# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved.
nvdcms = {
plugin_version = "1.0.1"
# Initial creation - 1.0
# 2011-07-08 - 1.0.1 - MSG - Edited info lines.
info.1.manufacturer = "BSD"
info.1.device = "NVDCMS"
info.1.version.1 = ""
# The name of the log format
log.format.format_label = "NVDcms Log Format"
log.miscellaneous.log_data_type = "http_access"
log.miscellaneous.log_format_type = "application"
# The log is in this format if any of the first ten lines match this regular expression
log.format.autodetect_regular_expression = "^[A-Z][a-z][a-z] +[0-9]+ [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [^ ]+ [0-9][0-9][0-9][0-9] [^ ]+ [0-9]+ [0-9.]+ \"[A-Z]+ /[^ ]+ [^\"]+\" \"[^\"]*\" \"[^\"]*\" \"[^\"]*\" [^ ]+ [^ ]+ [0-9]+ [0-9]+"
# The log is in this format if any of the first ten lines match this regular expression
log.format.parsing_regular_expression = "^([A-Z][a-z][a-z] +[0-9]+) ([0-9][0-9]:[0-9][0-9]:[0-9][0-9]) ([^ ]+) [0-9][0-9][0-9][0-9] ([^ ]+) ([0-9]+) ([0-9.]+) \"([A-Z]+) (/[^ ]+) ([^\"]+)\" \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" [^ ]+ [^ ]+ ([0-9]+) [0-9]+"
# We need an option line this, to extract the year from its position later in the data. Unfortunately, no such option exists
# in the analyzer (yet), so for now the year will default to "this year".
#default_year_regular_expression "^"A-Z"+ "0-9"+ "0-9:"+ "^ "+ ("0-9""0-9""0-9""0-9")
# The format of dates and times in this log
log.format.date_format = "mmm dd"
log.format.time_format = "hh:mm:ss"
# Log fields
log.fields = {
date = {
label = "$lang_stats.field_labels.date"
type = "date"
index = 0
subindex = 0
hierarchy_dividers = ""
left_to_right = false
leading_divider = "false"
} # date
time = {
label = "$lang_stats.field_labels.time"
type = "time"
index = 0
subindex = 0
hierarchy_dividers = ""
left_to_right = false
leading_divider = "false"
} # time
server_hostname = {
label = "$lang_stats.field_labels.server_hostname"
type = "flat"
index = 0
subindex = 0
} # server_hostname
server_domain = {
label = "$lang_stats.field_labels.server_domain"
type = "flat"
index = 0
subindex = 0
} # server_domain
server_response = {
label = "$lang_stats.field_labels.server_response"
type = "response"
index = 0
subindex = 0
hierarchy_dividers = ""
left_to_right = false
leading_divider = "false"
} # server_response
client_ip = {
label = "$lang_stats.field_labels.client_ip"
type = "host"
index = 0
subindex = 0
hierarchy_dividers = "."
left_to_right = false
leading_divider = "false"
} # client_ip
operation = {
label = "$lang_stats.field_labels.operation"
type = "flat"
index = 0
subindex = 0
} # operation
page = {
label = "$lang_stats.field_labels.page"
type = "page"
index = 0
subindex = 0
hierarchy_dividers = "/?"
left_to_right = true
leading_divider = "true"
} # page
protocol = {
label = "$lang_stats.field_labels.protocol"
type = "flat"
index = 0
subindex = 0
} # protocol
agent = {
label = "$lang_stats.field_labels.agent"
type = "agent"
index = 0
subindex = 0
hierarchy_dividers = ""
left_to_right = false
leading_divider = "false"
} # agent
language = {
label = "$lang_stats.field_labels.language"
type = "flat"
index = 0
subindex = 0
} # language
referrer = {
label = "$lang_stats.field_labels.referrer"
type = "URL"
index = 0
subindex = 0
hierarchy_dividers = "/?"
left_to_right = true
leading_divider = "false"
} # referrer
size = {
label = "$lang_stats.field_labels.size"
type = "size"
index = 0
subindex = 0
hierarchy_dividers = ""
left_to_right = false
leading_divider = "false"
} # size
} # log.fields
# Database fields
database.fields = {
date_time = {
label = "$lang_stats.field_labels.date_time"
log_field = "date_time"
type = "string"
suppress_top = 0
suppress_bottom = 3
display_format_type = "date_time"
} # date_time
day_of_week = {
label = "$lang_stats.field_labels.day_of_week"
log_field = "day_of_week"
type = "string"
suppress_top = 0
suppress_bottom = 2
display_format_type = "day_of_week"
} # day_of_week
hour_of_day = {
label = "$lang_stats.field_labels.hour_of_day"
log_field = "hour_of_day"
type = "string"
suppress_top = 0
suppress_bottom = 2
display_format_type = "hour_of_day"
} # hour_of_day
page = {
label = "$lang_stats.field_labels.page"
log_field = "page"
type = "string"
suppress_top = 0
suppress_bottom = 9
display_format_type = "page"
} # page
file_type = {
label = "$lang_stats.field_labels.file_type"
log_field = "file_type"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # file_type
worm = {
label = "$lang_stats.field_labels.worm"
log_field = "worm"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # worm
screen_dimensions = {
label = "$lang_stats.field_labels.screen_dimensions"
log_field = "screen_dimensions"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # screen_dimensions
screen_depth = {
label = "$lang_stats.field_labels.screen_depth"
log_field = "screen_depth"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # screen_depth
client_ip = {
label = "$lang_stats.field_labels.client_ip"
log_field = "client_ip"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # client_ip
domain_description = {
label = "$lang_stats.field_labels.domain_description"
log_field = "domain_description"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # domain_description
location = {
label = "$lang_stats.field_labels.location"
log_field = "location"
type = "string"
suppress_top = 0
suppress_bottom = 3
} # location
referrer = {
label = "$lang_stats.field_labels.referrer"
log_field = "referrer"
type = "string"
suppress_top = 1
suppress_bottom = 3
} # referrer
referrer_description = {
label = "$lang_stats.field_labels.referrer_description"
log_field = "referrer_description"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # referrer_description
search_engine = {
label = "$lang_stats.field_labels.search_engine"
log_field = "search_engine"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # search_engine
search_phrase = {
label = "$lang_stats.field_labels.search_phrase"
log_field = "search_phrase"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # search_phrase
web_browser = {
label = "$lang_stats.field_labels.web_browser"
log_field = "web_browser"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # web_browser
operating_system = {
label = "$lang_stats.field_labels.operating_system"
log_field = "operating_system"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # operating_system
spider = {
label = "$lang_stats.field_labels.spider"
log_field = "spider"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # spider
server_hostname = {
label = "$lang_stats.field_labels.server_hostname"
log_field = "server_hostname"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # server_hostname
server_domain = {
label = "$lang_stats.field_labels.server_domain"
log_field = "server_domain"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # server_domain
operation = {
label = "$lang_stats.field_labels.operation"
log_field = "operation"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # operation
protocol = {
label = "$lang_stats.field_labels.protocol"
log_field = "protocol"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # protocol
server_response = {
label = "$lang_stats.field_labels.server_response"
log_field = "server_response"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # server_response
language = {
label = "$lang_stats.field_labels.language"
log_field = "language"
type = "string"
suppress_top = 0
suppress_bottom = 2
} # language
} # database.fields
# Get search engine and search phrase information from the referrer field (before it gets simplified).
log.parsing_filters.compute_se_sp = `
if (get_search_engine_info(referrer)) then (
search_engine = volatile.search_engine;
search_phrase = volatile.search_phrase;
);
`
# Get web browser, operating system, web browser, and spider information from the user-agent field.
log.parsing_filters.derive_from_user_agent = `
get_user_agent_info(agent);
web_browser = volatile.web_browser;
operating_system = volatile.operating_system;
spider = volatile.spider;
`
# Log Filters
log.filters = {
simplify_referrer = {
label = "$lang_admin.log_filters.simplify_referrer_label"
comment = "$lang_admin.log_filters.simplify_referrer_comment"
value = "if (referrer eq '-') then referrer = '(no referrer)' else if (matches_regular_expression(referrer, '^([^:]+://[^/]+/)')) then referrer = $1 . '(omitted)'"
} # simplify_referrer
internal_referrer = {
label = "$lang_admin.log_filters.internal_referrer_label"
comment = "$lang_admin.log_filters.internal_referrer_comment"
value = "if (contains(referrer, 'mydomain.com/')) then referrer = '(internal referrer)';"
disabled = true
} # internal_referrer
not_authenticated = {
label = "$lang_admin.log_filters.not_authenticated_label"
comment = "$lang_admin.log_filters.not_authenticated_comment"
value = "if (authenticated_user eq '-') then authenticated_user = '(not authenticated)';"
} # not_authenticated
set_page_for_worm = {
label = "$lang_admin.log_filters.set_page_for_worm_label"
comment = "$lang_admin.log_filters.set_page_for_worm_comment"
value = "if (starts_with(worm, '(')) then '' else page = '(worm)';"
} # set_page_for_worm
remove_query = {
label = "$lang_admin.log_filters.remove_query_label"
comment = "$lang_admin.log_filters.remove_query_comment"
value = "if (contains(page, '?')) then page = substr(page, 0, index(page, '?') + 1) . '(parameters)';"
} # remove_query
detect_page_views = {
label = '$lang_admin.log_filters.detect_page_views_label'
comment = '$lang_admin.log_filters.detect_page_views_comment'
value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;"
} # detect_page_views
strip_non_page_views = {
label = '$lang_admin.log_filters.strip_non_page_views_label'
comment = '$lang_admin.log_filters.strip_non_page_views_comment'
value = "if (page_views == 0) then page = substr(page, 0, last_index(page, '/') + 1) . '(nonpage)';"
} # strip_non_page_views
mark_entry = {
label = '$lang_admin.log_filters.mark_entry_label'
comment = '$lang_admin.log_filters.mark_entry_comment'
value = 'hits = 1;'
} # mark_entry
} # log.filters
log.field_options = {
sessions_page_field = "page"
sessions_visitor_id_field = "client_ip"
sessions_event_field = "page_views"
} # log.field_options
database.numerical_fields = {
hits = {
label = "$lang_stats.field_labels.hits"
default = false
requires_log_field = false
type = "int"
display_format_type = "integer"
entries_field = true
} # hits
page_views = {
label = "$lang_stats.field_labels.page_views"
default = true
requires_log_field = false
type = "int"
display_format_type = "integer"
} # page_views
visitors = {
label = "$lang_stats.field_labels.visitors"
default = false
requires_log_field = true
log_field = "client_ip"
type = "unique"
display_format_type = "integer"
} # visitors
size = {
label = "$lang_stats.field_labels.size"
default = false
requires_log_field = true
log_field = "size"
type = "int"
integer_bits = 64
display_format_type = "bandwidth"
} # size
} # database.numerical_fields
create_profile_wizard_options = {
date_time_tracking = true
host_tracking = true
# How the reports should be grouped in the report menu
report_groups = {
date_time_group = ""
page = true
file_type = true
worm = true
screen_dimensions = true
screen_depth = true
client_ip = true
domain_description = true
location = true
referrer = true
referrer_description = true
search_engine = true
search_phrase = true
web_browser = true
operating_system = true
spider = true
server_hostname = true
server_domain = true
operation = true
protocol = true
server_response = true
language = true
} # report_groups
} # create_profile_wizard_options
not_supported = {
} # not_supported
} # nvdcms