# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
nmap = {

  plugin_version = "1.0.1"

  # 2006-04-12: 1.0beta: Initial beta plug-in -GMF
  # 2007-09-14 - 1.0 - KBB - renumbered per new beta policy
  # 2011-07-08 - 1.0.1 - MSG - Edited info lines.

  info.1.manufacturer = "Nmap"
  info.1.device = "Security Scanner"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "nmap Log Format"
  log.miscellaneous.log_data_type = "other"
  log.miscellaneous.log_format_type = "other"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^Starting nmap "

  log.format.parse_only_with_filters = "true"

  # Log fields
  log.fields = {

    date = ""
    time = ""

    hostname = ""
    ip_address = ""
    port = ""
    state = ""
    service = ""
    mac_address = ""

  } # log.fields

  log.filter_initialization = `
v.port_infos = "";
node port_infos = 'v.port_infos';
node port_info;
`

  log.parsing_filters.parse = `
if (matches_regular_expression(current_log_line(), '^Starting nmap .* at ([0-9-]+) ([0-9:]+)')) then (
  set_collected_field('', 'date', $1);  
  set_collected_field('', 'time', $2);  
);
else if (matches_regular_expression(current_log_line(), '^Interesting ports on ([^ ]*) \\\\(([^)]*)\\\\):')) then (
  set_collected_field('', 'hostname', $1);
  set_collected_field('', 'ip_address', $2);
  delete_node('v.port_infos');
  port_infos = subnode_by_name('v', 'port_infos');
);
else if (matches_regular_expression(current_log_line(), '^([0-9]+/[a-z]+) +([a-z]+)  (.*)$')) then (
  port_info = subnode_by_name(port_infos, $1);
  set_subnode_value(port_info, 'state', $2);
  set_subnode_value(port_info, 'service', $3);
);
else if (matches_regular_expression(current_log_line(), '^MAC Address: ([^ ]+) ')) then (
  set_collected_field('', 'mac_address', $1);
  set_collected_field('', 'events', 1);
  foreach port_info port_infos (
    set_collected_field('', 'port', node_name(port_info));
    set_collected_field('', 'state', node_value(subnode_by_name(port_info, 'state')));
    set_collected_field('', 'service', node_value(subnode_by_name(port_info, 'service')));
    accept_collected_entry('', true);
  );
);
`


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    hostname = ""
    ip_address = ""
    port = ""
    state = ""
    service = ""
    mac_address = ""

  } # database.fields


  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
    } # events

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # nmap