clavister_firewall = { # The name of the log format log.format.format_label = "Clavister Firewall Log Format" log.miscellaneous.log_data_type = "firewall" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = '^date=[^ ]+ time=[^ ]+ firewall=[^ ]+ ' # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # The name of an entry in this log, in the format: entry_name value statistics.miscellaneous.entry_name = "event" # The format of dates and times in this log log.format.date_format = "yyyy/mm/dd" log.format.time_format = "hh:mm:ss" # Log fields 1- date,time,firewall,category,rule,severity,description,hwdest,destip,destport,enetproto,ipproto,recvif,hwsrc,srcip,srcport # Log fields 2- ack,arp,conn,cwr,destif,ece,fin,icmpdestip,icmpsrcip,icmptype,psh,rst,syn,urg log.fields = { date = { label = "$lang_stats.field_labels.date" type = "date" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # date time = { label = "$lang_stats.field_labels.time" type = "time" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # time firewall = { label = "$lang_stats.field_labels.firewall" type = "flat" index = 0 subindex = 0 } # firewall category = { label = "$lang_stats.field_labels.category" type = "flat" index = 0 subindex = 0 } # category rule = { label = "$lang_stats.field_labels.rule" type = "flat" index = 0 subindex = 0 } # rule severity = { label = "$lang_stats.field_labels.severity" type = "flat" index = 0 subindex = 0 } # severity description = { label = "$lang_stats.field_labels.description" type = "flat" index = 0 subindex = 0 } # description hwdest = { label = "$lang_stats.field_labels.hwdest" type = "flat" index = 0 subindex = 0 } # hwdest destip = { label = "$lang_stats.field_labels.destip" type = "flat" index = 0 subindex = 0 } # destip destport = { label = "$lang_stats.field_labels.destport" type = "flat" index = 0 subindex = 0 } # destport enetproto = { label = "$lang_stats.field_labels.enetproto" type = "flat" index = 0 subindex = 0 } # enetproto ipproto = { label = "$lang_stats.field_labels.ipproto" type = "flat" index = 0 subindex = 0 } # ipproto recvif = { label = "$lang_stats.field_labels.recvif" type = "flat" index = 0 subindex = 0 } # recvif hwsrc = { label = "$lang_stats.field_labels.hwsrc" type = "flat" index = 0 subindex = 0 } # hwsrc srcip = { label = "$lang_stats.field_labels.srcip" type = "flat" index = 0 subindex = 0 } # srcip srcport = { label = "$lang_stats.field_labels.srcport" type = "flat" index = 0 subindex = 0 } # srcport ack = { label = "$lang_stats.field_labels.ack" type = "flat" index = 0 subindex = 0 } # ack arp = { label = "$lang_stats.field_labels.arp" type = "flat" index = 0 subindex = 0 } # arp conn = { label = "$lang_stats.field_labels.conn" type = "flat" index = 0 subindex = 0 } # conn cwr = { label = "$lang_stats.field_labels.cwr" type = "flat" index = 0 subindex = 0 } # cwr destif = { label = "$lang_stats.field_labels.destif" type = "flat" index = 0 subindex = 0 } # destif ece = { label = "$lang_stats.field_labels.ece" type = "flat" index = 0 subindex = 0 } # ece fin = { label = "$lang_stats.field_labels.fin" type = "flat" index = 0 subindex = 0 } # fin icmpdestip = { label = "$lang_stats.field_labels.icmpdestip" type = "flat" index = 0 subindex = 0 } # icmpdestip icmpsrcip = { label = "$lang_stats.field_labels.icmpsrcip" type = "flat" index = 0 subindex = 0 } # icmpsrcip icmptype = { label = "$lang_stats.field_labels.icmptype" type = "flat" index = 0 subindex = 0 } # icmptype psh = { label = "$lang_stats.field_labels.psh" type = "flat" index = 0 subindex = 0 } # psh rst = { label = "$lang_stats.field_labels.rst" type = "flat" index = 0 subindex = 0 } # rst syn = { label = "$lang_stats.field_labels.syn" type = "flat" index = 0 subindex = 0 } # syn urg = { label = "$lang_stats.field_labels.urg" type = "flat" index = 0 subindex = 0 } # urg } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse each line 1 = { label = "1" comment = "" value = "collect_listed_fields_using_regexp('^()(date=.*)$', ' ', '=', '')" } # 1 # Accept a collected line 3 = { label = "3" comment = "" value = 'accept_collected_entry_using_regexp("()", false)' } # 3 } # log.parsing_filters # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day firewall = { label = "$lang_stats.field_labels.firewall" log_field = "firewall" type = "string" suppress_top = 0 suppress_bottom = 2 } # firewall category = { label = "$lang_stats.field_labels.category" log_field = "category" type = "string" suppress_top = 0 suppress_bottom = 2 } # category rule = { label = "$lang_stats.field_labels.rule" log_field = "rule" type = "string" suppress_top = 0 suppress_bottom = 2 } # rule severity = { label = "$lang_stats.field_labels.severity" log_field = "severity" type = "string" suppress_top = 0 suppress_bottom = 2 } # severity description = { label = "$lang_stats.field_labels.description" log_field = "description" type = "string" suppress_top = 0 suppress_bottom = 2 } # description hwdest = { label = "$lang_stats.field_labels.hwdest" log_field = "hwdest" type = "string" suppress_top = 0 suppress_bottom = 2 } # hwdest destip = { label = "$lang_stats.field_labels.destip" log_field = "destip" type = "string" suppress_top = 0 suppress_bottom = 2 } # destip destport = { label = "$lang_stats.field_labels.destport" log_field = "destport" type = "string" suppress_top = 0 suppress_bottom = 2 } # destport enetproto = { label = "$lang_stats.field_labels.enetproto" log_field = "enetproto" type = "string" suppress_top = 0 suppress_bottom = 2 } # enetproto ipproto = { label = "$lang_stats.field_labels.ipproto" log_field = "ipproto" type = "string" suppress_top = 0 suppress_bottom = 2 } # ipproto recvif = { label = "$lang_stats.field_labels.recvif" log_field = "recvif" type = "string" suppress_top = 0 suppress_bottom = 2 } # recvif hwsrc = { label = "$lang_stats.field_labels.hwsrc" log_field = "hwsrc" type = "string" suppress_top = 0 suppress_bottom = 2 } # hwsrc srcip = { label = "$lang_stats.field_labels.srcip" log_field = "srcip" type = "string" suppress_top = 0 suppress_bottom = 2 } # srcip srcport = { label = "$lang_stats.field_labels.srcport" log_field = "srcport" type = "string" suppress_top = 0 suppress_bottom = 2 } # srcport ack = { label = "$lang_stats.field_labels.ack" log_field = "ack" type = "string" suppress_top = 0 suppress_bottom = 2 } # ack arp = { label = "$lang_stats.field_labels.arp" log_field = "arp" type = "string" suppress_top = 0 suppress_bottom = 2 } # arp conn = { label = "$lang_stats.field_labels.conn" log_field = "conn" type = "string" suppress_top = 0 suppress_bottom = 2 } # conn cwr = { label = "$lang_stats.field_labels.cwr" log_field = "cwr" type = "string" suppress_top = 0 suppress_bottom = 2 } # cwr destif = { label = "$lang_stats.field_labels.destif" log_field = "destif" type = "string" suppress_top = 0 suppress_bottom = 2 } # destif ece = { label = "$lang_stats.field_labels.ece" log_field = "ece" type = "string" suppress_top = 0 suppress_bottom = 2 } # ece fin = { label = "$lang_stats.field_labels.fin" log_field = "fin" type = "string" suppress_top = 0 suppress_bottom = 2 } # fin icmpdestip = { label = "$lang_stats.field_labels.icmpdestip" log_field = "icmpdestip" type = "string" suppress_top = 0 suppress_bottom = 2 } # icmpdestip icmpsrcip = { label = "$lang_stats.field_labels.icmpsrcip" log_field = "icmpsrcip" type = "string" suppress_top = 0 suppress_bottom = 2 } # icmpsrcip icmptype = { label = "$lang_stats.field_labels.icmptype" log_field = "icmptype" type = "string" suppress_top = 0 suppress_bottom = 2 } # icmptype psh = { label = "$lang_stats.field_labels.psh" log_field = "psh" type = "string" suppress_top = 0 suppress_bottom = 2 } # psh rst = { label = "$lang_stats.field_labels.rst" log_field = "rst" type = "string" suppress_top = 0 suppress_bottom = 2 } # rst syn = { label = "$lang_stats.field_labels.syn" log_field = "syn" type = "string" suppress_top = 0 suppress_bottom = 2 } # syn urg = { label = "$lang_stats.field_labels.urg" log_field = "urg" type = "string" suppress_top = 0 suppress_bottom = 2 } # urg } # database.fields database.numerical_fields = { event = { label = "$lang_stats.field_labels.event" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # event } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'event = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" day_of_week = true hour_of_day = true firewall = true category = true rule = true severity = true description = true source_group = { recvif = true hwsrc = true srcip = true srcport = true } # source_group destination_group = { destif = true hwdest = true destip = true destport = true } # destination_group enetproto = true ipproto = true arp = true conn = true icmp_group = { icmptype = true icmpsrcip = true icmpdestip = true } # icmp_group tcp_flags_group = { ack = true psh = true rst = true syn = true urg = true cwr = true ece = true fin = true } # tcp_flags_group } # report_groups } # create_profile_wizard_options not_supported = { sessions = true pageviews = true visitors = true bandwidth = true } # not_supported } # clavister_firewall