# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
netscreen_ssg = {

  plugin_version = "2.3"

  info.1.manufacturer = "Juniper"
  info.1.device = "NetScreen SSG"
  info.1.version.1 = "SSG140_r70"

  # 2011-07-14 - GMF - 1.0 - Initial implementation


  # The name of the log format
  log.format.format_label = "NetScreen SSG Log Format"
  log.miscellaneous.log_data_type = "netscreen_ssg"  
  log.miscellaneous.log_format_type = "firewall"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = `^("[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+")`

  # The format of dates and times in this log
#  log.format.date_format = "ddmmmyyyy"
#  log.format.time_format = "h:m:s"

  # This handles header lines, and creates log and database fields from them
  log.filter_preprocessor = `
if (matches_regular_expression(current_log_line(), '^("[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+" "[A-Za-z ]+".*)$')) then (

  string fields = $1;
  string fieldname;
  v.logfieldindex = 1;
  string numerical_fields = "profiles." . internal.profile_name . ".database.numerical_fields";

  # This subroutine creates a database field
  subroutine(create_database_field(string fieldname), (
#echo("create_database_field: " . fieldname);
    debug_message("create_database_field(" . fieldname . ")\n");
    string databasefieldpath = "profiles." . internal.profile_name . ".database.fields." . fieldname;
    (databasefieldpath . "") = "";
    node databasefield = databasefieldpath;
#    set_subnode_value(databasefield, "label", fieldname);
    databasefield;
  ));

  subroutine(create_log_field(string fieldname, string log_field_type, bool withindex), (
    debug_message("create_log_field(" . fieldname . "; log_field_type=" . log_field_type . ")\n");
    string logfieldpath = "profiles." . internal.profile_name . ".log.fields." . fieldname;
    (logfieldpath . "") = "";
    node logfield = logfieldpath;
#    set_subnode_value(logfield, "label", fieldname);
    if (withindex) then (
      set_subnode_value(logfield, "index", v.logfieldindex);
      v.logfieldindex++;
    );
    set_subnode_value(logfield, "subindex", 0);
    if (log_field_type ne '') then
      set_subnode_value(logfield, "log_field_type", log_field_type);
    logfield;
  ));

  # Extract the fields on at a time
  while (matches_regular_expression(fields, '^"([^"]+)" (.*)$') or
         matches_regular_expression(fields, '^"([^"]+)"$')) (

    string unconverted_fieldname = $1;
#echo("unconverted_fieldname: " . unconverted_fieldname);
    fields = $2;

    # Clean up the field name
    fieldname = '';
    for (int i = 0; i < length(unconverted_fieldname); i++) (
      string c = lowercase(substr(unconverted_fieldname, i, 1));
      if (!matches_regular_expression(c, '^[a-z0-9]$')) then
        c = '_';
      fieldname .= c;
    );

#echo("fieldname: " . fieldname);
    # Get the log field type
    string log_field_type = 'flat';

    # Create the log field
    create_log_field(fieldname, log_field_type, true);

    # If we're creating a profile, create the database fields too.
    if ('volatile'?{'creating_profile'}) then (

      # Handle date by creating date_time and derived database fields
      if (fieldname eq "date") then (
        create_database_field('date_time');
        create_database_field('day_of_week');
        create_database_field('hour_of_day');
      ); # if date

      else if (fieldname eq "time") then (
        create_database_field('date_time');
        create_database_field('day_of_week');
        create_database_field('hour_of_day');
      ); # if time

      # Don't add a database field for numerical fields
      else if (numerical_fields?{fieldname}) then (
        debug_message("Not adding numerical field: " . fieldname . "\n");
      );
  
      # Create a normal database field
      else
        create_database_field(fieldname);

    ); # if creating profile
 
  ); # while another field

  # Don't parse the header line as a data line
  'reject';
); # if header

else (
);

`


  # Log fields
  log.fields = {

  } # log.fields


  # Database fields
  database.fields = {

  } # database.fields

  # Log Filters
  log.filters = {

    clear_number = {
      label = 'Clear Number'
      comment = 'This filter clears the number field, to simplify the database'
      value = 'number = "[omitted]"'
    } # clear_number

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = false
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # events

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # netscreen_ssg