# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
succendo_ssl_vpn = {

  plugin_version = "1.0"

  # 2012-11-14 - 1.0 - Benson - Initial creation

  info.1.manufacturer = "O2 Micro"
  info.1.device = "Succendo SSL VPN"
  info.1.version.1 = "1.0"

  # The name of the log format
  log.format.format_label = "Succendo SSL VPN Log Format"
  log.miscellaneous.log_data_type = "syslog_required"
  log.miscellaneous.log_format_type = "network_device"

  log.format.autodetect_regular_expression = "[0-9]{8} [0-9:]+ Succendo "

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # Log fields
  log.fields = {

    severity = ""
    event_id = ""
    event_source = ""
    event_type = ""
    username = ""
    source_ip.type = "host"
    action = ""
    service = ""
    login = ""
    message = ""
    events = ""

  } # log.fields


  #
  # Log Parsing Filters
  log.parsing_filters.parse = `
    if (matches_regular_expression(v.syslog_message, '^([0-9][0-9][0-9][0-9])([0-9][0-9])([0-9][0-9]) ([0-9:]+) Succendo [|]([0-9])[|]([^|]*)[|]([^|]*)[|]([^|]*)[|]([^|]*)[|]([^|]*)[|](.*)')) then (
      set_collected_field('', 'date', $1 . '-' . $2 . '-' . $3);
      set_collected_field('', 'time', $4);
      set_collected_field('', 'severity', $5);
      set_collected_field('', 'event_id', $6);
      set_collected_field('', 'event_source', $7);
      set_collected_field('', 'event_type', $8);
      set_collected_field('', 'username', $9);
      set_collected_field('', 'action', $10);
      set_collected_field('', 'message', $11);
      v.message = $11;
      if (matches_regular_expression(v.message, 'success to access service([^,]+), IP:port([^,]+), network connection delay information:(.*).$')) then (
        set_collected_field('', 'service', $1 . ' ' . $2 . ' ' . $3);
      );
      else if (matches_regular_expression(v.message, 'login system:IP([^,]+), interface([^,]+), method([^,]+),authentication server([^,]+), type([^.]*).')) then (
        set_collected_field('', 'login', $1 . ' ' . $2 . ' ' . $3 . ' ' . $4 . ' ' . $5);
        v.sip = $1;
        if (matches_regular_expression(v.sip, '\\[([0-9.]+)\\]')) then (
          set_collected_field('', 'source_ip', $1);
        );
      );
      else if (matches_regular_expression(v.message, 'User\\\\[([^]]+)\\\\] failed to pass the service authorization, service([^,]+), IP:Port(.*).$')) then (
        set_collected_field('', 'username', $1);
        set_collected_field('', 'service', $2 . ' ' . $3);
      );
      else if (matches_regular_expression(v.message, 'User\\\\[([^]]+)\\\\] exit from service([^,]+)(.*).$')) then (
        set_collected_field('', 'username', $1);
        set_collected_field('', 'service', $2);
      );
      accept_collected_entry('', false);
    );

` # log.parsing_filters


  # Database fields
  database.fields = {

    severity = ""
    event_id = ""
    event_source = ""
    event_type = ""
    username = ""
    source_ip = ""
    location = ""
    action = ""
    service = ""
    login = ""
    message = ""

  } # database.fields

  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = true
      entries_field = true
    } # events

    unique_source_ips = {
      log_field = "source_ip"
      type = "unique"
    } # unique_source_ips

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {

      date_time_group = ""

    } # report_groups

  } # create_profile_wizard_options

} # succendo_ssl_vpn