# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
symantec_mail_security_syslog = {

  plugin_version = "1.0"

  # 2006-07-05 - 1.0beta - GMF - Initial plug-in
  # 2007-09-14 - 1.0 - KBB - renumbered per new beta policy


  # The name of the log format
  log.format.format_label = "Symantec Mail Security Syslog Format"
  log.miscellaneous.log_data_type = "syslog"  
  log.miscellaneous.log_format_type = "syslog_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9] [A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] \\([^)]+\\) "

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    log_level = ""
    syslog_message = ""

  } # log.fields


  # Log Parsing Filters
  log.parsing_filters = {

    # Parse out the syslog fields
    syslog = `
v.syslog_message = '';
if (matches_regular_expression(current_log_line(), '^([0-9]+) ([A-za-z]+) ([0-9 ][0-9]) ([0-9:]+) \\\\(([^)]+)\\\\) (.*)$')) then (
  set_collected_field('', 'log_level', $5);
  set_collected_field('', 'date', $3 . '/' . $2 . '/' . $1);
  set_collected_field('', 'time', $4);
  v.syslog_message = $6;
);
`

  } # log.parsing_filters


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    log_level = ""

  } # database.fields

#  create_profile_wizard_options = {
#
#    # How the reports should be grouped in the report menu
#    report_groups = {
#      date_time_group = ""
#    } # report_groups
#
#  } # create_profile_wizard_options

} # symantec_mail_security_syslog