# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
bind9_query_with_timestamp = {

  plugin_version = "1.1.1"

  info.1.manfacturer = "ISC"
  info.1.device = "Bind9 Query DNS Server (with timestamp)"
  info.1.version.1 = "9"

  # ????-??-?? - 1.0 -     - Initial creation.
  # 2008-08-22 - 1.1 - KBB - Added support for a date/time variation and a "view" column.
  # 2010-10-13 - 1.1.1 - MSG - Edited info lines.

  # The name of the log format
  log.format.format_label = "BIND 9 Query Log Format (with timestamp)"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "network_device"

  # The log is in this format if any of the first ten lines match this regular expression
  #12-Aug-2008 16:22:10.737 queries: info: client 222.122.222.2#38750: view internal_engr: query: 32.122.22.122.in-addr.arpa IN PTR +
  log.format.autodetect_regular_expression = "^([A-Z][a-z][a-z] [0-9][0-9]|[0-9 ]?[0-9][/-][A-Z][a-z][a-z][/-][0-9]{4}) [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\\.[0-9][0-9][0-9] (queries: info: )?client "

  # This regular expression is used to parse the log fields out of the log entry
  #log.format.parsing_regular_expression = "^([A-Z][a-z][a-z] [0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\.[0-9][0-9][0-9]( queries: info: | )client ([0-9.]*)#[0-9]*: query: (.*)$"
  log.format.parsing_regular_expression = "^([A-Z][a-z][a-z] [0-9][0-9]|[0-9 ]?[0-9][/-][A-Z][a-z][a-z][/-][0-9]{4}) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\.[0-9][0-9][0-9] (queries: info: )?client ([0-9.]*)#[0-9]*: (view [^:]*: )?query: (.*)$"

  # The format of dates and times in this log
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    dummy = ""
    client = ""
    view = ""
    query = ""

  } # log.fields

  log.parsing_filters.set_year = `
if (matches_regular_expression(date, '^(([A-Z][a-z][a-z]) ([0-9][0-9]))$')) then (
  v.date = $1;
  v.month = $2;
  v.day = $3;
  if (log.processing.default_log_date_year eq 'thisyear') then (
    date = normalize_date(v.date, 'mmm dd');
  );
  else (
    date = v.date . "-" . v.month . "-" . log.processing.default_log_date_year;
  );
);`


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    client = ""
    query = ""

  } # database.fields

  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'lookups = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    lookups = {
      default = true
      requires_log_field = false
      entries_field = true
    } # lookups

    visitors = {
      default = false
      requires_log_field = true
      log_field = "client"
      type = "unique"
      display_format_type = "integer"
    } # visitors

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      client = true
      query = true
    } # report_groups

  } # create_profile_wizard_options

} # bind9_query_with_timestamp