# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. samba_server = { plugin_version = "1.1" info.1.manfacturer = "GNU" info.1.device = "Samba" info.1.version.1 = "" # ????-??-?? - ??? - 1.0 - Initial implementation # 2009-08-27 - GMF - 1.1 - Added support for a variant (extra space in date) # The name of the log format log.format.format_label = "Samba Server Log Format" log.miscellaneous.log_data_type = "error" log.miscellaneous.log_format_type = "application" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^\\[[0-9]+/[0-9]+/[0-9]+ [0-9]+:[0-9]+:[0-9]+, +[0-9]*\\] [^)]*\\)$" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # The format of dates and times in this log log.format.date_format = "yyyy/mm/dd" log.format.time_format = "hh:mm:ss" # Log fields log.fields = { date = { label = "$lang_stats.field_labels.date" type = "date" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # date time = { label = "$lang_stats.field_labels.time" type = "time" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # time source_code_location = { label = "$lang_stats.field_labels.source_code_location" type = "flat" index = 0 subindex = 0 } # source_code_location operation = { label = "$lang_stats.field_labels.operation" type = "flat" index = 0 subindex = 0 } # operation username = { label = "$lang_stats.field_labels.username" type = "flat" index = 0 subindex = 0 } # username authorization_method = { label = "$lang_stats.field_labels.authorization_method" type = "flat" index = 0 subindex = 0 } # authorization_method result = { label = "$lang_stats.field_labels.result" type = "flat" index = 0 subindex = 0 } # result client_hostname = { label = "$lang_stats.field_labels.client_hostname" type = "flat" index = 0 subindex = 0 } # client_hostname client_ip = { label = "$lang_stats.field_labels.client_ip" type = "host" index = 0 subindex = 0 hierarchy_dividers = "." left_to_right = false leading_divider = "false" } # client_ip service = { label = "$lang_stats.field_labels.service" type = "flat" index = 0 subindex = 0 } # service filename = { label = "$lang_stats.field_labels.filename" type = "flat" index = 0 subindex = 0 } # filename read = { label = "$lang_stats.field_labels.read" type = "flat" index = 0 subindex = 0 } # read write = { label = "$lang_stats.field_labels.write" type = "flat" index = 0 subindex = 0 } # write numopen = { label = "$lang_stats.field_labels.numopen" type = "flat" index = 0 subindex = 0 } # numopen uid = { label = "$lang_stats.field_labels.uid" type = "flat" index = 0 subindex = 0 } # uid gid = { label = "$lang_stats.field_labels.gid" type = "flat" index = 0 subindex = 0 } # gid pid = { label = "$lang_stats.field_labels.pid" type = "flat" index = 0 subindex = 0 } # pid } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse date, time, source code location 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('^()\\\\[([0-9]+/[0-9]+/[0-9]+) ([0-9]+:[0-9]+:[0-9]+), +[0-9]*\\\\] ([^)]*\\\\))$', '*KEY*,date,time,source_code_location')" } # 1 # Parse second line as operation 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('^() (.*)$', '*KEY*,operation')" } # 2 # Parse second line as Defaulting to operation 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('^() (Defaulting to [A-Za-z]* password) for ([A-Za-z ]*)$', '*KEY*,operation,username')" } # 3 # Parse second line as 'failed to authenticate' operation 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('^() User \"([^\"]*)\" (failed to authenticate) with \"([^\"]*)\" [^:]*(:.)$', '*KEY*,username,operation,authorization_method,result')" } # 4 # Parse second line as 'authenticated successfully' operation 5 = { label = "5" comment = "" value = "collect_fields_using_regexp('^() User \"([^\"]*)\" (authenticated successfully) with \"([^\"]*)\" [^:]*(:.)$', '*KEY*,username,operation,authorization_method,result')" } # 5 # Parse second line as 'closed connection' operation 6 = { label = "6" comment = "" value = "collect_fields_using_regexp('^() ([^ ]*) \\\\(([0-9.]*)\\\\) (closed connection) to service (.*)$', '*KEY*,client_hostname,client_ip,operation,service')" } # 6 # Parse second line as 'connect to' operation 7 = { label = "7" comment = "" value = "collect_fields_using_regexp('^() ([^ ]*) \\\\(([0-9.]*)\\\\) (connect) to service (.*) as user ([^ ]*) \\\\(uid=([^,]*), gid=([^)]*)\\\\) \\\\(pid ([^)]*)\\\\)$', '*KEY*,client_hostname,client_ip,operation,service,username,uid,gid,pid')" } # 7 # Parse second line as 'opened file' operation 8 = { label = "8" comment = "" value = "collect_fields_using_regexp('^() (.*) (opened file) (.*) read=([^ ]*) write=([^ ]*) \\\\(numopen=([0-9]*)', '*KEY*,username,operation,filename,read,write,numopen')" } # 8 # Parse second line as 'closed file' operation 9 = { label = "9" comment = "" value = "collect_fields_using_regexp('^() ([^ ]*) (closed file) (.*) \\\\(numopen=([0-9]*)', '*KEY*,username,operation,filename,numopen')" } # 9 # Accept when line begins with 2 spaces 10 = { label = "10" comment = "" value = "accept_collected_entry_using_regexp('^() ', false)" } # 10 } # log.parsing_filters # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day operation = { label = "$lang_stats.field_labels.operation" log_field = "operation" type = "string" suppress_top = 0 suppress_bottom = 2 } # operation username = { label = "$lang_stats.field_labels.username" log_field = "username" type = "string" suppress_top = 0 suppress_bottom = 2 } # username authorization_method = { label = "$lang_stats.field_labels.authorization_method" log_field = "authorization_method" type = "string" suppress_top = 0 suppress_bottom = 2 } # authorization_method result = { label = "$lang_stats.field_labels.result" log_field = "result" type = "string" suppress_top = 0 suppress_bottom = 2 } # result client_hostname = { label = "$lang_stats.field_labels.client_hostname" log_field = "client_hostname" type = "string" suppress_top = 0 suppress_bottom = 2 } # client_hostname client_ip = { label = "$lang_stats.field_labels.client_ip" log_field = "client_ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # client_ip service = { label = "$lang_stats.field_labels.service" log_field = "service" type = "string" suppress_top = 0 suppress_bottom = 2 } # service filename = { label = "$lang_stats.field_labels.filename" log_field = "filename" type = "string" suppress_top = 0 suppress_bottom = 2 } # filename read = { label = "$lang_stats.field_labels.read" log_field = "read" type = "string" suppress_top = 0 suppress_bottom = 2 } # read write = { label = "$lang_stats.field_labels.write" log_field = "write" type = "string" suppress_top = 0 suppress_bottom = 2 } # write numopen = { label = "$lang_stats.field_labels.numopen" log_field = "numopen" type = "string" suppress_top = 0 suppress_bottom = 2 } # numopen uid = { label = "$lang_stats.field_labels.uid" log_field = "uid" type = "string" suppress_top = 0 suppress_bottom = 2 } # uid gid = { label = "$lang_stats.field_labels.gid" log_field = "gid" type = "string" suppress_top = 0 suppress_bottom = 2 } # gid pid = { label = "$lang_stats.field_labels.pid" log_field = "pid" type = "string" suppress_top = 0 suppress_bottom = 2 } # pid } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events unique_client_ips = { default = false requires_log_field = true log_field = "client_ip" type = "unique" } # unique_client_ips } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" operation = true username = true authorization_method = true result = true client_hostname = true client_ip = true service = true filename = true read = true write = true numopen = true uid = true gid = true pid = true } # report_groups } # create_profile_wizard_options } # samba_server