# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
radware_linkproof = {

  plugin_version = "1.1"

  info.1.manfacturer = "Radware"
  info.1.device = "Linkproof OnDemand Switch"
  info.1.version.1 = "OnDemand Switch VL 6.12.02"

  # 2012-02-18 - 1.0 - Benson - Initial creation.
  # 2012-05-25 - 1.1 - Benson - Add day_of_week, hour_of_day and location field.
  # 2012-07-03 - 1.2 - Benson - Fix for database numerical field

  # The name of the log format
  log.format.format_label = "Radware Linkproof OnDemand Switch Log format"
  log.miscellaneous.log_data_type = "network_device"  
  log.miscellaneous.log_format_type = "network_device"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = '^[0-9/]+ [0-9:]+,[0-9/]+ [0-9:]+,[0-9.]+,[0-9.]+,[0-9.]+,[^,]+,[0-9]+,[0-9]+,[0-9.]+,[^,]+,[0-9]+,$'

  # The format of dates and times in this log
  log.format.date_format = "dd/mm/yyyy"
  log.format.time_format = "hh:mm:ss"

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"
  
  log.fields = {

    date = ""
    time = ""
    #end_date = ""
    #end_time = ""
    source_ip.type = "host"
    destination_ip = ""
    router = ""
    proto = ""
    source_port = ""
    destination_port = ""
    nat_ip = ""
    nat_type = ""
    bytes = ""
    
  } # log.fields


  log.parsing_filters.parse = `
#Start time:	End time	s-ip	d-ip	router	proto	s-port	d-port	nat-address	nat-type byte
#16/02/2012 19:19:02,16/02/2012 19:19:02,10.8.208.11,123.45.67.89,10.1.0.1,UDP,58787,53,0.0.0.0,OTHER,225,

if (matches_regular_expression(current_log_line(), "^([0-9/]+) ([0-9:]+),([0-9/]+) ([0-9:]+),([0-9.]+),([0-9.]+),([0-9.]+),([^,]+),([0-9]+),([0-9]+),([0-9.]+),([^,]+),([0-9]+),$")) then (
  set_collected_field('', 'date', $1);
  set_collected_field('', 'time', $2);
  #set_collected_field('', 'end_date', $3);
  #set_collected_field('', 'end_time', $4);
  set_collected_field('', 'source_ip', $5);
  set_collected_field('', 'destination_ip', $6);
  set_collected_field('', 'router', $7);
  set_collected_field('', 'proto', $8);
  set_collected_field('', 'source_port', $9);
  set_collected_field('', 'destination_port', $10);
  set_collected_field('', 'nat_ip', $11);
  set_collected_field('', 'nat_type', $12);
  set_collected_field('', 'bytes', $13);
);
  set_collected_field('', 'events', 1);
  accept_collected_entry('', false);
`  

  # Database fields
  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""
    source_ip = ""
    location = ""
    destination_ip = ""
    router = ""
    proto = ""
    source_port = ""
    destination_port = ""
    nat_ip = ""
    nat_type = ""

  } # database.fields

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

    bytes = {
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    }

#    visitors = {
#      log_field = "source_ip"
#      type = "unique"
#    } # visitors

  } # database.numerical_fields

  create_profile_wizard_options = {
    host_tracking = true
    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
      source_group = {
        source_ip = true
        location = true
        source_port = true
      }
      destination_group = {
        destination_ip = true
        destination_port = true
      }

    } # report_groups

  } # create_profile_wizard_options

} # radware_linkproof