# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
juniper_mfc_apple = {

  plugin_version = "1.0"

  info.1.manufacturer = "Juniper"
  info.1.device = "Media Flow Controller Access (Apple variant, 2012-07-21)"
  info.1.version.1 = ""

  # 2011/10/27 - 1.0 - GMF - Cloned juniper_mfc; updated for new format; changed parsing to log.format.parsing_regular_expression

  # The name of the log format
  log.format.format_label = "Juniper Media Flow Controller Access Log Format (Apple variant, 2012-07-21)"
  log.miscellaneous.log_data_type = "http_access"
  log.miscellaneous.log_format_type = "web_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = `#Fields: %c %h %V %u %t "%r" %s %b %N "%[{]Cache-Control[}]i" "%[{]Pragma[}]i" "%[{]Cache-Control[}]o" "%[{]Pragma[}]o" "%[{]Vary[}]o" %y`

  log.format.parsing_regular_expression = `^([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) [[]([^:]+):([^ ]+) [^]]+[]] "([^ ]+) ([^ ]+) ([^"]+)" ([^ ]+) ([^ ]+) ([^ ]+) "([^"]+)" "([^"]+)" "([^"]+)" "([^"]+)" "([^"]+)" ([^ ]+)`

  log.format.ignore_format_lines = "true"

  # The format of dates and times in this log
#  log.format.date_format = "dd/mmm/yyyy:hh:mm:ss"
#  log.format.time_format = "dd/mmm/yyyy:hh:mm:ss"

  # Log fields
  log.fields = {

    unknown1 = ""

    hostname = {
      type = "host"
    } # hostname

    server_domain = ""
    authenticated_user = ""
    date = ""
    time = ""

    operation = ""
    page = {
      type = "page"
    } # page

    protocol = ""

    server_response = ""
    size = ""
    unknown2 = ""
    cache_control_in = ""
    pragma_in = ""
    cache_control_out = ""
    pragma_out = ""
    vary = ""
    unknown3 = ""

    hit_type = ""
    errors = ""
    page_views = ""
    broken_links = ""

  } # log.fields


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    hit_type = ""
    page = {
      suppress_bottom = 9
      display_format_type = "page"
    } # page
    file_type = ""
    hostname = ""
    location = ""
    organization = ""
    isp = ""
    domain = ""
    server_domain = ""
    authenticated_user = ""
    server_response = ""

    unknown1 = ""
    unknown2 = ""
    cache_control_in = ""
    pragma_in = ""
    cache_control_out = ""
    pragma_out = ""
    vary = ""
    unknown3 = ""

  } # database.fields


  # Log Filters
  log.filters = {

    not_authenticated = {
      label = "$lang_admin.log_filters.not_authenticated_label"
      comment = "$lang_admin.log_filters.not_authenticated_comment"
      value = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';"
    } # not_authenticated

    remove_query = {
      label = "$lang_admin.log_filters.remove_query_label"
      comment = "$lang_admin.log_filters.remove_query_comment"
      value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';"
    } # remove_query

    categorize = {
      label = "$lang_admin.log_filters.categorize_hits_label"
      comment = "$lang_admin.log_filters.categorize_hits_comment"
      value = `if (starts_with(server_response, '4')) then (
  errors = 1;
  if (server_response eq '404') then (
    broken_links = 1;
    hit_type = "broken link";
  )
  else (
    hit_type = "error";
  )
)
else if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then (
  hit_type = "hit";
)
else (
  hit_type = "page view";
  page_views = 1;
)`
    } # categorize

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'hits = 1;'
    } # mark_entry

    strip_non_page_views = {
      label = '$lang_admin.log_filters.strip_non_page_views_label'
      comment = '$lang_admin.log_filters.strip_non_page_views_comment'
      value = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';"
    } # strip_non_page_views

  } # log.filters

  log.field_options = {

    sessions_page_field = "page"
    sessions_visitor_id_field = "hostname"
    sessions_event_field = "page_views"

  } # log.field_options


  database.numerical_fields = {

    hits = {
      requires_log_field = false
      entries_field = true
    } # hits

    page_views = {
      default = true
    }
    errors = ""
    broken_links = ""

    visitors = {
      log_field = "hostname"
      type = "unique"
    } # visitors

    size = {
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    } # size

  } # database.numerical_fields


  create_profile_wizard_options = {
  
    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      hit_type = ""
      content_group = {
        page = true
        file_type = true
      }
      visitor_demographics_group = {
        hostname = true
        domain_description = true
        location = true
        organization = true
        isp = true
        domain = true
        authenticated_user = true
      }
      visitor_systems_group = {
        screen_dimensions = true
        screen_depth = true
        web_browser = true
        operating_system = true
      }
      referrer_group = {
        referrer = true
        referrer_description = true
        search_engine = true
        search_phrase = true
        search_phrase_by_search_engine = true
      }
      other_group = {
        worm = true
        spider = true
        server_domain = true
        server_response = true
        unknown1 = true
        unknown2 = true
        unknown3 = true
        pragma_in = true
        pragma_out = true
        cache_control_in = true
        cache_control_out = true
        vary = true
      }
    } # report_groups

  } # create_profile_wizard_options

} # juniper_mfc_apple