# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. bit_block = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2010-10-14 - 1.0.1 - MSG - Edited info lines. info.1.manfacturer = "Bitblock Systems" info.1.device = "HTTP Access" info.1.version.1 = "" # The name of the log format log.format.format_label = "BitBlock Log Format" log.miscellaneous.log_data_type = http_access log.miscellaneous.log_format_type = "other" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[0-9.]+ [0-9]+ [^ ]+ [0-9.]+ [^ ]+ [^ ]+ \\[../.../....:..:..:...*\\] \"[A-Z]* " # Treat fields surrounded by square brackets (e.g. the date/time field) as a single quoted field. log.format.treat_brackets_as_quotes = true log.format.common_log_format = true # The format of dates and times in this log log.format.date_format = dd/mmm/yyyy:hh:mm:ss log.format.time_format = dd/mmm/yyyy:hh:mm:ss # Log fields log.fields = { server_ip = { label = "server IP" type = flat index = 1 subindex = 0 } # server_ip duration = { label = duration type = flat index = 2 subindex = 0 } # duration server_domain = { label = "server domain" type = flat index = 3 subindex = 0 } # server_domain hostname = { label = hostname type = host index = 4 subindex = 0 dividers = . left_to_right = false leading_divider = false is_sessions_visitor_id = true } # hostname authenticated_user = { label = "authenticated user" type = flat index = 6 subindex = 0 } # authenticated_user date_time = { label = date/time type = date_time index = 7 subindex = 1 left_to_right = false leading_divider = false } # date_time operation = { label = operation type = flat index = 8 subindex = 1 } # operation page = { label = page type = page index = 8 subindex = 2 dividers = /? left_to_right = true leading_divider = true is_sessions_page = true } # page protocol = { label = protocol type = flat index = 8 subindex = 3 } # protocol server_response = { label = "server response" type = response index = 9 subindex = 0 left_to_right = false leading_divider = false } # server_response size = { label = size type = size index = 10 subindex = 0 left_to_right = false leading_divider = false } # size referrer = { label = referrer type = URL index = 11 subindex = 0 dividers = /? left_to_right = true leading_divider = false } # referrer agent = { label = agent type = agent index = 12 subindex = 0 left_to_right = false leading_divider = false } # agent session_user = { label = "session user" type = flat index = 13 subindex = 0 } # session_user session_id = { label = "session ID" type = flat index = 14 subindex = 0 } # session_id } # log.fields # Database fields database.fields = { date_time = { label = date/time log_field = date_time type = string suppress_top = 0 suppress_bottom = 3 display_format_type = date_time } # date_time day_of_week = { label = "day of week" log_field = day_of_week type = string suppress_top = 0 suppress_bottom = 2 } # day_of_week hour_of_day = { label = "hour of day" log_field = hour_of_day type = string suppress_top = 0 suppress_bottom = 2 } # hour_of_day page = { label = page log_field = page type = string suppress_top = 0 suppress_bottom = 9 display_format_type = page } # page file_type = { label = "file type" log_field = file_type type = string suppress_top = 0 suppress_bottom = 2 } # file_type worm = { label = worm log_field = worm type = string suppress_top = 0 suppress_bottom = 2 } # worm screen_dimensions = { label = "screen dimensions" log_field = screen_dimensions type = string suppress_top = 0 suppress_bottom = 2 } # screen_dimensions screen_depth = { label = "screen depth" log_field = screen_depth type = string suppress_top = 0 suppress_bottom = 2 } # screen_depth hostname = { label = hostname log_field = hostname type = string suppress_top = 0 suppress_bottom = 2 display_format_type = hostname } # hostname domain_description = { label = "domain description" log_field = domain_description type = string suppress_top = 0 suppress_bottom = 2 } # domain_description location = { label = location log_field = location type = string suppress_top = 0 suppress_bottom = 3 } # location referrer = { label = referrer log_field = referrer type = string suppress_top = 1 suppress_bottom = 3 } # referrer referrer_description = { label = "referrer description" log_field = referrer_description type = string suppress_top = 0 suppress_bottom = 2 } # referrer_description search_engine = { label = "search engine" log_field = search_engine type = string suppress_top = 0 suppress_bottom = 2 } # search_engine search_phrase = { label = "search phrase" log_field = search_phrase type = string suppress_top = 0 suppress_bottom = 2 } # search_phrase web_browser = { label = "web browser" log_field = web_browser type = string suppress_top = 0 suppress_bottom = 2 } # web_browser operating_system = { label = "operating system" log_field = operating_system type = string suppress_top = 0 suppress_bottom = 2 } # operating_system spider = { label = spider log_field = spider type = string suppress_top = 0 suppress_bottom = 2 } # spider server_ip = { label = "server IP" log_field = server_ip type = string suppress_top = 0 suppress_bottom = 2 } # server_ip server_domain = { label = "server domain" log_field = server_domain type = string suppress_top = 0 suppress_bottom = 2 } # server_domain server_response = { label = "server response" log_field = server_response type = string suppress_top = 0 suppress_bottom = 2 } # server_response authenticated_user = { label = "authenticated user" log_field = authenticated_user type = string suppress_top = 0 suppress_bottom = 2 } # authenticated_user session_user = { label = "session user" log_field = session_user type = string suppress_top = 0 suppress_bottom = 2 } # session_user session_id = { label = "session ID" log_field = session_id type = string suppress_top = 0 suppress_bottom = 2 } # session_id duration = { label = duration log_field = duration type = string suppress_top = 0 suppress_bottom = 2 } # duration } # database.fields # Get web browser, operating system, web browser, and spider information from the user-agent field. log.parsing_filters.derive_from_user_agent = ` get_user_agent_info(agent); web_browser = volatile.web_browser; operating_system = volatile.operating_system; spider = volatile.spider; ` # Log Filters log.filters = { # Change "visitor id" to "session user" or "session ID" to use that as the unique visitor identifier. # This filter replaces "-" referrers with "(no referrer)" 2 = "if (referrer eq '-') then referrer = '(no referrer)';" # This filter replaces referrers containins with mydomain.com/ with "(internal referrer)" # This should be modified in each configuration to match the actual domain name, # so it will be omitted from tables. 3 = "if (contains(referrer, 'mydomain.com/')) then referrer = '(internal referrer)';" # This filter replaces "-" users with "(not authenticated)" 4 = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';" # This filter sets the page field to '(worm)' if this is a worm hit 5 = "if (starts_with(worm, '(')) then '' else page = '(worm)';" # This filter replaces page parameters (page.html?param1+param2+...) with ?(parameters), to simplify the page hierarchy 6 = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';" # This filter sets the page_views field based on the file type 9 = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" # This filter strips off the filename for non-page-views, to improve performance 10 = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';" # Mark this as a hit 17 = "hits = 1;" } # log.filters database.numerical_fields = { hits = { label = $lang_stats.field_labels.hits default = false requires_log_field = false type = int display_format_type = integer entries_field = true } # hits page_views = { label = $lang_stats.field_labels.page_views default = true requires_log_field = false type = int display_format_type = integer sessions_event_field = true } # page_views visitors = { label = $lang_stats.field_labels.visitors default = false requires_log_field = true log_field = hostname type = unique display_format_type = integer } # visitors size = { label = size default = false requires_log_field = true log_field = size type = float display_format_type = bandwidth } # size } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true } # create_profile_wizard_options not_supported = { } # not_supported } # bit_block