# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. web_sealauthorization_xml = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2011-07-22 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "IBM" info.1.device = "WebSEAL Authorization (XML)" info.1.version.1 = "" # The name of the log format log.format.format_label = "WebSEAL Authorization (XML) Log Format" log.miscellaneous.log_data_type = "generic" log.miscellaneous.log_format_type = "other" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^', '*KEY*,event_rev')" } # 2 # Parse out the outcome field 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('()([^<]*)', '*KEY*,outcome_status,outcome')" } # 3 # Parse out the originator component field 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('()]* blade=\"([^\"]*)\"[^>]*>]*>([^<]*)', '*KEY*,originator_blade,originator_component')" } # 4 # Parse out the originator action field 5 = { label = "5" comment = "" value = "collect_fields_using_regexp(']*>()([^<]*)', '*KEY*,originator_action')" } # 5 # Parse out the originator location field 6 = { label = "6" comment = "" value = "collect_fields_using_regexp(']*>()([^<]*)', '*KEY*,originator_location')" } # 6 # Parse out the accessor principal field 7 = { label = "7" comment = "" value = "collect_fields_using_regexp('<()principal[^>]* auth=\"([^\"]*)\"[^>]*>([^<]*)', '*KEY*,accessor_principal_auth,accessor_principal')" } # 7 # Parse out the target object field 8 = { label = "8" comment = "" value = "collect_fields_using_regexp('<()target[^>]* resource=\"([^\"]*)\"[^>]*>]*>([^<]*)', '*KEY*,target_resource,target_object')" } # 8 # Parse out the data field 9 = { label = "9" comment = "" value = "collect_fields_using_regexp('^()([^<]*)', '*KEY*,data')" } # 9 # Accept the log entry when we get to the line 10 = { label = "10" comment = "" value = "accept_collected_entry_using_regexp('()', false)" } # 10 } # log.parsing_filters # Log Filters log.filters = { # Convert the outcome field to English values. 1 = { label = "1" comment = "" value = "convert_field_map('outcome', '0->SUCCESS|1->FAILURE|2->PENDING|3->UNKNOWN')" } # 1 mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day outcome = { label = "$lang_stats.field_labels.outcome" log_field = "outcome" type = "string" suppress_top = 0 suppress_bottom = 2 } # outcome outcome_status = { label = "$lang_stats.field_labels.outcome_status" log_field = "outcome_status" type = "string" suppress_top = 0 suppress_bottom = 2 } # outcome_status originator_component = { label = "$lang_stats.field_labels.originator_component" log_field = "originator_component" type = "string" suppress_top = 0 suppress_bottom = 2 } # originator_component originator_action = { label = "$lang_stats.field_labels.originator_action" log_field = "originator_action" type = "string" suppress_top = 0 suppress_bottom = 2 } # originator_action originator_location = { label = "$lang_stats.field_labels.originator_location" log_field = "originator_location" type = "string" suppress_top = 0 suppress_bottom = 2 } # originator_location originator_blade = { label = "$lang_stats.field_labels.originator_blade" log_field = "originator_blade" type = "string" suppress_top = 0 suppress_bottom = 2 } # originator_blade accessor_principal = { label = "$lang_stats.field_labels.accessor_principal" log_field = "accessor_principal" type = "string" suppress_top = 0 suppress_bottom = 2 } # accessor_principal accessor_principal_auth = { label = "$lang_stats.field_labels.accessor_principal_auth" log_field = "accessor_principal_auth" type = "string" suppress_top = 0 suppress_bottom = 2 } # accessor_principal_auth target_object = { label = "$lang_stats.field_labels.target_object" log_field = "target_object" type = "string" suppress_top = 0 suppress_bottom = 2 } # target_object target_resource = { label = "$lang_stats.field_labels.target_resource" log_field = "target_resource" type = "string" suppress_top = 0 suppress_bottom = 2 } # target_resource event_rev = { label = "$lang_stats.field_labels.event_rev" log_field = "event_rev" type = "string" suppress_top = 0 suppress_bottom = 2 } # event_rev data = { label = "$lang_stats.field_labels.data" log_field = "data" type = "string" suppress_top = 0 suppress_bottom = 2 } # data } # database.fields database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" outcome = true outcome_status = true originator_component = true originator_action = true originator_location = true originator_blade = true accessor_principal = true accessor_principal_auth = true target_object = true target_resource = true event_rev = true data = true } # report_groups } # create_profile_wizard_options not_supported = { bandwidth = true sessions = true visitors = true individualhosts = true pageviews = true } # not_supported } # web_sealauthorization_xml