# Copyright (c) 2013 Flowerfire, Inc. All Rights Reserved. savvion_bpm = { plugin_version = "1.4.2" info.1.manufacturer = "Aurea" info.1.device = "Savvion BPM" info.1.version = "" # 2013-07-18 - GMF - 1.0 - Initial creation # 2013-07-24 - MSG - 1.1 - Fixed typo in file name (saavion -> savvion) # 2013-08-06 - MSG - 1.2 - Added session analysis (extraction of user field from appropriate lines; setting user_events=1 for user events; sessions snapon) # 2013-09-04 - MSG/GMF - 1.3 - Added support for username followed by a semicolon. # 2013-09-20 - GMF - 1.4 - Added "errors" and "session_events" fields. ERROR lines are not counted as session events. # 2013-10-08 - GMF - 1.4.1 - Broadened username detection # 2013-10-10 - GMF - 1.4.2 - Changed username detection to assume usernames do not contain a space, and select just the word after "user" # The name of the log format log.format.format_label = "Savvion BPM" log.miscellaneous.log_data_type = "other" log.miscellaneous.log_format_type = "other" # The log is in this format if any of the first ten lines match this regular expression #[#| 05 Jul 2013 17:10:27,313 | Portal | INFO | webnode1 | Portal | Getting Dashboard Widgets for Dashboard12 | WebContainer : 7 |#] log.format.autodetect_regular_expression = "^[[]#[|] [0-9][0-9] [A-Z][a-z][a-z] [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9],[0-9][0-9][0-9] [|] Portal [|]" log.format.parsing_regular_expression = "^[[]#[|] ([0-9][0-9] [A-Z][a-z][a-z] [0-9][0-9][0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]),[0-9][0-9][0-9] [|] ([^|]*) [|] ([^|]*) [|] ([^|]*) [|] ([^|]*) [|] ([^|]*) [|] ([^|]*) [|]" # Log fields log.fields = { date = "" time = "" log_type = "" message_type = "" server = "" location = "" message = "" output = "" user = "" user_events = "" session_events = "" errors = "" } # log.fields log.parsing_filters.parse = ` if (message_type eq "ERROR") then errors = 1; #if (matches_regular_expression(message, ' (for|with) user (.*)$') or if (matches_regular_expression(message, ' user ([^ ]+)') or matches_regular_expression(message, ', User [[]([^]]+)[]]') ) then ( user = $1; #[#| 05 Jul 2013 17:10:27,669 | Portal | INFO | webnode1 | Portal | Getting Published Dashboards for user - abc.defgh | WebContainer : 7 |#] if (matches_regular_expression(user, '^- (.*)$')) then user = $1; #[#| 05 Jul 2013 17:12:42,882 | Portal | INFO | webnode1 | UserManager.logoutUser(sessionData) | (6134):Session has been invalidated for user "abc.defgh". | Non-deferrable Alarm : 1 |#] else if (matches_regular_expression(user, '^"([^"]*)"[.]$')) then user = $1; #[#| 05 Jul 2013 17:12:42,882 | Portal | INFO | webnode1 | UserManager.logoutUser(sessionData) | (6134):Session has been invalidated for user "abc.defgh". | Non-deferrable Alarm : 1 |#] else if (matches_regular_expression(user, '^"([^"]*)"[.]$')) then user = $1; #[#| 19 Aug 2013 08:10:01,661 | Portal | INFO | webnode1 | UserManager.loginUser(request,user,password) | (6119):The user "fhmc.jilovett" has logged in. | WebContainer : 8 |#] else if (matches_regular_expression(user, '^"([^"]*)"')) then user = $1; #[#| 16 Aug 2013 14:12:27,165 | Portal | ERROR | webnode1 | Portal | (PW16094):Current Password is invalid for user fhmc.lesweene; context(AjaxUtilController.isCurrentPasswordValid(request,response,bizSite)); | WebContainer : 0 |#] if (matches_regular_expression(user, '^([^;]+)')) then user = $1; user_events = 1; # Mark it as a logout if location contains logoutUser if (matches_regular_expression(location, 'logoutUser')) then message = "logout"; # ERROR events are not session events [ThreadID:1294945] if (errors == 1) then session_events = 0; else session_events = 1; ); # if user ` create_profile_wizard_options = { snapons = { server = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "server" # report_group_name.final_node_name = "content_group" } # parameters } # server date_time_fields = { snapon = "date_time_fields" } # date_time log_type = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "log_type" # report_group_name.final_node_name = "content_group" } # parameters } # log_type message_type = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "message_type" # report_group_name.final_node_name = "content_group" } # parameters } # message_type location = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "location" # report_group_name.final_node_name = "content_group" } # parameters } # location message = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "message" } # parameters } # message user = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "user" } # parameters } # user output = { snapon = "non_aggregating_field" parameters = { field_name.final_node_name = "output" # report_group_name.final_node_name = "content_group" } # parameters } # output # Attach the Events field events = { snapon = "aggregating_field" name = "events" label = "events" parameters = { field_name = { parameter_value = "{=capitalize(lang_stats.field_labels.events)=}" final_node_name = "events" } log_field.parameter_value = "{= @parameters{'hits_field'}{'final_node_name'} =}" database_filter.parameter_value = "events = 1" aggregation_operator.parameter_value = "sum" entries_field.parameter_value = true main_field.parameter_value = true } # parameters } # events # Attach the User Events field user_events = { snapon = "aggregating_field" name = "user_events" label = "user_events" parameters = { field_name = { parameter_value = "{=capitalize(lang_stats.field_labels.user_events)=}" final_node_name = "user_events" } log_field.parameter_value = "user_events" # database_filter.parameter_value = "events = 1" aggregation_operator.parameter_value = "sum" # entries_field.parameter_value = true # main_field.parameter_value = true } # parameters } # user_events # Attach the Session Events field session_events = { snapon = "aggregating_field" name = "session_events" label = "session_events" parameters = { field_name = { parameter_value = "{=capitalize(lang_stats.field_labels.session_events)=}" final_node_name = "session_events" } log_field.parameter_value = "session_events" # database_filter.parameter_value = "events = 1" aggregation_operator.parameter_value = "sum" # entries_field.parameter_value = true # main_field.parameter_value = true } # parameters } # session_events # Attach the Errors field errors = { snapon = "aggregating_field" name = "errors" label = "errors" parameters = { field_name = { parameter_value = "{=capitalize(lang_stats.field_labels.errors)=}" final_node_name = "errors" } log_field.parameter_value = "errors" # database_filter.parameter_value = "events = 1" aggregation_operator.parameter_value = "sum" # entries_field.parameter_value = true # main_field.parameter_value = true } # parameters } # errors sessions = { snapon = "sessions" name = "sessions" label = "$lang_admin.snapons.sessions.label" prompt_to_attach = true prompt_to_attach_default = false parameters = { session_user_field.parameter_value = "user" session_page_field.parameter_value = "message" session_date_time_field.parameter_value = "date_time" session_events_field.parameter_value = "session_events" session_timeout.parameter_value = "0" } # parameters } # sessions # Add the standard reports add_standard_reports = { name = "add_standard_reports" label = "add_standard_reports" snapon = "add_standard_reports" } # add_standard_reports } # snapons } # create_profile_wizard_options } # savvion_bpm