# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. iisweb = { plugin_version = "1.6" info.1.manufacturer = "Microsoft" info.1.device = "IIS Extended (W3C)" info.1.version = "" # 2007-07-06 - 1.1 - KBB - Added broken_link field and log filter to set it # 2010-10-01 - 1.2 - MSG - Edited info lines. # 2012-07-10 - 1.3 - GMF - Added web server package snapon # 2012-08-03 - 1.4 - GMF - Added page parameter to web server package snapon # 2012-08-06 - 1.5 - GMF - Switched web_server_package to implement page_views and referrer analysis and agent analysis; turned off hit_type (it can later be implemented in web_server_package, if desired). # 2012-08-06 - 1.6 - GMF - Implemented file_type and worm with web_server_package # The name of the log format log.format.format_label = "IIS Extended (W3C) Web Server Log Format" log.miscellaneous.log_data_type = "generic_w3c" log.miscellaneous.log_format_type = "web_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^#Software: Microsoft Internet Information (Server|Services) [4-9]" # The format of dates and times in this log log.format.date_format = "yyyy-mm-dd" log.format.time_format = "hh:mm:ss" # Don't track these fields as discrete database fields. Don't add sc_bytes as a database field here, because it will be added by the web_server_package snapon. auto_setup.omit_database_fields = "cs_uri_query,cs_cookie,sc_bytes,cs_bytes" # Look through a lot of lines to make sure we get past any process accounting information log.format.autodetect_lines = "200" # IIS uses does not use quotes to quote fields, so treat them as actual field values if we see them log.format.ignore_quotes = "true" # Log Filters log.filters = { empty_uri_query = { label = "$lang_admin.log_filters.empty_uri_query_label" comment = "$lang_admin.log_filters.empty_uri_query_comment" value = "if (cs_uri_query eq '-') then cs_uri_query = '(empty)';" disabled = true requires_fields = { cs_uri_query = true } } # empty_uri_query add_cs_uri_query = { label = "$lang_admin.log_filters.add_cs_uri_query_label" comment = "$lang_admin.log_filters.add_cs_uri_query_comment" value = "cs_uri_stem = cs_uri_stem . '?' . cs_uri_query" disabled = true requires_fields = { cs_uri_query = true cs_uri_stem = true } } # add_cs_uri_query } # log.filters database.numerical_fields = { time_taken = { type = "int" integer_bits = 64 display_format_type = duration_milliseconds } # time_taken # time_taken_avg = { # label = "$lang_stats.field_labels.average $lang_stats.field_labels.time_taken" # default = false # log_field = "time_taken" # requires_log_field = true # type = "int" # integer_bits = 64 # aggregation_method = "average" # average_denominator_field = "hits" # display_format_type = duration_milliseconds # } # time_taken } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { cs_uri_stem = true cs_uri_query = true } visitor_demographics_group = { c_ip = true cs_username = true } referrer_group = { referrer = true } server_group = { s_sitename = true s_computername = true s_ip = true s_port = true cs_host = true } other_group = { cs_version = true # spider = true cs_method = true sc_status = true sc_substatus = true sc_win32_status = true cs_cookie = true } } # report_groups # This plug-in does its derived fields manually--don't automatically create operating_system, web_browser, etc. manual_derived_fields = true snapons = { # Attach a web_server_package snapon web_server_package = { snapon = "web_server_package" name = "web_server_package" label = "$lang_admin.snapons.web_server_package.label" parameters = { user_agent_field.parameter_value = "cs_user_agent" page_field.parameter_value = "cs_uri_stem" client_ip_field.parameter_value = "c_ip" server_response_field.parameter_value = "sc_status" referrer_field.parameter_value = "referrer" authenticated_user_field.parameter_value = "cs_username" hits_field = { parameter_value = "$lang_stats.field_labels.hits" final_node_name = "hits" } # hits visitors_field = { parameter_value = "$lang_stats.field_labels.unique_client_ips" final_node_name = "unique_client_ips" } # visitors_field sc_bytes_field = { parameter_value = "$lang_stats.field_labels.sc_bytes" final_node_name = "sc_bytes" } # sc_bytes_field cs_bytes_field = { parameter_value = "$lang_stats.field_labels.cs_bytes" final_node_name = "cs_bytes" } # cs_bytes_field } # parameters } # web_server_package } # snapons # final_step = ` #include "templates.admin.profiles.setup_reports_util"; # #string profile = "profiles." . volatile.new_profile_name; # ## Remove cs_uri_query and cs_cookie from the database fields #delete_database_field(profile, 'cs_uri_query'); #delete_database_field(profile, 'cs_cookie'); # ## Create the standard reports #add_standard_reports(profile); # ## Delete referrer filters if there's no referrer field ##if (!node_exists(profile . ".database.fields.referrer")) then ( ## (profile . ".log.filters.no_referrer.disabled") = true; ## (profile . ".log.filters.internal_referrer.disabled") = true; ##); # # ` # end final_step } # create_profile_wizard_options ## ## Uncommenting this section will provide enhanced granularity visitor tracking by over-riding ## default visitor tracking and uniqueness using c_ip with c_ip + cs_user_agent in ## all reports including sessions analysis reporting ## ## log.fields.visitor_id = "" ## database.fields.visitor_id = "" ## database.numerical_fields.visitors.log_field = "visitor_id" ## ## log.filters.visitor_id = { ## label = 'Client IP + user Agent' ## comment = 'Provides better tracking of unique visitors when multiple users are coming from the same client IP (ISP/NAT/FIREWALL/ROUTER)' ## value = 'visitor_id = c_ip . "+" . cs_user_agent;' ## } # log.filters.visitor_id ## ## log.field_options.sessions_visitor_id_field = "visitor_id" } # iisweb