# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
cisco_net_flow_flow_export = {

  # Generated by flow-tools from http://www.splintered.net/sw/flow-tools/
  # The command for ASCII export is:
  # flow-export -f 2 < {binary Netflow file} > out.txt

  # e.g.
  #
  # #:unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcaddr,dstaddr,nexthop,input,output,srcport,dstport,prot,tos,tcp_flags,src_mask,dst_mask,src_as,dst_as
  # 1147317295,444068832,2191804244,203.232.128.111,12,986,2191757688,2191757888,0,0,151.91.9.10,204.12.234.141,203.202.128.17,4,1,40978,80,6,0,27,16,24,0,0

  plugin_version = "1.1.2"

  # 15/05/2006 : 1.0beta - GMF : first version
  # 2007-09-14 : 1.0 - KBB : renumbered per new beta policy
  # 2008-02-01 : 1.1 - gas : fixed bug in doctets field - added type = float
  # 2009-05-01 : 1.1.1 - GMF : Fixed bug with location field creation
  # 2011-07-27 - 1.1.2 - MSG - Edited info lines.

  info.1.manufacturer = "Cisco Systems"
  info.1.device = "NetFlow (flow-export)"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "Cisco NetFlow (flow-export)"
  log.miscellaneous.log_data_type = "csv"
  log.miscellaneous.log_format_type = "network_device"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^#:unix_secs,"

  # The format of dates and times in this log
  log.format.date_format = "seconds_since_jan1_1970"
  log.format.time_format = "seconds_since_jan1_1970"

  auto_setup.omit_database_fields = "unix_secs,unix_nsecs,sysuptime,first,last"

  # Log fields
  log.fields = {

     date_time = ""
     srcaddr.type = "host"

  } # log.fields


  # Database fields
  database.fields = {

    date_time = ""
    location = ""

  } # database.fields

  log.parsing_filters.parse = `
date_time = unix_secs;
`

  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

    dpkts = {
      default = true
    } # dpkts

    doctets = {
      type = "int"
      integer_bits = 64
      default = true
      display_format_type = "bandwidth"
    } # doctets

    unique_source_ips = {
      type = "unique"
      log_field = "srcaddr"
      display_format_type = "integer"
    } # unique_source_ips

  } # database.numerical_fields

  create_profile_wizard_options = {

    final_step = `
include "templates.admin.profiles.setup_reports_util";

string profile = "profiles." . volatile.new_profile_name;

# Create the standard reports
add_standard_reports(profile);
`

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      source_group = {
        src_mask = true
        srcaddr = true
        src_as = true
      	srcport = true
        location = true
      }
      destination_group = {
        dst_mask = true
        dstaddr = true
        dst_as = true
	dstport = true
      }
      other_group = {
        exaddr = true
        engine_type = true
        engine_id = true
        nexthop = true
        input = true
        output = true
        prot = true
        tos = true
        tcp_flags = true
      }
    } # report_groups

  } # create_profile_wizard_options

} # cisco_net_flow_flowtools_export