broadweb = { plugin_version = "1.0beta" info.1.manfacturer = "BroadWeb" info.1.device = "BEMS" info.1.version.1 = "" info.2.manfacturer = "BroadWeb" info.2.device = "XKeeper" info.2.version.1 = "" info.3.manfacturer = "BroadWeb" info.3.device = "BandKeeper" info.3.version.1 = "" info.4.manfacturer = "BroadWeb" info.4.device = "NetKeeper" info.4.version.1 = "" info.5.manfacturer = "BroadWeb" info.5.device = "Eulen" info.5.version.1 = "" info.6.manfacturer = "BroadWeb" info.6.device = "NH6" info.6.version.1 = "" info.7.manfacturer = "BroadWeb" info.7.device = "UTM" info.7.version.1 = "" # 2006-10-16 - GMF - 1.0beta - Initial plug-in implementation. # The name of the log format log.format.format_label = "Broadweb IPS UTM" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "BroadWeb:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9], " # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { devicetype = "" devicename = "" ifno = "" ruleid = "" rulename = "" ori = "" cat = "" srcip.type = "host" dstip = "" srcport = "" dstport = "" btime = "" etime = "" cnt = "" action = "" } # log.fields # # Log Parsing Filters log.parsing_filters = { parse = " if (matches_regular_expression(v.syslog_message, '^[A-Z][a-z][a-z] [0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [0-9]+[.][0-9]+[.][0-9]+[.][0-9]+ (.*)$')) then ( v.syslog_message = $1; ); if (matches_regular_expression(v.syslog_message, '^BroadWeb:([0-9-]+) ([0-9:]+), [$](.*)$')) then ( set_collected_field('', 'date', $1); set_collected_field('', 'time', $2); collect_listed_fields('', $3, ', $', '=', ''); accept_collected_entry('', false); ); " } # log.parsing_filters # Database fields database.fields = { devicetype = "" devicename = "" ifno = "" ruleid = "" rulename = "" ori = "" cat = "" srcip = "" location = "" dstip = "" srcport = "" dstport = "" # btime = "" # etime = "" action = "" } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "url" sessions_visitor_id_field = "src" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events unique_source_ips = { default = false log_field = "srcip" type = "unique" } # unique_source_ips cnt = "" } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # broadweb