# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. ice_cast = { plugin_version = "1.5" info.1.manufacturer = "Xiph Foundation" info.1.device = "Icecast" info.1.version = "2" # - 1.0 - - Initial creation. # 2008-02-20 - 1.1 - KBB - Made autodetect_regular_expression more restrictive, since this # format is so consistent. Fixed bug where user agent field was not being set because of an # extra field being gathered. (My original assumption was that there was a format variant that # lacked the server_domain field, but we have many samples of icecast logs and they are all the # same, so I think it was a bug. If this breaks backward compatibility to an earlier default, # or a common variant, then that must be addressed. I don't know if icecast logging uses format # strings like Apache.) # 2008-02-20 - 1.2 - KBB - Based on information from icecast.org forum, # http://icecast.imux.net/viewtopic.php?t=655&highlight=log+format, am now gathering final # numeric field as the duration in seconds. I have used this to replace the previous duration # which as calculated from the size and an assumption about the speed. # 2008-02-20 - 1.3 - GMF - Moved "accesses=1" to its own filter, so it can be automatically disabled # when accesses does not exist. # 2011-09-28 - 1.3.1 - KBB - 18446744073709551615 shows up as the duration in logs. This is the largest # unsigned 64 bit integer, and it is used in SQL to represent NULL, so it shows up as something # enormous in v7 and zero in v8.5. We now set the duration to zero explicitly in the parsing filter. # 2011-11-17 - 1.3.2 - KBB - 18446744073709551614 also shows up as the duration in logs, so generalizing # the previous fix to set anything that is less than zero seconds or over five years to zero. # 2013-05-31 - 1.3.3 - MSG - Increased the suppress bottom value of page field to 9. # 2014-09-16 - 1.4 - gas - added media reports # 2014-10-10 - 1.5 - gas - removed location field, no longer needed - media_reports snapon does geo # 2015-01-14 - 1.6 - ILD - Added User Agent snapon and removed old UA calculation method # The name of the log format log.format.format_label = "IceCast Log Format" log.miscellaneous.log_data_type = "http_access" log.miscellaneous.log_format_type = "media_server" # The log is in this format if any of the first ten lines match this regular expression #211.11.11.111 - - [09/Jan/2008:16:55:34 -0500] "GET /sample.mp3 HTTP/1.1" 200 11360 "-" "NSPlayer/11.0.5721.5145 WMFSDK/11.0" 1 #log.format.autodetect_regular_expression = "^[^ ]* [^ ]* .* \\[../.../....:..:..:...*\\] \"[A-Z]* [^ ]* HTTP[^\"]*\" [0-9]* [-0-9]* [^ ]* \".*\" [0-9][0-9]*$" log.format.autodetect_regular_expression = '^[^ ]+ [^ ]+ .* \\[../.../....:..:..:...*\\] "[A-Z]+ [^ ]+ HTTP[^"]*" [0-9]+ [-0-9]+ ("[^"]+"|[^ ]+) "[^"]+" [0-9]+$' # Treat fields surrounded by square brackets (e.g. the date/time field) as a single quoted field. log.format.treat_brackets_as_quotes = "true" log.format.common_log_format = "true" # The format of dates and times in this log log.format.date_format = "dd/mmm/yyyy:hh:mm:ss" log.format.time_format = "dd/mmm/yyyy:hh:mm:ss" # Log fields log.fields = { hostname = { type = "host" index = 1 } # hostname authenticated_user = { index = 3 } # authenticated_user date_time = { index = 4 subindex = 1 } # date_time operation = { index = 5 subindex = 1 } # operation page = { type = "page" index = 5 subindex = 2 hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # page protocol = { index = 5 subindex = 3 } # protocol server_response = { type = "response" index = 6 } # server_response size = { index = 7 } # size # server_domain = { # index = 8 # } # server_domain referrer = { type = "URL" # index = 9 index = 8 hierarchy_dividers = "/?" left_to_right = true leading_divider = "false" } # referrer agent = { # type = "agent" # index = 10 index = 9 } # agent duration = { index = 10 } more_than_15_minutes = "" #total_duration_96kbps = "" fifteen_minute_sessions = "" } # log.fields # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" page = { label = "$lang_stats.field_labels.page" log_field = "page" type = "string" suppress_top = 0 suppress_bottom = 9 display_format_type = "page" } # page file_type = "" worm = "" screen_dimensions = "" screen_depth = "" hostname = "" domain_description = "" #location = "" referrer = { suppress_top = 1 suppress_bottom = 3 } # referrer referrer_description = "" search_engine = "" search_phrase = "" # web_browser = "" # operating_system = "" # spider = "" authenticated_user = "" server_response = "" more_than_15_minutes = "" } # database.fields log.parsing_filters.parse = ` # Get search engine and search phrase information from the referrer field (before it gets simplified). if (get_search_engine_info(referrer)) then ( search_engine = volatile.search_engine; search_phrase = volatile.search_phrase; ); # Get web browser, operating system, web browser, and spider information from the user-agent field. #get_user_agent_info(agent); #web_browser = volatile.web_browser; #operating_system = volatile.operating_system; #spider = volatile.spider; #166.166.166.166 - - [06/Jun/2011:11:00:02 -0400] "GET /lizard-radio HTTP/1.1" 200 71112 "-" "LIZRadio/3.3.3 LIZNetwork/5.5.5 Lizard/11.11.11" 18446744073709551614 #if (duration eq '18446744073709551615') then ( if ((duration > 5*365*24*60*60) or (duration < 0)) then ( duration = 0; ); # Compute the duration in seconds fo the stream, based on the assumption that # it was delivered at a continuous 96kbps. #total_duration_96kbps = (size * 8.0) / (96.0*1024.0); # Determine if this is more than 15 minutes, based on 96kbps #more_than_15_minutes = total_duration_96kbps > (15*60); more_than_15_minutes = duration > (15*60); if (more_than_15_minutes) then fifteen_minute_sessions = 1; ` # Log Filters log.filters = { simplify_referrer = { label = "$lang_admin.log_filters.simplify_referrer_label" comment = "$lang_admin.log_filters.simplify_referrer_comment" value = "if (referrer eq '-') then referrer = '(no referrer)' else if (matches_regular_expression(referrer, '^([^:]+://[^/]+/)')) then referrer = $1 . '(omitted)'" } # simplify_referrer internal_referrer = { label = "$lang_admin.log_filters.internal_referrer_label" comment = "$lang_admin.log_filters.internal_referrer_comment" value = "if (contains(referrer, 'mydomain.com/')) then referrer = '(internal referrer)';" disabled = true } # internal_referrer not_authenticated = { label = "$lang_admin.log_filters.not_authenticated_label" comment = "$lang_admin.log_filters.not_authenticated_comment" value = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';" } # not_authenticated set_page_for_worm = { label = "$lang_admin.log_filters.set_page_for_worm_label" comment = "$lang_admin.log_filters.set_page_for_worm_comment" value = "if (starts_with(worm, '(')) then '' else page = '(worm)';" } # set_page_for_worm remove_query = { label = "$lang_admin.log_filters.remove_query_label" comment = "$lang_admin.log_filters.remove_query_comment" value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';" } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'accesses = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "page" sessions_visitor_id_field = "hostname" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { accesses = { requires_log_field = false entries_field = true } # accesses page_views = { default = true requires_log_field = false } # page_views visitors = { log_field = "hostname" type = "unique" } # visitors size = { type = "int" integer_bits = 64 display_format_type = "bandwidth" } # size # total_duration_96kbps = { # type = "int" # integer_bits = 64 # display_format_type = "duration_compact" # } # average_duration_96kbps = { # type = "int" # integer_bits = 64 # display_format_type = "duration_compact" # log_field = "total_duration_96kbps" # aggregation_method = "average" # average_denominator_field = "accesses" # } duration = { type = "int" default = true integer_bits = 64 display_format_type = "duration_compact" } # duration average_duration = { label = "$lang_stats.field_labels.average $lang_stats.field_labels.duration" type = "int" integer_bits = 64 display_format_type = "duration_compact" log_field = "duration" aggregation_method = "average" average_denominator_field = "accesses" } # average_duration fifteen_minute_sessions = "" } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups snapons = { # Attach a media_reports snapon media_reports = { snapon = "media_reports" name = "media_reports" label = "$lang_admin.snapons.media_reports.label" parameters = { user_field.parameter_value = "authenticated_user" client_ip_field.parameter_value = "hostname" duration_field.parameter_value = "duration" have_stream_name_field.parameter_value = true stream_name_field.parameter_value = "page" have_stream_id_field.parameter_value = false # stream_id_field.parameter_value = "c_playerid" # Do the default concurrent connections analysis; it's based on a single duration field, which we have. attach_concurrent_events.parameter_value = true } # parameters } # media_reports user_agent_analysis = { snapon = "user_agent_analysis" name = "user_agent_analysis" label = "$lang_admin.snapons.user_agent_analysis.label" parameters = { user_agent_field.parameter_value = "agent" } # parameters } # user_agent_analysis } # snapons } # create_profile_wizard_options } # ice_cast