# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
websense = {

  plugin_version = "1.0"

  info.1.manufacturer = "Websense"
  info.1.device = "Websense"
  info.1.version = ""

  # 2012-11-08 - 1.0 - GMF - Initial implementation

  # The name of the log format
  log.format.format_label = "Websense Log Format"
  log.miscellaneous.log_data_type = "firewall"
  log.miscellaneous.log_format_type = "proxy_server"

  # The log is in this format if any of the first ten lines match this regular expression
  #[1350878840,27784,"me@here.com",3406736165,1,279,0,3,"W2378","https",443,1249766664,"https://plus.google.com:443",0,"","","","","MI Internet Policy","","plus.google.com:443","CONNECT",2790,0,241568]
  log.format.autodetect_regular_expression = '^[[][0-9]+,[0-9]+,["][^"]+["],[0-9]+,[0-9]+,[0-9]+,[0-9]+'

  log.format.parsing_regular_expression = '^[[]([0-9]+),([0-9]+),["]([^"]+)["],([0-9]+),([0-9]+),([0-9]+),([0-9]+),([0-9]+),["]([^"]+)["],["]([^"]+)["],([0-9]+),([0-9]+),["]([^"]+)["],([0-9]+),["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],["]([^"]*)["],([0-9]+),([0-9]+),([0-9]+)[]]'

  log.format.date_format = "seconds_since_jan1_1970"
  log.format.time_format = "seconds_since_jan1_1970"

  # Log fields
  log.fields = {

    date_time = ""
    account_id = ""
    user_id = ""
    client_ip = ""
    request_count = ""
    request_size = ""
    response_size = ""
    disposition = ""
    categories = ""
    protocol = ""
    port = ""
    destination_ip = ""

    uri = {
      type = "page"
      hierarchy_dividers = "/?"
      left_to_right = true
      leading_divider = "true"
    } # uri

    analytic_id = ""
    reason_code = ""
    content_stripping = ""
    reason_type = ""
    logged_file_type = ""
    policy_name = ""
    content_type = ""
    remote_host = ""
    method = ""

    proxy_time = ""
    origin_time = ""
    response_time = ""

    page_views = ""

  } # log.fields

  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    account_id = ""
    user_id = ""
    client_ip = ""
    disposition = ""
    categories = ""
    protocol = ""
    port = ""
    destination_ip = ""

    uri = {
      suppress_top = 1
      suppress_bottom = 3
    } # uri

    analytic_id = ""
    reason_code = ""
    content_stripping = ""
    reason_type = ""
    logged_file_type = ""
    policy_name = ""
    content_type = ""
    remote_host = ""
    method = ""

  } # database.fields

  # Log Filters
  log.filters = {

    detect_page_views = {
      label = '$lang_admin.log_filters.detect_page_views_label'
      comment = '$lang_admin.log_filters.detect_page_views_comment'
      value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;"
    } # detect_page_views

    remove_query = {
      label = "$lang_admin.log_filters.remove_query_label"
      comment = "$lang_admin.log_filters.remove_query_comment"
      value = "if (contains(uri, '?')) then uri = substr(uri, 0, index(uri, '?') + 1) . '(parameters)';"
    } # remove_query

    simplify_uri = {
      label = "$lang_admin.log_filters.simplify_uri_label"
      comment = "$lang_admin.log_filters.simplify_url_comment"
      value = "if (matches_regular_expression(uri, '^([^:]+://[^/]+/)')) then uri = $1 . '(omitted)'"
    } # simplify_url

    strip_non_page_views = {
      label = '$lang_admin.log_filters.strip_non_page_views_label'
      comment = '$lang_admin.log_filters.strip_non_page_views_comment'
      value = "if (page_views == 0) then uri = substr(uri, 0, last_index(uri, '/') + 1) . '(nonpage)';"
    } # strip_non_page_views

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  log.field_options = {

    sessions_page_field = "uri"
    sessions_visitor_id_field = "user_id"
    sessions_event_field = "page_views"

  } # log.field_options

  database.numerical_fields = {

#    request_count = ""
    events = {
      default = true
      entries_field = true
    } # events

    page_views = ""

    request_size = {
      integer_bits = 64
      display_format_type = "bandwidth"
    } # request_size
      
    response_size = {
      integer_bits = 64
      display_format_type = "bandwidth"
    } # response_size

    proxy_time = {
      integer_bits = 64
      display_format_type = duration_milliseconds
    } # proxy_time

    origin_time = {
      integer_bits = 64
      display_format_type = duration_milliseconds
    } # origin_time

    response_time = {
      integer_bits = 64
      display_format_type = duration_milliseconds
    } # response_time

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      content_group = {
        file_type = ""
        logged_file_type = ""
        uri = ""
        content_type = ""
        categories = ""
      } # content_group
      client_group = {
        account_id = ""
        user_id = ""
        client_ip = ""
      } # client_group
      destination_group = {
        destination_ip = ""
        port = ""
        remote_host = ""
      } # destination_group
      other_group = {
        disposition = ""
        protocol = ""
        analytic_id = ""
        reason_code = ""
        reason_type = ""
        content_stripping = ""
        reason_string = ""
        policy_name = ""
        method = ""
      } # other_group
    } # report_groups

    snapons = {

      # Attach a top_level_domain snapon
      top_level_domain = {
	snapon = "top_level_domain"
	name = "top_level_domain"
	label = "$lang_admin.snapons.top_level_domain.label"
        parameters = {
          url_field.parameter_value = "uri"
          field_name = {
            parameter_value = "$lang_admin.field_labels.top_level_domain"
            final_node_name = "top_level_domain"
          }
        } # parameters
      } # top_level_domain

      # Attach a gateway_reports snapon
      gateway_reports = {
	snapon = "gateway_reports"
	name = "gateway_reports"
	label = "$lang_admin.snapons.gateway_reports.label"
        parameters = {
          user_field.parameter_value = "user_id"
          have_client_ip_field = false
          client_ip_field.parameter_value = "client_ip"
          have_category_field.parameter_value = true
          category_field.parameter_value = "categories"

          have_bytes_in_field = true
          bytes_in_field.parameter_value = "response_size"
          have_bytes_out_field = true
          bytes_out_field.parameter_value = "request_size"

          have_duration_field = false
#          duration_field.parameter_value = "duration"

          host_field.parameter_value = "top_level_domain"
          page_views_field.parameter_value = "page_views"
          sort_by_field.parameter_value = "page_views"
        } # parameters
  
      } # gateway_reports

# 2013-02-06 - GMF - Now added in gateway_reports
#      # Add the standard reports
#      add_standard_reports = {
#        name = "add_standard_reports"
#	label = "add_standard_reports"
#	snapon = "add_standard_reports"
#      } # add_standard_reports

    } # snapons

  } # create_profile_wizard_options

} # websense