# Copyright (c) 2014 Flowerfire, Inc.  All Rights Reserved.
microsoft_exchange_2013_connect = {

  plugin_version = "1.0"

  info.1.manufacturer = "Microsoft"
  info.1.device = "Exchange Server 2013 Connectivity Log"
  info.1.version.1 = "2013"

  # 2014-10-09 - 1.0 - Created this one along with microsoft_exchange_2013_csv

  # The name of the log format
  log.format.format_label = "Microsoft Exchange Server 2013 Transport Connectivity"
  log.miscellaneous.log_data_type = "mail_server"
  log.miscellaneous.log_format_type = "mail_server"

  # Don't treat as w3c
  log.format.ignore_format_lines = true

  # The log is in this format if any of the first ten lines match this regular expression
  #Fields: date-time,session,source,Destination,direction,description
  log.format.autodetect_regular_expression = '^#Fields: date-time,session,source,Destination,direction,description$'

  # All log field parsing will be done using the parsing filters
  log.format.parse_only_with_filters = "true"

  # The format of dates and times in this log
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # Log fields
  log.fields = {

    date = ""
    time = ""
    session = ""
    source = ""
    destination = ""
    direction = ""
    description = ""

  } # log.fields


  # Log Parsing Filters
  log.parsing_filters.parse = `

v.line = current_log_line();

# Get date and time
if (matches_regular_expression(v.line, '([0-9]{4}-[0-9]{2}-[0-9]{2})T([0-9]{2}:[0-9]{2}:[0-9]{2})\\\\.[^,]+,(.*)$')) then (
  set_collected_field('', 'date', $1);
  set_collected_field('', 'time', $2);
  v.line = $3;
);

# Handle Message Tracking Log from Exchange 2013
#Fields: date-time,session,source,Destination,direction,description
#2014-09-21T00:00:23.855Z,08D1A2DFD43A06BB,SMTP,test2.mail-test.jp,+,Heartbeat 00000000-0000-0000-0000-000000000000;QueueLength=TQ=1;RN=1;
# http://regex101.com/r/iW5rS5/5
if (matches_regular_expression(v.line, '([^,]*),([^,]*),([^,]*),([^,]*),("[^"]*"|[^,]*)$')) then (

  set_collected_field('', 'session', $1);
  set_collected_field('', 'source', $2);
  set_collected_field('', 'destination', $3);
  set_collected_field('', 'direction', $4);
  set_collected_field('', 'description', $5);

  accept_collected_entry('', false);

); # Message Tracking Log (Exchange Server 2013)

`

  # Database fields
  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""

    session = ""
    source = ""
    destination = ""
    direction = ""
    description = ""

  } # database.fields


  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry

  } # log.filters


  database.numerical_fields = {

    events = {
      default = true
      requires_log_field = false
      entries_field = true
    } # events

  } # database.numerical_fields


  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {

      date_time_group = ""

    } # report_groups

  } # create_profile_wizard_options

} # microsoft_exchange_2013_connect