# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
policy_director_audit = {

  # The name of the log format
  log.format.format_label = "Policy Directory Audit Log Format"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "application"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^<E><D>[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\\..*-----</D><I>[0-9]*</I><O>[0-9]*</O><C><P>.*</P></C><V><A><B>.*</B></A></V></E>$"

  # This regular expression is used to parse the log fields out of the log entry
  log.format.parsing_regular_expression = "^<E><D>([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\..*-----</D><I>([0-9]*)</I><O>([0-9]*)</O><C><P>(.*)</P></C><V><A>(<B>.*</B>)</A></V></E>$"

  # The format of dates and times in this log
  log.format.date_format = "yyyy-mm-dd"
  log.format.time_format = "hh:mm:ss"

  # Log fields
  log.fields = {

    date = {
      label = "$lang_stats.field_labels.date"
      type = "date"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # date

    time = {
      label = "$lang_stats.field_labels.time"
      type = "time"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # time

    event_id = {
      label = "$lang_stats.field_labels.event_id"
      type = "flat"
      index = 0
      subindex = 0
    } # event_id

    status_code = {
      label = "$lang_stats.field_labels.status_code"
      type = "flat"
      index = 0
      subindex = 0
    } # status_code

    originator_id = {
      label = "$lang_stats.field_labels.originator_id"
      type = "flat"
      index = 0
      subindex = 0
    } # originator_id

    command_arguments = {
      label = "$lang_stats.field_labels.command_arguments"
      type = "flat"
      index = 0
      subindex = 0
    } # command_arguments

  } # log.fields


  #          
  # Log Parsing Filters
  log.parsing_filters = {


    # This filter removes <B> in the command arguments field, to make it more readable
    1 = {
      label = "1"
      comment = ""
      value = "command_arguments = replace_all(command_arguments, '<B>', ' ');"
    } # 1


    # This filter removes </B> in the command arguments field, to make it more readable
    2 = {
      label = "2"
      comment = ""
      value = "command_arguments = replace_all(command_arguments, '</B>', ' ');"
    } # 2


    # This filter removes <A> in the command arguments field, to make it more readable
    3 = {
      label = "3"
      comment = ""
      value = "command_arguments = replace_all(command_arguments, '<A>', ' ');"
    } # 3


    # This filter removes </A> in the command arguments field, to make it more readable
    4 = {
      label = "4"
      comment = ""
      value = "command_arguments = replace_all(command_arguments, '</A>', ' ');"
    } # 4


  } # log.parsing_filters


  # Database fields
  database.fields = {

    date_time = {
      label = "$lang_stats.field_labels.date_time"
      log_field = "date_time"
      type = "string"
      suppress_top = 0
      suppress_bottom = 3
      display_format_type = "date_time"
    } # date_time

    day_of_week = {
      label = "$lang_stats.field_labels.day_of_week"
      log_field = "day_of_week"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "day_of_week"
    } # day_of_week

    hour_of_day = {
      label = "$lang_stats.field_labels.hour_of_day"
      log_field = "hour_of_day"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "hour_of_day"
    } # hour_of_day

    event_id = {
      label = "$lang_stats.field_labels.event_id"
      log_field = "event_id"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
    } # event_id

    status_code = {
      label = "$lang_stats.field_labels.status_code"
      log_field = "status_code"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
    } # status_code

    originator_id = {
      label = "$lang_stats.field_labels.originator_id"
      log_field = "originator_id"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
    } # originator_id

    command_arguments = {
      label = "$lang_stats.field_labels.command_arguments"
      log_field = "command_arguments"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
    } # command_arguments

  } # database.fields

  database.numerical_fields = {

    hits = {
      label = "$lang_stats.field_labels.hits"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # hits

  } # database.numerical_fields


  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'hits = 1;'
    } # mark_entry
  } # log.filters

  create_profile_wizard_options = {
    date_time_tracking = true

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      event_id = true
      status_code = true
      originator_id = true
      command_arguments = true
    } # report_groups

  } # create_profile_wizard_options

  not_supported = {
    bandwidth = true
    pageviews = true
    sessions = true
    visitors = true
    individualhosts = true
  } # not_supported

} # policy_director_audit