# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. coradiant_truesight_data_objects = { plugin_version = "1.0.2" # 2011-05-03 - 1.0 - KBB - Initial creation, based on coradiant_object_v2.cfg. # 2011-05-18 - 1.0.1 - KBB - Changed the c_ip field to a non-hierarchical field with name Client IP. # 2011-07-28 - 1.0.2 - MSG - Edited info lines. info.1.manufacturer = "Coradiant" info.1.device = "TrueSight (data objects)" info.1.version.1 = "" # The header and the log lines don't align. There's an extra field before x-start-time. That's the reason for # the change from index/subindex parsing. ##x-record-type,x-object-id,x-page-id,x-session-id,x-server-id,cs(Host),cs-uri-stem,cs-uri-query,x-cs-post,cs(Referer),sc(Location),x-start-time,x-end-time,c-ip,c-port,x-forwarded-for,x-first-public-ip,x-first-public-ip-source,s-ip,s-port,sc-bytes,x-throughput,x-tcp-packet-count,x-tcp-rtt,x-tcp-ooo,x-tcp-retrx,x-ssl-time,x-process-time,x-network-time,x-e2e-time,cs-method,cs-version,x-sc-mimetype,sc-status,x-redirect,x-document,x-container,x-component,x-aborted,x-client-aborted,x-server-aborted,x-secure,x-timed-out,x-client-timed-out,x-server-timed-out,x-nw-error-count,x-cl-error-count,x-sv-error-count,x-ap-error-count,x-ct-error-count,x-cu-error-count,x-nw-info-count,x-cl-info-count,x-sv-info-count,x-ap-info-count,x-ct-info-count,x-cu-info-count,x-extension,x-errors,x-info,x-peripheral-traffic,x-session-request-tags-found-list,x-session-response-tags-found-list,x-session-tags-used-list,x-stateless,x-matching-a-session-tag-locator,x-missing-x-forwarded-for-session-tag-locator,x-session-tags-collision-list,x-session-tag-multi-value,x-session-tag-collision,x-session-tag-group-collision,x-custom-gzip,x-custom-usernamepw,x-custom-pw_username,x-historical-custom-fields #"OBJECT","2566571408","2566571408","33947551","121.161.21.61","nowhere.somewhere.com","/dir1/dir2/file.jpg&wid=768&hei=274&n=0,0.893716058960434,0.25,0.106283941039566","","","","","2011/04/04 13:31:14.642 -0400","2011/04/04 13:31:15.092 -0400","44.144.44.44","49618","","44.144.44.44","CIP","122.122.22.22","80","28786","865744","38","57","0","0","","184","266","450","GET","HTTP/1.1","image/jpeg","200","false","false","false","true","false","false","false","false","false","false","false","0","0","0","0","0","0","0","0","0","0","0","0","1062839410","","","false","","","","true","false","false","","false","false","false","","","","" info.1.manufacturer = "Coradiant" info.1.device = "TrueSight (data objects)" info.1.version.1 = "" # The name of the log format log.format.format_label = "Coradiant TrueSight (data objects) Log Format" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^#x-record-type," log.format.parsing_regular_expression = '^"([A-Z]+)","([^",]*)","([^",]*)","([^",]*)","([0-9.]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([0-9]{4}/[0-9]{2}/[0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2})[^"]*","([^"]*)","([0-9.]*)","([^"]*)","([^"]*)","([0-9.]*)","([^"]*)","([0-9.]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([A-Z0-9]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)","([^"]*)"$' log.format.ignore_format_lines = "true" # The format of dates and times in this log log.format.date_format = "auto" log.format.time_format = "auto" # Log fields log.fields = { x_record_type = "" x_object_id = "" x_page_id = "" x_session_id = "" cs_host = "" cs_uri_stem = { type = "page" hierarchy_dividers = "/?" } cs_uri_query = "" x_cs_post = "" cs_referer = { type = "URL" hierarchy_dividers = "/?" } sc_location = "" unused = "" #x_start_time = "" date = "" time = "" x_end_time = "" c_ip.type = "host" # c_ip = { # type = "host" # hierarchy_dividers = "." # } c_port = "" x_forwarded_for = "" x_first_public_ip = "" x_first_public_ip_source = "" s_ip = "" s_port = "" sc_bytes = "" x_throughput = "" x_tcp_packet_count = "" x_tcp_rtt = "" x_tcp_ooo = "" x_tcp_retrx = "" x_ssl_time = "" x_process_time = "" x_network_time = "" x_e2e_time = "" cs_method = "" cs_version = "" x_sc_mimetype = "" sc_status = "" x_redirect = "" x_document = "" x_container = "" x_component = "" x_aborted = "" x_client_aborted = "" x_server_aborted = "" x_secure = "" x_timed_out = "" x_client_timed_out = "" x_server_timed_out = "" x_nw_error_count = "" x_cl_error_count = "" x_sv_error_count = "" x_ap_error_count = "" x_ct_error_count = "" x_cu_error_count = "" x_nw_info_count = "" x_cl_info_count = "" x_sv_info_count = "" x_ap_info_count = "" x_ct_info_count = "" x_cu_info_count = "" x_extension = "" x_errors = "" x_info = "" x_peripheral_traffic = "" x_session_request_tags_found_list = "" x_session_response_tags_found_list = "" x_session_tags_used_list = "" x_stateless = "" x_matching_a_session_tag_locator = "" x_missing_x_forwarded_for_session_tag_locator = "" x_session_tags_collision_list = "" x_session_tag_multi_value = "" x_session_tag_collision = "" x_session_tag_group_collision = "" x_custom_gzip = "" x_custom_usernamepw = "" x_custom_pw_username = "" x_historical_custom_fields = "" } # log.fields # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day cs_uri_stem = { label = "$lang_stats.field_labels.cs_uri_stem" log_field = "cs_uri_stem" type = "string" suppress_top = 0 suppress_bottom = 9 } # cs_uri_stem file_type = { label = "$lang_stats.field_labels.file_type" log_field = "file_type" type = "string" suppress_top = 0 suppress_bottom = 2 } # file_type worm = { label = "$lang_stats.field_labels.worm" log_field = "worm" type = "string" suppress_top = 0 suppress_bottom = 2 } # worm # screen_dimensions = { # label = "$lang_stats.field_labels.screen_dimensions" # log_field = "screen_dimensions" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # screen_dimensions # screen_depth = { # label = "$lang_stats.field_labels.screen_depth" # log_field = "screen_depth" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # screen_depth # c_ip = { # suppress_top = 0 # suppress_bottom = 4 # display_format_type = "hostname" # } # c_ip # domain_description = { # label = "$lang_stats.field_labels.domain_description" # log_field = "domain_description" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # domain_description location = { label = "$lang_stats.field_labels.location" log_field = "location" type = "string" suppress_top = 0 suppress_bottom = 3 } # location cs_referer = { label = "$lang_stats.field_labels.cs_referer" log_field = "cs_referer" type = "string" suppress_top = 1 suppress_bottom = 3 } # cs_referer referrer_description = { label = "$lang_stats.field_labels.referrer_description" log_field = "referrer_description" type = "string" suppress_top = 0 suppress_bottom = 2 } # referrer_description search_engine = { label = "$lang_stats.field_labels.search_engine" log_field = "search_engine" type = "string" suppress_top = 0 suppress_bottom = 2 } # search_engine search_phrase = { label = "$lang_stats.field_labels.search_phrase" log_field = "search_phrase" type = "string" suppress_top = 0 suppress_bottom = 2 } # search_phrase cs_uri_query = "" x_cs_post = "" sc_location = "" c_ip = "" c_port = "" x_forwarded_for = "" x_first_public_ip = "" x_first_public_ip_source = "" s_ip = "" s_port = "" cs_method = "" cs_version = "" x_sc_mimetype = "" sc_status = "" x_redirect = "" x_document = "" x_container = "" x_component = "" x_aborted = "" x_client_aborted = "" x_server_aborted = "" x_client_timed_out = "" x_server_timed_out = "" x_extension = "" x_errors = "" x_info = "" x_peripheral_traffic = "" x_session_request_tags_found_list = "" x_session_response_tags_found_list = "" x_session_tags_used_list = "" x_stateless = "" x_matching_a_session_tag_locator = "" x_missing_x_forwarded_for_session_tag_locator = "" x_session_tags_collision_list = "" x_session_tag_multi_value = "" x_session_tag_collision = "" x_session_tag_group_collision = "" x_custom_gzip = "" x_custom_usernamepw = "" x_custom_pw_username = "" x_historical_custom_fields = "" } # database.fields # # Log Parsing Filters # log.parsing_filters = { # # adjust_date = { # label = "adjust date" # comment = "" # value = " #if (length(x_start_time) > 3) then ( # date = normalize_date(substr(x_start_time, 0, 10), 'auto'); # time = normalize_time(substr(x_start_time, 11, 8), 'auto'); #) #" # } # adjust_date # # } # log.parsing_filters # Get search engine and search phrase information from the referrer field (before it gets simplified). log.parsing_filters.compute_se_sp = ` if (get_search_engine_info(cs_referer)) then ( search_engine = volatile.search_engine; search_phrase = volatile.search_phrase; ); ` # Log Filters log.filters = { simplify_url = { label = "$lang_admin.log_filters.simplify_url_label" comment = "$lang_admin.log_filters.simplify_url_comment" value = "if (matches_regular_expression(cs_uri_stem, '^([^:]+://[^/]+/)')) then cs_uri_stem = $1 . '(omitted)'" } # simplify_url only_page = { label = "only page" comment = "only page" value = "if (cs_referer eq '-') then cs_referer = '(no cs_referer)';" } # no_referrer simplify_referrer = { label = "$lang_admin.log_filters.simplify_referrer_label" comment = "$lang_admin.log_filters.simplify_referrer_comment" value = "if (cs_referer eq '-') then cs_referer = '(no referrer)' else if (matches_regular_expression(cs_referer, '^([^:]+://[^/]+/)')) then cs_referer = $1 . '(omitted)'" } # simplify_referrer internal_referrer = { label = "$lang_admin.log_filters.internal_referrer_label" comment = "$lang_admin.log_filters.internal_referrer_comment" value = "if (contains(cs_referer, 'mydomain.com/')) then cs_referer = '(internal referrer)';" disabled = true } # internal_referrer set_page_for_worm = { label = "$lang_admin.log_filters.set_page_for_worm_label" comment = "$lang_admin.log_filters.set_page_for_worm_comment" value = "if (starts_with(worm, '(')) then '' else cs_uri_stem = '(worm)';" } # set_page_for_worm detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then cs_uri_stem = substr(cs_uri_stem, 0, last_index(cs_uri_stem, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "cs_uri_stem" sessions_visitor_id_field = "c_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views unique_client_ips = { label = "$lang_stats.field_labels.unique_client_ips" default = false requires_log_field = true log_field = "c_ip" type = "unique" display_format_type = "integer" } # unique_client_ips sc_bytes = { label = "$lang_stats.field_labels.sc_bytes" default = false requires_log_field = true log_field = "sc_bytes" type = "float" display_format_type = "bandwidth" } # sc_bytes x_throughput = { label = "$lang_stats.field_labels.x_throughput" default = false requires_log_field = true log_field = "x_throughput" type = "float" display_format_type = "bandwidth" } # x_throughput average_x_throughput = { label = "$lang_stats.field_labels.x_throughput $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_throughput" type = "float" display_format_type = "bandwidth" aggregation_method = "average" average_denominator_field = "events" } # average_x_throughput x_tcp_rtt = { label = "$lang_stats.field_labels.x_tcp_rtt" default = false requires_log_field = true log_field = "x_tcp_rtt" type = "float" display_format_type = "integer" } # x_tcp_rtt average_x_tcp_rtt = { label = "$lang_stats.field_labels.x_tcp_rtt $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_tcp_rtt" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_rtt x_tcp_ooo = { label = "$lang_stats.field_labels.x_tcp_ooo" default = false requires_log_field = true log_field = "x_tcp_ooo" type = "float" display_format_type = "integer" } # x_tcp_ooo average_x_tcp_ooo = { label = "$lang_stats.field_labels.x_tcp_ooo $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_tcp_ooo" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_ooo x_tcp_retrx = { label = "$lang_stats.field_labels.x_tcp_retrx" default = false requires_log_field = true log_field = "x_tcp_retrx" type = "float" display_format_type = "integer" } # x_tcp_retrx average_x_tcp_retrx = { label = "$lang_stats.field_labels.x_tcp_retrx $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_tcp_retrx" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_retrx x_ssl_time = { label = "$lang_stats.field_labels.x_ssl_time" default = false requires_log_field = true log_field = "x_ssl_time" type = "float" display_format_type = "integer" } # x_ssl_time average_x_ssl_time = { label = "$lang_stats.field_labels.x_ssl_time $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_ssl_time" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ssl_time x_e2e_time = { label = "$lang_stats.field_labels.x_e2e_time" default = false requires_log_field = true log_field = "x_e2e_time" type = "float" display_format_type = "integer" } # x_e2e_time average_x_e2e_time = { label = "$lang_stats.field_labels.x_e2e_time $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_e2e_time" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_e2e_time x_process_time = { label = "$lang_stats.field_labels.x_process_time" default = false requires_log_field = true log_field = "x_process_time" type = "float" display_format_type = "integer" } # x_process_time average_x_process_time = { label = "$lang_stats.field_labels.x_process_time $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_process_time" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_process_time x_network_time = { label = "$lang_stats.field_labels.x_network_time" default = false requires_log_field = true log_field = "x_network_time" type = "float" display_format_type = "integer" } # x_network_time average_x_network_time = { label = "$lang_stats.field_labels.x_network_time $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_network_time" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_network_time x_nw_error_count = { label = "$lang_stats.field_labels.x_nw_error_count" default = false requires_log_field = true log_field = "x_nw_error_count" type = "float" display_format_type = "integer" } # x_nw_error_count average_x_nw_error_count = { label = "$lang_stats.field_labels.x_nw_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_nw_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_nw_error_count x_cl_error_count = { label = "$lang_stats.field_labels.x_cl_error_count" default = false requires_log_field = true log_field = "x_cl_error_count" type = "float" display_format_type = "integer" } # x_cl_error_count average_x_cl_error_count = { label = "$lang_stats.field_labels.x_cl_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_cl_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_cl_error_count x_sv_error_count = { label = "$lang_stats.field_labels.x_sv_error_count" default = false requires_log_field = true log_field = "x_sv_error_count" type = "float" display_format_type = "integer" } # x_sv_error_count average_x_sv_error_count = { label = "$lang_stats.field_labels.x_sv_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_sv_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_sv_error_count x_ap_error_count = { label = "$lang_stats.field_labels.x_ap_error_count" default = false requires_log_field = true log_field = "x_ap_error_count" type = "float" display_format_type = "integer" } # x_ap_error_count average_x_ap_error_count = { label = "$lang_stats.field_labels.x_ap_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_ap_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ap_error_count x_timed_out = { label = "$lang_stats.field_labels.x_timed_out" default = false requires_log_field = true log_field = "x_timed_out" type = "float" display_format_type = "integer" } # x_timed_out average_x_timed_out = { label = "$lang_stats.field_labels.x_timed_out $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_timed_out" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_timed_out x_ct_error_count = { label = "$lang_stats.field_labels.x_ct_error_count" default = false requires_log_field = true log_field = "x_ct_error_count" type = "float" display_format_type = "integer" } # x_ct_error_count average_x_ct_error_count = { label = "$lang_stats.field_labels.x_ct_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_ct_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ct_error_count x_cu_error_count = { label = "$lang_stats.field_labels.x_cu_error_count" default = false requires_log_field = true log_field = "x_cu_error_count" type = "float" display_format_type = "integer" } # x_cu_error_count average_x_cu_error_count = { label = "$lang_stats.field_labels.x_cu_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_cu_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_cu_error_count x_ct_error_count = { label = "$lang_stats.field_labels.x_ct_error_count" default = false requires_log_field = true log_field = "x_ct_error_count" type = "float" display_format_type = "integer" } # x_ct_error_count average_x_ct_error_count = { label = "$lang_stats.field_labels.x_ct_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_ct_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ct_error_count x_cu_error_count = { label = "$lang_stats.field_labels.x_cu_error_count" default = false requires_log_field = true log_field = "x_cu_error_count" type = "float" display_format_type = "integer" } # x_cu_error_count average_x_cu_error_count = { label = "$lang_stats.field_labels.x_cu_error_count $lang_stats.field_labels.average_tag" default = false requires_log_field = true log_field = "x_cu_error_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_cu_error_count x_tcp_packet_count = { type = "float" display_format_type = "integer" } # x_tcp_packet_count average_x_tcp_packet_count = { label = "$lang_stats.field_labels.x_tcp_packet_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_tcp_packet_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_packet_count x_nw_info_count = { type = "float" display_format_type = "integer" } # x_nw_info_count average_x_nw_info_count = { label = "$lang_stats.field_labels.x_nw_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_nw_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_nw_info_count x_cl_info_count = { type = "float" display_format_type = "integer" } # x_cl_info_count average_x_cl_info_count = { label = "$lang_stats.field_labels.x_cl_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_cl_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_cl_info_count x_sv_info_count = { type = "float" display_format_type = "integer" } # x_sv_info_count average_x_sv_info_count = { label = "$lang_stats.field_labels.x_sv_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_sv_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_sv_info_count x_ap_info_count = { type = "float" display_format_type = "integer" } # x_ap_info_count average_x_ap_info_count = { label = "$lang_stats.field_labels.x_ap_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_ap_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ap_info_count x_ct_info_count = { type = "float" display_format_type = "integer" } # x_ct_info_count average_x_ct_info_count = { label = "$lang_stats.field_labels.x_ct_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_ct_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_ct_info_count x_cu_info_count = { type = "float" display_format_type = "integer" } # x_cu_info_count average_x_cu_info_count = { label = "$lang_stats.field_labels.x_cu_info_count $lang_stats.field_labels.average_tag" requires_log_field = true log_field = "x_cu_info_count" type = "float" display_format_type = "integer" aggregation_method = "average" average_denominator_field = "events" } # average_x_cu_info_count } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { cs_uri_stem = true cs_uri_query = true file_type = true x_sc_mimetype = true x_document = true x_component = true } visitor_demographics_group = { c_ip = true domain_description = true location = true c_port = true } visitor_systems_group = { web_browser = true operating_system = true } referrer_group = { cs_referer = true referrer_description = true search_engine = true search_phrase = true search_phrase_by_search_engine = true } server_group = { s_ip = true s_port = true cs_host = true } other_group = { worm = true spider = true sc_status = true sc_method = true cs_version = true x_container = true sc_location = true x_record_type = true x_object_id = true x_session_id = true x_page_id = true cs_method = true x_redirect = true x_aborted = true # new fields - in Other for now x_forwarded_for = true x_cs_post = true x_first_public_ip = true x_first_public_ip_source = true x_client_aborted = true x_server_aborted = true x_client_timed_out = true x_server_timed_out = true x_extension = true x_errors = true x_info = true x_peripheral_traffic = true x_session_request_tags_found_list = true x_session_response_tags_found_list = true x_session_tags_used_list = true x_stateless = true x_matching_a_session_tag_locator = true x_missing_x_forwarded_for_session_tag_locator = true x_session_tags_collision_list = true x_session_tag_multi_value = true x_session_tag_collision = true x_session_tag_group_collision = true x_custom_gzip = true x_custom_usernamepw = true x_custom_pw_username = true x_historical_custom_fields = true } } # report_groups } # create_profile_wizard_options } # coradiant_truesight_data_objects