# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. iplanet_messenger_server5 = { plugin_version = "2.0" # Initial creation - 1.0 # 2011-01-11 - 1.0.1 - MSG - Edited info lines. # 2013-05-18 - 2.0 - MSG - Switched to syslog_options; added support for syslog-like header; added source_hostname and source_ip fields. info.1.manufacturer = "Sun-Netscape" info.1.device = "iPlanet Messenger Server 5" info.1.version.1 = "" # The name of the log format log.format.format_label = "iPlanet Messenger Server 5 Log Format" log.miscellaneous.log_data_type = "syslog_optional" log.miscellaneous.log_format_type = "mail_server" # The log is in this format if any of the first ten lines match this regular expression #Feb 26 08:31:41 usd-smtp tcp_smtp_server[22558]: [ID 653229 user.alert] %IMTA-W-26-Feb-2013 08:31:41.89 tcp_intranet tcp_intranet EES 10 someone@msn.com rfc822;Bob.Jones@somewhere.edu @exchange.somewhere.edu:Bob.Jones@somewhere.edu mailsrv barracuda.somewhere.edu (barracuda.somewhere.edu [12.34.56.78]) log.format.autodetect_regular_expression = "[0-9]+-[A-Z][a-z][a-z]-[0-9]+ [0-9]+:[0-9]+:[0-9]+.[0-9]+ [^ ]+ [^ ]* *[A-Z]+ [0-9]* [^ ]+ rfc822;[^ ]+ [^ ]+ " # Log fields log.fields = { incoming_channel = "" outgoing_channel = "" action = "" size = "" sender = "" receiver_before_rewriting = "" receiver_after_rewriting = "" message_id = "" deliveryinfo = "" source_hostname = "" source_ip = "" } # log.fields log.parsing_filters.parse = ` #Feb 26 08:31:41 usd-smtp tcp_smtp_server[22558]: [ID 653229 user.alert] %IMTA-W-26-Feb-2013 08:31:41.89 tcp_intranet tcp_intranet EES 10 someone@msn.com rfc822;Bob.Jones@somewhere.edu @exchange.somewhere.edu:Bob.Jones@somewhere.edu mailsrv barracuda.somewhere.edu (barracuda.somewhere.edu [12.34.56.78]) if (matches_regular_expression(v.syslog_message, '^[-a-z_]+[[][0-9]+[]]: [[]ID [0-9]+ [a-z.]+[]] %IMTA-[A-Z]+-(.*)$')) then ( v.syslog_message = $1; ); #Feb 26 08:31:41 usd-smtp tcp_smtp_server[22558]: [ID 653229 user.alert] %IMTA-W-26-Feb-2013 08:31:41.89 tcp_intranet tcp_intranet EES 10 someone@msn.com rfc822;Bob.Jones@somewhere.edu @exchange.somewhere.edu:Bob.Jones@somewhere.edu mailsrv barracuda.somewhere.edu (barracuda.somewhere.edu [12.34.56.78]) if (matches_regular_expression(v.syslog_message, '^([0-9]+-[A-Z][a-z][a-z]-[0-9]+) ([0-9]+:[0-9]+:[0-9]+).[0-9]+ ([^ ]+) ([^ ]*) *([A-Z]+) ([0-9]*) ([^ ]+) rfc822;([^ ]+) ([^ ]+) (.*)$')) then ( set_collected_field('', 'date', $1); set_collected_field('', 'time', $2); set_collected_field('', 'incoming_channel', $3); set_collected_field('', 'outgoing_channel', $4); set_collected_field('', 'action', $5); set_collected_field('', 'size', $6); set_collected_field('', 'sender', $7); set_collected_field('', 'receiver_before_rewriting', $8); set_collected_field('', 'receiver_after_rewriting', $9); v.remainder = $10; if (matches_regular_expression(v.remainder, '^<([^>]+)> *(.*)$')) then ( set_collected_field('', 'message_id', $1); set_collected_field('', 'deliveryinfo', $2); ); #Feb 26 08:31:41 usd-smtp tcp_smtp_server[22558]: [ID 653229 user.alert] %IMTA-W-26-Feb-2013 08:31:41.89 tcp_intranet tcp_intranet EES 10 someone@msn.com rfc822;Bob.Jones@somewhere.edu @exchange.somewhere.edu:Bob.Jones@somewhere.edu mailsrv barracuda.somewhere.edu (barracuda.somewhere.edu [12.34.56.78]) else if (matches_regular_expression(v.remainder, '^([^ ]+) ([^ ]+) [(]([^ ]+) [[]([0-9.a-f]+)[]][)]')) then ( set_collected_field('', 'source_hostname', $3); set_collected_field('', 'source_ip', $4); ); accept_collected_entry('', false); ); ` # Database fields database.fields = { incoming_channel = "" outgoing_channel = "" action = "" sender = "" receiver_before_rewriting = "" receiver_after_rewriting = "" message_id = "" deliveryinfo = "" source_hostname = "" source_ip = "" } # database.fields # Log Filters log.filters = { # Remove leading bracketed section from operation # change size from kbytes to bytes 1 = { label = "1" comment = "" value = "if (matches_regular_expression(size, '^.*(.*000)$')) then size = $1;" } # 1 mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters database.numerical_fields = { events = { default = true requires_log_field = false entries_field = true } # events size = { type = "int" integer_bits = 64 display_format_type = "bandwidth" } # size } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" incoming_channel = true outgoing_channel = true action = true sender = true receiver_before_rewriting = true receiver_after_rewriting = true message_id = true deliveryinfo = true } # report_groups } # create_profile_wizard_options } # iplanet_messenger_server5