# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. sun_one_netscape_directory_server = { plugin_version = "1.0.2" # 2007-09-17 - 1.0.3 - KBB - Fixed 1.0.2beta - only prepend a space if the filter name is not '(empty)'. # 2007-09-14 - 1.0.2 - KBB - renumbered per new beta policy # 11/02/2006: 1.0.2beta: KBB - Restored filter field with a prepended space. Its values are # in parentheses and the parentheses are needed for sense, so the # space keeps Sawmill from hiding the values of the fields. # Added server_start_time field. # Added numeric sort for sun_etime2. A numeric sort for a regular field # depends UI changes in version 7.2.8, but is harmless without them. # 09/04/2006: 1.0.1beta: KBB - increase complexity of analysis based on customer input and # Sun website http://docs.sun.com/source/816-6699-10/logfiles.html # 08/21/2006: 1.0.0beta: initial creation - based on netscape_directory_server.cfg - KBB info.1.manfacturer = "Netscape" info.1.device = "Netscape Directory Server" info.1.version = "5.1" info.2.manfacturer = "Sun Microsystems" info.2.device = "Sun ONE Directory Server" info.2.version = "5.2" # The name of the log format log.format.format_label = "Sun ONE / Netscape Directory Server Log Format" log.miscellaneous.log_data_type = "generic" log.miscellaneous.log_format_type = "application" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = `^\\[[0-9][0-9]/[A-Za-z]*/[0-9]*:[0-9][0-9]:[0-9][0-9]:[0-9][0-9] [-+][0-9]*\\] conn=[0-9]* op=[-0-9]* .*(fd|SRCH|BIND|RESULT|EXT|MOD)` # The format of dates and times in this log log.format.date_format = "dd/mmm/yyyy:hh:mm:ss" log.format.time_format = "dd/mmm/yyyy:hh:mm:ss" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" log.format.collected_entry_lifespan = 0 # Log fields log.fields = { date_time = "" server_start_time = "" operation = "" base = "" scope = "" filter = "" attrs = "" nentries = "" sun_etime = "" # field name is not etime so the label can be "etime" instead of "elapsed time" sun_etime2 = "" connection_duration = "" # from start and end times of a connection err = "" notes = "" tag = "" file_descriptor = "" from_ip = "" to_ip = "" dn = "" method = "" version = "" oid = "" csn = "" newrdn = "" #newsuperior = "" operation_id = "" connection_id = "" abandon_msgid = "" message_id = "" closing_code = "" targetop = "" } # log.fields # log.filter_initialization = ` #string server_start_time; #` # Log Parsing Filters log.parsing_filters.parse = ` # not making 'msgId=[-0-9]+ - ' optional with ? due to boost limitations - if (matches_regular_expression(current_log_line(), '^\\\\[([0-9]+/[A-Z][a-z][a-z]/[0-9:]*) [-+][0-9]*\\] conn=([0-9]+) op=([-0-9]+) (.*)$')) then ( v.date_time = $1; v.conn_id = $2; v.op_id = $3; v.message = $4; v.key = $2 . " " . $3; if (matches_regular_expression(v.message, '^msgId=([-0-9]+) - (.*)$')) then ( v.msg_id = $1; if (v.msg_id eq '-1') then ( # make sure connection closing has same key as connection v.key = v.conn_id . " -1 " . v.msg_id; ); else ( v.key .= " " . v.msg_id; ); v.message = $2; set_collected_field(v.key, 'message_id', v.msg_id); ); set_collected_field(v.key, 'date_time', v.date_time); set_collected_field(v.key, 'connection_id', v.conn_id); set_collected_field(v.key, 'operation_id', v.op_id); # this is the beginning of the connection #fd=256 slot=256 LDAP connection from 10.10.99.99 to 172.99.99.99 if (matches_regular_expression(v.message, '^fd=([0-9]+) slot=[0-9]+ (.*) from ([0-9\.]+) to ([0-9\.]+)$')) then ( set_collected_field(v.conn_id, 'file_descriptor', $1); set_collected_field(v.conn_id, 'connection_operation', $2); set_collected_field(v.conn_id, 'from_ip', $3); set_collected_field(v.conn_id, 'to_ip', $4); set_collected_field(v.conn_id, 'date_time', v.date_time); set_collected_field(v.key, 'file_descriptor', $1); set_collected_field(v.key, 'connection_operation', $2); set_collected_field(v.key, 'from_ip', $3); set_collected_field(v.key, 'to_ip', $4); set_collected_field(v.key, 'operation', $2); if (v.conn_id == 0) then ( set_collected_field('', 'server_start_time', v.date_time); ); ); # this is an operation of the open connection else if (matches_regular_expression(v.message, '^([A-Z]+)(.*)$')) then ( v.op = $1; collect_listed_fields(v.key, $2, ' ', '=', 'msgid=abandon_msgid|etime=sun_etime'); set_collected_field(v.key, 'sun_etime2', get_collected_field(v.key, 'sun_etime')); # Prepend a space so the filter name will be displayed v.filter = get_collected_field(v.key, 'filter'); if (v.filter ne '(empty)') then ( set_collected_field(v.key, 'filter', " " . v.filter); ); if (matches_regular_expression(v.op, '(SRCH|BIND|UNBIND|ABANDON|MOD|MODRDN|ADD|DEL|EXT)')) then ( set_collected_field(v.key, 'operation', v.op); ); if (matches_regular_expression(v.op, '(RESULT|ABANDON|UNBIND)')) then ( set_collected_field(v.key, 'file_descriptor', get_collected_field(v.conn_id, 'file_descriptor')); set_collected_field(v.key, 'connection_operation', get_collected_field(v.conn_id, 'connection_operation')); set_collected_field(v.key, 'from_ip', get_collected_field(v.conn_id, 'from_ip')); set_collected_field(v.key, 'to_ip', get_collected_field(v.conn_id, 'to_ip')); #set_collected_field(v.key, 'server_start_time', server_start_time); set_collected_field(v.key, 'server_start_time', get_collected_field('', 'server_start_time')); accept_collected_entry(v.key, false); ); ); # precedes end of connection else if (matches_regular_expression(v.message, '^closing - (.*)$')) then ( # not needed now that key is adjusted for msgID=-1 ##set_collected_field(v.conn_id, 'closing_code', $1); set_collected_field(v.key, 'closing_code', $1); ); # this is the end of the connection else if (v.message eq 'closed.') then ( # the original date_time of the connection has been overwritten, so restore it v.start_date_time = get_collected_field(v.conn_id, 'date_time'); set_collected_field(v.key, 'date_time', v.start_date_time); #set_collected_field(v.key, 'server_start_time', server_start_time); set_collected_field(v.key, 'server_start_time', get_collected_field('', 'server_start_time')); # calculation the duration of the connection int start_time_epoc = date_time_to_epoc(v.start_date_time); int end_time_epoc = date_time_to_epoc(v.date_time); if (!(start_time_epoc == 0 or end_time_epoc == 0)) then ( set_collected_field(v.key, 'connection_duration', end_time_epoc - start_time_epoc); ); # not true now that key is adjusted for msgId=-1 ## all other fields were set when the connection was opened - this is the only one ## that may have been associated with another op id if closing was associated with UNBIND #set_collected_field(v.key, 'closing_code', get_collected_field(v.conn_id, 'closing_code')); accept_collected_entry(v.key, false); ); ); ` # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" server_start_time = "" operation = "" base = "" scope = "" filter = "" attrs = "" nentries = "" # if not selected for numeric, shows up as a report sun_etime2.sort_type = "integer" err = "" notes = "" tag = "" file_descriptor = "" from_ip = "" to_ip = "" dn = "" method = "" version = "" oid = "" csn = "" newrdn = "" operation_id = "" connection_id = "" abandon_msgid = "" message_id = "" closing_code = "" targetop = "" } # database.fields database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events sun_etime = { type = "float" display_format_type = "duration_compact" } # sun_etime connection_duration = { type = "float" display_format_type = "duration_compact" } # connection_duration nentries = { type = "int" display_format_type = "integer" } # nentries } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # sun_one_netscape_directory_server