# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
filemaker_access = {

  plugin_version = "1.3"

  # Initial creation - 1.0
  # 2013-03-06 - 1.0 - GMF - Initial creation [ThreadID:1284344]
  # 2013-03-13 - 1.1 - GMF - Added database close, connect, and disconnect event tracking.
  # 2013-03-13 - 1.1.1 - GMF - Added operation field
  # 2013-10-10 - 1.2 - GMF - Added support for version 11 format
  # 2013-10-21 - 1.3 - GMF - Added extraction of client/hostname/ip_address from client

  info.1.manufacturer = "FileMaker"
  info.1.device = "FileMaker Access Log"
  info.1.version.1 = "11"
  info.1.version.2 = "12"

  # The name of the log format
  log.format.format_label = "Filemaker Access Log Format"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "application"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_expression = `
# Version 12
matches_regular_expression(volatile.log_data_line, "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9][.][0-9][0-9][0-9] [^	]+	[^	]+	[0-9]+	[^	]+	") or

# Version 11
#2013-09-24 03:11:49	Server Access	Information	Client "John Doe" opening a connection from "JohnWork-PC (12.34.56.78)" using "Pro 11.0v1 [fmapp]".
matches_regular_expression(volatile.log_data_line, "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]	([^	]+)	  ([^	]+)	Client")

`

  log.format.parse_only_with_filters = "true"
  log.parsing_filters.parse = `
if (
   # Version 12; see above
   matches_regular_expression(current_log_line(), "^([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9])[.][0-9][0-9][0-9] ([^	]+)	([^	]+)	([0-9]+)	([^	]+)	(.*)$") or

   # Version 11; see above
    matches_regular_expression(current_log_line(), "^([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9])()	[^	]+	([^	]+)()()	(.*)$")) then (

  set_collected_field('', 'date', $1);
  set_collected_field('', 'time', $2);
#  set_collected_field('', 'time_zone', $3);
  set_collected_field('', 'priority', $4);
#  set_collected_field('', '???', $5);
#  set_collected_field('', '???', $6);
  v.remainder = $7;

  # 2013-02-08 09:41:18.822 -0600   Information     94      ABC182      Client "user123 [12.34.56.78]" opening database "TestDB" as "user123".
  if (matches_regular_expression(v.remainder, '^Client "([^"]+)" (opening database|closing database|opening a connection|closing a connection)(.*)$')) then (
    set_collected_field('', 'client', $1);
    v.operation = $2;
    set_collected_field('', 'operation', v.operation);
    v.remainder = $3;

    # 2013-02-08 09:41:18.822 -0600   Information     94      ABC182      Client "user123 [12.34.56.78]" opening database "TestDB" as "user123".
    if (v.operation eq "opening database") then (
      set_collected_field('', 'database_opens', 1);
      if (matches_regular_expression(v.remainder, '^ "([^"]+)" as "([^"]+)"[.]')) then (
        set_collected_field('', 'database', $3);
        set_collected_field('', 'username', $4);
      );
    );

    # 2013-02-08 09:51:20.125 -0600   Information     98      ABC123      Client "user123 [12.34.56.78]" closing database "Watchtower" as "user213".
    else if (v.operation eq "closing database") then (
      set_collected_field('', 'database_closes', 1);
      if (matches_regular_expression(v.remainder, '^ "([^"]+)" as "([^"]+)"[.]')) then (
        set_collected_field('', 'database', $3);
        set_collected_field('', 'username', $4);
      );
    );

    # 2013-02-08 09:41:18.807 -0600	Information	638	ABC123	Client "user123" closing a connection.
    else if (v.operation eq "closing a connection") then (
      set_collected_field('', 'disconnections', 1);
    );

    # 2013-02-08 09:41:18.807 -0600	Information	638	ABC123	Client "user123" opening a connection from " (12.34.56.78)" using "MSACCESS.EXE [fmxdbc]".
    else if (v.operation eq "opening a connection") then (
      if (matches_regular_expression(v.remainder, '^ from "([^"]+)" using "[^"]+"[.]')) then (
        set_collected_field('', 'source', $1);
        set_collected_field('', 'application', $2);
        set_collected_field('', 'connections', 1);
      );
    ); # opening a connection

    if (matches_regular_expression(get_collected_field('', 'client'), '^([^(]+) [(]([^)]+)[)] [[]([^]]+)[]]$')) then (
      set_collected_field('', 'client', $1);
      set_collected_field('', 'hostname', $2);
      set_collected_field('', 'ip_address', $3);
    );

    accept_collected_entry('', false);
  ); # if open/close line

);

`
  log.fields = {

    date = ""
    time = ""
    priority = ""
    operation = ""
    client = ""
    database = ""

    username = ""
    hostname = ""
    ip_address = ""

    connections = ""
    disconnections = ""
    database_opens = ""
    database_closes = ""

  } # log.fields


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    priority = ""
    operation = ""
    client = ""
    database = ""
    username = ""
    hostname = ""
    ip_address = ""

  } # database.numerical_fields

  database.numerical_fields = {

    database_opens = {
      default = true
    } # database_opens

    database_closes = {
      default = true
    } # database_closes

    connections = {
      default = true
    } # connections

    disconnections = {
      default = true
    } # disconnections

  } # database.numerical_fields


  log.filters = {
  } # log.filters

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # filemaker_access