# Copyright (c) 2014 Flowerfire, Inc. All Rights Reserved. zentyal = { plugin_version = "1.0" info.1.manufacturer = "Zentyal" info.1.device = "Linux Small Business Server" info.1.version.1 = "3.5" # 20014-09-18 - 1.0 - Lew - initial version # The name of the log format log.format.format_label = "Zentyal Log Format" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "network_device" # The log is in this format if any of the first ten lines match this regular expression # IP=10.12.2.7 TIMESTAMP=1390347999 INT_SENT=0 INT_RECV=10452 INT_TCP=0 INT_UDP=10452 INT_ICMP=0 EXT_SENT=0 EXT_RECV=0 EXT_TCP=0 EXT_UDP=0 EXT_ICMP=0 log.format.autodetect_regular_expression = "^IP=[0-9.]* TIMESTAMP=[0-9]* INT_SENT=[0-9]* INT_RECV=[0-9]* INT_TCP=[0-9]* INT_UDP=[0-9]* INT_ICMP=[0-9]* EXT_SENT=[0-9]* EXT_RECV=[0-9]* EXT_TCP=[0-9]* EXT_UDP=[0-9]* EXT_ICMP=[0-9]*" # This regular expression is used to parse the log fields out of the log entry log.format.parsing_regular_expression = "^IP=([0-9.]*) TIMESTAMP=([0-9]*) INT_SENT=([0-9]*) INT_RECV=([0-9]*) INT_TCP=([0-9]*) INT_UDP=([0-9]*) INT_ICMP=([0-9]*) EXT_SENT=([0-9]*) EXT_RECV=([0-9]*) EXT_TCP=([0-9]*) EXT_UDP=([0-9]*) EXT_ICMP=([0-9]*)" # The format of dates and times in this log log.format.date_format = "seconds_since_jan1_1970" log.format.time_format = "seconds_since_jan1_1970" # Log fields log.fields = { ip_address = { type = "host" } # ip_address date_time = { type = "date_time" index = 0 subindex = 0 dividers = "" left_to_right = false leading_divider = "false" } # date_time int_sent = { type = "size" } # int_sent int_recv = { type = "size" } # int_recv int_tcp = { type = "size" } # int_tcp int_udp = { type = "size" } # int_udp int_icmp = { type = "size" } # int_icmp ext_sent = { type = "size" } # ext_sent ext_recv = { type = "size" } # ext_recv ext_tcp = { type = "size" } # ext_tcp ext_udp = { type = "size" } # ext_udp ext_icmp = { type = "size" } # ext_icmp } # log.fields # Database fields database.fields = { ip_address = { type = "string" } # ip_address date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day int_sent = { label = "$lang_stats.field_labels.int_sent" type = "int" display_format_type = "bandwidth" } # int_sent int_recv = { label = "$lang_stats.field_labels.int_recv" type = "int" display_format_type = "bandwidth" } # int_recv int_tcp = { label = "$lang_stats.field_labels.int_tcp" type = "int" display_format_type = "bandwidth" } # int_tcp int_udp = { label = "$lang_stats.field_labels.int_udp" type = "int" display_format_type = "bandwidth" } # int_udp int_icmp = { label = "$lang_stats.field_labels.int_icmp" type = "int" display_format_type = "bandwidth" } # int_icmp ext_sent = { label = "$lang_stats.field_labels.ext_sent" type = "int" display_format_type = "bandwidth" } # ext_sent ext_recv = { label = "$lang_stats.field_labels.ext_recv" type = "int" display_format_type = "bandwidth" } # ext_recv ext_tcp = { label = "$lang_stats.field_labels.ext_tcp" type = "int" display_format_type = "bandwidth" } # ext_tcp ext_udp = { label = "$lang_stats.field_labels.ext_udp" type = "int" display_format_type = "bandwidth" } # ext_udp ext_icmp = { label = "$lang_stats.field_labels.ext_icmp" type = "int" display_format_type = "bandwidth" } # ext_icmp } # database.fields # Log Filters log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "page" sessions_visitor_id_field = "hostname" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events int_sent = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # int_sent int_recv = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # int_recv int_tcp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # int_tcp int_udp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # int_udp int_icmp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # int_icmp ext_sent = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # ext_sent ext_recv = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # ext_recv ext_tcp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # ext_tcp ext_udp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # ext_udp ext_icmp = { default = true type = "int" integer_bits = 64 display_format_type = "bandwidth" } # ext_icmp } # database.numerical_fields create_profile_wizard_options = { # How the reports should be grouped in the report menu report_groups = { date_time_group = "" } # report_groups } # create_profile_wizard_options } # zentyal