# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. squid_ncsa_auth = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2011-07-20 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "GNU" info.1.device = "Squid with ncsa_auth Package" info.1.version.1 = "" # The name of the log format log.format.format_label = "Squid Log Format With ncsa_auth Package" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "proxy_server" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[^ ]* [^ ]* .* \\[../.../....:..:..:...*\\] \"[A-Z]* [a-zA-Z0-9]*://[^ ]* HTTP.*\" [-0-9]* [-0-9]* [A-Z_]+:[A-Z_]+ *[^ ]*$" # Treat fields surrounded by square brackets (e.g. the date/time field) as a single quoted field. log.format.treat_brackets_as_quotes = "true" log.format.common_log_format = "true" # The format of dates and times in this log log.format.date_format = "dd/mmm/yyyy:hh:mm:ss" log.format.time_format = "dd/mmm/yyyy:hh:mm:ss" # Log fields log.fields = { client_ip = { type = "host" index = 1 } # client_ip authenticated_user.index = 3 date_time = { index = 4 subindex = 1 } # date_time operation = { index = 5 subindex = 1 } # operation url = { type = "page" index = 5 subindex = 2 hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # url protocol = { index = 5 subindex = 3 } # protocol server_response = { type = "response" index = 6 } # server_response bytes_transferred = { type = "size" index = 7 } # bytes_transferred # This will contain the concatenation of the result code and hierarchy code, separated by :, as it appears # in the log data, e.g. TCP_MISS:FIRST_UP_PARENT. result_code_and_hierarchy_code = { label = "result code and hierarchy code" index = 8 } # These will be extracted by a parsing filter from the result_code_and_hierarchy_code field result_code.index = 0 hierarchy_code.index = 0 proxy_name.index = 9 } # log.fields log.parsing_filters = { parse = ` if (matches_regular_expression(result_code_and_hierarchy_code, "^([A-Z_]+):([A-Z_]+)$")) then ( result_code = $1; hierarchy_code = $2; ) ` } # log.parsing_filters # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" client_ip = "" url = { suppress_top = 1 suppress_bottom = 3 } # url file_type = "" worm = "" authenticated_user = "" protocol = "" server_response = "" result_code = "" hierarchy_code = "" proxy_name = "" } # database.fields # Log Filters log.filters = { remove_query = { label = "$lang_admin.log_filters.remove_query_label" comment = "$lang_admin.log_filters.remove_query_comment" value = "if (contains(url, '?')) then url = substr(url, 0, index(url, '?') + 1) . '(parameters)';" } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';" } # strip_non_page_views not_authenticated = { label = "$lang_admin.log_filters.not_authenticated_label" comment = "$lang_admin.log_filters.not_authenticated_comment" value = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';" } # not_authenticated mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'accesses = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "url" sessions_visitor_id_field = "client_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { accesses = { label = "$lang_stats.field_labels.accesses" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # accesses page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views unique_client_ips = { label = "$lang_stats.field_labels.unique_client_ips" default = false requires_log_field = true log_field = "client_ip" type = "unique" display_format_type = "integer" } # unique_client_ips bytes_transferred = { label = "$lang_stats.field_labels.bytes_transferred" default = false requires_log_field = true log_field = "bytes_transferred" type = "int" integer_bits = 64 display_format_type = "bandwidth" } # bytes_transferred } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" client_ip = true url = true file_type = true worm = true authenticated_user = true protocol = true server_response = true result_code = true hierarchy_code = true proxy_name = true } # report_groups } # create_profile_wizard_options } # squid_ncsa_auth