# Copyright (c) 2011 Flowerfire, Inc.  All Rights Reserved.
nortel_networks_instant_internet = {

  plugin_version = "1.0.1"

  # The name of the log format
  log.format.format_label = "Nortel Networks Instant Internet Log Format"
  log.miscellaneous.log_data_type = "generic"  
  log.miscellaneous.log_format_type = "application"

  # 2006-??-?? - ??? - 1.0 - Initial creation.
  # 2011-10-12 - KBB - 1.0.1 - Found example log and tighted up autodetection for fewer false positives.

  # The log is in this format if any of the first ten lines match this regular expression
  #"08/25/2004 12:59:27","8589540","                ","Connect",,"0","211.211.11.111","80","http","211.211.11.111"
  log.format.autodetect_regular_expression = '","(Connect|Start|Proxy Connect|End)",("[^"]*")?,"[0-9.]+","'

  # The format of dates and times in this log
  log.format.date_format = "auto"
  log.format.time_format = "auto"

  # An entry in this log is called an event
  statistics.miscellaneous.entry_name = "events"

  log.fields = {
  
    date = {
      label = "$lang_stats.field_labels.date"
      type = "date"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # date

    time = {
      label = "$lang_stats.field_labels.time"
      type = "time"
      index = 0
      subindex = 0
      hierarchy_dividers = ""
      left_to_right = false
      leading_divider = "false"
    } # time
  
    username = ""
    event_type = ""
#    empty1 = ""
#    empty2 = ""
#    source_ip = ""
    destination_ip = ""
    destination_port = ""
    destination_hostname = ""
    protocol = ""

  } # log.fields
  
  log.parsing_filters = {
  
  parse = {
      label = "parse"
      comment = ""
      value = `
     if (matches_regular_expression(current_log_line(), '^([^ ]+) ([^,]+),([^,]*),([^,]*),([^,]*),[^,]*,[^,]*,([^,]*),([^,]*),([^,]*),([^$]*)$')) then (
       v.key = replace_all($3, '"', '');
       set_collected_field(v.key, 'date', replace_all($1, '"', ''));
       set_collected_field(v.key, 'time', replace_all($2, '"', ''));
       if (replace_all($4, '"', '') eq '                ') then (set_collected_field(v.key, 'username', 'blank')) else set_collected_field(v.key, 'username', replace_all($4, '"', ''));
       set_collected_field(v.key, 'event_type', replace_all($5, '"', ''));
#       set_collected_field(v.key, 'empty1', replace_all($6, '"', ''));
#       set_collected_field(v.key, 'empty2', replace_all($7, '"', ''));
       set_collected_field(v.key, 'destination_ip', replace_all($8, '"', ''));
       set_collected_field(v.key, 'destination_port', replace_all($9, '"', ''));
       set_collected_field(v.key, 'protocol', replace_all($10, '"', ''));
       set_collected_field(v.key, 'destination_hostname', replace_all($11, '"', ''));
      accept_collected_entry(v.key, false);
     );
     `
  } # parse
  
  } # parsing filters
  
  # Database fields

  database.fields = {
  
    date_time = {
      label = "$lang_stats.field_labels.date_time"
      log_field = "date_time"
      type = "string"
      suppress_top = 0
      suppress_bottom = 3
      display_format_type = "date_time"
    } # date_time

    day_of_week = {
      label = "$lang_stats.field_labels.day_of_week"
      log_field = "day_of_week"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "day_of_week"
    } # day_of_week

    hour_of_day = {
      label = "$lang_stats.field_labels.hour_of_day"
      log_field = "hour_of_day"
      type = "string"
      suppress_top = 0
      suppress_bottom = 2
      display_format_type = "hour_of_day"
    } # hour_of_day

    username = ""
    event_type = ""
#    empty1 = ""
#    empty2 = ""
#    source_ip = ""
    destination_ip = ""
    destination_port = ""
    destination_hostname = ""
    protocol = ""

  } # database.fields  

  database.numerical_fields = {

    events = {
      label = "$lang_stats.field_labels.events"
      default = true
      requires_log_field = false
      type = "int"
      display_format_type = "integer"
      entries_field = true
    } # events

  } # database.numerical_fields

  log.filters = {

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'events = 1;'
    } # mark_entry
    
  } # log.filters

  log.field_options = {

    sessions_visitor_id_field = "username"
    sessions_event_field = "events"

  } # log.field_options

  create_profile_wizard_options = {

    date_time_tracking = true
    host_tracking = true

    # How the reports should be grouped in the report menu

    report_groups = {
      date_time_group = ""
      username = true
      event_type = true
#      empty1 = true
#      empty2 = true
#      source_ip = true
      destination_ip = true
      destination_port = true
      destination_hostname = true
      protocol = true

    } # report_groups

  } # create_profile_wizard_options

  not_supported = {
    bandwidth = true
    visitors = true
    pageviews = true
    sessionpages = true
    individualhosts = true
  } # not_supported

} # nortel_networks_instant_internet