# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
rras_log_format = {

  plugin_version = "1.0.1"

  # Initial creation - 1.0
  # 2015-05-28 - 1.0.0 - ILD - Created.

  info.1.manufacturer = "Microsoft"
  info.1.device = "2012 R2 Server (CSV)"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "RRAS MS 2012 R2 Server (CSV)"
  log.miscellaneous.log_data_type = "Routing and Remote Access Service"  
  log.miscellaneous.log_format_type = "network_device"
	
	# Description of format
	#https://technet.microsoft.com/en-us/library/cc771748(v=ws.10).aspx

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = '^["][^"]+["],["][^"]+["],[0-9][0-9][/][0-9][0-9][/][0-9]+,[0-9][0-9]:[0-9][0-9]:[0-9][0-9],'

  # Use , as the separator
  log.format.field_separator = ","

  # The format of dates and times in this log
  log.format.date_format = "mm/dd/yyyy"
  log.format.time_format = "hh:mm:ss"

  
  log.fields = {
	computer_name.index = 1
	service_name.index = 2
	date.index = 3
	time.index = 4
	packet_type.index = 5
	user_name.index = 6
	fully_qualified_name.index = 7
	called_station_id.index = 8
	calling_station_id.index = 9
#callback_number.index = 10
	framed_ip_address.index = 11
	nas_id.index = 12
	nas_ip.index = 13
	nas_port.index = 14
#client_vendor.index = 15
	client_ip.index = 16
	client_friendly_name.index = 17
	event_timestamp.index = 18
#port_limit.index = 19
	nas_port_type.index = 20
#connect_info.index = 21
	framed_protocol.index = 22
	service_type.index = 23
	authentication_type.index = 24
	policy_name.index = 25
	reason_code.index = 26
	class.index = 27
#session_timeout.index = 28
#idle_timeout.index = 29
#termination_action.index = 30
#eap_friendly_name.index = 31
	acct_status_type.index = 32
#acct_delay_time.index = 33
	acct_input_octets.index = 34
	acct_output_octets.index = 35
	acct_session_id.index = 36
	acct_authentic.index = 37
	acct_session_time.index = 38
	acct_input_packets.index = 39
	acct_output_packets.index = 40
	acct_terminate_cause.index = 41
	acct_multi_ssn_id.index = 42
	acct_link_count.index = 43
#acct_interim_interval.index = 44
	tunnel_type.index = 45
	tunnel_medium_type.index = 46
	tunnel_client_endpt.index = 47
	tunnel_server_endpt.index = 48
#acct_tunnel_conn.index = 49
#tunnel_pvt_group_id.index = 50
#tunnel_assignment_id.index = 51
#tunnel_preference.index = 52
#ms_account_auth_type.index = 53
#ms_acct_eap_type.index = 54
	ms_ras_version.index = 55
	ms_ras_vendor.index = 56
#ms_chap_error.index = 57
	ms_chap_domain.index = 58
	ms_mppe_encryption_types.index = 59
	ms_mppe_encryption_policy.index = 60
	proxy_policy_name.index = 61
	provider_type.index = 62
#provider_name.index = 63
#remote_server_address.index = 64
	ms_ras_client_name.index = 65
	ms_ras_client_version.index = 66

  } # log.fields


  #          
  # Log Parsing Filters
  log.parsing_filters = {


  } # log.parsing_filters


  # Database fields
  database.fields = {

    date_time = ""
    	day_of_week = ""
    	hour_of_day = ""
    	computer_name = ""
	service_name = ""
	packet_type = ""
	user_name = ""
	fully_qualified_name = ""
	called_station_id = ""
	calling_station_id = ""
#callback_number = ""
	framed_ip_address = ""
	nas_id = ""
	nas_ip = ""
	nas_port = ""
#client_vendor = ""
	client_ip = ""
	client_friendly_name = ""
	event_timestamp = ""
#port_limit = ""
	nas_port_type = ""
#connect_info = ""
	framed_protocol = ""
	service_type = ""
	authentication_type = ""
	policy_name = ""
	reason_code = ""
	class = ""
#session_timeout = ""
#idle_timeout = ""
#termination_action = ""
#eap_friendly_name = ""
	acct_status_type = ""
#acct_delay_time = ""
	acct_input_octets = ""
	acct_output_octets = ""
	acct_session_id = ""
	acct_authentic = ""
	acct_session_time = {
	display_format_type = duration_compact
	}
	acct_input_packets = ""
	acct_output_packets = ""
	acct_terminate_cause = ""
	acct_multi_ssn_id = ""
	acct_link_count = ""
#acct_interim_interval = ""
	tunnel_type = ""
	tunnel_medium_type = ""
	tunnel_client_endpt = ""
	tunnel_server_endpt = ""
#acct_tunnel_conn = ""
#tunnel_pvt_group_id = ""
#tunnel_assignment_id = ""
#tunnel_preference = ""
#ms_account_auth_type = ""
#ms_acct_eap_type = ""
	ms_ras_version = ""
	ms_ras_vendor = ""
#ms_chap_error = ""
	ms_chap_domain = ""
	ms_mppe_encryption_types = ""
	ms_mppe_encryption_policy = ""
	proxy_policy_name = ""
	provider_type = ""
#provider_name = ""
#remote_server_address = ""
	ms_ras_client_name = ""
	ms_ras_client_version = ""

  } # database.fields

  database.numerical_fields = {

    accesses = {
      label = "$lang_stats.field_labels.accesses"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # accesses

  } # database.numerical_fields


  log.filters = {
  
    mark_entry = {     
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'accesses = 1;'
    } # mark_entry
    
  } # log.filters

  create_profile_wizard_options = {
    date_time_tracking = true
    host_tracking = true

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      name = true
      rule = true
      severity = true
      category = true
      source_ip = true
      location = true
      source_port = true      
      destination_ip = true
      destination_port = true      
      protocol = true
      summary = true
     
    } # report_groups

  } # create_profile_wizard_options

  

} # rras_log_format