# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
sophos_antispam_message_log = {

  # The name of the log format
  log.format.format_label = "Sophos Antispam Message Log Format"
  log.miscellaneous.log_data_type = "mail_server"  
  log.miscellaneous.log_format_type = "mail_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9] q=[^ ]+ f=<[^>]*> t=<[^>]*>"

  # All log field parsing will be done using the parsing filters
#  log.format.parse_only_with_filters = "true"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    queue = ""
    size = ""
    duration = ""

    from = {
      type = "hierarchical"
      hierarchy_dividers = "@"
      left_to_right = false
      leading_divider = false
    } # from

    to = {
      type = "hierarchical"
      hierarchy_dividers = "@"
      left_to_right = false
      leading_divider = false
    } # to

  } # log.fields


  log.parsing_filters.parse = `
if (matches_regular_expression(current_log_line(), "^([0-9-]+)T([0-9:]*) q=([^ ]*) f=<([^>]*)> t=<([^>]*)> (.*)$")) then (
  date = $1;
  time = $2;
  queue = $3;
  from = $4;
  to = $5;
  v.remainder = $6;
  if (matches_regular_expression(v.remainder, 'Size=([0-9]+)')) then
    size = $1;
  if (matches_regular_expression(v.remainder, 'tm=([0-9.]+)')) then
    duration = $1 * 1000.0;
);
`


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    queue = ""
    size = ""
    duration = ""
    from = ""
    to = ""

  } # database.fields

  database.numerical_fields = {

    messages = {
      default = true
      requires_log_field = false
      entries_field = true
    } # messages

    size = {
      log_field = "size"
      requires_log_field = true
      type = "float"
      display_format_type = "bandwidth"
    }

    duration = {
      requires_log_field = true
      type = "float"
      display_format_type = "duration_milliseconds"
    } # duration

  } # database.numerical_fields


  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'messages = 1;'
    } # mark_entry

  } # log.filters

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""

      queue = true
      size = true
      duration = true
      from = true
      to = true

    } # report_groups

  } # create_profile_wizard_options

} # sophos_antispam_message_log