# Copyright (c) 2012 Flowerfire, Inc. All Rights Reserved. webseal_request = { plugin_version = "1.1" info.1.manufacturer = "IBM" info.1.device = "WebSEAL Request" info.1.version = "" # 2012-08-08 - GMF - 1.0 - Initial creation # 2012-09-05 - GMF - 1.1 - Changed sessions to be based on authenticated_user (ThreadID:1274326). # The name of the log format log.format.format_label = "IBM WebSEAL Request Log Format" log.miscellaneous.log_data_type = "http_access" log.miscellaneous.log_format_type = "web_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = '^[^ ]+ [^ ]+ [^/]+ [0-9A-Za-z/]+:[0-9:]+ [^ ]+ "[A-Z]+ /[^ ]+ HTTP[^"]*" [0-9]+ [-0-9]+' log.format.parsing_regular_expression = '^([^ ]+) ([^ ]+) ([^/]+) ([0-9A-Za-z/]+):([0-9:]+) ([^ ]+) "([A-Z]+) (/[^ ]+) (HTTP[^"]+)" ([0-9]+) ([-0-9]+)' # Log fields log.fields = { hostname.type = "host" server_domain = "" authenticated_user = "" date = "" time = "" timezone = "" operation = "" page = { type = "page" hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # page protocol = "" server_response = "" size = "" } # log.fields # Database fields database.fields = { date_time = "" # 2009-05-20 - GMF - Commented this out, because the time_stamp field is horribly complex. Uncomment it if you need this, but it will make the database unwieldy. # time_stamp = { # display_format_type = "date_time" # } # time_stamp day_of_week = "" hour_of_day = "" page = { suppress_bottom = 9 display_format_type = "page" } # page file_type = "" worm = "" screen_dimensions = "" screen_depth = "" hostname = "" domain_description = "" location = "" authenticated_user = "" server_response = "" server_domain = "" } # database.fields # Log Filters log.filters = { not_authenticated = { label = "$lang_admin.log_filters.not_authenticated_label" comment = "$lang_admin.log_filters.not_authenticated_comment" value = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';" } # not_authenticated set_page_for_worm = { label = "$lang_admin.log_filters.set_page_for_worm_label" comment = "$lang_admin.log_filters.set_page_for_worm_comment" value = "if (starts_with(worm, '(')) then '' else page = '(worm)';" } # set_page_for_worm remove_query = { label = "$lang_admin.log_filters.remove_query_label" comment = "$lang_admin.log_filters.remove_query_comment" value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';" } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry # 2009-05-20 - GMF - Commented this out, because it makes the timestamp field horribly complex. Uncomment it if you need this, but it will make the database unwieldy. # copy_date_time = { # label = 'Copy Date/Time' # comment = 'Copy date_time field to time_stamp field.' # value = 'time_stamp = date_time;' # } # copy_date_time } # log.filters log.field_options = { sessions_page_field = "page" # sessions_visitor_id_field = "hostname" sessions_visitor_id_field = "authenticated_user" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "hostname" type = "unique" display_format_type = "integer" } # visitors size = { label = "$lang_stats.field_labels.size" default = false requires_log_field = true log_field = "size" type = "int" integer_bits = 64 display_format_type = "bandwidth" } # size } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { page = true file_type = true } visitor_demographics_group = { hostname = true domain_description = true location = true authenticated_user = true authenticated_user_by_hour_of_day = true # 2009-05-20 - GMF - Commented this out, because the time_stamp field is horribly complex. Uncomment it if you need this, but it will make the database unwieldy. # authenticated_user_by_time_stamp = true } visitor_systems_group = { screen_dimensions = true screen_depth = true } other_group = { worm = true server_domain = true server_response = true } } # report_groups } # create_profile_wizard_options } # webseal_request