# Copyright (c) 2010 Flowerfire, Inc.  All Rights Reserved.
firewall1_loggrabber = {

  plugin_version = "1.2"

  info.1.manufacturer = "Checkpoint"
  info.1.device = "Firewall-1 (loggrabber)"
  info.1.version.1 = ""


  # 2009-08-17 - GMF - 1.0 - Initial implementation
  # 2009-09-15 - GMF - 1.1 - Added support for location
  # 2010-10-04 - 1.2 - MSG - Edited info lines.

  # The name of the log format
  log.format.format_label = "Firewall-1 (fw1-loggrabber) Log Format"
  log.miscellaneous.log_data_type = "csv"
  log.miscellaneous.log_format_type = "firewall"

  # The log is in this format if any of the first ten lines match this regular expression

  #  loc,time,product,i/f_name,i/f_dir,orig,sys_msgs,action,src,s_port,dst,service,proto,rule,log_sys_message,message,srcname,log,len
  log.format.autodetect_regular_expression = "^loc,time,product"

  # These logs use , as the separator
  log.format.field_separator = ","

  # Log fields
  log.fields = {

    date = ""
    src.type = "host"

  } # log.fields

  database.fields = {

    date_time = ""
    location = ""

  } # database.fields


  log.parsing_filters.parse = `
if (matches_regular_expression(time, '^([0-9-]+) ([0-9:]+)$')) then (
  date = $1;
  time = $2;
);
`


  # Log Filters
  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'accesses = 1;'
    } # mark_entry

  } # log.filters

  database.numerical_fields = {

    accesses = {
      default = true
      requires_log_field = false
      entries_field = true
    } # accesses

    len = {
      default = true
      requires_log_field = true
      type = "int"
      integer_bits = 64
      display_format_type = "bandwidth"
    } # len

    unique_source_ips = {
      default = false
      log_field = "src"
      type = "unique"
    } # unique_source_ips

  } # database.numerical_fields


  create_profile_wizard_options = {

    final_step = `
include "templates.admin.profiles.setup_reports_util";

string profile = "profiles." . volatile.new_profile_name;

# Start with the standard reports based on remaining DB fields
add_standard_reports(profile);

(profile . '.log.fields.src.type') = 'host';
`


    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""

    } # report_groups

  } # create_profile_wizard_options

} # firewall1_loggrabber