web_security_appliance_csv_export = { plugin_version = "1.0" info.1.manfacturer = "Cisco" info.1.device = "IronPort Web Security Appliance (WSA S-Series) (CSV Export)" info.1.version.1 = "" info.1.manfacturer = "IronPort" info.1.device = "Web Security Appliance (WSA S-Series) (CSV Export)" info.1.version.1 = "" # 2014-02-18 - 1.0 - GMF - Initial implementation. # The name of the log format log.format.format_label = "Cisco IronPort Web Security Appliance (WSA S-Series) (CSV Export)" log.miscellaneous.log_data_type = "csv" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression # 2009-03-26 - GMF - There is no #Software line, so we'll just have to autodetect based on #Version. log.format.autodetect_regular_expression = `Begin Timestamp,End Timestamp,Begin Date,End Date,` log.format.date_format = "seconds_since_jan1_1970" log.format.time_format = "seconds_since_jan1_1970" auto_setup.omit_database_fields = "begin_timestamp,end_timestamp,begin_date,end_date,time__gmt__05_00" log.fields = { date_time = "" } database.fields = { date_time = "" day_of_week = "" hour_of_day = "" } log.parsing_filters.parse = ` date_time = begin_timestamp; ` # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'accesses = 1;' } # mark_entry } # log.filters database.numerical_fields = { accesses = { requires_log_field = false default = true entries_field = true } # accesses bandwidth = { default = true requires_log_field = true integer_bits = 64 display_format_type = "bandwidth" } # bandwidth } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { url = true url_category = true content_type = true disposition = true file_type = true } # content_group users_group = { user = true user_type = true } # content_group policies_group = { policy_name = true policy_type = true } # source_group applications_group = { application_type = true application_name = true application_behavior = true } # application_group malware_group = { malware_category = true malware_name = true wbrs_score = true threat_type = true threat_reason = true } # malware_group other_group = { serial = true destination_ip = true screen_depth = true screen_dimensions = true worm = true } # other_group } # report_groups snapons = { # Attach a gateway_reports snapon gateway_reports = { snapon = "gateway_reports" name = "gateway_reports" label = "$lang_admin.snapons.gateway_reports.label" parameters = { user_field.parameter_value = "user" # have_client_ip.parameter_value = false # client_ip_field.parameter_value = "source_host" have_category_field.parameter_value = true category_field.parameter_value = "url_category" host_field.parameter_value = "destination_ip" # have_additional_field.parameter_value = true # additional_field.parameter_value = "virtual_ip" page_views_field.parameter_value = "accesses" have_bytes_in_field.parameter_value = true bytes_in_field.parameter_value = "bandwidth" # have_bytes_out_field.parameter_value = false # bytes_out_field.parameter_value = "bytes_out" # have_duration_field.parameter_value = false # duration_field.parameter_value = "tunnel_duration" sort_by_field.parameter_value = "accesses" } # parameters } # gateway_reports } # snapons } # create_profile_wizard_options } # web_security_appliance_csv_export