safesquid = { # The name of the log format log.format.format_label = "SafeSquid Log Format" log.miscellaneous.log_data_type = "syslog_required" log.miscellaneous.log_format_type = "firewall" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "\\[[0-9]+\\] network: allowed connect from" log.format.autodetect_lines = "100" # Log fields log.fields = { source_ip = { label = "$lang_stats.field_labels.source_ip" type = "host" index = 0 subindex = 0 hierarchy_dividers = "." left_to_right = false leading_divider = "false" } # source_ip server_port = { label = "$lang_stats.field_labels.server_port" type = "flat" index = 0 subindex = 0 } # server_port operation = { label = "$lang_stats.field_labels.operation" type = "flat" index = 0 subindex = 0 } # operation url = { label = "$lang_stats.field_labels.url" type = "page" index = 0 subindex = 0 hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # url virus = { label = "$lang_stats.field_labels.virus" type = "flat" index = 0 subindex = 0 } # virus user_agent = { label = "$lang_stats.field_labels.user_agent" type = "agent" index = 0 subindex = 0 } # user_agent url_filter = { label = "$lang_stats.field_labels.url_filter" type = "response" index = 9 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # url_filter } # log.fields log.parsing_filters = { parse = { label = "parse" comment = "" value = " if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] header: removed from client: User-Agent: (.*)$')) then set_collected_field($1, 'user_agent', $2); else if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] network: allowed connect from ([0-9.]+) on port ([0-9]+)$')) then ( rekey_collected_entry('', $1); set_collected_field($1, 'source_ip', $2); set_collected_field($1, 'server_port', $3); ) else if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] request: ([A-Z]+) (.*)$')) then ( set_collected_field($1, 'operation', $2); set_collected_field($1, 'url', $3); ) else if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] antivirus: (.*)$')) then set_collected_field($1, 'virus', $2); else if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] url filter: (.*)$')) then set_collected_field($1, 'url_filter', $2); else if (matches_regular_expression(current_log_line(), '\\\\[([0-9]+)\\\\] network: [0-9.]+ disconnected')) then accept_collected_entry($1, false) " } # parse } # log.parsing_filters # Database fields database.fields = { source_ip = { label = "$lang_stats.field_labels.source_ip" log_field = "source_ip" type = "string" suppress_top = 0 suppress_bottom = 2 } # source_ip domain_description = { label = "$lang_stats.field_labels.domain_description" log_field = "domain_description" type = "string" suppress_top = 0 suppress_bottom = 2 } # domain_description location = { label = "$lang_stats.field_labels.location" log_field = "location" type = "string" suppress_top = 0 suppress_bottom = 3 } # location server_port = { label = "$lang_stats.field_labels.server_port" log_field = "server_port" type = "string" suppress_top = 0 suppress_bottom = 2 } # server_port url = { label = "$lang_stats.field_labels.url" log_field = "url" type = "string" suppress_top = 1 suppress_bottom = 3 } # url file_type = { label = "$lang_stats.field_labels.file_type" log_field = "file_type" type = "string" suppress_top = 0 suppress_bottom = 2 } # file_type worm = { label = "$lang_stats.field_labels.worm" log_field = "worm" type = "string" suppress_top = 0 suppress_bottom = 2 } # worm web_browser = { label = "$lang_stats.field_labels.web_browser" log_field = "web_browser" type = "string" suppress_top = 0 suppress_bottom = 2 } # web_browser operating_system = { label = "$lang_stats.field_labels.operating_system" log_field = "operating_system" type = "string" suppress_top = 0 suppress_bottom = 2 } # operating_system spider = { label = "$lang_stats.field_labels.spider" log_field = "spider" type = "string" suppress_top = 0 suppress_bottom = 2 } # spider operation = { label = "$lang_stats.field_labels.operation" log_field = "operation" type = "string" suppress_top = 0 suppress_bottom = 2 } # operation virus = { label = "$lang_stats.field_labels.virus" log_field = "virus" type = "string" suppress_top = 0 suppress_bottom = 2 } # virus url_filter = { label = "$lang_stats.field_labels.url_filter" log_field = "url_filter" type = "string" suppress_top = 0 suppress_bottom = 2 } # url_filter } # database.fields # Log Filters log.filters = { simplify_url = { label = "$lang_admin.log_filters.simplify_url_label" comment = "$lang_admin.log_filters.simplify_url_comment" value = "if (matches_regular_expression(url, '^([^:]+://[^/]+/)')) then url = $1 . '(omitted)'" } # simplify_url remove_query = { label = "$lang_admin.log_filters.remove_query_label" comment = "$lang_admin.log_filters.remove_query_comment" value = "if (contains(url, '?')) then url = substr(url, 0, index(url, '?') + 1) . '(parameters)';" } # remove_query detect_page_views = { label = '$lang_admin.log_filters.detect_page_views_label' comment = '$lang_admin.log_filters.detect_page_views_comment' value = "if ((file_type eq 'JPEG') or (file_type eq 'JPG') or (file_type eq 'GIF') or (file_type eq 'ICO') or (file_type eq 'PNG') or (file_type eq 'CSS') or (file_type eq 'SWF') or (file_type eq 'JS')) then page_views = 0; else page_views = 1;" } # detect_page_views strip_non_page_views = { label = '$lang_admin.log_filters.strip_non_page_views_label' comment = '$lang_admin.log_filters.strip_non_page_views_comment' value = "if (page_views == 0) then url = substr(url, 0, last_index(url, '/') + 1) . '(nonpage)';" } # strip_non_page_views mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'events = 1;' } # mark_entry } # log.filters log.field_options = { sessions_page_field = "url" sessions_visitor_id_field = "source_ip" sessions_event_field = "page_views" } # log.field_options database.numerical_fields = { events = { label = "$lang_stats.field_labels.events" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # events page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views visitors = { label = "$lang_stats.field_labels.visitors" default = false requires_log_field = true log_field = "source_ip" type = "unique" display_format_type = "integer" } # visitors } # database.numerical_fields create_profile_wizard_options = { host_tracking = true # How the reports should be grouped in the report menu report_groups = { source_ip = true location = true domain_description = true server_port = true url = true file_type = true worm = true web_browser = true operating_system = true spider = true operation = true virus = true url_filter = true } # report_groups } # create_profile_wizard_options not_supported = { } # not_supported } # safesquid