# Copyright (c) 2014 Flowerfire, Inc.  All Rights Reserved.
moveit_dmz_ssh = {

  plugin_version = "1.0"

  info.1.manfacturer = "Ipswitch"
  info.1.device = "MOVEit DMZ SSH"
  info.1.version.1 = ""

  # Plugin Version info
  # 2014-01-23 - 1.0 - GMF - Initial implementation

  # The name of the log format
  log.format.format_label = "Ipswitch MOVEit DMZ SSH"
  log.miscellaneous.log_data_type = "ftp"
  log.miscellaneous.log_format_type = "ftp_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [a-z0-9]+ [0-9a-f]+: MOVEit DMZ SSH"
  log.format.autodetect_lines = 200

  log.format.parse_only_with_filters = "true"

  log.fields = {

    date_time = ""
    session_id = ""
    client_ip = ""
    user = ""
    pathname = ""
    events = ""
    uploads = ""
    downloads = ""

  } # log.fields

  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""

#    session_id = ""
    client_ip = ""
    user = ""
    pathname = ""

  } # database.fields


#2013-09-21 02:30:10 z0 26a4: Session 2 from 167.184.129.83 starting (1 active).
#2013-09-21 02:31:11 z0 26a4: User it_scm_apps@baxglobal.com logged on
#2013-09-21 02:31:32 z0 26a4: /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_032513.xml.uploading uploaded - 100407 bytes (50203 bytes/sec)
#2013-09-21 02:31:32 z4 26a4: Searching for shipments_20130921_032513.xml.uploading: Found file ID 935114192 from 2013-09-21 02:31:30
#2013-09-21 02:31:32 z0 26a4: /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_032513.xml.uploading Renamed to /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_032513.xml
#2013-09-21 02:31:33 z0 26a4: /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_033020.xml.uploading uploaded - 129738 bytes (129738 bytes/sec)
#2013-09-21 02:31:33 z4 26a4: Searching for shipments_20130921_033020.xml.uploading: Found file ID 935142766 from 2013-09-21 02:31:33
#2013-09-21 02:31:33 z0 26a4: /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_033020.xml.uploading Renamed to /Distribution/3pl/Wichita/prod/inbound/shipments_20130921_033020.xml
#2013-09-21 02:32:12 z1 26a4: Disconnect received: SSH session terminated by remote party 
#2013-09-21 02:32:12 z0 26a4: Disconnect reason: SSH_DISCONNECT_BY_APPLICATION Session closed

  log.parsing_filters.parse = `

if (matches_regular_expression(current_log_line(), '^([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]) [^ ]+ ([^:]+): (.*)$')) then (
  session_id = $3;
  set_collected_field(session_id, 'date', $1);
  set_collected_field(session_id, 'time', $2);
  set_collected_field(session_id, 'session_id', session_id);
  v.remainder = $4;

  if (matches_regular_expression(v.remainder, "^Session ([0-9]+) from ([0-9.a-f:]+) ")) then
    set_collected_field(session_id, 'client_ip', $2);

  if (matches_regular_expression(v.remainder, "^User ([^ ]+) logged on")) then
    set_collected_field(session_id, 'user', $1);

  else if (matches_regular_expression(v.remainder, "^(.*) uploaded - ([0-9]+) bytes")) then (
    set_collected_field(session_id, "pathname", $1);
    set_collected_field(session_id, "uploads", 1);
    set_collected_field(session_id, "events", 1);
    accept_collected_entry(session_id, true);
    set_collected_field(session_id, "uploads", 0);
    set_collected_field(session_id, "events", 0);
  );

  else if (matches_regular_expression(v.remainder, "^(.*) downloaded - ([0-9]+) bytes")) then (
    set_collected_field(session_id, "pathname", $1);
    set_collected_field(session_id, "downloads", 1);
    set_collected_field(session_id, "events", 1);
    accept_collected_entry(session_id, true);
    set_collected_field(session_id, "downloads", 0);
    set_collected_field(session_id, "events", 0);
  );

); # if matches headers
`

  database.numerical_fields = {

    events = {
      default = true
      entries_field = true
    } # events

    downloads.default = true
    uploads.default = true

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

    snapons = {

      # Add the standard reports
      add_standard_reports = {
        name = "add_standard_reports"
	label = "add_standard_reports"
	snapon = "add_standard_reports"
      } # add_standard_reports

      # Attach a mail_server_reports snapon
      geo_location = {
	snapon = "geo_location"
	name = "geo_location"
	  label = "$lang_admin.snapons.geo_location.label"
          parameters = {
           ip_address_field.parameter_value = "client_ip"
          } # parameters

      } # mail_server_reports


    } # snapons    


  } # create_profile_wizard_options

} # moveit_dmz_ssh