# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. 8e6_content_appliance = { plugin_version = "2.0.1" info.1.manufacturer = "Marshal8e6" info.1.device = "8e6 Web Filter" info.1.version.1 = "" info.2.manufacturer = "M86 Security" info.2.device = "8e6 Web filter" info.2.version.1 = "" # ????-??-?? - ??? - 1.0 - Initial implementation # 2009-07-10 - 2.0 - GMF - Added support for new format # 2010-10-07 - 2.0.1 - MSG - Edited info lines. # The name of the log format log.format.format_label = "8e6 Content Appliance Log Format" log.miscellaneous.log_data_type = "http_access" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,[A-Z]+,[0-9][0-9][0-9][0-9]/[0-9][0-9]/[0-9][0-9],[0-9]{2,4}:[0-9][0-9]:[0-9][0-9],[A-Z]+,(.*)$" # log.format.parsing_regular_expression = "^([^,]+),([^,]+),([^,]+),([^,]+),([^,]+),([^,]+)$" log.parsing_filters.parse = ` # New format, e.g. # 12.34.56.78,2009/06/17,21:00:02,SHOP,0,3,,http://WWW.PAYPAL.COM/,http://www.paypal.com/cgi-bin/webscr if (matches_regular_expression(current_log_line(), "^([0-9]+[.][0-9]+[.][0-9]+[.][0-9]+),([A-Z]+),([0-9][0-9][0-9][0-9]/[0-9][0-9]/[0-9][0-9]),([0-9]{2,4}:[0-9][0-9]:[0-9][0-9]),([A-Z]+),([0-9]+),([0-9]+),([^,]*),([^,]*),(.*)$")) then ( client_ip = $1; group = $2; date = $3; time = $4; classification = $5; filter_action = $6; if (filter_action eq "0") then filter_action = "Allowed"; else if (filter_action eq "1") then filter_action = "Blocked"; request_type = $7; if (request_type eq "1") then request_type = "Search Engine Keyword"; else if (request_type eq "2") then request_type = "URL Keyword"; else if (request_type eq "3") then request_type = "By URL"; else if (request_type eq "4") then request_type = "Wildcard URL"; else if (request_type eq "5") then request_type = "HTTPS High-Level Invalid Certificate"; else if (request_type eq "6") then request_type = "X Strike Lockout"; else if (request_type eq "7") then request_type = "Pattern Match"; string_value = $8; domain = $9; url = $10; ); # old format else if (matches_regular_expression(current_log_line(), "^([0-9]+[.][0-9]+[.][0-9]+[.][0-9]+),([A-Z]+),([0-9][0-9][0-9][0-9]/[0-9][0-9]/[0-9][0-9]),([0-9]{2,4}:[0-9][0-9]:[0-9][0-9]),([A-Z]+),(.*)$")) then ( client_ip = $1; group = $2; date = $3; time = $4; classification = $5; url = $6; ); ` # Log fields log.fields = { client_ip.type = "host" group = "" date = "" time = "" classification = "" filter_action = "" request_type = "" string_value = "" domain = "" url.type = "page" } # log.fields # Database fields database.fields = { date_time = "" client_ip = "" location = "" group = "" classification = "" filter_action = "" request_type = "" string_value = "" domain = "" url = { suppress_top = 1 suppress_bottom = 3 } file_type = "" } # database.fields # Log Filters log.filters = { detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "url" sessions_visitor_id_field = "client_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views unique_client_ips = { label = "$lang_stats.field_labels.unique_client_ips" default = false requires_log_field = true log_field = "client_ip" type = "unique" display_format_type = "integer" } # unique_client_ips } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { url = true file_type = true } visitor_demographics_group = { client_ip = true location = true } other_group = { group = true classification = true } } # report_groups } # create_profile_wizard_options } # 8e6_content_appliance