# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. coradiant_object_v2 = { plugin_version = "2.1.1" # Initial creation - 1.0 # 2010-10-27 - 1.0.1 - MSG - Edited info lines. # 2012-01-10 - 2.0 - GMF - Major enhancement; added parsing of header, support for new numerical fields, categorization of new non-numerical fields reports. coradiant_truesight_data_objects.cfg is now replaced by this one, too. # 2012-01-11 - 2.0.1 - GMF - Fixed bug where cs_uri_stem database field was not created # 2012-01-23 - 2.1 - GMF - Added support for non-object formats. # 2012-05-20 - 2.1.1 - GMF - Fixed a bug with reassignment of log field indices, which could cause some previous log field indices to be used in parsing the current log. info.1.manufacturer = "Coradiant" info.1.device = "TrueSight v2.0" info.1.version.1 = "2.0" # The name of the log format log.format.format_label = "Coradiant TrueSight Log Format (object tracking) v2.0" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^#x-record-type," log.format.ignore_format_lines = "true" log.format.field_separator = "," # The format of dates and times in this log log.format.date_format = "dd/mmm/yyyy" log.format.time_format = "auto" # This handles header (#) lines, and creates log and database fields from them log.filter_preprocessor = ` #echo("current_log_line()=" . current_log_line()); if (matches_regular_expression(current_log_line(), '^#(x-record-type,.*)$')) then ( string fields = $1; # Send this line to all parsing servers string format_line = '#' . fields; #echo("calling distribute_format_line(); line=" . format_line); distribute_format_line(format_line); string fieldname; v.logfieldindex = 1; string numerical_fields = "profiles." . internal.profile_name . ".database.numerical_fields"; node log_fields = "profiles"{internal.profile_name}{"log"}{"fields"}; node log_field; foreach log_field log_fields ( @log_field{"index"} = 0; @log_field{"subindex"} = 0; ); #echo("log.fields: " . node_as_string("profiles"{internal.profile_name}{"log"}{"fields"})); # This subroutine creates a database field subroutine(create_database_field(string fieldname), ( #echo("create_database_field: " . fieldname); debug_message("create_database_field(" . fieldname . ")\n"); string databasefieldpath = "profiles." . internal.profile_name . ".database.fields." . fieldname; (databasefieldpath . "") = ""; node databasefield = databasefieldpath; # set_subnode_value(databasefield, "label", fieldname); databasefield; )); # This subroutine creates a log field subroutine(create_log_field(string fieldname, string type, bool withindex), ( debug_message("create_log_field(" . fieldname . "; type=" . type . "; v.logfieldindex=" . v.logfieldindex . ")\n"); string logfieldpath = "profiles." . internal.profile_name . ".log.fields." . fieldname; (logfieldpath . "") = ""; node logfield = logfieldpath; # set_subnode_value(logfield, "label", fieldname); if (withindex) then ( set_subnode_value(logfield, "index", v.logfieldindex); v.logfieldindex++; ); set_subnode_value(logfield, "subindex", 0); if (type ne '') then set_subnode_value(logfield, "type", type); logfield; )); # Extract the fields on at a time while (matches_regular_expression(fields, '^([^,]+),(.*)$')) ( string unconverted_fieldname = $1; fields = $2; debug_message("unconverted_fieldname: " . unconverted_fieldname); # Clean up the field name fieldname = ''; for (int i = 0; i < length(unconverted_fieldname); i++) ( string c = lowercase(substr(unconverted_fieldname, i, 1)); if (!matches_regular_expression(c, '^[a-z0-9]$')) then c = '_'; fieldname .= c; ); while (matches_regular_expression(fieldname, '^(.*)_$')) fieldname = $1; # Get the log field type string log_field_type = ''; if (fieldname eq 'cs_uri_stem') then ( log_field_type = 'page'; # ("profiles." . internal.profile_name . ".log.fields.url.type") = 'flat'; ); # Create the log field create_log_field(fieldname, log_field_type, true); # If we're creating a profile, create the database fields too. if (node_exists("volatile.creating_profile")) then ( # Handle localtime by creating date_time and derived database fields if (fieldname eq "x_start_time") then ( # fieldname = "date_time"; create_log_field('date', '', false); create_log_field('time', '', false); create_database_field('date_time'); create_database_field('day_of_week'); create_database_field('hour_of_day'); # ("profiles." . internal.profile_name . ".log.parsing_filters.parse_localtime.disabled") = false; ); # if localtime # Create derived fields for referrer else if (fieldname eq "cs_referer") then ( create_log_field('search_engine', '', false); create_database_field('search_engine'); create_log_field('search_phrase', '', false); create_database_field('search_phrase'); ); # Create derived field for agent else if (fieldname eq "c_ip") then ( create_database_field('c_ip'); create_log_field('location', '', false); create_database_field('location'); ); #/d/bugzero/1052024/*object* # Create derived file type field else if (fieldname eq "cs_uri_stem") then ( create_log_field(fieldname, '', false); create_database_field(fieldname); create_log_field('file_type', '', false); create_database_field('file_type'); ); # Don't add a database field for numerical fields # else if (subnode_exists('database.fields', fieldname)) then ( else if (subnode_exists(numerical_fields, fieldname)) then ( debug_message("Not adding numerical field: " . fieldname . "\n"); ); # Create a normal database field else create_database_field(fieldname); ); # if creating profile ); # while another field # Don't parse the #Fields line as a data line 'reject'; ); # if #Fields # Don't parse any other # lines as data lines else if (starts_with(current_log_line(), '#')) then ( 'reject'; ); ` # Log fields log.fields = { # date = "" # time = "" events = "" # x_record_type = { # label = "$lang_stats.field_labels.x_record_type" # type = "flat" # index = 1 # } # x_record_type # # x_object_id = { # label = "$lang_stats.field_labels.x_object_id" # type = "flat" # index = 2 # } # x_object_id # # x_page_id = { # label = "$lang_stats.field_labels.x_page_id" # type = "flat" # index = 3 # } # x_page_id # # x_session_id = { # label = "$lang_stats.field_labels.x_session_id" # type = "flat" # index = 4 # } # x_session_id # # cs_host = { # label = "$lang_stats.field_labels.cs_host" # type = "flat" # index = 5 # } # cs_host # # cs_uri_stem = { # label = "$lang_stats.field_labels.cs_uri_stem" # type = "page" # index = 6 # hierarchy_dividers = "/?" # left_to_right = true # leading_divider = "true" # } # cs_uri_stem # # cs_uri_query = { # label = "$lang_stats.field_labels.cs_uri_query" # type = "flat" # index = 7 # } # cs_uri_query # # cs_referer = { # label = "$lang_stats.field_labels.cs_referer" # type = "URL" # index = 8 # hierarchy_dividers = "/?" # left_to_right = true # leading_divider = "false" # } # cs_referer # # sc_location = { # label = "$lang_stats.field_labels.sc_location" # type = "flat" # index = 9 # } # sc_location # # x_start_time = { # label = "$lang_stats.field_labels.x_start_time" # type = "flat" # index = 10 # } # x_start_time # # x_end_time = { # label = "$lang_stats.field_labels.x_end_time" # type = "flat" # index = 11 # } # x_end_time # # c_ip = { # label = "$lang_stats.field_labels.c_ip" # type = "host" # index = 12 # hierarchy_dividers = "." # left_to_right = false # leading_divider = "false" # } # c_ip # # c_port = { # label = "$lang_stats.field_labels.c_port" # type = "flat" # index = 13 # } # c_port # # s_ip = { # label = "$lang_stats.field_labels.s_ip" # type = "flat" # index = 14 # } # s_ip # # s_port = { # label = "$lang_stats.field_labels.s_port" # type = "flat" # index = 15 # } # s_port # # sc_bytes = { # label = "$lang_stats.field_labels.sc_bytes" # type = "flat" # index = 16 # } # sc_bytes # # x_throughput = { # label = "$lang_stats.field_labels.x_throughput" # type = "flat" # index = 17 # } # x_throughput # # x_tcp_rtt = { # label = "$lang_stats.field_labels.x_tcp_rtt" # type = "flat" # index = 19 # } # x_tcp_rtt # # x_tcp_ooo = { # label = "$lang_stats.field_labels.x_tcp_ooo" # type = "flat" # index = 20 # } # x_tcp_ooo # # x_tcp_retrx = { # label = "$lang_stats.field_labels.x_tcp_retrx" # type = "flat" # index = 21 # } # x_tcp_retrx # # x_ssl_time = { # label = "$lang_stats.field_labels.x_ssl_time" # type = "flat" # index = 22 # } # x_ssl_time # # x_e2e_time = { # label = "$lang_stats.field_labels.x_e2e_time" # type = "flat" # index = 22 # } # x_e2e_time # # x_process_time = { # label = "$lang_stats.field_labels.x_process_time" # type = "flat" # index = 23 # } # x_process_time # # x_network_time = { # label = "$lang_stats.field_labels.x_network_time" # type = "flat" # index = 24 # } # x_network_time # # cs_method = { # label = "$lang_stats.field_labels.cs_method" # type = "flat" # index = 25 # } # cs_method # # cs_version = { # label = "$lang_stats.field_labels.cs_version" # type = "flat" # index = 26 # } # cs_version # # x_sc_mimetype = { # label = "$lang_stats.field_labels.x_sc_mimetype" # type = "flat" # index = 27 # } # x_sc_mimetype # # sc_status = { # label = "$lang_stats.field_labels.sc_status" # type = "flat" # index = 28 # } # sc_status # # x_redirect = { # label = "$lang_stats.field_labels.x_redirect" # type = "flat" # index = 29 # } # x_redirect # # x_document = { # label = "$lang_stats.field_labels.x_document" # type = "flat" # index = 30 # } # x_document # # x_container = { # label = "$lang_stats.field_labels.x_container" # type = "flat" # index = 31 # } # x_container # # x_component = { # label = "$lang_stats.field_labels.x_component" # type = "flat" # index = 32 # } # x_component # # x_aborted = { # label = "$lang_stats.field_labels.x_aborted" # type = "flat" # index = 33 # } # x_aborted # # x_secure = { # label = "$lang_stats.field_labels.x_secure" # type = "flat" # index = 34 # } # x_secure # # x_timed_out = { # label = "$lang_stats.field_labels.x_timed_out" # type = "flat" # index = 35 # } # x_timed_out # # x_nw_error_count = { # label = "$lang_stats.field_labels.x_nw_error_count" # type = "flat" # index = 36 # } # x_nw_error_count # # x_cl_error_count = { # label = "$lang_stats.field_labels.x_cl_error_count" # type = "flat" # index = 37 # } # x_cl_error_count # # x_sv_error_count = { # label = "$lang_stats.field_labels.x_sv_error_count" # type = "flat" # index = 38 # } # x_sv_error_count # # x_ap_error_count = { # label = "$lang_stats.field_labels.x_ap_error_count" # type = "flat" # index = 39 # } # x_ap_error_count # # x_ct_error_count = { # label = "$lang_stats.field_labels.x_ct_error_count" # type = "flat" # index = 40 # } # x_ct_error_count # # x_cu_error_count = { # label = "$lang_stats.field_labels.x_cu_error_count" # type = "flat" # index = 41 # } # x_cu_error_count } # log.fields # Database fields database.fields = { # date_time = "" # day_of_week = "" # label = "$lang_stats.field_labels.day_of_week" # log_field = "day_of_week" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # display_format_type = "day_of_week" # } # day_of_week # # hour_of_day = { # label = "$lang_stats.field_labels.hour_of_day" # log_field = "hour_of_day" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # display_format_type = "hour_of_day" # } # hour_of_day # # cs_uri_stem = { # label = "$lang_stats.field_labels.cs_uri_stem" # log_field = "cs_uri_stem" # type = "string" # suppress_top = 0 # suppress_bottom = 9 # } # cs_uri_stem # # file_type = { # label = "$lang_stats.field_labels.file_type" # log_field = "file_type" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # file_type # # worm = { # label = "$lang_stats.field_labels.worm" # log_field = "worm" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # worm # ## screen_dimensions = { ## label = "$lang_stats.field_labels.screen_dimensions" ## log_field = "screen_dimensions" ## type = "string" ## suppress_top = 0 ## suppress_bottom = 2 ## } # screen_dimensions # ## screen_depth = { ## label = "$lang_stats.field_labels.screen_depth" ## log_field = "screen_depth" ## type = "string" ## suppress_top = 0 ## suppress_bottom = 2 ## } # screen_depth # # c_ip = { # label = "$lang_stats.field_labels.host" # log_field = "c_ip" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # display_format_type = "hostname" # } # c_ip # # domain_description = { # label = "$lang_stats.field_labels.domain_description" # log_field = "domain_description" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # domain_description # # location = { # label = "$lang_stats.field_labels.location" # log_field = "location" # type = "string" # suppress_top = 0 # suppress_bottom = 3 # } # location # # cs_referer = { # label = "$lang_stats.field_labels.cs_referer" # log_field = "cs_referer" # type = "string" # suppress_top = 1 # suppress_bottom = 3 # } # cs_referer # # referrer_description = { # label = "$lang_stats.field_labels.referrer_description" # log_field = "referrer_description" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # referrer_description # # search_engine = { # label = "$lang_stats.field_labels.search_engine" # log_field = "search_engine" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # search_engine # # search_phrase = { # label = "$lang_stats.field_labels.search_phrase" # log_field = "search_phrase" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # } # search_phrase # # x_record_type = { # label = "$lang_stats.field_labels.x_record_type" # log_field = "x_record_type" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_record_type # # x_object_id = { # label = "$lang_stats.field_labels.x_object_id" # log_field = "x_object_id" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_object_id # # x_page_id = { # label = "$lang_stats.field_labels.x_page_id" # log_field = "x_page_id" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_page_id # # x_session_id = { # label = "$lang_stats.field_labels.x_session_id" # log_field = "x_session_id" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_session_id # # cs_host = { # label = "$lang_stats.field_labels.cs_host" # log_field = "cs_host" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # cs_host # # cs_uri_query = { # label = "$lang_stats.field_labels.cs_uri_query" # log_field = "cs_uri_query" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # cs_uri_query # # sc_location = { # label = "$lang_stats.field_labels.sc_location" # log_field = "sc_location" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # sc_location # # c_ip = { # label = "$lang_stats.field_labels.c_ip" # log_field = "c_ip" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # c_ip # # c_port = { # label = "$lang_stats.field_labels.c_port" # log_field = "c_port" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # c_port # # s_ip = { # label = "$lang_stats.field_labels.s_ip" # log_field = "s_ip" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # s_ip # # s_port = { # label = "$lang_stats.field_labels.s_port" # log_field = "s_port" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # s_port # # cs_method = { # label = "$lang_stats.field_labels.cs_method" # log_field = "cs_method" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # cs_method # # cs_version = { # label = "$lang_stats.field_labels.cs_version" # log_field = "cs_version" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # cs_version # # x_sc_mimetype = { # label = "$lang_stats.field_labels.x_sc_mimetype" # log_field = "x_sc_mimetype" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_sc_mimetype # # sc_status = { # label = "$lang_stats.field_labels.sc_status" # log_field = "sc_status" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # sc_status # # x_redirect = { # label = "$lang_stats.field_labels.x_redirect" # log_field = "x_redirect" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_redirect # # x_document = { # label = "$lang_stats.field_labels.x_document" # log_field = "x_document" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_document # # x_container = { # label = "$lang_stats.field_labels.x_container" # log_field = "x_container" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_container # # x_component = { # label = "$lang_stats.field_labels.x_component" # log_field = "x_component" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_component # # x_aborted = { # label = "$lang_stats.field_labels.x_aborted" # log_field = "x_aborted" # type = "string" # suppress_top = "0" # suppress_bottom = "2" # } # x_aborted } # database.fields # Log Parsing Filters log.parsing_filters = { adjust_date = { label = "adjust date" comment = "" value = " if (length(x_start_time) > 3) then ( date = normalize_date(substr(x_start_time, 0, 10), 'auto'); time = normalize_time(substr(x_start_time, 11, 8), 'auto'); ) " } # adjust_date } # log.parsing_filters # 2012-01-12 - GMF - There does not seem to be a # Get search engine and search phrase information from the referrer field (before it gets simplified). log.parsing_filters.compute_se_sp = { value = ` if (get_search_engine_info(cs_referer)) then ( search_engine = volatile.search_engine; search_phrase = volatile.search_phrase; ); ` requires_fields = { cs_referrer = true } } # log.parsing_filters.compute_se_sp # Log Filters log.filters = { clear_end_time = { label = "Clear end_time" comment = "" value = `x_end_time = "[omitted by log filter]"` } # clear_end_time simplify_url = { label = "$lang_admin.log_filters.simplify_url_label" comment = "$lang_admin.log_filters.simplify_url_comment" value = "if (matches_regular_expression(cs_uri_stem, '^([^:]+://[^/]+/)')) then cs_uri_stem = $1 . '(omitted)'" requires_fields = { cs_uri_stem = true } } # simplify_url only_page = { label = "only page" comment = "only page" value = "if (cs_referer eq '-') then cs_referer = '(no cs_referer)';" requires_fields = { cs_referrer = true } } # no_referrer simplify_referrer = { label = "$lang_admin.log_filters.simplify_referrer_label" comment = "$lang_admin.log_filters.simplify_referrer_comment" value = "if (cs_referer eq '-') then cs_referer = '(no referrer)' else if (matches_regular_expression(cs_referer, '^([^:]+://[^/]+/)')) then cs_referer = $1 . '(omitted)'" requires_fields = { cs_referrer = true } } # simplify_referrer internal_referrer = { label = "$lang_admin.log_filters.internal_referrer_label" comment = "$lang_admin.log_filters.internal_referrer_comment" value = "if (contains(cs_referer, 'mydomain.com/')) then cs_referer = '(internal referrer)';" disabled = true requires_fields = { cs_referrer = true } } # internal_referrer set_page_for_worm = { label = "$lang_admin.log_filters.set_page_for_worm_label" comment = "$lang_admin.log_filters.set_page_for_worm_comment" value = "if (starts_with(worm, '(')) then '' else cs_uri_stem = '(worm)';" requires_fields = { cs_uri_stem = true } } # set_page_for_worm # remove_query = { # label = "$lang_admin.log_filters.remove_query_label" # comment = "$lang_admin.log_filters.remove_query_comment" # value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';" # } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" requires_fields = { file_type = true page_views = true } } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then cs_uri_stem = substr(cs_uri_stem, 0, last_index(cs_uri_stem, '/') + 1) . '(nonpage)';" requires_fields = { cs_uri_stem = true page_views = true } } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "cs_uri_stem" sessions_visitor_id_field = "c_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { events = { default = true entries_field = true } # events page_views = { default = true requires_log_field = false } # page_views unique_client_ips = { log_field = "c_ip" type = "unique" } # unique_client_ips sc_bytes = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # sc_bytes x_throughput = { requires_log_field = true type = "int" integer_bits = 64 } # x_throughput average_x_throughput = { log_field = "x_throughput" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_throughput x_tcp_rtt = { type = "int" integer_bits = 64 } # x_tcp_rtt average_x_tcp_rtt = { log_field = "x_tcp_rtt" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_rtt x_tcp_ooo = { type = "int" integer_bits = 64 } # x_tcp_ooo average_x_tcp_ooo = { log_field = "x_tcp_ooo" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_ooo x_tcp_retrx = { type = "int" integer_bits = 64 } # x_tcp_retrx average_x_tcp_retrx = { log_field = "x_tcp_retrx" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_tcp_retrx x_ssl_time = { type = "int" integer_bits = 64 } # x_ssl_time average_x_ssl_time = { log_field = "x_ssl_time" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_ssl_time x_e2e_time = { type = "int" integer_bits = 64 } # x_e2e_time average_x_e2e_time = { log_field = "x_e2e_time" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_e2e_time x_process_time = { type = "int" integer_bits = 64 } # x_process_time average_x_process_time = { log_field = "x_process_time" type = "int" integer_bits = 64 aggregation_method = "average" average_denominator_field = "events" } # average_x_process_time x_network_time = { type = "int" integer_bits = 64 } # x_network_time average_x_network_time = { type = "int" integer_bits = 64 log_field = "x_network_time" aggregation_method = "average" average_denominator_field = "events" } # average_x_network_time x_nw_error_count = "" average_x_nw_error_count = { log_field = "x_nw_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_nw_error_count x_cl_error_count = "" average_x_cl_error_count = { log_field = "x_cl_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_cl_error_count x_sv_error_count = "" average_x_sv_error_count = { log_field = "x_sv_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_sv_error_count x_ap_error_count = "" average_x_ap_error_count = { log_field = "x_ap_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_ap_error_count x_cu_error_count = "" average_x_cu_error_count = { log_field = "x_cu_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_cu_error_count x_ct_error_count = "" average_x_ct_error_count = { log_field = "x_ct_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_ct_error_count x_cu_error_count = "" average_x_cu_error_count = { log_field = "x_cu_error_count" aggregation_method = "average" average_denominator_field = "events" } # average_x_cu_error_count x_cl_info_count = "" x_nw_info_count = "" x_sv_info_count = "" x_ap_info_count = "" x_ct_info_count = "" x_cu_info_count = "" x_tcp_packet_count = "" } # database.numerical_fields create_profile_wizard_options = { date_time_tracking = true host_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { cs_uri_stem = true cs_uri_query = true file_type = true x_sc_mimetype = true x_document = true x_component = true x_content_count = "content count" } visitor_demographics_group = { c_ip = true domain_description = true location = true c_port = true x_forwarded_for = true x_first_public_ip = true x_first_public_ip_source = true } visitor_systems_group = { web_browser = true operating_system = true } referrer_group = { cs_referer = true referrer_description = true search_engine = true search_phrase = true search_phrase_by_search_engine = true } client_group = { os = true cs_user_agent = true browser = true } # client_group server_group = { s_ip = true x_server_id = true web_server_ip = true s_port = true cs_host = true } custom_group = { x_custom_browser = "custom browser" x_custom_entry_page = "custom entry page" x_custom_exit_page = "custom exit page" x_custom_mypostparamkey = "custom mypostparamkey" x_custom_os = "custom OS" x_custom_referrer_domain = "custom referrer domain" x_custom_referrer_name = "custom referrer name" } # custom_group geo_group = { x_first_public_geo_city = "first public geo city" x_first_public_geo_country = "first public geo country" x_first_public_geo_country_string = "first public geo country string" x_first_public_geo_dns_name = "first public geo dns_name" x_first_public_geo_isp = "first public geo ISP" x_first_public_geo_metro_area = "first public geo metro area" x_first_public_geo_organization = "first public geo organization" x_first_public_geo_region = "first public geo region" x_first_public_geo_region_string = "first public geo region string" } # geo_group error_group = { x_error_category = "errorcategory" x_error_code = "error code" x_errored_aborted_count = "errored aborted count" x_errored_count = "errored count" x_errored_slt_broken_count = "errored SLT broken count" } # error_group other_group = { worm = true spider = true sc_status = true sc_method = true cs_version = true x_container = true sc_location = true x_record_type = true x_object_id = true x_session_id = true x_page_id = true cs_method = true x_redirect = true x_aborted = true x_cs_post = true x_end_time = true x_client_aborted = true x_server_aborted = true x_secure = true x_timed_out = true x_client_timed_out = true x_server_timed_out = true x_extension = true x_errors = true x_info = true x_peripheral_traffic = true x_session_request_tags_found_list = true x_session_response_tags_found_list = true x_session_tags_used_list = true x_stateless = true x_matching_a_session_tag_locator = true x_missing_x_forwarded_for_session_tag_locator = true x_session_tags_collision_list = true x_session_tag_multi_value = true x_session_tag_collision = true x_session_tag_group_collision = true x_historical_custom_fields = true sc_set_cookie = "Server-to-client Set-Cookie" x_aborted_count = "aborted count" x_application_name = "application name" x_closed = "closed" x_container_count = "container count" x_document_count = "document count" x_entry_page = "entry page" x_exit_page = "exit page" x_expired_count = "expired count" x_expired_early = "expired early" x_group_id = "group ID" x_idle_time = "idle time" x_mixed_count = "mixed count" x_origin_referer = "origin referrer" x_page_count = "page count" x_page_name = "page name" x_redirect_count = "redirect count" x_redirect_host = "redirect host" x_redirect_network_time = "redirect network time" x_redirect_process_time = "redirect process time" x_redirect_ssl_count = "redirect SSL count" x_redirect_ssl_time = "redirect SSL time" x_redirect_time = "redirect time" x_secure_count = "secure count" x_slt_broken = "SLT broken" x_slt_broken_page_count = "SLT broken page count" x_ssl_count = "SSL count" x_think_time = "think time" x_user_id = "user ID" x_tcp_rtt_count = "TCP RTT count" cs_cookie = true } # other_group } # report_groups } # create_profile_wizard_options } # coradiant_object_v2