# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
sendmail_nt = {

  plugin_version = "1.3.2"

  info.1.manufacturer = "Sendmail"
  info.1.device = "For NT"
  info.1.version = "8.12"


  # 2007-09-14 - 1.3 - KBB - renumbered per new beta policy
  # 2007-08-15 - KBB - 1.3beta - Restored nrcpts to a regular database field and
  #                              renamed Transaction ID to QID.
  # 2007-08-14 - KBB - 1.2beta - Added a field for the ID from which the events are keyed.
  #                              Also carried over on accept in case there are multiple "to" events,
  #                              and made nrcpts into a numeric field.
  # 2007-06-14 - KBB - 1.1beta - Improved autodetection, updated syntax,
  #                              and added support for "Subject" lines.
  # 2010-07-16 - GMF - 1.3.1 - Added bounce_qid

  # The name of the log format
  log.format.format_label = "Sendmail for NT Log Format"
  log.miscellaneous.log_data_type = "mail_server"  
  log.miscellaneous.log_format_type = "mail_server"

  # The log is in this format if any of the first ten lines match this regular expression
  #06/13/07 00:01:43 svcwatch.exe(3124): INFO:    service sendmail_logparser (sm_perl_service.exe) used 5508 KB memory
  #06/14/07 13:56:27 sendmail(6620): INFO:    Z5EI2KRV0000019DC: Subject:Transport(s) Import Results
  #log.format.autodetect_regular_expression = "^[0-9][0-9]/[0-9][0-9]/[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] sendmail\\([0-9]+\\): [A-Z]+:    [A-Z0-9]+: "
  log.format.autodetect_expression = `
  matches_regular_expression(volatile.log_data_line, '^[0-9][0-9]/[0-9][0-9]/[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] sendmail\\([0-9]+\\): [A-Z]+:    [A-Z0-9]+: ') or
  matches_regular_expression(volatile.log_data_line, '^[0-9][0-9]/[0-9][0-9]/[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [^ ]+\\([0-9]+\\): [A-Z]+:    service sendmail')
`

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # The format of dates and times in this log
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    priority = ""
    from = ""

    to = {
      type = "hierarchical"
      hierarchy_dividers = "@"
      left_to_right = false
      leading_divider = "false"
    } # to

    mailer = ""
    stat = ""
    size = ""
    class = ""
    pri = ""
    nrcpts = ""
    msgid = ""
    proto = ""
    relay = ""
    reject = ""
    subject = ""
    qid = ""
    bounce_qid = ""

  } # log.fields


  # Log Parsing Filters
  log.parsing_filters.parse = `

if (matches_regular_expression(current_log_line(), '^([0-9]+/[0-9]+/[0-9]+) ([0-9]+:[0-9]+:[0-9]+) [^:]+: ([A-Z]+):    ([^:]+): (.*)$')) then (

  v.key = $4;
  v.line = $5;
  set_collected_field(v.key, 'date', $1);
  set_collected_field(v.key, 'time', $2);
  set_collected_field(v.key, 'priority', $3);
  set_collected_field(v.key, 'qid', v.key);

  # Parse out Subject lines
  #06/14/07 13:56:27 sendmail(6620): INFO:    Z5EI2KRV0000019DC: Subject:Transport(s) Import Results
  if (matches_regular_expression(v.line, '^Subject:(.*)$')) then (

    set_collected_field(v.key, 'subject', $1);
  ); # if subject

  # Parse out from= or to= lines
  #06/14/07 13:56:27 sendmail(6620): INFO:    Z5EI2KRV0000019DC: from=jack_smith@somewhere.com, size=427, class=0, nrcpts=1, msgid=<ADR32000000000875DEV@somewhere.com>, relay=root@localhost
  #06/14/07 13:56:35 sendmail(3032): INFO:    Z5EI2KRV0000019DC: to=maria_garcia@somewhere.com, ctladdr=jack_smith@somewhere.com (0/0), delay=00:00:08, xdelay=00:00:07, mailer=esmtp, pri=30427, relay=relaydal6.nai.com. [205.227.136.205], dsn=2.0.0, stat=Sent (Requested mail action okay, completed.)
  if (matches_regular_expression(v.line, '^((from|to)=.*)$')) then (
  
    collect_listed_fields(v.key, $1, ', ', '=', '');

    # Accept this log entry on to= lines
    if ($2 eq 'to') then (
      accept_collected_entry(v.key, true);
    ); # if to=

  ); # if from= or to=

  # 06/30/10 23:56:00 sendmail(3964): INFO:    16143IHFA00000F7C: Subject:=?ISO-8859-1?Q?McAfee=AE=20Product=20Grant=20Letter=203936539=20Final?=
  else if (matches_regular_expression(v.line, '([A-Z0-9]+): sender notify')) then (
    set_collected_field(v.key, 'bounce_qid', $1);    
    accept_collected_entry(v.key, false);
  );

); # if date, time and priority
`


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    from = ""
    to.suppress_bottom = 3
    priority = ""
    mailer = ""
    stat = ""
    class = ""
    pri = ""
    proto = ""
    relay = ""
    reject = ""
    subject = ""
    qid = ""
    nrcpts = ""
    bounce_qid = ""

  } # database.fields


  database.numerical_fields = {

    messages = {
      default = true
      requires_log_field = false
      entries_field = true
    } # messages

    size = {
      type = "float"
      display_format_type = "bandwidth"
    } # size

  } # database.numerical_fields


  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'messages = 1;'
    } # mark_entry

  } # log.filters


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      from = true
      to = true
      priority = true
      mailer = true
      stat = true
      class = true
      pri = true
      nrcpts = true
      proto = true
      relay = true
      reject = true
      subject = true
    } # report_groups

  } # create_profile_wizard_options

} # sendmail_nt