# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. 3_com_office_connect_win_syslog = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2010-10-06 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "3Com" info.1.device = "OfficeConnect/WinSyslog" info.1.version.1 = "" # The name of the log format log.format.format_label = "3Com Office Connect / WinSyslog Log Format" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "network_device" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9],[0-9][0-9]:[0-9][0-9]:[0-9][0-9],[0-9.]*,[0-9]*,[0-9]*,id=" # The format of dates and times in this log log.format.date_format = "yyyy/mm/dd" log.format.time_format = "h:mm:ss" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = { label = "$lang_stats.field_labels.date" type = "date" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # date syslog_time = { label = "$lang_stats.field_labels.syslog_time" type = "time" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # syslog_time id = { label = "$lang_stats.field_labels.id" type = "flat" index = 0 subindex = 0 } # id time = { label = "$lang_stats.field_labels.time" type = "flat" index = 0 subindex = 0 } # time fw = { label = "$lang_stats.field_labels.fw" type = "flat" index = 0 subindex = 0 } # fw pri = { label = "$lang_stats.field_labels.pri" type = "flat" index = 0 subindex = 0 } # pri proto = { label = "$lang_stats.field_labels.proto" type = "flat" index = 0 subindex = 0 } # proto src = { label = "$lang_stats.field_labels.src" type = "host" index = 0 subindex = 0 hierarchy_dividers = "." left_to_right = false leading_divider = "false" } # src dst = { label = "$lang_stats.field_labels.dst" type = "flat" index = 0 subindex = 0 } # dst rcvd = { label = "$lang_stats.field_labels.rcvd" type = "size" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # rcvd sn = { label = "$lang_stats.field_labels.sn" type = "flat" index = 0 subindex = 0 } # sn c = { label = "$lang_stats.field_labels.c" type = "flat" index = 0 subindex = 0 } # c m = { label = "$lang_stats.field_labels.m" type = "flat" index = 0 subindex = 0 } # m dstname = { label = "$lang_stats.field_labels.dstname" type = "flat" index = 0 subindex = 0 } # dstname arg = { label = "$lang_stats.field_labels.arg" type = "page" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # arg op = { label = "$lang_stats.field_labels.op" type = "flat" index = 0 subindex = 0 } # op result = { label = "$lang_stats.field_labels.result" type = "flat" index = 0 subindex = 0 } # result } # log.fields # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day id = { label = "$lang_stats.field_labels.id" log_field = "id" type = "string" suppress_top = 0 suppress_bottom = 2 } # id fw = { label = "$lang_stats.field_labels.fw" log_field = "fw" type = "string" suppress_top = 0 suppress_bottom = 2 } # fw pri = { label = "$lang_stats.field_labels.pri" log_field = "pri" type = "string" suppress_top = 0 suppress_bottom = 2 } # pri proto = { label = "$lang_stats.field_labels.proto" log_field = "proto" type = "string" suppress_top = 0 suppress_bottom = 2 } # proto src = { label = "$lang_stats.field_labels.src" log_field = "src" type = "string" suppress_top = 0 suppress_bottom = 2 } # src dst = { label = "$lang_stats.field_labels.dst" log_field = "dst" type = "string" suppress_top = 0 suppress_bottom = 2 } # dst dstname = { label = "$lang_stats.field_labels.dstname" log_field = "dstname" type = "string" suppress_top = 0 suppress_bottom = 2 } # dstname arg = { label = "$lang_stats.field_labels.arg" log_field = "arg" type = "string" suppress_top = 0 suppress_bottom = 2 } # arg op = { label = "$lang_stats.field_labels.op" log_field = "op" type = "string" suppress_top = 0 suppress_bottom = 2 } # op result = { label = "$lang_stats.field_labels.result" log_field = "result" type = "string" suppress_top = 0 suppress_bottom = 2 } # result sn = { label = "$lang_stats.field_labels.sn" log_field = "sn" type = "string" suppress_top = 0 suppress_bottom = 2 } # sn c = { label = "$lang_stats.field_labels.c" log_field = "c" type = "string" suppress_top = 0 suppress_bottom = 2 } # c m = { label = "$lang_stats.field_labels.m" log_field = "m" type = "string" suppress_top = 0 suppress_bottom = 2 } # m } # database.fields # # Log Parsing Filters log.parsing_filters = { # Parse out the date/time 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('^()([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]),([0-9][0-9]:[0-9][0-9]:[0-9][0-9]),([0-9.]*)', '*KEY*,date,syslog_time,proxy_ip')" } # 1 # Parse out the space-separated, =-divided variables 2 = { label = "2" comment = "" value = "collect_listed_fields_using_regexp('()(id=.*)$', ' ', '=', '')" } # 2 # Accept a collected field when there is a "id=" line 3 = { label = "3" comment = "" value = "accept_collected_entry_using_regexp('(),id=', false)" } # 3 } # log.parsing_filters # Log Filters log.filters = { simplify_url = { label = "$lang_admin.log_filters.simplify_url_label" comment = "$lang_admin.log_filters.simplify_url_comment" value = "if (matches_regular_expression(arg, '^([^:]+://[^/]+/)')) then arg = $1 . '(omitted)'" } # simplify_url mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "arg" sessions_visitor_id_field = "src" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "src" type = "unique" display_format_type = "integer" } # visitors rcvd = { label = "$lang_stats.field_labels.rcvd" default = false requires_log_field = true log_field = "rcvd" type = "int" integer_bits = 64 display_format_type = "bandwidth" } # rcvd } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" id = true fw = true pri = true proto = true src = true dst = true dstname = true arg = true op = true result = true sn = true c = true m = true } # report_groups } # create_profile_wizard_options not_supported = { sessions = true pageviews = true } # not_supported } # 3_com_office_connect_win_syslog