gtb_inspector = {

  plugin_version = "1.0"

  # 2012-05-11 - Benson - 1.0 - Initial Creation.

  info.1.manufacturer = "GTB"
  info.1.device = "Inspector"
  info.1.version.1 = "1.0"
  
  # The name of the log format
  log.format.format_label = "GTB Inspector Log Format"
  log.miscellaneous.log_data_type = "syslog_required"
  log.miscellaneous.log_format_type = "application"

  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "GTB Inspector: "

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # Look through a lot of lines to try to find a #Fields line
  log.format.autodetect_lines = "1000"

  # Log fields
  log.fields = {

    event_type = ""
    #id = ""
    severity = ""
    protocol = ""
    port = ""
    from = ""
    to.type = "host"
    action = ""
    description = ""
    rule = ""
    acl = ""
    data = ""
    events = ""

  } # log.fields

# 2012-05-09	16:03:25	Local1.Warning	172.16.1.162	GTB Inspector: Thu May 10 05:04:17 2012 gtbinspector DLP event. 
# ID=4 Severity=Medium Protocol=HTTPS Port=443 From=172.16.248.1 To=172.16.1.165 Action=BLOCK Description=åè_åå Data/Rule=Name_policy ACL Rule=Rule_any Data=hidden

  # Log Parsing Filters
  log.parsing_filters.parse = `
if (matches_regular_expression(v.syslog_message, 'GTB Inspector: [A-Z][a-z][a-z] ([A-Z][a-z][a-z]) ([0-9][0-9]) ([0-9:]+) ([0-9][0-9][0-9][0-9]) ([^.]+). (.*) Data/Rule=([^ ]+) ACL Rule=([^ ]+) Data=([^ ]+)$')) then (
# parse date/time from device
  set_collected_field('', 'date', $2 . '/' . $1 . '/' . $4);
  set_collected_field('', 'time', $3);

  set_collected_field('', 'event_type', $5);
  v.message = $6;
  set_collected_field('', 'rule', $7);
  set_collected_field('', 'acl', $8);
  set_collected_field('', 'data', $9);

  #collect_listed_fields('', v.message, ' ', '=', 'ID=id|Severity=severity|Protocol=protocol|Port=port|From=from|To=to|Action=action|Description=description|Data\/Rule=rule|ACL\ Rule=acl_rule|Data=data');
  collect_listed_fields('', v.message, ' ', '=', '');
  set_collected_field('', 'events', 1);

  accept_collected_entry('', false);
);
`


  # Database fields
  database.fields = {

    date_time = ""
    event_type = ""
    #id = ""
    severity = ""
    protocol = ""
    port = ""
    from = ""
    to = ""
    #location = ""
    action = ""
    description = ""
    rule = ""
    acl = ""
    data = ""

  } # database.fields


  # Log Filters
  log.filters = {


  } # log.filters

  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # accesses

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""

    } # report_groups

  } # create_profile_wizard_options

} # gtb_inspector