# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. cisco_router = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2010-10-26 - 1.0.1 - MSG - Edited info lines. info.1.manfacturer = "Cisco Systems" info.1.device = "Router" info.1.version.1 = "" # CiscoRouter # The name of the log format log.format.format_label = "Cisco Router Log Format (Using Syslog Server)" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "network_device" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "\\[[a-z]*\\] \\[[0-9.]*\\] \\[[0-9]*\\] \\[[0-9.]*\\] \\[[A-Za-z]*\\] " # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # A log entry is called an event statistics.miscellaneous.entry_name = "events" # Log fields log.fields = { username = { label = "$lang_stats.field_labels.username" type = "host" index = 0 subindex = 0 hierarchy_dividers = "." left_to_right = false leading_divider = "false" } # username category = { label = "$lang_stats.field_labels.category" type = "flat" index = 0 subindex = 0 } # category message_code = { label = "$lang_stats.field_labels.message_code" type = "flat" index = 0 subindex = 0 } # message_code message = { label = "$lang_stats.field_labels.message" type = "flat" index = 0 subindex = 0 } # message version = { label = "$lang_stats.field_labels.version" type = "flat" index = 0 subindex = 0 } # version link_state = { label = "$lang_stats.field_labels.link_state" type = "flat" index = 0 subindex = 0 } # link_state v1 = { label = "$lang_stats.field_labels.v1" type = "flat" index = 0 subindex = 0 } # v1 v2 = { label = "$lang_stats.field_labels.v2" type = "flat" index = 0 subindex = 0 } # v2 v3 = { label = "$lang_stats.field_labels.v3" type = "flat" index = 0 subindex = 0 } # v3 v4 = { label = "$lang_stats.field_labels.v4" type = "flat" index = 0 subindex = 0 } # v4 result = { label = "$lang_stats.field_labels.result" type = "flat" index = 0 subindex = 0 } # result } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse other message lines 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('()\\\\[([a-z]*)\\\\] \\\\[[0-9.]*\\\\] \\\\[[0-9]*\\\\] \\\\[([0-9.]*)\\\\] \\\\[([^]]*)\\\\] \\\\[([^]]*)\\\\] ', '*KEY*,username,logging_device,category,version')" } # 1 # Parse out link lines 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('()\\\\[[a-z]*\\\\] \\\\[[0-9.]*\\\\] \\\\[[0-9]*\\\\] \\\\[[0-9.]*\\\\] \\\\[[^]]*\\\\] \\\\[[^]]*\\\\] (Link [^ ]*) V1=([^ ]*) V2=([^ ]*) V3=([^ ]*) V4=([^ ]*) *([^ ]*) $', '*KEY*,link_state,v1,v2,v3,v4,result')" } # 2 # Parse message code lines 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('()%([A-Z0-9-]+):', '*KEY*,message_code')" } # 3 # Parse other message lines 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('()\\\\[[a-z]*\\\\] \\\\[[0-9.]*\\\\] \\\\[[0-9]*\\\\] \\\\[[0-9.]*\\\\] \\\\[[^]]*\\\\] \\\\[[^]]*\\\\] ([A-Za-z ]+)$', '*KEY*,message')" } # 4 # Accept this log entry 5 = { label = "5" comment = "" value = "accept_collected_entry_using_regexp('^()', false)" } # 5 } # log.parsing_filters # Database fields database.fields = { username = { label = "$lang_stats.field_labels.username" log_field = "username" type = "string" suppress_top = 0 suppress_bottom = 2 } # username category = { label = "$lang_stats.field_labels.category" log_field = "category" type = "string" suppress_top = 0 suppress_bottom = 2 } # category message_code = { label = "$lang_stats.field_labels.message_code" log_field = "message_code" type = "string" suppress_top = 0 suppress_bottom = 2 } # message_code message = { label = "$lang_stats.field_labels.message" log_field = "message" type = "string" suppress_top = 0 suppress_bottom = 2 } # message version = { label = "$lang_stats.field_labels.version" log_field = "version" type = "string" suppress_top = 0 suppress_bottom = 2 } # version link_state = { label = "$lang_stats.field_labels.link_state" log_field = "link_state" type = "string" suppress_top = 0 suppress_bottom = 2 } # link_state v1 = { label = "$lang_stats.field_labels.v1" log_field = "v1" type = "string" suppress_top = 0 suppress_bottom = 2 } # v1 v2 = { label = "$lang_stats.field_labels.v2" log_field = "v2" type = "string" suppress_top = 0 suppress_bottom = 2 } # v2 v3 = { label = "$lang_stats.field_labels.v3" log_field = "v3" type = "string" suppress_top = 0 suppress_bottom = 2 } # v3 v4 = { label = "$lang_stats.field_labels.v4" log_field = "v4" type = "string" suppress_top = 0 suppress_bottom = 2 } # v4 result = { label = "$lang_stats.field_labels.result" log_field = "result" type = "string" suppress_top = 0 suppress_bottom = 2 } # result } # database.fields database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" username = true category = true message_code = true message = true version = true link_state = true v1 = true v2 = true v3 = true v4 = true result = true } # report_groups } # create_profile_wizard_options not_supported = { visitors = true sessions = true pageviews = true bandwidth = true } # not_supported } # cisco_router