# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. novell_net_mail = { # sessions, hits, bandwidth, pageviews, and visitors. # The name of the log format log.format.format_label = "Novell NetMail Log Format" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "(NMAP:Delivering message from|SMTP:Remote delivery for)" log.format.autodetect_lines = "100" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log entries are called "events" statistics.miscellaneous.entry_name = "events" # Log fields log.fields = { from = { label = "$lang_stats.field_labels.from" type = "hierarchical" index = 0 subindex = 0 hierarchy_dividers = "@" left_to_right = false leading_divider = "false" } # from to = { label = "$lang_stats.field_labels.to" type = "hierarchical" index = 0 subindex = 0 hierarchy_dividers = "@" left_to_right = false leading_divider = "false" } # to type = { label = "$lang_stats.field_labels.type" type = "flat" index = 0 subindex = 0 } # type status = { label = "$lang_stats.field_labels.status" type = "flat" index = 0 subindex = 0 } # status virus = { label = "$lang_stats.field_labels.virus" type = "flat" index = 0 subindex = 0 } # virus size = { label = "$lang_stats.field_labels.size" type = "size" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # size blocked_source_ip = { label = "$lang_stats.field_labels.blocked_source_ip" type = "flat" index = 0 subindex = 0 } # blocked_source_ip rbl_list = { label = "$lang_stats.field_labels.rbl_list" type = "flat" index = 0 subindex = 0 } # rbl_list } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse Delivering message lines 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('()(NMAP):Delivering message from ([^ ]+) for ([^ ]+)$', '*KEY*,type,from,to')" } # 1 # Parse "Remote delivery" lines 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('()(SMTP):Remote delivery for (.*) to ([^,]*), Size:([0-9]+), Status:([0-9]+)$', '*KEY*,type,from,to,size,status')" } # 2 # Parse "Antispam" lines 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('()(Antispam):\\\\[[^]]+\\\\] (Blocked) (.*)$', '*KEY*,type,status,from')" } # 3 # Parse "AntiVirus" lines 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('()(AntiVirus):\\\\[[^]]+\\\\] (.*) (virus) sent from ([^ ]*) to ([^ ]*) [^ ]* [0-9]+$', '*KEY*,type,virus,status,from,to')" } # 4 # Parse out Blocked lines 5 = { label = "5" comment = "" value = "collect_fields_using_regexp('()SMTP:Blocked (.*) based on RBL List (.*)$', '*KEY*,blocked_source_ip,rbl_list')" } # 5 # Accept this log entry 6 = { label = "6" comment = "" value = "accept_collected_entry_using_regexp('()(NMAP:Delivering message from|SMTP:Remote delivery for|SMTP:Blocked |AntiVirus:|Antispam:)', false)" } # 6 } # log.parsing_filters # Database fields database.fields = { type = { label = "$lang_stats.field_labels.type" log_field = "type" type = "string" suppress_top = 0 suppress_bottom = 3 } # type status = { label = "$lang_stats.field_labels.status" log_field = "status" type = "string" suppress_top = 0 suppress_bottom = 2 } # status from = { label = "$lang_stats.field_labels.from" log_field = "from" type = "string" suppress_top = 0 suppress_bottom = 3 } # from to = { label = "$lang_stats.field_labels.to" log_field = "to" type = "string" suppress_top = 0 suppress_bottom = 3 } # to virus = { label = "$lang_stats.field_labels.virus" log_field = "virus" type = "string" suppress_top = 0 suppress_bottom = 2 } # virus blocked_source_ip = { label = "$lang_stats.field_labels.blocked_source_ip" log_field = "blocked_source_ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # blocked_source_ip rbl_list = { label = "$lang_stats.field_labels.rbl_list" log_field = "rbl_list" type = "string" suppress_top = 0 suppress_bottom = 2 } # rbl_list } # database.fields database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events size = { label = "$lang_stats.field_labels.size" default = false requires_log_field = true log_field = "size" type = "float" display_format_type = "bandwidth" } # size } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" type = true status = true from = true to = true virus = true blocked_source_ip = true rbl_list = true } # report_groups } # create_profile_wizard_options not_supported = { visitors = true sessions = true pageviews = true individualhosts = true } # not_supported } # novell_net_mail