC ([^ ]+)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'arp_ip', $2); set_collected_field('', 'arp_mac', $3); v.message = ''; ); # Parse a 'Received local Proxy Host' line else if (matches_regular_expression(v.message, '(Received local Proxy Host data in ID Payload): *Address ([0-9.]*), Protocol ([0-9]*), Port ([0-9]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'local_proxy_host', $2); set_collected_field('', 'local_protocol', $3); set_collected_field('', 'local_port', $4); v.message = ''; ); # Parse a 'Received local Proxy Subnet data' line else if (matches_regular_expression(v.message, '(Received local IP Proxy Subnet data in ID Payload): *Address ([0-9.]*), Mask ([0-9.]*), Protocol ([0-9]*), Port ([0-9]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'local_proxy_subnet', $2); set_collected_field('', 'local_proxy_mask', $3); set_collected_field('', 'local_protocol', $4); set_collected_field('', 'local_port', $5); v.message = ''; ); # Parse a 'Received remote Proxy Host' line else if (matches_regular_expression(v.message, '(Received remote Proxy Host data in ID Payload): *Address ([0-9.]*), Protocol ([0-9]*), Port ([0-9]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'remote_proxy_host', $2); set_collected_field('', 'remote_protocol', $3); set_collected_field('', 'remote_port', $4); v.message = ''; ); # Parse a 'Received remote Proxy Subnet data' line else if (matches_regular_expression(v.message, '(Received remote IP Proxy Subnet data in ID Payload): *Address ([0-9.]*), Mask ([0-9.]*), Protocol ([0-9]*), Port ([0-9]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'remote_proxy_subnet', $2); set_collected_field('', 'remote_proxy_mask', $3); set_collected_field('', 'remote_protocol', $4); set_collected_field('', 'remote_port', $5); v.message = ''; ); # Parse a 'Security negotiation complete' line else if (matches_regular_expression(v.message, '(Security negotiation complete) for User \\\\(([^]]*)\\\\) Responder, Inbound SPI = ([^,]*), Outbound SPI = ([^,]*)')) then ( set_collected_field('', 'operation', $1); v.user = $2; set_collected_field('', 'inbound_spi', $3); set_collected_field('', 'outbound_spi', $4); v.message = ''; ); # Parse a 'Connection terminated' line else if (matches_regular_expression(v.message, '(Connection terminated for peer) ([^ ]*) \\\\([^)]*\\\\) *Remote Proxy ([^,]*), Local Proxy ([^,])*')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'peer', $2); set_collected_field('', 'remote_proxy', $3); set_collected_field('', 'local_proxy', $4); v.message = ''; ); #Feb 13 13:27:27 here.there.net 1975416 02/13/2011 15:24:02.200 SEV=5 IKE/50 RPT=572 172.10.20.30 Group [newport] User [grace] Connection terminated for peer grace. Reason: Peer Terminate Remote Proxy 10.1.110.111, Local Proxy 0.0.0.0 else if (matches_regular_expression(v.message, '(Connection terminated for peer) ([^.]*). Reason: ([^:]*) Remote Proxy ([^,]*), Local Proxy ([^,]*)')) then ( set_collected_field('', 'operation', $1); set_collected_field('', 'peer', $2); set_collected_field('', 'remote_proxy', $3); set_collected_field('', 'local_proxy', $4); v.message = ''; ); #else if (v.message ne '') then ( # echo("no match " . v.message); # debug # set_collected_field('', 'operation', v.message); #); # This needs to happen out here for multi-line logs if (v.user ne '') then ( set_collected_field('', 'user', v.user); ); v.op = get_collected_field('', 'operation'); if (is_multi_line) then ( accept_collected_entry('', true); ); else if (v.op ne '(empty)') then ( # There are some events with no user, so prevent the session ID from being "(empty)" if (v.user ne '') then ( set_collected_field('', 'session_events', 1); # Accept disconnect event and create logout event for sessions # (session_events is still 1 after accept) if (v.op eq 'disconnected') then ( accept_collected_entry('', true); set_collected_field('', 'operation', '(logout)'); ); ); accept_collected_entry('', false); ); else ( set_collected_field('', 'datetime', ''); # Deliberately corrupt the date to discard the collected fields set_collected_field('', 'date', ''); set_collected_field('', 'time', ''); accept_collected_entry('', false); ); ); ` # Database fields database.fields = { server_host = { label = "$lang_stats.field_labels.server_host" log_field = "server_host" type = "string" suppress_top = 0 suppress_bottom = 2 } # server_host severity = { label = "$lang_stats.field_labels.severity" log_field = "severity" type = "string" suppress_top = 0 suppress_bottom = 2 } # severity operation = { label = "$lang_stats.field_labels.operation" log_field = "operation" type = "string" suppress_top = 0 suppress_bottom = 2 } # operation user = { label = "$lang_stats.field_labels.user" log_field = "user" type = "string" suppress_top = 0 suppress_bottom = 2 } # user group = { label = "$lang_stats.field_labels.group" log_field = "group" type = "string" suppress_top = 0 suppress_bottom = 2 } # group cn = { label = "$lang_stats.field_labels.cn" log_field = "cn" type = "string" suppress_top = 0 suppress_bottom = 2 } # cn sn = { label = "$lang_stats.field_labels.sn" log_field = "sn" type = "string" suppress_top = 0 suppress_bottom = 2 } # sn sa = { label = "$lang_stats.field_labels.sa" log_field = "sa" type = "string" suppress_top = 0 suppress_bottom = 2 } # sa status = { label = "$lang_stats.field_labels.status" log_field = "status" type = "string" suppress_top = 0 suppress_bottom = 2 } # status payload = { label = "$lang_stats.field_labels.payload" log_field = "payload" type = "string" suppress_top = 0 suppress_bottom = 2 } # payload login_protocol = "" local_protocol = "" remote_protocol = "" local_port = "" remote_port = "" source_host = { label = "$lang_stats.field_labels.source_host" log_field = "source_host" type = "string" suppress_top = 0 suppress_bottom = 9 } # source_host arp_ip = "" arp_mac = "" local_proxy_host = { label = "$lang_stats.field_labels.local_proxy_host" log_field = "local_proxy_host" type = "string" suppress_top = 0 suppress_bottom = 2 } # local_proxy_host local_proxy_subnet = { label = "$lang_stats.field_labels.local_proxy_subnet" log_field = "local_proxy_subnet" type = "string" suppress_top = 0 suppress_bottom = 2 } # local_proxy_subnet local_proxy_mask = { label = "$lang_stats.field_labels.local_proxy_mask" log_field = "local_proxy_mask" type = "string" suppress_top = 0 suppress_bottom = 2 } # local_proxy_mask remote_proxy_host = { label = "$lang_stats.field_labels.remote_proxy_host" log_field = "remote_proxy_host" type = "string" suppress_top = 0 suppress_bottom = 2 } # remote_proxy_host remote_proxy_subnet = { label = "$lang_stats.field_labels.remote_proxy_subnet" log_field = "remote_proxy_subnet" type = "string" suppress_top = 0 suppress_bottom = 2 } # remote_proxy_subnet remote_proxy_mask = { label = "$lang_stats.field_labels.remote_proxy_mask" log_field = "remote_proxy_mask" type = "string" suppress_top = 0 suppress_bottom = 2 } # remote_proxy_mask reason = { label = "$lang_stats.field_labels.reason" log_field = "reason" type = "string" suppress_top = 0 suppress_bottom = 2 } # reason server = "" domain = "" handle = "" peer = "" session_type = "" } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "operation" sessions_visitor_id_field = "user" sessions_event_field = "session_events" } # log.field_options database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "user" type = "unique" display_format_type = "integer" } # visitors bytes_received = { label = "$lang_stats.field_labels.bytes_received" default = false requires_log_field = true log_field = "bytes_received" type = "float" display_format_type = "bandwidth" } # bytes_received bytes_sent = { label = "$lang_stats.field_labels.bytes_sent" default = false requires_log_field = true log_field = "bytes_sent" type = "float" display_format_type = "bandwidth" } # bytes_sent duration = { label = "$lang_stats.field_labels.duration" default = false requires_log_field = true log_field = "duration" type = "float" display_format_type = "duration_compact" } # duration # vpn_sessions = "" session_events = { default = true } } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" operation = true users_group = { user = true group = true cn = true sn = true sa = true login_protocol = true } # users_group remote_group = { remote_port = true remote_protocol = true remote_proxy_host = true remote_proxy_subnet = true remote_proxy_mask = true } # remote_group local_group = { source_host = true local_port = true local_protocol = true local_proxy_host = true local_proxy_subnet = true local_proxy_mask = true } # local_group other_group = { logging_device = true server_host = true severity = true status = true payload = true arp_ip = true arp_mac = true reason = true server = true domain = true handle = true peer = true session_type = true } # other_group } # report_groups final_step = ` include "templates.admin.profiles.setup_reports_util"; string profile = "profiles." . volatile.new_profile_name; string reports = profile . ".statistics.reports"; string summary = profile . ".statistics.reports.single_page_summary.report_elements"; string menu = profile . ".statistics.reports_menu"; # Create the standard reports add_standard_reports(profile); # Remove irrelevant sessions reports delete_node(reports . ".entry_pages"); delete_node(summary . ".entry_pages"); delete_node(menu . ".sessions_group.items.entry_pages"); delete_node(reports . ".exit_pages"); delete_node(summary . ".exit_pages"); delete_node(menu . ".sessions_group.items.exit_pages"); delete_node(reports . ".session_pages"); delete_node(summary . ".session_pages"); delete_node(menu . ".sessions_group.items.session_pages"); delete_node(reports . ".session_page_paths"); delete_node(summary . ".session_page_paths"); delete_node(menu . ".sessions_group.items.session_page_paths"); #echo("end of final step"); ` # end final_step } # create_profile_wizard_options } # cisco_vpnconcentrator