# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. symantec_web_security_csv = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2011-07-20 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "Symantec" info.1.device = "Web Security CSV" info.1.version.1 = "" # The name of the log format log.format.format_label = "Symantec Web Security CSV Log Format" log.miscellaneous.log_data_type = "csv" log.miscellaneous.log_format_type = "web_server" # First two lines look like this: # Date,Time,Realm,Action,Result,User,Client,Server,Type,Name,Warning,URL,MIME Type,HTTP Response Code,70,Info,Info2,Last Command,Last Response,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,Virus ID,Virus Name,Infected File Name,LiveUpdate Result Code,Virus Definitions Update Result Code,Scan Result Code,Category # 15-Aug-2005,03:00 AM ,Administration,File Download,Up to date,,,,,SWS-3.0.1.58/lists,,,,,,Version 3.0.2611,,,,,,,,,,,,,,,,,,,,,, # # Description of how new variant was created: # SWS ver 3.0.1.58 # Log file was created with the SWS export in CSV format. Native to the # application. Logging "Violations and text pages visited", all boxes checked. # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = '^Date,Time,Realm,Action,Result,User,Client,Server,Type,Name,Warning,URL,MIME Type,HTTP Response Code,70,Info,Info2,Last Command,Last Response,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,Virus ID,Virus Name,Infected File Name,LiveUpdate Result Code,Virus Definitions Update Result Code,Scan Result Code,Category' # The format of dates and times in this log log.format.date_format = "auto" log.format.time_format = "auto" # Log fields log.fields = { # Log fields are computed from CSV header } # log.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters # Database fields database.fields = { # Log fields are computed from CSV header } # database.fields # Log Filters log.filters = { # set_page_for_worm = { # label = "$lang_admin.log_filters.set_page_for_worm_label" # comment = "$lang_admin.log_filters.set_page_for_worm_comment" # value = "if (starts_with(worm, '(')) then '' else page = '(worm)';" # } # set_page_for_worm # remove_query = { # label = "$lang_admin.log_filters.remove_query_label" # comment = "$lang_admin.log_filters.remove_query_comment" # value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';" # } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" requires_fields = { url = true } } # detect_page_views # strip_non_page_views = { # label = '$lang_admin.log_filters.strip_non_page_views_label' # comment = '$lang_admin.log_filters.strip_non_page_views_comment' # value = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';" # } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "url" sessions_visitor_id_field = "client" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "client" type = "unique" display_format_type = "integer" } # visitors } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { url = true file_type = true mime_type = true category = true type = true name = true } source_group = { user = true client = true } server_group = { realm = true action = true result = true server = true } visitor_demographics_group = { screen_dimensions = true screen_depth = true } av_group = { virus_id = true virus_name = true infected_file_name = true liveupdate_result_code = true virus_definitions_update_result_code = true scan_result_code = true } other_group = { worm = true warning = true http_response_code = true info = true info2 = true last_command = true last_response = true 70 = true 1000 = true 1001 = true 1002 = true 1003 = true 1004 = true 1005 = true 1006 = true 1007 = true 1008 = true 1009 = true 1010 = true 1011 = true } } # report_groups } # create_profile_wizard_options } # symantec_web_security_csv