# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
siteminder_policy_server = {

  plugin_version = "1.1.1"

  # 2007-09-14 - 1.1 - KBB - renumbered per new beta policy
  # 2006-12-12 - 1.1beta: KBB - format with date now available, so debugged -
  # now capturing all lines and full message
  # 2006-10-26 - 1.0beta: KBB - initial creation
  # 2011-07-18 - 1.1.1 - MSG - Edited info lines.

  info.1.manufacturer = "CA Technologies"
  info.1.device = "SiteMinder Policy Server"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "SiteMinder Policy Server Log Format"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "application"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = `\\[PreciseTime\\]\\[Message\\]\\[AgentName\\]`

  # The format of dates and times in this log
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  log.format.collected_entry_lifespan = 0

  # Log fields
  log.fields = {

    date = ""
    time = ""
    agent_name = ""
    message = ""
    resource = ""
    user = ""
    thread_id = ""
    status = ""
    start_time = "" # used to calculate response time
    response_time = ""
    response_time2 = ""
    response_time3 = ""

  } # log.fields


# without date
#[PreciseTime][Message][AgentName][Resource][User][Tid]
#[===========][=======][=========][========][====][===]
#[09:31:42.544799][Receive request attribute 208, data size is 15][here.there.com][][][4]
#[09:31:42.545062][Receive request attribute 200, data size is 31][here.there.com][][][4]
#[09:31:42.545233][Receive request attribute 217, data size is 32][here.there.com][][][4]
#[09:31:42.545363][Receive request attribute 201, data size is 20][here.there.com][][][4]
#[09:31:42.545490][Receive request attribute 202, data size is 3][here.there.com][][][4]
#[09:31:42.545677][** Received agent request.][here.there.com][][][4]
#[09:31:42.687384][Enter function CSm_Az_Message::IsProtected][][][][4]
#[09:31:42.687583][Received request from agent, check agent api version.][here.there.com][][][4]
#[09:31:42.687384][Enter function CSm_Az_Message::IsProtected][][][][4]
#[09:31:42.687583][Received request from agent, check agent api version.][here.there.com][][][4]
#[09:31:42.687688][Starting IsProtected processing.][here.there.com][/abc/xyz.jsp][][4]
#[09:31:42.688771][Resource is not protected, no realm matches this resource][][/abc/xyz.jsp][][4]
#[09:31:42.698687][Send response attribute 146, data size is 0][here.there.com][][][4]
#[09:31:42.698795][Send response attribute 147, data size is 0][here.there.com][][][4]
#[09:31:42.698897][** Status: Not Protected. ][here.there.com][][][4]
#[09:31:42.699012][Leave function CSm_Az_Message::IsProtected][][][][4]
# with date
#[Date][PreciseTime][Message][AgentName][Resource][User][Tid]
#[====][===========][=======][=========][========][====][===]
#[12/11/2006][04:30:07.610][Leave function CSm_Az_Message::IsProtected][][][][1490876]
#[12/11/2006][04:30:07.690][Receive request attribute 208, data size is 16][here.there.com][][][1490889]

  # Log Parsing Filters
  log.parsing_filters.parse = `

if (matches_regular_expression(current_log_line(), '(.*)\\\\[([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\\\.[0-9]+\\\\]\\\\[([^]]*)\\\\]\\\\[([^]]*)\\\\]\\\\[([^]]*)\\\\]\\\\[([^]]*)\\\\]\\\\[([0-9]+)\\\\]')) then (
  v.key = $7;
  v.message = $3;
  v.date = $1;
  v.time = $2;
  # Use today's date if there is no date field
  if (matches_regular_expression(v.date, '\\\\[([0-9]{2}/[0-9]{2}/[0-9]{4})\\\\]')) then (
    v.date = $1;
  );
  else if (v.date eq '') then (
    v.date_time = epoc_to_date_time(now());
    v.date = substr(v.date_time, 0, 11);
  );
  set_collected_field(v.key, 'date', v.date);
  set_collected_field(v.key, 'time', v.time);
  set_collected_field(v.key, 'thread_id', v.key);
  set_collected_field(v.key, 'message', v.message);

# debug
#  v.agent = $4;
#  v.resource = $5;
#  v.user = $6;
#  
#  v.old_agent = get_collected_field(v.key, 'agent_name');
#  v.old_resource = get_collected_field(v.key, 'resource');
#  v.old_user = get_collected_field(v.key, 'user');
#
#  if ((v.old_agent ne '(empty)') and (v.old_agent ne '') and (v.agent ne v.old_agent)) then (
#    echo("overwriting agent " . v.old_agent . " with " . v.agent);
#  );
#  if (contains(v.message, 'Status') and (v.old_resource ne '(empty)') and (v.old_resource ne '') and (v.resource ne v.old_resource)) then (
#    echo("overwriting resource " . v.old_resource . " with " . v.resource);
#  );
#  if (contains(v.message, 'Status') and (v.old_user ne '(empty)') and (v.old_user ne '') and (v.user ne v.old_user)) then (
#    echo("overwriting user " . v.old_user . " with " . v.user . " message " . v.message);
#  );

  set_collected_field(v.key, 'agent_name', $4);
  set_collected_field(v.key, 'resource', $5);
  set_collected_field(v.key, 'user', $6);

  if (matches_regular_expression(v.message, '\\\\*\\\\* Status: (Not Authorized|Authorized|Protected|Not Protected|Not Authenticated|Authenticated|Validated|Not Validated)\\\\.')) then (
    set_collected_field(v.key, 'status', $1);
    v.end_time = date_time_to_epoc(normalize_date(v.date, 'auto') . " " . normalize_time(v.time, 'auto'));
    v.start_time = get_collected_field(v.key, 'start_time');
    #echo("start_time " . v.start_time);
    #echo("end_time " . v.end_time);
    if (v.start_time == 0) then (
      #echo("found end event before start event");
    );
    else (
      v.response_time = v.end_time - v.start_time;
      set_collected_field(v.key, 'response_time', v.response_time);
      set_collected_field(v.key, 'response_time2', v.response_time);
      set_collected_field(v.key, 'response_time3', v.response_time);
    );
    accept_collected_entry(v.key, false);
  );
  else if (matches_regular_expression(v.message, '\\\\*\\\\* Received (request from agent|agent request)')) then (
    set_collected_field(v.key, 'start_time', date_time_to_epoc(normalize_date(v.date, 'auto') . " " . normalize_time(v.time, 'auto')));
    accept_collected_entry(v.key, true);
  );
  else (
    accept_collected_entry(v.key, true);
  );
);
`


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    agent_name = ""
    message = ""
    resource = ""
    user = ""
    status = ""
    thread_id.sort_type = "integer"
    response_time.sort_type = "integer"

  } # database.fields

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

    response_time2 = {
      aggregation_method = "average"
      average_denominator_field = "events"
    } # response_time2

    response_time3 = {
      display_format_type = "duration_compact"
    } # response_time3

  } # database.numerical_fields


  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # siteminder_policy_server