# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
websense_server = {

  plugin_version = "1.2"

  info.1.manufacturer = "Websense"
  info.1.device = "Websense Server"
  info.1.version = "4"

  # 2014-03-17 - 1.0 - GMF - Initial implementation
  # 2014-03-24 - 1.1 - GMF - Renamed fields to match format string.  Added byte fields.
  # 2014-04-23 - 1.2 - gas - modified parsing regex and:
  #														added support for user agent field and snapon
	#														added support for username (pulled from LDAP string in user-path)  	
	#														added support for LDAP server name		
  

  # The name of the log format
  log.format.format_label = "Websense Server Log Format"
  log.miscellaneous.log_data_type = "firewall"
  log.miscellaneous.log_format_type = "proxy_server"

  # The log is in this format if any of the first ten lines match this regular expression
#12.34.56.78 - Websense server 4.X 2013-12-06 10:55:14 ddsint.websense.com 23.45.67.89 80 7 14277 576 http POST http://ddsint.websense.com/cgi-bin/nph-wsget20.exe 200 permitted
  log.format.autodetect_regular_expression = '^[0-9.]+ - Websense server '

  # Plug-in created for log data with this format (ThreadID:1303424):
  #"%<source> %<userPath> %<userAgent> %<:%F %H:%M:%S> %<urlHost> %<destination> %<port> %<scanDuration> %<bytesReceived> %<bytesSent> %<protocol> %<method> %<url> %<serverStatusCode> %<dispositionString> "

  log.format.parsing_regular_expression = '^([0-9.a-f:]+) (-|LDAP://([^ ]+).*,DC=[^,]+,DC=[^,]+,DC=([^\\]+...[^ ]+)) (.*) ([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]) ([^ ]+) ([0-9.]+) ([0-9]+) ([0-9]+) ([0-9]+) ([0-9]+) ([^ ]+) ([^ ]+) ([^ ]+) ([0-9]+) (.*)'

  # Log fields
  log.fields = {

    source = ""
    dummy = ""
    ldap_server = ""
		username = ""
		user_agent = ""
    date = ""
    time = ""
    url_host = ""
    destination = ""
    port = ""
    scan_duration = ""
    bytes_received = ""
    bytes_sent = ""
    protocol = ""
    method = ""
    url = ""
    server_status_code = ""
    disposition_string = ""

  } # log.fields

  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""

    source = ""
    ldap_server = ""
		username = ""
#		user_agent = ""
    url_host = ""
    destination = ""
    port = ""
    protocol = ""
    method = ""
    url = ""
    server_status_code = ""
    disposition_string = ""
    
    username = ""

  } # database.fields

  # Log Filters
  log.filters = {
#    mark_entry = {
#      label = '$lang_admin.log_filters.mark_entry_label'
#      comment = '$lang_admin.log_filters.mark_entry_comment'
#      value = 'events = 1;'
#    } # mark_entry

  } # log.filters

  database.numerical_fields = {

#    request_count = ""
#    events = {
#      default = true
#      entries_field = true
#    } # events

#    scan_duration = ""

    bytes_received = {
      default = true
      integer_bits = 64
      display_format_type = "bandwidth"
    }

    bytes_sent = {
      default = true
      integer_bits = 64
      display_format_type = "bandwidth"
    }

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      content_group = {
        url = ""
        url_host = ""
      } # content_group
      destination = ""
      source = ""
      other_group = {
        ldap_server = ""
        username = ""
        port = ""
        protocol = ""
        method = ""
        server_status_code = ""
        disposition_string = ""
      } # other_group
    } # report_groups

    snapons = {

      # Attach a gateway_reports snapon
      gateway_reports = {
				snapon = "gateway_reports"
				name = "gateway_reports"
				label = "$lang_admin.snapons.gateway_reports.label"
        parameters = {
          user_field.parameter_value = "username"
          have_client_ip_field = true
          client_ip_field.parameter_value = "source"
#          have_category_field.parameter_value = false
#          category_field.parameter_value = "categories"

          have_bytes_in_field = true
          bytes_in_field.parameter_value = "bytes_received"
          have_bytes_out_field = true
          bytes_out_field.parameter_value = "bytes_sent"

#          have_duration_field = false
#          duration_field.parameter_value = "duration"

          host_field.parameter_value = "top_level_domain"
          url_field.parameter_value = "url"
          page_views_field.parameter_value = "accesses"
          sort_by_field.parameter_value = "accesses"

          accesses_field = {
            parameter_value = "$lang_stats.field_labels.accesses"
            final_node_name = "accesses"
          } # accesses
        } # parameters
      } # gateway_reports

			user_agent_analysis = {
  	  	snapon = "user_agent_analysis"
  	  	name = "user_agent_analysis"
  	  	label = "$lang_admin.snapons.user_agent_analysis.label"
        parameters = {
        	user_agent_field.parameter_value = "user_agent"
        	page_views_field.parameter_value = "accesses"
        } # parameters
			} # user_agent_analysis

# 2013-02-06 - GMF - Now added in gateway_reports
#      # Add the standard reports
#      add_standard_reports = {
#        name = "add_standard_reports"
#	label = "add_standard_reports"
#	snapon = "add_standard_reports"
#      } # add_standard_reports

    } # snapons
  } # create_profile_wizard_options
} # websense_server