# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
network_security_appliance = {

  plugin_version = "1.0"

  # 2012-10-22 - 1.0 - GMF - Initial creation

  info.1.manufacturer = "SonicWall"
  info.1.device = "NSA (Network Security Appliance)"
  info.1.version.1 = "2400"

  # The name of the log format
  log.format.format_label = "Sonicwall NSA (Network Security Appliance)"
  log.miscellaneous.log_data_type = "network"  
  log.miscellaneous.log_format_type = "firewall"

  # The log is in this format if any of the first ten lines match this regular expression
  #42:13.5,Info,Wireless,802.11 Management,,,Authentication from 00:0e:35:cf:3e:25 to SSID LibraryFreeWiFi on radio 802.11n at SouthLib a53d32,
  log.format.autodetect_regular_expression = "^[0-9][0-9]:[0-9][0-9][.][0-9],Info,"

  # Don't expect a CSV header, even if the filename is CSV
#  log.format.ignore_format_lines = "true"

  log.format.field_separator = ","

  # Log fields
  log.fields = {

    time.index = 1
    priority.index = 2
    category.index = 3
    message.index = 4
    source.index = 5
    destination.index = 6
    notes.index = 7
    rule.index = 8

    mac_address = ""
    ssid = ""
    radio = ""
    network_location = ""

  } # log.fields

  # Log Parsing Filters
  log.parsing_filters.parse = `

# Don't accept the header line
if (priority eq 'Priority') then
  'reject';

#29:28.7,Info,Wireless,802.11 Management,,,Authentication from 00:13:22:6b:b2:88 to SSID LibraryFreeWiFi on radio 802.11n at SouthLib a53d32,
else if (matches_regular_expression(notes, '^Authentication from ([^ ]+) to SSID ([^ ]+) on radio ([^ ]+) at ([^ ]+)')) then (
  mac_address = $1;
  ssid = $2;
  radio = $3;
  network_location = $4;
);
`

  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  # Database fields
  database.fields = {
#    date_time = ""
#    day_of_week = ""
#    hour_of_day = ""

    priority = ""
    category = ""
    message = ""
    source = ""
    destination = ""
    notes = ""
    rule = ""

    mac_address = ""
    ssid = ""
    radio = ""
    network_location = ""

  } # database.fields

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
    } # report_groups

    snapons = {

      omit_message = {

        name = "Omit message"
        label = "Omit message"
        snapon = "omit_field"

        parameters = {
          field.final_node_name = "message"
        } # parameters
               
      } # omit_message

      # Add the standard reports
      add_standard_reports = {
        name = "add_standard_reports"
	label = "add_standard_reports"
	snapon = "add_standard_reports"
      } # add_standard_reports

    } # snapons

  } # create_profile_wizard_options

} # network_security_appliance