# Copyright (c) 2013 Flowerfire, Inc.  All Rights Reserved.
courier_pop3_imap = {

  plugin_version = "1.0"

  info.1.manufacturer = "Courier"
  info.1.device = "POP3/IMAP Mail Server"
  info.1.version.1 = ""

  # 2013-03-23 - 1.0 - GMF - Initial creation

  # The name of this format
  log.format.format_label = "Courier POP3/IMAP Mail Server"

  # This log is the following type
  log.miscellaneous.log_data_type = "syslog_required"
  log.miscellaneous.log_format_type = "mail_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "(LOGIN|LOGOUT), user=[^,]+, ip=[[][^]]+[]], "

  # when we need to use parsing filters only, we set this to true
  log.format.parse_only_with_filters = "true"

  log.parsing_filters.parse = `
# Mar 13 01:08:39 dedi58.flk1.host-h.net imapd: LOGIN, user=justin@terrafirma-solutions.com, ip=[::ffff:178.239.84.77], port=[40031], protocol=IMAP
if (matches_regular_expression(v.syslog_message, '^[a-z]+: (LOGIN|LOGOUT|LOGIN FAILED), (.*)$')) then (
  set_collected_field('', 'event_type', $1);
  collect_listed_fields('', $2, ', ', '=', '');
#  set_collected_field('', 'user', $2);
#  set_collected_field('', 'ip', $3);
#  set_collected_field('', 'headers', $4);
#  set_collected_field('', 'body', $5);
#  set_collected_field('', 'rcvd', $6);
#  set_collected_field('', 'sent', $7);
#  set_collected_field('', 'time_spent', $8);
  accept_collected_entry('', false);
);

#else if (matches_regular_expression(v.syslog_message, '^[a-z]+: (LOGOUT), user=([^,]+), ip=[[]([^]]+)[]], port=([^,]+), top=([^,]+), retr=([^,]+), rcvd=([^,]+), sent=([^,]+), time=([^,]+)')) then (
#  set_collected_field('', 'event_type', $1);
#  set_collected_field('', 'user', $2);
#  set_collected_field('', 'ip', $3);
#  set_collected_field('', 'port', $4);
#  set_collected_field('', 'top', $5);
#  set_collected_field('', 'retr', $6);
#  set_collected_field('', 'rcvd', $7);
#  set_collected_field('', 'sent', $8);
#  set_collected_field('', 'time_spent', $9);
#  accept_collected_entry('', false);
#);
`

  
  # Log fields
  log.fields = {

    event_type = ""
    user = ""
    ip = ""
    headers = ""
    body = ""
    rcvd = ""
    sent = "" 
    time_spent = ""
    port = ""
    top = ""
    retr = ""

    events = ""

  } # log.fields

  # Database fields
  database.fields = {

    event_type = ""
    user = ""
    ip = ""
    headers = ""
    body = ""
    port = ""
    top = ""

  } # database.fields

  # Log Filters
  log.filters = {
  	
    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    events = {
      default = true
      entries_field = true
    } # events

    retr = ""    

    rcvd = {
      integer_bits = 64
      display_format_type = "bandwidth"
    } # rcvd

    sent = {
      integer_bits = 64
      display_format_type = "bandwidth"
    } # sent
    
    time_spent = {
      display_format_type = "duration_compact"
    } # time_spent
    
  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # courier_pop3_imap