# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
kaspersky_avp_client = {

  plugin_version = "1.0.1"

  # Initial creation - 1.0
  # 2011-03-28 - 1.0.1 - MSG - Edited info lines.

  info.1.manfacturer = "Kaspersky Labs"
  info.1.device = "AVP Client (Spanish)"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "Kaspersky Labs AVP Client (Spanish) Log Format"
  log.miscellaneous.log_data_type = "generic"
  log.miscellaneous.log_format_type = "application"

  # The log is in this format if there is a  match this regular expression
  log.format.autodetect_regular_expression = '^;$'

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # the "date" line (see parsing filter) starts with a '#', and so Sawmill ignores it when processing if this switch is not on
  log.format.ignore_format_lines = "true"
  
  # An entry in this log is called a "message" in the statistics
  statistics.miscellaneous.entry_name = "events"

  # This disables the collection of unclosed entries
  log.format.collected_entry_lifespan = "0"
  
  # The format of dates and times in this log
  log.format.date_format = "dd/mmm/yyyy"
  log.format.time_format = "hh:mm:ss"
  
  log.fields = {
    date = {
      label = "$lang_stats.field_labels.date"
      type = "date"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # date

    time = {
      label = "$lang_stats.field_labels.time"
      type = "time"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # time
    filename = ""
    file_type = ""
    state = ""
    virus = ""
  
  } # log.fields
  
  database.fields = {
    date_time = {
      label = "$lang_stats.field_labels.date_time"
      log_field = "date_time"
      type = "string"
      suppress_top = 0
      suppress_bottom = 3
      display_format_type = "date_time"
    } # date_time

    day_of_week = {
      label = "$lang_stats.field_labels.day_of_week"
      log_field = "day_of_week"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "day_of_week"
    } # day_of_week

    hour_of_day = {
      label = "$lang_stats.field_labels.hour_of_day"
      log_field = "hour_of_day"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "hour_of_day"
    } # hour_of_day

    filename = ""
    file_type = ""
    state = ""
    virus = ""

  
  } #database.fields
  
  
  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # events
            	    
  } # database.numerical_fields

  log.parsing_filters = {

  parse = {
       label = "log parsing filter"
       comment = "This filter parses each log line and accepts elements of each line to create one 'virtual' log line (this virtual line will apear in the log detail report)"
       value = "
           # Spanish months converted using this site - http://www.domesticat.net/misc/monthsdays.php
           
           # get the date and normalise
            if (matches_regular_expression(current_log_line(), '^()#[^,]+, ([0-9]+) .*(enero|febrero|marzo|abril|mayo|junio|julio|agosto|septiembre|octubre|noviembre|diciembre).* ([0-9]+), ([0-9:]+)$')) then (
             if ($3 eq 'enero') then v.month = 'Jan';
             else if ($3 eq 'febrero') then v.month = 'Feb';
             else if ($3 eq 'marzo') then v.month = 'Mar';
             else if ($3 eq 'abril') then v.month = 'Apr';
             else if ($3 eq 'mayo') then v.month = 'May';
             else if ($3 eq 'junio') then v.month = 'Jun';
             else if ($3 eq 'julio') then v.month = 'Jul';
             else if ($3 eq 'agosto') then v.month = 'Aug';
             else if ($3 eq 'septiembre') then v.month = 'Sep';
             else if ($3 eq 'octubre') then v.month = 'Oct';
             else if ($3 eq 'noviembre') then v.month = 'Nov';
             else if ($3 eq 'diciembre') then v.month = 'Dec';
             v.g_date = $2 . '/' . v.month . '/' . $4;
             v.g_time = $5;
            );
           else if (matches_regular_expression(current_log_line(), '^()([^[]+)\\\\[[^]]+\\\\]\\\\[Date [^,]+, *[0-9]+ [A-Z][a-z][a-z] [0-9]+ [0-9:]+ [-+A-Z0-9]+\\\\]/([^	]+)	([^	]+)	([^	]+)	')) then (
            set_collected_field($1, 'date', v.g_date);
            set_collected_field($1, 'time', v.g_time);
            set_collected_field($1, 'filename', $2);
            set_collected_field($1, 'file_type', $3);
            set_collected_field($1, 'state', $4);
            set_collected_field($1, 'virus', $5);
            accept_collected_entry($1, false);
           );
           "
  } # parse

  } # log.parsing_filters

  log.filters = {
  
      mark_entry = {
        value = "events = 1;"
        label = "$lang_admin.log_filters.mark_entry_label"
        comment = "$lang_admin.log_filters.mark_entry_comment"
      } # mark_entry
  	
  	  } # log.filters

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
    	
      date_time_group = ""
      virus = true
      state = true
      filename = true
      file_type = true
      
    } # report_groups

  } # create_profile_wizard_options

  not_supported = {
    visitors = true
    sessions = true
    pageviews = true
    individualhosts = true
  } # not_supported

} # kaspersky_avp_client