# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. raiden_maild = { plugin_version = "1.0" info.1.manufacturer = "Raiden" info.1.device = "MAILD" info.1.version.1 = "" # 2008-09-12 - GMF - 1.0 - Initial implementation. # 2010-10-06 - MSG - 1.1 - Edited info lines. # The name of the log format log.format.format_label = "RaidenMAILD Log Format" log.miscellaneous.log_data_type = "mail_server" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]/[0-9][0-9]/[0-9][0-9]:[0-9][0-9]:[0-9][0-9]:[0-9][0-9] SMTP [0-9]+[.][0-9]+[.][0-9]+[.][0-9]+ [A-Z][A-Z] " # All log field parsing will be done using the parsing filters # log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = "" time = "" protocol = "" source_ip = "" message_type = "" account = "" sender = { type = "hierarchical" hierarchy_dividers = "@" left_to_right = false leading_divider = false } # sender recipient = { type = "hierarchical" hierarchy_dividers = "@" left_to_right = false leading_divider = false } # recipient size = "" error_message = "" filename = "" } # log.fields # Log Parsing Filters log.parsing_filters.parse = ` if (matches_regular_expression(current_log_line(), "^([0-9/]+):([0-9:]+) ([^ ]+) ([^ ]+) ([A-Z][A-Z]) (.*)$")) then ( date = $1; time = $2; protocol = $3; source_ip = $4; message_type = $5; v.message = $6; if ((message_type eq "LI") or (message_type eq "LO")) then ( account = v.message; ); else if (((message_type eq "SS") or (message_type eq "RS")) and (matches_regular_expression(v.message, "^([^ ]+) ([^ ]+) ([^ ]+)$"))) then ( sender = $1; recipient = $2; size = $3; ); else if ((message_type eq "SF") and (matches_regular_expression(v.message, "^([^ ]+) ([^ ]+) (.*)$"))) then ( sender = $1; recipient = $2; ); else if (message_type eq "ER") then ( error_message = v.message; ); else if (((message_type eq "RV") or (message_type eq "NM")) and (matches_regular_expression(v.message, "^([^ ]+) ([^ ]+) (.*)$"))) then ( account = $1; filename = $2; size = $3; ); # Look up the message type description if (node_exists('lang_stats.log_formats.raiden_maild_message_types') and subnode_exists('lang_stats.log_formats.raiden_maild_message_types', message_type)) then ( message_type = message_type . " (" . node_value(subnode_by_name('lang_stats.log_formats.raiden_maild_message_types', message_type)) . ")"; ); events = 1; # DN: no parameters # XB: no parameters # SB: no parameters # MB: no parameters # RC: no parameters # SR: no parameters # CR: no parameters # AR: no parameters ); # if matches ` # parsing filter # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" protocol = "" account = "" sender = "" recipient = "" source_ip = "" location = "" message_type = "" error_message = "" filename = "" } # database.fields # Log Filters log.filters = { } # log.filters database.numerical_fields = { events = { default = true entries_field = true requires_log_field = false } # events size = { label = "$lang_stats.field_labels.size" default = false requires_log_field = true log_field = "size" type = "float" display_format_type = "bandwidth" } # size } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # raiden_maild