# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. globalscape_eft = { plugin_version = "1.0.1" info.1.manufacturer = "Globalscape" info.1.device = "EFT" info.1.version.1 = "" # 2012-11-15 - 1.0 - MSG - Initial creation # 2012-12-13 - 1.0.1 - GMF - Added extraction of session_id, and included it in the sessions analysis as an in-data session ID # The name of the log format log.format.format_label = "Globalscape EFT Format" log.miscellaneous.log_data_type = "ftp" log.miscellaneous.log_format_type = "ftp_server" # The log is in this format if any of the first ten lines match this regular expression # log.format.autodetect_regular_expression = "(contains(volatile.log_data_line, 'MSFTPSVC') and matches_regular_expression(volatile.log_data_line, '[0-9][0-9]:[0-9][0-9]:[0-9][0-9], MSFTPSVC'))" log.format.autodetect_regular_expression = "[0-9][0-9]:[0-9][0-9]:[0-9][0-9], MSFTPSVC" # Use comma as the field separator log.format.field_separator = ", " # The format of dates and times in this log log.format.date_format = "auto" log.format.time_format = "auto" # Log fields log.fields = { c_ip.index = 1 cs_username.index = 2 date.index = 3 time.index = 4 servicename.index = 5 server_name.index = 6 s_ip.index = 7 time_taken.index = 8 cs_bytes.index = 9 sc_bytes.index = 10 sc_status.index = 11 sc_win32_status.index = 12 request_type.index = 13 target.index = 14 parameter.index = 15 session_id = "" } # log.fields # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" c_ip = "" cs_username = "" servicename = "" server_name = "" s_ip = "" sc_status = "" sc_win32_status = "" request_type = "" target = "" parameter = "" session_id = "" } # database.fields log.parsing_filters.parse = ` if (matches_regular_expression(request_type, '[[]([0-9]+)[]]([a-zA-Z]+)')) then ( session_id = $1; request_type = $2; ); ` # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry # Reject any entry that doesn't use a file transfer operation transfers = { label = "Transfers" comment = "This counts the transfer lines" value = "if (matches_regular_expression(request_type, '(created|sent|RETR|STOR|GET|PUT)')) then transfers = 1" requires_fields = { request_type = true } } # transfers } # log.filters log.field_options = { sessions_page_field = "target" sessions_visitor_id_field = "c_ip" sessions_event_field = "transfers" sessions_id_field = "session_id" } # log.field_options database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events sc_bytes = { label = "$lang_stats.field_labels.sc_bytes" default = false log_field = "sc_bytes" requires_log_field = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } cs_bytes = { label = "$lang_stats.field_labels.cs_bytes" default = false log_field = "cs_bytes" requires_log_field = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } time_taken = { default = true type = "int" integer_bits = 64 display_format_type = duration_compact } # time_taken transfers = { label = "$lang_stats.field_labels.transfers" default = true requires_log_field = false type = "int" display_format_type = "integer" } # transfers } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } } # report_groups } # create_profile_wizard_options } # globalscape_eft