# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. clavister_firewall_syslog = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2010-10-26 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "Clavister" info.1.device = "Firewall (with syslog)" info.1.version.1 = "" # The name of the log format log.format.format_label = "Clavister Firewall Syslog Log Format" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = '^[0-9-]+ [0-9:]+ [^ ]+ [0-9.]+ [A-Z_]+: [A-Z_]+: ' # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # The name of an entry in this log, in the format: entry_name value statistics.miscellaneous.entry_name = "event" # Log fields 1- uptime,udptotlen,termsent,tcphdrlen,syn,startup,srcport,srcip,src,size,shutdown,ses,rule,rst,recvif,reason # Log fields 2- psh,prio,previous_shutdown,peer,origsent,ipproto,ipdatalen,icmptype,fin,filesize,file,echoseq,echoid,destport # Log fields 3- destip,dest,demo,delay,corever,connsrcport,connsrcip,connsrcid,connrecvif,connipproto,conndestport,conndestip # Log fields 4- conndestif,conndestid,conn,cfgver,cfgfile,bidir,algsesid,algmod,action,ack,arp,destenet,hwdest,hwsender,ip,size # Log fields 5- srcenet,vpntunnel log.fields = { uptime = { label = "$lang_stats.field_labels.uptime" type = "flat" index = 0 subindex = 0 } # uptime udptotlen = { label = "$lang_stats.field_labels.udptotlen" type = "flat" index = 0 subindex = 0 } # udptotlen termsent = { label = "$lang_stats.field_labels.termsent" type = "flat" index = 0 subindex = 0 } # termsent tcphdrlen = { label = "$lang_stats.field_labels.tcphdrlen" type = "flat" index = 0 subindex = 0 } # tcphdrlen syn = { label = "$lang_stats.field_labels.syn" type = "flat" index = 0 subindex = 0 } # syn startup = { label = "$lang_stats.field_labels.startup" type = "flat" index = 0 subindex = 0 } # startup srcport = { label = "$lang_stats.field_labels.srcport" type = "flat" index = 0 subindex = 0 } # srcport srcip = { label = "$lang_stats.field_labels.srcip" type = "flat" index = 0 subindex = 0 } # srcip src = { label = "$lang_stats.field_labels.src" type = "flat" index = 0 subindex = 0 } # src upload_size = { label = "$lang_stats.field_labels.upload_size" type = "size" index = 0 subindex = 0 } # upload_size shutdown = { label = "$lang_stats.field_labels.shutdown" type = "flat" index = 0 subindex = 0 } # shutdown ses = { label = "$lang_stats.field_labels.ses" type = "flat" index = 0 subindex = 0 } # ses rule = { label = "$lang_stats.field_labels.rule" type = "flat" index = 0 subindex = 0 } # rule rst = { label = "$lang_stats.field_labels.rst" type = "flat" index = 0 subindex = 0 } # rst recvif = { label = "$lang_stats.field_labels.recvif" type = "flat" index = 0 subindex = 0 } # recvif reason = { label = "$lang_stats.field_labels.reason" type = "flat" index = 0 subindex = 0 } # reason psh = { label = "$lang_stats.field_labels.psh" type = "flat" index = 0 subindex = 0 } # psh prio = { label = "$lang_stats.field_labels.prio" type = "flat" index = 0 subindex = 0 } # prio previous_shutdown = { label = "$lang_stats.field_labels.previous_shutdown" type = "flat" index = 0 subindex = 0 } # previous_shutdown peer = { label = "$lang_stats.field_labels.peer" type = "flat" index = 0 subindex = 0 } # peer origsent = { label = "$lang_stats.field_labels.origsent" type = "flat" index = 0 subindex = 0 } # origsent ipproto = { label = "$lang_stats.field_labels.ipproto" type = "flat" index = 0 subindex = 0 } # ipproto ipdatalen = { label = "$lang_stats.field_labels.ipdatalen" type = "flat" index = 0 subindex = 0 } # ipdatalen icmptype = { label = "$lang_stats.field_labels.icmptype" type = "flat" index = 0 subindex = 0 } # icmptype fin = { label = "$lang_stats.field_labels.fin" type = "flat" index = 0 subindex = 0 } # fin filesize = { label = "$lang_stats.field_labels.filesize" type = "flat" index = 0 subindex = 0 } # filesize file = { label = "$lang_stats.field_labels.file" type = "flat" index = 0 subindex = 0 } # file echoseq = { label = "$lang_stats.field_labels.echoseq" type = "flat" index = 0 subindex = 0 } # echoseq echoid = { label = "$lang_stats.field_labels.echoid" type = "flat" index = 0 subindex = 0 } # echoid destport = { label = "$lang_stats.field_labels.destport" type = "flat" index = 0 subindex = 0 } # destport destip = { label = "$lang_stats.field_labels.destip" type = "flat" index = 0 subindex = 0 } # destip dest = { label = "$lang_stats.field_labels.dest" type = "flat" index = 0 subindex = 0 } # dest demo = { label = "$lang_stats.field_labels.demo" type = "flat" index = 0 subindex = 0 } # demo delay = { label = "$lang_stats.field_labels.delay" type = "flat" index = 0 subindex = 0 } # delay corever = { label = "$lang_stats.field_labels.corever" type = "flat" index = 0 subindex = 0 } # corever connsrcport = { label = "$lang_stats.field_labels.connsrcport" type = "flat" index = 0 subindex = 0 } # connsrcport connsrcip = { label = "$lang_stats.field_labels.connsrcip" type = "flat" index = 0 subindex = 0 } # connsrcip connsrcid = { label = "$lang_stats.field_labels.connsrcid" type = "flat" index = 0 subindex = 0 } # connsrcid connrecvif = { label = "$lang_stats.field_labels.connrecvif" type = "flat" index = 0 subindex = 0 } # connrecvif connipproto = { label = "$lang_stats.field_labels.connipproto" type = "flat" index = 0 subindex = 0 } # connipproto conndestport = { label = "$lang_stats.field_labels.conndestport" type = "flat" index = 0 subindex = 0 } # conndestport conndestip = { label = "$lang_stats.field_labels.conndestip" type = "flat" index = 0 subindex = 0 } # conndestip conndestif = { label = "$lang_stats.field_labels.conndestif" type = "flat" index = 0 subindex = 0 } # conndestif conndestid = { label = "$lang_stats.field_labels.conndestid" type = "flat" index = 0 subindex = 0 } # conndestid conn = { label = "$lang_stats.field_labels.conn" type = "flat" index = 0 subindex = 0 } # conn cfgver = { label = "$lang_stats.field_labels.cfgver" type = "flat" index = 0 subindex = 0 } # cfgver cfgfile = { label = "$lang_stats.field_labels.cfgfile" type = "flat" index = 0 subindex = 0 } # cfgfile bidir = { label = "$lang_stats.field_labels.bidir" type = "flat" index = 0 subindex = 0 } # bidir algsesid = { label = "$lang_stats.field_labels.algsesid" type = "flat" index = 0 subindex = 0 } # algsesid algmod = { label = "$lang_stats.field_labels.algmod" type = "flat" index = 0 subindex = 0 } # algmod action = { label = "$lang_stats.field_labels.action" type = "flat" index = 0 subindex = 0 } # action ack = { label = "$lang_stats.field_labels.ack" type = "flat" index = 0 subindex = 0 } # ack url = { label = "$lang_stats.field_labels.url" type = "url" index = 0 subindex = 0 } # url arp = { label = "$lang_stats.field_labels.arp" type = "flat" index = 0 subindex = 0 } # arp vpntunnel = { label = "$lang_stats.field_labels.vpntunnel" type = "flat" index = 0 subindex = 0 } # vpntunnel srcenet = { label = "$lang_stats.field_labels.srcenet" type = "flat" index = 0 subindex = 0 } # srcenet size = { label = "$lang_stats.field_labels.size" type = "flat" index = 0 subindex = 0 } # size ip = { label = "$lang_stats.field_labels.ip" type = "flat" index = 0 subindex = 0 } # ip hwsender = { label = "$lang_stats.field_labels.hwsender" type = "flat" index = 0 subindex = 0 } # hwsender hwdest = { label = "$lang_stats.field_labels.hwdest" type = "flat" index = 0 subindex = 0 } # hwdest destenet = { label = "$lang_stats.field_labels.destenet" type = "flat" index = 0 subindex = 0 } # destenet } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse each line 1 = { label = "1" comment = "" value = "collect_listed_fields_using_regexp('^()[0-9-]+ [0-9:]+ [^ ]+ [0-9.]+ [A-Za-z0-9]+: [A-Za-z0-9]+: (.*)$', ' ', '=', '')" } # 1 # Accept a collected line 3 = { label = "3" comment = "" value = 'accept_collected_entry_using_regexp("()", false)' } # 3 } # log.parsing_filters # Database fields database.fields = { url = { label = "$lang_stats.field_labels.url" log_field = "url" type = "string" suppress_top = 0 suppress_bottom = 2 } # url uptime = { label = "$lang_stats.field_labels.uptime" log_field = "uptime" type = "string" suppress_top = 0 suppress_bottom = 2 } # uptime udptotlen = { label = "$lang_stats.field_labels.udptotlen" log_field = "udptotlen" type = "string" suppress_top = 0 suppress_bottom = 2 } # udptotlen tcphdrlen = { label = "$lang_stats.field_labels.tcphdrlen" log_field = "tcphdrlen" type = "string" suppress_top = 0 suppress_bottom = 2 } # tcphdrlen syn = { label = "$lang_stats.field_labels.syn" log_field = "syn" type = "string" suppress_top = 0 suppress_bottom = 2 } # syn startup = { label = "$lang_stats.field_labels.startup" log_field = "startup" type = "string" suppress_top = 0 suppress_bottom = 2 } # startup srcport = { label = "$lang_stats.field_labels.srcport" log_field = "srcport" type = "string" suppress_top = 0 suppress_bottom = 2 } # srcport srcip = { label = "$lang_stats.field_labels.srcip" log_field = "srcip" type = "string" suppress_top = 0 suppress_bottom = 2 } # srcip src = { label = "$lang_stats.field_labels.src" log_field = "src" type = "string" suppress_top = 0 suppress_bottom = 2 } # src shutdown = { label = "$lang_stats.field_labels.shutdown" log_field = "shutdown" type = "string" suppress_top = 0 suppress_bottom = 2 } # shutdown ses = { label = "$lang_stats.field_labels.ses" log_field = "ses" type = "string" suppress_top = 0 suppress_bottom = 2 } # ses rule = { label = "$lang_stats.field_labels.rule" log_field = "rule" type = "string" suppress_top = 0 suppress_bottom = 2 } # rule rst = { label = "$lang_stats.field_labels.rst" log_field = "rst" type = "string" suppress_top = 0 suppress_bottom = 2 } # rst recvif = { label = "$lang_stats.field_labels.recvif" log_field = "recvif" type = "string" suppress_top = 0 suppress_bottom = 2 } # recvif reason = { label = "$lang_stats.field_labels.reason" log_field = "reason" type = "string" suppress_top = 0 suppress_bottom = 2 } # reason psh = { label = "$lang_stats.field_labels.psh" log_field = "psh" type = "string" suppress_top = 0 suppress_bottom = 2 } # psh prio = { label = "$lang_stats.field_labels.prio" log_field = "prio" type = "string" suppress_top = 0 suppress_bottom = 2 } # prio previous_shutdown = { label = "$lang_stats.field_labels.previous_shutdown" log_field = "previous_shutdown" type = "string" suppress_top = 0 suppress_bottom = 2 } # previous_shutdown peer = { label = "$lang_stats.field_labels.peer" log_field = "peer" type = "string" suppress_top = 0 suppress_bottom = 2 } # peer ipproto = { label = "$lang_stats.field_labels.ipproto" log_field = "ipproto" type = "string" suppress_top = 0 suppress_bottom = 2 } # ipproto ipdatalen = { label = "$lang_stats.field_labels.ipdatalen" log_field = "ipdatalen" type = "string" suppress_top = 0 suppress_bottom = 2 } # ipdatalen icmptype = { label = "$lang_stats.field_labels.icmptype" log_field = "icmptype" type = "string" suppress_top = 0 suppress_bottom = 2 } # icmptype fin = { label = "$lang_stats.field_labels.fin" log_field = "fin" type = "string" suppress_top = 0 suppress_bottom = 2 } # fin filesize = { label = "$lang_stats.field_labels.filesize" log_field = "filesize" type = "string" suppress_top = 0 suppress_bottom = 2 } # filesize file = { label = "$lang_stats.field_labels.file" log_field = "file" type = "string" suppress_top = 0 suppress_bottom = 2 } # file echoseq = { label = "$lang_stats.field_labels.echoseq" log_field = "echoseq" type = "string" suppress_top = 0 suppress_bottom = 2 } # echoseq echoid = { label = "$lang_stats.field_labels.echoid" log_field = "echoid" type = "string" suppress_top = 0 suppress_bottom = 2 } # echoid destport = { label = "$lang_stats.field_labels.destport" log_field = "destport" type = "string" suppress_top = 0 suppress_bottom = 2 } # destport destip = { label = "$lang_stats.field_labels.destip" log_field = "destip" type = "string" suppress_top = 0 suppress_bottom = 2 } # destip dest = { label = "$lang_stats.field_labels.dest" log_field = "dest" type = "string" suppress_top = 0 suppress_bottom = 2 } # dest demo = { label = "$lang_stats.field_labels.demo" log_field = "demo" type = "string" suppress_top = 0 suppress_bottom = 2 } # demo delay = { label = "$lang_stats.field_labels.delay" log_field = "delay" type = "string" suppress_top = 0 suppress_bottom = 2 } # delay corever = { label = "$lang_stats.field_labels.corever" log_field = "corever" type = "string" suppress_top = 0 suppress_bottom = 2 } # corever connsrcport = { label = "$lang_stats.field_labels.connsrcport" log_field = "connsrcport" type = "string" suppress_top = 0 suppress_bottom = 2 } # connsrcport connsrcip = { label = "$lang_stats.field_labels.connsrcip" log_field = "connsrcip" type = "string" suppress_top = 0 suppress_bottom = 2 } # connsrcip connsrcid = { label = "$lang_stats.field_labels.connsrcid" log_field = "connsrcid" type = "string" suppress_top = 0 suppress_bottom = 2 } # connsrcid connrecvif = { label = "$lang_stats.field_labels.connrecvif" log_field = "connrecvif" type = "string" suppress_top = 0 suppress_bottom = 2 } # connrecvif connipproto = { label = "$lang_stats.field_labels.connipproto" log_field = "connipproto" type = "string" suppress_top = 0 suppress_bottom = 2 } # connipproto conndestport = { label = "$lang_stats.field_labels.conndestport" log_field = "conndestport" type = "string" suppress_top = 0 suppress_bottom = 2 } # conndestport conndestip = { label = "$lang_stats.field_labels.conndestip" log_field = "conndestip" type = "string" suppress_top = 0 suppress_bottom = 2 } # conndestip conndestif = { label = "$lang_stats.field_labels.conndestif" log_field = "conndestif" type = "string" suppress_top = 0 suppress_bottom = 2 } # conndestif conndestid = { label = "$lang_stats.field_labels.conndestid" log_field = "conndestid" type = "string" suppress_top = 0 suppress_bottom = 2 } # conndestid conn = { label = "$lang_stats.field_labels.conn" log_field = "conn" type = "string" suppress_top = 0 suppress_bottom = 2 } # conn cfgver = { label = "$lang_stats.field_labels.cfgver" log_field = "cfgver" type = "string" suppress_top = 0 suppress_bottom = 2 } # cfgver cfgfile = { label = "$lang_stats.field_labels.cfgfile" log_field = "cfgfile" type = "string" suppress_top = 0 suppress_bottom = 2 } # cfgfile bidir = { label = "$lang_stats.field_labels.bidir" log_field = "bidir" type = "string" suppress_top = 0 suppress_bottom = 2 } # bidir algsesid = { label = "$lang_stats.field_labels.algsesid" log_field = "algsesid" type = "string" suppress_top = 0 suppress_bottom = 2 } # algsesid algmod = { label = "$lang_stats.field_labels.algmod" log_field = "algmod" type = "string" suppress_top = 0 suppress_bottom = 2 } # algmod action = { label = "$lang_stats.field_labels.action" log_field = "action" type = "string" suppress_top = 0 suppress_bottom = 2 } # action ack = { label = "$lang_stats.field_labels.ack" log_field = "ack" type = "string" suppress_top = 0 suppress_bottom = 2 } # ack arp = { label = "$lang_stats.field_labels.arp" log_field = "arp" type = "string" suppress_top = 0 suppress_bottom = 2 } # arp destenet = { label = "$lang_stats.field_labels.destenet" log_field = "destenet" type = "string" suppress_top = 0 suppress_bottom = 2 } # destenet hwdest = { label = "$lang_stats.field_labels.hwdest" log_field = "hwdest" type = "string" suppress_top = 0 suppress_bottom = 2 } # hwdest hwsender = { label = "$lang_stats.field_labels.hwsender" log_field = "hwsender" type = "string" suppress_top = 0 suppress_bottom = 2 } # hwsender ip = { label = "$lang_stats.field_labels.ip" log_field = "ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # ip size = { label = "$lang_stats.field_labels.size" log_field = "size" type = "string" suppress_top = 0 suppress_bottom = 2 } # size srcenet = { label = "$lang_stats.field_labels.srcenet" log_field = "srcenet" type = "string" suppress_top = 0 suppress_bottom = 2 } # srcenet vpntunnel = { label = "$lang_stats.field_labels.vpntunnel" log_field = "vpntunnel" type = "string" suppress_top = 0 suppress_bottom = 2 } # vpntunnel } # database.fields database.numerical_fields = { event = { label = "$lang_stats.field_labels.event" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # event termsent = { label = "$lang_stats.field_labels.termsent" default = false requires_log_field = true log_field = "termsent" type = "float" display_format_type = "bandwidth" } # termsent origsent = { label = "$lang_stats.field_labels.origsent" default = false requires_log_field = true log_field = "origsent" type = "float" display_format_type = "bandwidth" } # origsent } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'event = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" category = true prio = true rule = true action = true algmod = true url = true startup_shutdown_group = { startup = true corever = true cfgfile = true cfgver = true previous_shutdown = true shutdown = true } # startup_shutdown_group connections_group = { satsrcrule = true satdestrule = true conn = true connipproto = true connrecvif = true connsrcip = true connsrcport = true conndestif = true conndestip = true conndestport = true connsrcid = true conndestid = true recvif = true } # connections_group packet_logging_group = { hwsender = true hwdest = true arp = true srcenet = true srcip = true srcport = true destenet = true destip = true destport = true enetproto = true ipmf = true ipdf = true iprf = true fragoffs = true fragid = true ipproto = true ipdatalen = true tcphdrlen = true udptotlen = true icmptype = true echoid = true echoseq = true unreach = true redirect = true icmpcode = true } # packet_logging_group tcp_flags_group = { syn = true rst = true ack = true psh = true fin = true urg = true xmas = true ymas = true } # tcp_flags_group dhcp_group = { dest = true reason = true ip = true netmask = true bcast = true gw = true client = true configured_route = true dhcp_ip = true dhcp_route = true } # dhcp_group netcon_group = { peer = true file = true bidir = true fromfile = true tofile = true result = true mode = true } # netcon_group other_group = { knownip = true knownhw = true newhw = true tcpopt = true mss = true maxmss = true minmss = true mssloglevel = true clockdrift = true timeserver = true origseqno = true localip = true expectif = true optlen = true expectseqno = true seqno = true maxipdatalen = true iface = true algsesid = true delay = true demo = true filesize = true ses = true src = true uptime = true size = true vpntunnel = true } # other_group } # report_groups } # create_profile_wizard_options not_supported = { sessions = true pageviews = true visitors = true } # not_supported } # clavister_firewall_syslog