# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
web_sense = {

  plugin_version = "1.0.1"
  
  # 2006/08/21: 1.0.0beta: KBB - initial creation
  # 2007-09-14 - 1.0 - KBB - renumbered per new beta policy
  # 2011-07-22 - 1.0.1 - MSG - Edited info lines.

  info.1.manufacturer = "Websense"
  info.1.device = "Websense"
  info.1.version.1 = ""

  # The name of the log format
  log.format.format_label = "Web Sense Log Format"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "application"

  # The log is in this format if any of the first ten lines match this regular expression
#version=3,source_server_ip=99.99.19.109,date_time=Mon Aug 14 19:20:58 2006,disposition_name=Category Not Blocked,client_name=99.99.99.99,url_ip=199.99.99.99,protocol_name=HTTPS,url=HTTPS://199.69.69.69:443/,cat_name=Protocol,file_type_name=,bytes_sent=1485,bytes_recv=876,duration=0,keyword_name=,user_name=
  # * instead of + to make no assumptions about whether field is required, except date_time
  log.format.autodetect_regular_expression = '^version=[0-9]*,source_server_ip=[0-9.]*,date_time=[A-Za-z]{3} [A-Za-z]{3} [ 0-9]* [0-9:]+ [0-9]{4},disposition_name=[^,]*,client_name=[0-9.]*,url_ip=[0-9.]*,protocol_name=[^,]*,url=[^,]*,cat_name=[^,]*,file_type_name=[^,]*,bytes_sent=[0-9]*,bytes_recv=[0-9]*,duration=[0-9]*,keyword_name=[^,]*,user_name=[^,]*'

  # The format of dates and times in this log
  log.format.date_format = "mmm dd hh:mm:ss yyyy"
  log.format.time_format = "mmm dd hh:mm:ss yyyy"

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # Log fields
  log.fields = {

    date_time = ""
    dt = "" # date_time
    version = "" # version
    source_ip.type = "host" # source_server_ip.type
    disposition = "" # disposition_name
    client_name = ""
    url_ip = ""
    protocol = "" # protocol_name
    url.type = "page"
    category = "" # cat_name
    file_type = "" # not file_type_name field - derived field
    bytes_sent = ""
    bytes_received = "" # bytes_recv
    duration = ""
    keyword = "" # keyword_name
    user_name = ""

  } # log.fields


  # Log Parsing Filters
  log.parsing_filters.parse = `

collect_listed_fields('', current_log_line(), ',', '=', 'date_time=dt|source_server_ip=source_ip|disposition_name=disposition|protocol_name=protocol|cat_name=category|bytes_recv=bytes_received|keyword_name=keyword');

if (matches_regular_expression(get_collected_field('', 'dt'), '[A-Za-z]{3} ([A-Za-z]{3} *[0-9]* [0-9:]+ [0-9]{4})')) then (
  set_collected_field('', 'date_time', $1);
);

accept_collected_entry('', false);
`

  # Database fields
  database.fields = {

    date_time = ""
    version = ""
    source_ip = ""
    disposition = ""
    client_name = ""
    url_ip = ""
    protocol = ""
    url = ""
    category = ""
    file_type = ""
    #bytes_sent = ""
    #bytes_received = ""
    duration = ""
    keyword = ""
    user_name = ""

  } # database.fields


  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

    fix_dollar_bug = {
      label = "Fix dollar sign bug"
      comment = "This filter converts escaped dollar sign to '_' to work around a bug."
      value = "url = replace_all(url, '%24', '_');"
    }

    simplify_url = {
      label = "$lang_admin.log_filters.simplify_url_label"
      comment = "$lang_admin.log_filters.simplify_url_comment"
      value = "(if (file_type) then '' else ''); if (matches_regular_expression(url, '^(([^:]+:)?//[^/]+/)')) then url = $1 . '(omitted)'"
    } # simplify_url

    remove_query = {
      label = "$lang_admin.log_filters.remove_query_label"
      comment = "$lang_admin.log_filters.remove_query_comment"
      value = "if (contains(url, '?')) then url = substr(url, 0, index(url, '?') + 1) . '(parameters)';"
    } # remove_query

  } # log.filters


  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # events

    unique_source_ips = {
      label = "$lang_stats.field_labels.unique_source_ips"
      default = false
      requires_log_field = true
      log_field = "source_ip"
      type = "unique"
      display_format_type = "integer"
    } # unique_source_ips

    bytes_sent  = {
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    } # bytes_sent 

    bytes_received  = {
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    } # bytes_received 

    duration = {
      type = "int"
      integer_bits = 64
      display_format_type = "duration_compact"
    } # duration

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

  } # create_profile_wizard_options

} # web_sense