# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
intermapper_event = {

  plugin_version = "1.1.3"

  # 2007-09-11 - 1.0 - KBB - Added version number and changed file name from beta_intermapper_event.cfg.
  # 2009-01-12 - 1.0.1 - KBB - Changed to collect/accept to prevent errors when numeric fields omitted
  # during profile creation.
  # 2009-01-19 - 1.1 - KBB - Changed to use year from file name if available.
  # 2009-01-21 - 1.1.1 - KBB - Reversed 1.0.1. The problem was the lack of a log field for events,
  # not using log fields directly.
  # 2010-12-29 - 1.1.2 - MSG - Edited info lines.
  # 2011-04-14 - 1.1.3 - KBB - Made regular expression more flexible for the host in UP, DOWN events, and link
  # events with a Utilization value.

  info.1.manufacturer = "Dartware"
  info.1.device = "InterMapper Event"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "InterMapper Event Log Format"
  log.miscellaneous.log_data_type = "generic"
  log.miscellaneous.log_format_type = "network_device"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[0-9][0-9]/[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]  [a-z*][a-z*][a-z*][a-z*]  "

  log.format.parse_only_with_filters = false

  # Date format
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    event_type = ""
    host = ""
    port = ""
    index_number = ""
    message = ""

    up_time = ""
    down_time = ""
    utilization = ""
    events = ""

  } # log.fields

  log.filter_initialization = `
string path_year = '';
string current_path = '';
`

  log.parsing_filters.parse = `
#10/17 23:59:59  TRAP  li5z4a3r2d-Workstations:gecko.chameleon.com. authenticationFailure 
#10/17 00:25:54  DOWN  ABC Real Router::  (Was up for 44 minutes, 14 seconds)
#10/17 00:26:51  UP    ABC Real Router::  (Was down for 57 seconds)
#04/12 17:18:22  UP    Networks:ABC PC (Was down for 21 seconds)
#04/12 17:18:01  DOWN  Networks:ABC PC (Was up for 9 hours, 43 minutes, 12 seconds)
#if (matches_regular_expression(current_log_line(), '^([0-9/]+) ([0-9:]+)  (....)  (.*)$')) then (
if (matches_regular_expression(current_log_line(), '^([0-9/]+) ([0-9:]+)  ([^ ]{0,4}) +([^ ].*)$')) then (
  v.date = $1;
  time = $2;
  event_type = $3;
  message = $4;

  v.path = current_log_pathname();

  # New file. Look for year in path like this "Event Log200810170000.txt" or "Event_Log200810170000.txt".
  if ((current_path ne v.path) and matches_regular_expression(v.path, '[lL]og([0-9]{4})([0-9]{2})([0-9]{2})')) then (
    current_path = v.path;
    path_year = $1;
    v.month = $2;
    v.day = $3;
    if (path_year > 1960 and path_year < 3000 and # Y3K bug
        v.month > 0 and v.month <= 12 and
        v.day > 0 and v.day <= 31) then (
      date = v.date . "/" . path_year;
    );
    else ( # Use this year
      path_year = '';
      date = normalize_date(v.date, 'mm/dd');
    );
  );

  # Use year saved from path
  else if (path_year ne '') then (
    date = v.date . "/" . path_year;
  );

  # Use this year
  else (
    date = normalize_date(v.date, 'mm/dd');
  );

  #10/17 00:25:54  DOWN  ABC Real Router::  (Was up for 44 minutes, 14 seconds)
  #10/17 00:26:51  UP    ABC Real Router::  (Was down for 57 seconds)
  #04/12 17:18:22  UP    Networks:ABC PC (Was down for 21 seconds)
  #04/12 17:18:01  DOWN  Networks:ABC PC (Was up for 9 hours, 43 minutes, 12 seconds)
  #if (((event_type eq 'DOWN') or (event_type eq 'UP  ')) and (matches_regular_expression(message, '^([^:]*)::  \\\\(Was [a-z]+ for ([^)]*)\\\\)'))) then (
  #if (((event_type eq 'DOWN') or (event_type eq 'UP')) and (matches_regular_expression(message, '^([^:]*)::  \\\\(Was [a-z]+ for ([^)]*)\\\\)'))) then (
  # 2011-04-14 - 1.1.3 - KBB
  if (((event_type eq 'DOWN') or (event_type eq 'UP')) and (matches_regular_expression(message, '^(.*[^:][^ :])(::)? +\\\\(Was [a-z]+ for ([^)]*)\\\\)'))) then (
    host = $1;
    v.duration = $3;
    v.year = 0;
    v.month = 0;
    v.day = 0;
    v.hour = 0;
    v.minute = 0;
    v.second = 0;
    if (matches_regular_expression(v.duration, '([0-9]+) year')) then
      v.year = $1;
    if (matches_regular_expression(v.duration, '([0-9]+) month')) then
      v.month = $1;
    if (matches_regular_expression(v.duration, '([0-9]+) day')) then
      v.day = $1;
    if (matches_regular_expression(v.duration, '([0-9]+) hour')) then
      v.hour = $1;
    if (matches_regular_expression(v.duration, '([0-9]+) minute')) then
      v.minute = $1;
    if (matches_regular_expression(v.duration, '([0-9]+) second')) then
      v.second = $1;
    v.duration_seconds = v.year*365*24*60*60 + v.month*30*24*60*60 + v.day*25*60*60 + v.hour*60*60 + v.minute*60 + v.second;
    if (event_type eq 'DOWN') then
      up_time = v.duration_seconds;
    else
      down_time = v.duration_seconds;

  ); # if DOWN or UP

  # Handle link lines
  # These examples shouldn't match.
  #04/12 00:00:12  link  util < 50 (44.8%) : [2] router.snake.lizard.com. - Serial0/1
  #10/17 00:00:20  link  util < 50 (2.33%) : [1] ABC Little Router - Serial0/0
  # These should.
  #04/12 08:58:48  link  util >= 90 (93.9%) : [1] router.lizard.com - FastEthernet0/0
  #10/17 00:01:18  link  util >= 50 (54.8%) : [16] router.snake.lizard.com - Serial0/1.1
  #10/17 00:06:20  link  util >= 50 (67.1%) : [1] ABC Little Router - Serial0/0
  #if ((event_type eq 'link') and (matches_regular_expression(message, '^util [^<]+ \\\\(([0-9.]+)%\\\\) : \\\\[([0-9]+)\\\\] ([^ ]+) - (.*)$'))) then (
  # 2011-04-14 - 1.1.3 - KBB
  if ((event_type eq 'link') and matches_regular_expression(message, '^util [^<]+ \\\\(([0-9.]+)%\\\\) : \\\\[([0-9]+)\\\\] (.+) - (.*)$')) then (
    utilization = $1;
    index_number = $2;
    host = $3;
    port = $4;
  ); # link event

  events = 1;
);
`

  # Database fields
  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""
    event_type = ""
    host = ""
    port = ""
    message = ""
    index_number = ""

  } # database.fields

  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = true
      entries_field = true
    } # events

    up_time = {
      label = $lang_stats.field_labels.up_time
      default = false
      requires_log_field = true
      type = int
      display_format_type = duration_compact
    } # up_time

    down_time = {
      label = $lang_stats.field_labels.down_time
      default = false
      requires_log_field = true
      type = int
      display_format_type = duration_compact
    } # down_time

    utilization = {
      default = false
      requires_log_field = true
      type = float
      display_format_type = "integer"
      aggregation_method = "average"
      average_denominator_field = "events"
    } # utilization

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # intermapper_event