# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
nemesis = {

  plugin_version = "1.0"

  info.1.manufacturer = "SuperLumin Networks"
  info.1.device = "Nemesis"
  info.1.version.1 = "2.3.0.4132"

  # 2012-03-02 - 1.0 - GMF - Initial plug-in creation
  # 2012-03-09 - 2.0 - GMF - Fixed sessions. Added gateway snapon.  Added domain snapon.

# Example:
##Software: SuperLumin Networks Nemesis 2.3.0.4132
##Version: 1.0
##Date: 2012-02-28 15:23:38
##Fields: c-ip time x-user s-status x-time-taken-milli bytes x-cache-status x-cached x-access-control x-filter c-method x-service s(Content-Type) c-uri r-ip
##Remarks: separator=" "
#12.34.56.78 [22/Feb/2012:19:29:55 -0700] "-" 200 1568 266225 CACHE_MISS 0 6 "-" GET "tr1" "text/html; charset=UTF-8" "http://somesite.com/page.html" -

  # The name of the log format
  log.format.format_label = "SuperLumin Networks Nemesis"
  log.miscellaneous.log_data_type = "firewall"
  log.miscellaneous.log_format_type = "proxy_server"

  # The log is in this format if any of the first ten lines match this regular expression
  # 2008-05-29 - GMF - Added support for version 5
  log.format.autodetect_regular_expression = "^#Software: SuperLumin Networks Nemesis"
  
  # Literal apostrophes can appear in field values, and should not be treated as quotes
  log.format.treat_apostrophes_as_quotes = false
  log.format.treat_brackets_as_quotes = true

  log.fields = {
    url = {
      type = "page"
    }
  }

  # This handles #Fields lines, and creates log and database fields from them
  log.filter_preprocessor = `
if (matches_regular_expression(current_log_line(), '^#Fields: (.*)$')) then (
  string fields = $1;
  string fieldname;
  v.logfieldindex = 1;
  string numerical_fields = "profiles." . internal.profile_name . ".database.numerical_fields";

  # This subroutine creates a database field
  subroutine(create_database_field(string fieldname), (
#echo("create_database_field: " . fieldname);
    debug_message("create_database_field(" . fieldname . ")\n");
    string databasefieldpath = "profiles." . internal.profile_name . ".database.fields." . fieldname;
    (databasefieldpath . "") = "";
    node databasefield = databasefieldpath;
#    set_subnode_value(databasefield, "label", fieldname);
    databasefield;
  ));

  subroutine(create_log_field(string fieldname, string type, bool withindex), (
    debug_message("create_log_field(" . fieldname . "; type=" . type . ")\n");
    string logfieldpath = "profiles." . internal.profile_name . ".log.fields." . fieldname;
    (logfieldpath . "") = "";
    node logfield = logfieldpath;
#    set_subnode_value(logfield, "label", fieldname);
    if (withindex) then (
      set_subnode_value(logfield, "index", v.logfieldindex);
      v.logfieldindex++;
    );
    set_subnode_value(logfield, "subindex", 0);
    if (type ne '') then
      set_subnode_value(logfield, "type", type);
    logfield;
  ));

  # Extract the fields on at a time
  while (matches_regular_expression(fields, '^([^ ]+) (.*)$')) (

    string unconverted_fieldname = $1;
    fields = $2;

    # Clean up the field name
    fieldname = '';
    for (int i = 0; i < length(unconverted_fieldname); i++) (
      string c = lowercase(substr(unconverted_fieldname, i, 1));
      if (!matches_regular_expression(c, '^[a-z0-9]$')) then
        c = '_';
      fieldname .= c;
    );
    while (matches_regular_expression(fieldname, '^(.*)_$'))
      fieldname = $1;

    # The timestamp field is called "time" in Nemesis logs, but Sawmill uses that name for the time field (hh:mm:ss); call this one timestamp
    if (fieldname eq "time") then
      fieldname = "timestamp";

    # Get the log field type
    string log_field_type = '';
    if (fieldname eq 'cs_uri') then (
      log_field_type = 'page';
      ("profiles." . internal.profile_name . ".log.fields." . fieldname . ".type") = 'flat';
    );

    # Create the log field
    create_log_field(fieldname, log_field_type, true);

    # If we're creating a profile, create the database fields too.
    if (node_exists("volatile.creating_profile")) then (

      # Handle localtime by creating date_time and derived database fields
      if (fieldname eq "timestamp") then (
        create_log_field('date', '', false);
        create_log_field('time', '', false);
        create_database_field('date_time');
        create_database_field('day_of_week');
        create_database_field('hour_of_day');
#        ("profiles." . internal.profile_name . ".log.parsing_filters.parse_localtime.disabled") = false;
      ); # if localtime

      # Create derived field for agent
      else if (fieldname eq "c_ip") then (
        create_database_field('c_ip');
        create_log_field('location', '', false);
        create_database_field('location');
      );

      # Create derived file type field
      else if (fieldname eq "cs_uri") then (
        create_database_field('file_type');
      );
  
      # Don't add a database field for numerical fields
      else if (subnode_exists(numerical_fields, fieldname)) then (
        debug_message("Not adding numerical field: " . fieldname . "\n");
      );
  
      # Create a normal database field
      else
        create_database_field(fieldname);

    ); # if creating profile
 
  ); # while another field

  # Don't parse the #Fields line as a data line
  'reject';

); # if #Fields

# Don't parse any other # lines as data lines
else if (starts_with(current_log_line(), '#')) then (
  'reject';
);
`

  # Extract date and time from timestamp
  log.parsing_filters.parse_date_time = {
    comment = `extract date and time from timestamp`
    value = `
  if (matches_regular_expression(timestamp, '^([0-9]+/[A-Za-z]+/[0-9]+):([0-9:]+) ')) then (
    date = $1;
    time = $2;
  );
`
}

  # Log Filters
  log.filters = {

    simplify_url = {
      label = "$lang_admin.log_filters.simplify_url_label"
      comment = "$lang_admin.log_filters.simplify_url_comment"
      value = "if (matches_regular_expression(c_uri, '^([^:]+://[^/]+/)')) then c_uri = $1 . '(omitted)'"
      requires_fields = {
        c_uri = true
      }
    } # simplify_url

    strip_non_page_views = {
      label = '$lang_admin.log_filters.strip_non_page_views_label'
      comment = '$lang_admin.log_filters.strip_non_page_views_comment'
      value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';"
    } # strip_non_page_views

    detect_page_views = {
      label = '$lang_admin.log_filters.detect_page_views_label'
      comment = '$lang_admin.log_filters.detect_page_views_comment'
      value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;"
      requires_fields = {
        file_type = true
        page_views = true
      }
    } # detect_page_views

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  log.field_options = {

    sessions_page_field = "c_uri"
    sessions_visitor_id_field = "c_ip"
    sessions_event_field = "page_views"

  } # log.field_options


  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

    page_views = {
      default = true
      requires_log_field = false
    } # page_views

    bytes = {
      default = true
      type = float
      display_format_type = bandwidth
    } # bytes

    x_time_taken_milli = {
      default = false
      requires_log_field = true
      type = int
      integer_bits = 64
      display_format_type = duration_milliseconds
    } # x_time_taken_milli

    unique_client_ips = {
      default = false
      requires_log_field = true
      log_field = c_ip
      type = unique
    } # unique_client_ips

  } # database.numerical_fields


  create_profile_wizard_options = {

    report_groups = {
      date_time_group = ""
    } # report_groups

    snapons = {
  
      # Attach a top_level_domain snapon
      top_level_domain = {
	snapon = "top_level_domain"
	name = "top_level_domain"
	label = "$lang_admin.snapons.top_level_domain.label"
        parameters = {
          url_field.parameter_value = "c_uri"
          field_name = {
            parameter_value = "$lang_admin.field_labels.top_level_domain"
            final_node_name = "top_level_domain"
          }
        } # parameters
      } # top_level_domain

      # Attach a gateway_reports snapon
      gateway_reports = {
	snapon = "gateway_reports"
	name = "gateway_reports"
	label = "$lang_admin.snapons.gateway_reports.label"
        parameters = {
#          user_field.parameter_value = "x_user"
          user_field.parameter_value = "c_ip"
          have_client_ip.parameter_value = true
          client_ip_field.parameter_value = "c_ip"
          have_category_field.parameter_value = false
#          category_field.parameter_value = "category"
          host_field.parameter_value = "top_level_domain"
          page_views_field.parameter_value = "page_views"
          have_bytes_in_field.parameter_value = true
          bytes_in_field.parameter_value = "bytes"
        } # parameters
  
      } # gateway_reports

# 2013-02-06 - GMF - Now added in gateway_reports
#      # Add the standard reports
#      add_standard_reports = {
#        name = "add_standard_reports"
#	label = "add_standard_reports"
#	snapon = "add_standard_reports"
#      } # add_standard_reports

    } # snapons

  } # create_profile_wizard_options

} # nemesis