# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. policy_director_sec_audit_trail = { # The name of the log format log.format.format_label = "Policy Directory Security Audit Trail Log Format" log.miscellaneous.log_data_type = "generic" log.miscellaneous.log_format_type = "application" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^--- Dumping an event record --- Event Number: 0x[0-9A-Za-z]*$" # The format of dates and times in this log log.format.date_format = "yyyy-mm-dd" log.format.time_format = "hh:mm:ss" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = { label = "$lang_stats.field_labels.date" type = "date" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # date time = { label = "$lang_stats.field_labels.time" type = "time" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # time server = { label = "$lang_stats.field_labels.server" type = "flat" index = 0 subindex = 0 } # server client = { label = "$lang_stats.field_labels.client" type = "page" index = 0 subindex = 0 hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # client number_of_groups = { label = "$lang_stats.field_labels.number_of_groups" type = "flat" index = 0 subindex = 0 } # number_of_groups event_outcome = { label = "$lang_stats.field_labels.event_outcome" type = "flat" index = 0 subindex = 0 } # event_outcome authorization_status = { label = "$lang_stats.field_labels.authorization_status" type = "flat" index = 0 subindex = 0 } # authorization_status item_1 = { label = "$lang_stats.field_labels.item_1" type = "flat" index = 0 subindex = 0 } # item_1 } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse out the date and time 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('^()Local Time: ([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\\\.', '*key,date,time')" } # 1 # Parse out the server field 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('^()Server: (.*)$', '*KEY*,server')" } # 2 # Parse out the number of groups field 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('^()Number of groups: (.*)$', '*KEY*,number_of_groups')" } # 3 # Parse out the client field 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('^()Client: (.*)$', '*KEY*,client')" } # 4 # Parse out the event outcome field 5 = { label = "5" comment = "" value = "collect_fields_using_regexp('^()Event Outcome: (.*)$', '*KEY*,event_outcome')" } # 5 # Parse out the authorization status field 6 = { label = "6" comment = "" value = "collect_fields_using_regexp('^()Authorization Status: (.*)$', '*KEY*,authorization_status')" } # 6 # Parse out the item 1 field 7 = { label = "7" comment = "" value = "collect_fields_using_regexp('^()item 1: (.*)$', '*KEY*,item_1')" } # 7 # Accept the log entry when we get to the "End of an event record" line 8 = { label = "8" comment = "" value = "accept_collected_entry_using_regexp('^()--- End of an event record ---', false)" } # 8 } # log.parsing_filters # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day client = { label = "$lang_stats.field_labels.client" log_field = "client" type = "string" suppress_top = 0 suppress_bottom = 9 } # client server = { label = "$lang_stats.field_labels.server" log_field = "server" type = "string" suppress_top = 0 suppress_bottom = 2 } # server event_outcome = { label = "$lang_stats.field_labels.event_outcome" log_field = "event_outcome" type = "string" suppress_top = 0 suppress_bottom = 2 } # event_outcome number_of_groups = { label = "$lang_stats.field_labels.number_of_groups" log_field = "number_of_groups" type = "string" suppress_top = 0 suppress_bottom = 2 } # number_of_groups authorization_status = { label = "$lang_stats.field_labels.authorization_status" log_field = "authorization_status" type = "string" suppress_top = 0 suppress_bottom = 2 } # authorization_status item_1 = { label = "$lang_stats.field_labels.item_1" log_field = "item_1" type = "string" suppress_top = 0 suppress_bottom = 2 } # item_1 } # database.fields database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;page_views = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" client = true server = true event_outcome = true number_of_groups = true authorization_status = true item_1 = true } # report_groups } # create_profile_wizard_options not_supported = { bandwidth = true sessions = true visitors = true individualhosts = true } # not_supported } # policy_director_sec_audit_trail