# Copyright (c) 2013 Flowerfire, Inc. All Rights Reserved. weblogic_w3c = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2013-04-03 - 1.0 - GMF - Initial creation # 2013-10-04 - 1.0.1 - GMF - Removed database fields, which are created by #Fields anyway, so s_sitename doesn't cause an error if it's not in the log info.1.manufacturer = "Oracle" info.1.device = "WebLogic (W3C)" info.1.version.1 = "v12c (abc.log0001)" log.format.format_label = "Web Logic W3C Log Format" # Format: log_data_type {value} log.miscellaneous.log_data_type = "network" log.miscellaneous.log_format_type = "web_server" # Format: log_format_autodetect_regular_expression {value} log.format.autodetect_regular_expression = "^#Software: WebLogic" # 2013-04-03 - GMF - Transplanted this from iisweb # This handles #Fields lines, and creates log and database fields from them log.filter_preprocessor = ` if (matches_regular_expression(current_log_line(), '^#Fields: ([^ ].*)$')) then ( string fields = $1; string fieldname; v.logfieldindex = 1; string numerical_fields = "profiles." . internal.profile_name . ".database.numerical_fields"; # This subroutine creates a database field subroutine(create_database_field(string fieldname, int top, int bottom), ( #echo("create_database_field: " . fieldname); # debug debug_message("create_database_field(" . fieldname . ")\n"); string databasefieldpath = "profiles." . internal.profile_name . ".database.fields." . fieldname; (databasefieldpath . "") = ""; node databasefield = databasefieldpath; if (top ne 0) then set_subnode_value(databasefield, "suppress_top", top); if (bottom ne 0) then set_subnode_value(databasefield, "suppress_bottom", bottom); databasefield; )); subroutine(create_log_field(string fieldname, string type, bool withindex), ( debug_message("create_log_field(" . fieldname . "; type=" . type . ")\n"); string logfieldpath = "profiles." . internal.profile_name . ".log.fields." . fieldname; (logfieldpath . "") = ""; node logfield = logfieldpath; if (withindex) then ( set_subnode_value(logfield, "index", v.logfieldindex); v.logfieldindex++; ); set_subnode_value(logfield, "subindex", 0); if (type ne '') then set_subnode_value(logfield, "type", type); logfield; )); # Assume there isn't a localtime field until we see one. v.parse_localtime = false; # Get the log format separator. Assume at least two fields. # 2010-02-01 - GMF - Changed the default from " " to "" (any whitespace). With " " as the default, data which # has a spaces in the header, but tabs in the data, doesn't parse, because this assumes space # separators. Truly generic W3C header parsing appears to be impossible, which is why we can do # per-plugin parsing now; but that's just moved the problem here, where we'll still have to # fight it forever. Hopefully, "" gives better coverage to the universe of W3C variants than " ". # log.format.field_separator = " "; log.format.field_separator = ""; if (matches_regular_expression(fields, '^[^ ]+ [^ ]+')) then ( log.format.field_separator = " "; ); # Extract the fields on at a time while (matches_regular_expression(fields, '^ ?([^ ]+) (.*)$') or matches_regular_expression(fields, '^([^ ]+)$')) ( string unconverted_fieldname = $1; fields = $2; #echo("fields: " . fields); # Clean up the field name fieldname = ''; for (int i = 0; i < length(unconverted_fieldname); i++) ( string c = lowercase(substr(unconverted_fieldname, i, 1)); if (!matches_regular_expression(c, '^[a-z0-9]$')) then c = '_'; fieldname .= c; ); while (matches_regular_expression(fieldname, '^(.*)_$')) fieldname = $1; #echo("fieldname: " . fieldname); # Get the log field type string log_field_type = ''; if (fieldname eq 'cs_referrer') then ( fieldname = 'cs_referer'; ); if (fieldname eq 'cs_uri') then ( fieldname = 'cs_uri_stem'; ); if (fieldname eq 'cs_referer') then ( log_field_type = 'url'; ); else if (fieldname eq 'cs_uri_stem') then ( log_field_type = 'page'; ); else if (fieldname eq 'cs_user_agent') then ( log_field_type = 'agent'; ); else if (fieldname eq 'c_ip') then ( log_field_type = 'host'; ); # Create the log field if ((fieldname ne "sc_bytes") and (fieldname ne "cs_bytes")) then create_log_field(fieldname, log_field_type, true); if (fieldname eq "localtime") then v.parse_localtime = true; # If we're creating a profile, create the database fields too. if (node_exists("volatile.creating_profile")) then ( if ((fieldname eq "sc_bytes") or (fieldname eq "cs_bytes") or (fieldname eq "bytes") or (fieldname eq "time_taken")) then ( ); # Handle date by creating date_time and derived database fields else if (fieldname eq "date") then ( #echo(1); create_log_field('date_time', '', false); # placeholder - 7/Nov/2006 - KBB create_database_field('date_time', 0, 0); create_database_field('day_of_week', 0, 0); create_database_field('hour_of_day', 0, 0); ); # if date else if (fieldname eq "time") then ( create_database_field('date_time', 0, 0); create_database_field('day_of_week', 0, 0); create_database_field('hour_of_day', 0, 0); ); # if time # Create derived fields for agent else if (fieldname eq "cs_user_agent") then ( create_database_field('operating_system', 0, 0); create_database_field('web_browser', 0, 0); create_database_field('spider', 0, 0); ); # Create database field cs_ip and derived field for client IP else if (fieldname eq "c_ip") then ( create_database_field('c_ip', 0, 0); create_database_field('location', 0, 0); ); # Create database field cs_referer and derived fields for referrer else if (fieldname eq "cs_referer") then ( create_database_field('cs_referer', 1, 9); create_database_field('search_engine', 0, 0); create_database_field('search_phrase', 0, 0); ); # Create derived file type field else if (fieldname eq "cs_uri_stem") then ( create_database_field('cs_uri_stem', 0, 9); create_database_field('file_type', 0, 0); ); # Don't add a database field for numerical fields else if (subnode_exists(numerical_fields, fieldname)) then ( debug_message("Not adding numerical field: " . fieldname . "\n"); ); # Create a normal database field else create_database_field(fieldname, 0, 0); ); # if creating profile ); # while another field # Don't parse the #Fields line as a data line 'reject'; ); # if #Fields # Don't parse any other # lines as data lines else if (starts_with(current_log_line(), '#')) then ( 'reject'; ); ` # Log fields log.fields = { # Always have sc_bytes, so we can copy "bytes" to it in the log filter sc_bytes = "" } # log.fields # Database fields database.fields = { # date_time = "" # day_of_week = "" # hour_of_day = "" ## s_sitename = "" # s_ip = "" # cs_method = "" # cs_uri_stem = "" ## cs_uri_query = "" # s_port = "" # cs_username = "" # c_ip = "" ## cs_user_agent = "" ## web_browser = "" ## operating_system = "" # cs_referer = "" # sc_status = "" # sc_substatus = "" # sc_win32_status = "" } # database.fields # Log Filters log.filters = { empty_uri_query = { label = "$lang_admin.log_filters.empty_uri_query_label" comment = "$lang_admin.log_filters.empty_uri_query_comment" value = "if (cs_uri_query eq '-') then cs_uri_query = '(empty)';" disabled = true requires_fields = { cs_uri_query = true } } # empty_uri_query add_cs_uri_query = { label = "$lang_admin.log_filters.add_cs_uri_query_label" comment = "$lang_admin.log_filters.add_cs_uri_query_comment" value = "cs_uri_stem = cs_uri_stem . '?' . cs_uri_query" disabled = true requires_fields = { cs_uri_query = true cs_uri_stem = true } # requires_fields } # add_cs_uri_query bytes_to_sc_bytes = { value = ` if (sc_bytes == 0) then sc_bytes = bytes; ` requires_fields = { sc_bytes = true bytes = true } # requires_fields } # bytes_to_sc_bytes # mark_entry = { # label = '$lang_admin.log_filters.mark_entry_label' # comment = '$lang_admin.log_filters.mark_entry_comment' # value = 'events = 1;' # } # mark_entry } # log.filters database.numerical_fields = { # time_taken = { # label = "$lang_stats.field_labels.play_duration" # integer_bits = 64 # display_format_type = duration_milliseconds # default = true # } # time_taken # # events = { # label = "$lang_stats.field_labels.events" # default = true # requires_log_field = false # type = "int" # display_format_type = "integer" # entries_field = true # } # events # } # database.numerical_fields create_profile_wizard_options = { # date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" # log_level = true # server_hostname = true # server_name = true # category = true # service = true # message_id = true # message = true } # report_groups snapons = { # Attach a web_server_package snapon web_server_package = { snapon = "web_server_package" name = "web_server_package" label = "$lang_admin.snapons.web_server_package.label" parameters = { user_agent_field.parameter_value = "cs_user_agent" page_field.parameter_value = "cs_uri_stem" # client_ip_field.parameter_value = "c_ip" client_ip_field.parameter_value = "cs_proxy_client_ip" server_response_field.parameter_value = "sc_status" referrer_field.parameter_value = "cs_referer" authenticated_user_field.parameter_value = "cs_username" hits_field = { parameter_value = "$lang_stats.field_labels.hits" final_node_name = "hits" } # hits visitors_field = { parameter_value = "$lang_stats.field_labels.unique_client_ips" final_node_name = "unique_client_ips" } # visitors_field sc_bytes_field = { parameter_value = "$lang_stats.field_labels.sc_bytes" final_node_name = "sc_bytes" } # sc_bytes_field cs_bytes_field = { parameter_value = "$lang_stats.field_labels.cs_bytes" final_node_name = "cs_bytes" } # cs_bytes_field } # parameters } # web_server_package # Attach the Hits field time_taken = { snapon = "aggregating_field" name = "time_taken" # label = "{= @parameters{'hits_field'}{'parameter_value'} =}" parameters = { field_name = { parameter_value = "time_taken" final_node_name = "time_taken" } log_field.parameter_value = "time_taken" log_filter.parameter_value = "" log_filter_comment.parameter_value = "" log_filter_label.parameter_value = "" aggregation_operator.parameter_value = "sum" display_format_type.parameter_value = "duration_compact" } # parameters } # {= @parameters{'hits_field'}{'final_node_name'} =} } # snapons } # create_profile_wizard_options } # weblogic_w3c