# Copyright (c) 2014 Flowerfire, Inc.  All Rights Reserved.
prosecure = {

  plugin_version = "1.0"

  info.1.manufacturer = "NETGEAR"
  info.1.device = "ProSecure"
  info.1.version = "UTM10"

  # 2014-01-15 - GMF - 1.0 - Initial implementation

  # The name of the log format
  log.format.format_label = "NETGEAR ProSecure UTM10"
  log.miscellaneous.log_data_type = "firewall"
  log.miscellaneous.log_format_type = "proxy_server"

  # The log is in this format if any of the first ten lines match this regular expression
#2013-12-11 15:27:25	HTTP		UNKNOWN	5013	192.168.1.206	12.34.56.78	12.34.56.78	192.168.1.206	http://ads.adsonar.com/adserving/getAds.jsp?previousPlacementIds=&placementId=1490197&pid=1982769&ps=-1&zw=607&zh=110&ssl=false&
  log.format.autodetect_regular_expression = `^[0-9-]+ [0-9:]+	[A-Z]+		[A-Z]+	[0-9]+	[0-9.a-f:]+	[0-9.a-f:]+	[0-9.a-f:]+	[0-9.a-f:]+	`

  log.format.parsing_regular_expression = `^([0-9-]+) ([0-9:]+)	([A-Z]+)	([^	]*)	([A-Z]+)	([0-9]+)	([0-9.a-f:]+)	([0-9.a-f:]+)	([0-9.a-f:]+)	([0-9.a-f:]+)	(.*)$`

  # Log fields
  log.fields = {

    date = ""
    time = ""
    protocol = ""
    domain = ""
    user = ""
    bytes = ""
    client_ip = ""
    server_ip = ""
    from = ""
    to = ""
    url.type = "page"

    page_views = ""

  } # log.fields

  # Database fields
  database.fields = {

    date_time = ""
    hour_of_day = ""
    day_of_week = ""
    protocol = ""
    domain = ""
    user = ""
    bytes = ""
    client_ip = ""
    server_ip = ""
    from = ""
    to = ""
    url = ""

  } # database.fields

  # Log Filters
  log.filters = {

    detect_page_views = {
      label = '$lang_admin.log_filters.detect_page_views_label'
      comment = '$lang_admin.log_filters.detect_page_views_comment'
      value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;"
    } # detect_page_views

    remove_query = {
      label = "$lang_admin.log_filters.remove_query_label"
      comment = "$lang_admin.log_filters.remove_query_comment"
      value = "if (contains(url, '?')) then url = substr(url, 0, index(url, '?') + 1) . '(parameters)';"
    } # remove_query

    simplify_url = {
      label = "$lang_admin.log_filters.simplify_url_label"
      comment = "$lang_admin.log_filters.simplify_url_comment"
      value = "if (matches_regular_expression(url, '^([^:]+://[^/]+/)')) then url = $1 . '(omitted)'"
    } # simplify_url

    strip_non_page_views = {
      label = '$lang_admin.log_filters.strip_non_page_views_label'
      comment = '$lang_admin.log_filters.strip_non_page_views_comment'
      value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';"
    } # strip_non_page_views

    mark_entry = {
      label = '$lang_admin.log_filters.mark_entry_label'
      comment = '$lang_admin.log_filters.mark_entry_comment'
      value = 'accesses = 1;'
    } # mark_entry

  } # log.filters

  log.field_options = {

    sessions_page_field = "url"
    sessions_visitor_id_field = "source_ip"
    sessions_event_field = "page_views"

  } # log.field_options

  database.numerical_fields = {

    accesses = {
      requires_log_field = false
      entries_field = true
    } # accesses

    page_views.default = true

    unique_client_ips = {
      default = false
      log_field = "client_ip"
      type = "unique"
    } # unique_client_ips

    bytes = {
      default = true
      integer_bits = 64
      display_format_type = "bandwidth"
    } # bytes

  } # database.numerical_fields

  create_profile_wizard_options = {

    # How the reports should be grouped in the report menu
    report_groups = {
      date_time_group = ""
    } # report_groups

    snapons = {

      # Attach a top_level_domain snapon
      top_level_domain = {
	snapon = "top_level_domain"
	name = "top_level_domain"
	label = "$lang_admin.snapons.top_level_domain.label"
        parameters = {
          url_field.parameter_value = "url"
          field_name = {
            parameter_value = "$lang_admin.field_labels.top_level_domain"
            final_node_name = "top_level_domain"
          }
        } # parameters
      } # top_level_domain

      # Attach a gateway_reports snapon
      gateway_reports = {
	snapon = "gateway_reports"
	name = "gateway_reports"
	label = "$lang_admin.snapons.gateway_reports.label"
        parameters = {
          user_field.parameter_value = "client_ip"
          have_category_field.parameter_value = false
#          category_field.parameter_value = "category"
          host_field.parameter_value = "top_level_domain"
          page_views_field.parameter_value = "page_views"
          bytes_in_field.parameter_value = "bytes"
          sort_by_field.parameter_value = "page_views"
        } # parameters
  
      } # gateway_reports

# 2013-02-06 - GMF - Now added in gateway_reports
#      # Add the standard reports
#      add_standard_reports = {
#        name = "add_standard_reports"
#	label = "add_standard_reports"
#	snapon = "add_standard_reports"
#      } # add_standard_reports

    } # snapons

  } # create_profile_wizard_options

  not_supported = {
  } # not_supported

} # prosecure