# Copyright (c) 2012 Flowerfire, Inc.  All Rights Reserved.
vsftpd = {

  plugin_version = "1.0"

  # 2012-07-02 - 1.0 - GMF - Initial creation

  info.1.manufacturer = "vsftpd"
  info.1.device = "vsftpd"
  info.1.version.1 = "3"

  # The name of the log format
  log.format.format_label = "vsftpd Log Format"
  log.miscellaneous.log_data_type = "ftp"  
  log.miscellaneous.log_format_type = "ftp_server"

  # The log is in this format if any of the first ten lines match this regular expression
  log.format.autodetect_regular_expression = "^[A-Z][a-z][a-z] [A-Z][a-z][a-z] [0-9 ][0-9] [0-9 ][0-9]:[0-9][0-9]:[0-9][0-9] [0-9][0-9][0-9][0-9] [0-9]* [^ ]* [0-9]* /[^ ]* [a-z] _ [a-z] [a-z] [^ ]* ftp [0-9]* [0-9]+ [a-z]$"

  # This regular expression is used to parse the log fields out of the log entry
  log.format.parsing_regular_expression = "^[A-Z][a-z][a-z] ([A-Z][a-z][a-z] [0-9 ][0-9] [0-9 ][0-9]:[0-9][0-9]:[0-9][0-9] [0-9][0-9][0-9][0-9]) ([0-9]*) ([^ ]*) ([0-9]*) (/[^ ]*) ([a-z]) (_) ([a-z]) ([a-z]) ([^ ]*) ([^ ]*) ([0-9]*) ([0-9]+) ([a-z])$"

  # The format of dates and times in this log
  log.format.date_format = "mmm dd hh:mm:ss yyyy"
  log.format.time_format = "mmm dd hh:mm:ss yyyy"

  # Log fields
  log.fields = {

    date_time = ""
    transfer_time = ""
    remote_host.type = "host"
    bytes = ""

    filename = {
      type = "page"
      hierarchy_dividers = "/?"
      left_to_right = true
      leading_divider = "true"
    } # filename

    transfer_type = ""
    special_action_flag = ""
    direction = ""
    access_mode = ""
    username = ""
    service_name = ""
    authentication_method = ""
    authenticated_user_id = ""
    completion_status = ""

  } # log.fields


  # Database fields
  database.fields = {

    date_time = ""
    day_of_week = ""
    hour_of_day = ""
    #transfer_time = ""

    remote_host = {
      suppress_top = 0
      suppress_bottom = 2
    } # hostname

    bytes = ""
    filename = ""
    file_type = ""
    transfer_type = ""
    special_action_flag = ""
    direction = ""
    access_mode = ""
    username = ""
    service_name = ""
    authentication_method = ""
    authenticated_user_id = ""
    completion_status = ""

  } # database.fields


  # Log Filters
  log.filters = {

    not_authenticated = {
      label = "$lang_admin.log_filters.not_authenticated_label"
      comment = "$lang_admin.log_filters.not_authenticated_comment"
      value = "if (username eq '-') then username = '(not authenticated)';"
    } # not_authenticated

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'accesses = 1;'
    } # mark_entry

  } # log.filters

  log.field_options = {

    sessions_page_field = "filename"
    sessions_visitor_id_field = "remote_host"
    sessions_event_field = "accesses"

  } # log.field_options


  database.numerical_fields = {

    accesses = {
      requires_log_field = false
      entries_field = true
    } # accesses

    unique_client_ips = {
      requires_log_field = true
      log_field = "hostname"
      type = "unique"
    } # unique_client_ips

    bytes = {
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    } # bytes

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # vsftpd