# Copyright (c) 2010 Flowerfire, Inc. All Rights Reserved. trend_micro_interscan_web_security_suite_access = { plugin_version = "1.0.1" # Initial creation - 1.0 # 2011-07-21 - 1.0.1 - MSG - Edited info lines. info.1.manufacturer = "Trend Micro" info.1.device = "InterScan Web Security Suite Access" info.1.version.1 = "" # The name of the log format log.format.format_label = "Trend Micro InterScan Web Security Suite Access Log Format" log.miscellaneous.log_data_type = "http_access" log.miscellaneous.log_format_type = "web_server" # The log is in this format if any of the first 500 lines match this regular expression log.format.autodetect_regular_expression = "^Date: [0-9]+/[0-9]+/[0-9][0-9] [0-9]+:[0-9][0-9]:[0-9][0-9] [AP]M$" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = "" time = "" method = "" server = "" user = "" client_ip.type = "host" server_ip = "" domain = "" content_type = "" content_length = "" operation = "" path = { type = "page" hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } } # log.fields # Log Parsing Filters log.parsing_filters.parse = ` if (matches_regular_expression(current_log_line(), '^----------------------------------')) then ( accept_collected_entry('', false); ); if (matches_regular_expression(current_log_line(), '^-*Date: ([0-9/]+) ([0-9:]+ [AP]M)$')) then ( set_collected_field('', 'date', $1); set_collected_field('', 'time', $2); ) else if (matches_regular_expression(current_log_line(), '^([^:]+): (.*)$')) then ( v.fieldname = replace_all(lowercase($1), '-', '_'); if (v.fieldname eq 'clientip') then v.fieldname = 'client_ip'; if (v.fieldname eq 'serverip') then v.fieldname = 'server_ip'; v.fieldvalue = $2; set_collected_field('', v.fieldname, v.fieldvalue); ) ` # Database fields database.fields = { date_time = "" day_of_week = "" hour_of_day = "" path = { suppress_bottom = 9 display_format_type = "page" } file_type = "" worm = "" screen_dimensions = "" screen_depth = "" client_ip = "" domain_description = "" location = "" method = "" server = "" user = "" server_ip = "" domain = "" content_type = "" operation = "" } # database.fields # Log Filters log.filters = { set_page_for_worm = { label = "$lang_admin.log_filters.set_page_for_worm_label" comment = "$lang_admin.log_filters.set_page_for_worm_comment" value = "if (starts_with(worm, '(')) then '' else path = '(worm)';" } # set_page_for_worm remove_query = { label = "$lang_admin.log_filters.remove_query_label" comment = "$lang_admin.log_filters.remove_query_comment" value = "if (contains(path, '?')) then path = substr(path, 0, index(path, '?') + 1) . '(parameters)';" } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views screen_info_not_page_view = { label = '$lang_admin.log_filters.screen_info_not_page_view_label' comment = '$lang_admin.log_filters.screen_info_not_page_view_comment' value = "if (starts_with(path, '(')) then page_views = 0" } # screen_info_not_page_view strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then path = substr(path, 0, last_index(path, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "path" sessions_visitor_id_field = "client_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "client_ip" type = "unique" display_format_type = "integer" } # visitors content_length = { label = "$lang_stats.field_labels.content_length" default = false requires_log_field = true log_field = "content_length" type = "int" integer_bits = 64 display_format_type = "bandwidth" } # content_length } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" content_group = { path = "" file_type = "" } visitor_demographics_group = { client_ip = "" domain_description = "" location = "" user = "" } other_group = { worm = "" screen_dimensions = "" screen_depth = "" method = "" server = "" server_ip = "" domain = "" content_type = "" operation = "" } } # report_groups } # create_profile_wizard_options } # trend_micro_interscan_web_security_suite_access