aventail_client_server_access = { # The name of the log format log.format.format_label = "Aventail Client/server Access Log Format" # log.miscellaneous.log_data_type = "generic" log.miscellaneous.log_data_type = "syslog_required" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = '[0-9\\.]+:[0-9]+ [^ ]+ "[^"]*" "../.../....:..:..:..\\.[0-9]+ [\\+\\-]...." [^ ]+ [^ ]+ [^:]+:[^ ]+ [^ ]+ [^ ]+ [^ ]+ [^ ]+$' # Treat fields surrounded by square brackets (e.g. the date/time field) as a single quoted field. log.format.ignore_quotes = "false" #log.format.treat_brackets_as_quotes = "false" log.format.common_log_format = "false" # A log entry is called a connection statistics.miscellaneous.entry_name = "connections" #log.format.parsing_regular_expression = "^([0-9\.]+):([0-9]+) ([^ ]+) \\"([^\\"]+)\\" \\"(../.../....):(..:..:..)\.[0-9]+ (\+....)\\" ([^ ]+) ([^ ]+) ([^:]+):([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)$" #log.format.parsing_regular_expression = '^([0-9\\.]+):[0-9]+ ([^ ]+) "([^"]+)" "(../.../....:..:..:..)\\.[0-9]+ (\\+....)" ([^ ]+) ([^ ]+) ([^:]+):([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)$' # Log fields log.fields = { source_host = { label = "source host" type = "host" index = 0 subindex = 0 dividers = "." left_to_right = false leading_divider = "false" is_sessions_visitor_id = true } # source_host auth_method = { label = "authentication method" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # auth_method user_name = { label = "authenticated user" type = "flat" index = 0 subindex = 0 #dividers = "." #left_to_right = false #leading_divider = "false" } # user_name timezone = { label = "time zone" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # timezone version = { label = "version" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # version method = { label = "method" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # method dest_host = { label = "destination host" #type = "host" type = "flat" index = 0 subindex = 0 #dividers = "." #left_to_right = false #leading_divider = "false" } # dest_host (can there be only one host?) dest_port = { label = "destination port" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # dest_port status = { label = "status" type = "response" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # status bytes_in = { label = "bytes in" type = "size" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # bytes_in bytes_out = { label = "bytes out" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # bytes_out duration = { label = "duration" type = "flat" index = 0 subindex = 0 #dividers = "" #left_to_right = false #leading_divider = "false" } # duration realm = { label = "realm" type = "flat" index = 0 subindex = 0 } # realm #udf1 = { # label = "udf1" # type = "flat" # index = 0 # subindex = 0 #} # udf1 group = { label = "group" type = "flat" index = 0 subindex = 0 } # group } # log.fields log.parsing_filters.parse = ` if (matches_regular_expression(v.syslog_message, '^[A-Z][a-z][a-z] [0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [^ ]* [^ ]* [^:]+: (.*)$')) then v.syslog_message = $1; if (matches_regular_expression(v.syslog_message, '^([0-9\\.]+):[0-9]+ ([^ ]+) "([^"]*)" "(../.../....):(..:..:..)\\.[0-9]+ ([\\+\\-]....)" ([^ ]+) ([^ ]+) ([^:]+):([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)$')) then ( set_collected_field('', 'source_host', $1); set_collected_field('', 'auth_method', $2); set_collected_field('', 'user_name', replace_all(replace_all($3, '(', '['), ')', ']')); set_collected_field('', 'date', $4); set_collected_field('', 'time', $5); set_collected_field('', 'timezone', $6); set_collected_field('', 'version', $7); set_collected_field('', 'method', $8); set_collected_field('', 'dest_host', $9); set_collected_field('', 'dest_port', $10); set_collected_field('', 'status', $11); set_collected_field('', 'bytes_in', $12); set_collected_field('', 'bytes_out', $13); set_collected_field('', 'duration', $14); set_collected_field('', 'realm', $15); set_collected_field('', 'group', $16); accept_collected_entry('', false); ); ` # Database fields database.fields = { source_host = { label = "source host" log_field = "source_host" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hostname" } # source_host (should the display_format_type be hostname? was source_host) dest_host = { label = "destination host" log_field = "dest_host" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "dest_host" } # dest_host (dft s/b hostname if anything) dest_port = { label = "destination port" log_field = "dest_port" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "dest_port" } # dest_port user_name = { label = "authenticated user" log_field = "user_name" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "user_name" } # user_name auth_method = { label = "authentication method" log_field = "auth_method" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "auth_method" } # auth_method timezone = { label = "time zone" log_field = "timezone" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "timezone" } # timezone version = { label = "version" log_field = "version" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "version" } # version status = { label = "status" log_field = "status" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "status" } # status method = { label = "method" log_field = "method" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "method" } # method realm = { label = "realm" log_field = "realm" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "realm" } # realm #udf1 = { # label = "udf1" # log_field = "udf1" # type = "string" # suppress_top = 0 # suppress_bottom = 2 # #display_format_type = "udf1" #} # udf1 group = { label = "group" log_field = "group" type = "string" suppress_top = 0 suppress_bottom = 2 #display_format_type = "group" } # group } # database.fields # Log Filters log.filters = { realm_no_user = { label = "get realm from user string" comment = "get realm from user string" value = "if contains(user_name,')@(') then realm = substr(user_name, index(user_name,')@(')+3, length(user_name)-index(user_name,')@(')-4);" } # realm_no_user strip_realm_from_user = { label = "authenticated user" comment = "authenticated user" value = "if contains(user_name,')@(') then user_name = substr(user_name, 1, index(user_name,')@(')-1);" } # strip_realm_from_user strip_parens_from_user = { label = "strip parens from user" comment = "can't see user name in authenticated users report if starts with (" value = "if starts_with(user_name,'(') then user_name = substr(user_name, 1, length(user_name)-2);" } # strip_parens_from_user not_authenticated = { label = "$lang_admin.log_filters.not_authenticated_label" comment = "$lang_admin.log_filters.not_authenticated_comment" value = "if (user_name eq '-') then user_name = '(not authenticated)';" } # not_authenticated (moved to after stripping () from (user name) ... this shouldn't appear in auth_users report) not_authenticated_2 = { label = "$lang_admin.log_filters.not_authenticated_label" comment = "Mark empty users as (not authenticated)" value = "if (user_name eq 'empty') then user_name = '(not authenticated)';" } # not_authenticated_2 default_group = { label = "mark default group" comment = "This filter can be changed to customize user groups" value = "group = 'Default';" } # default_group default_realm = { label = "mark default realm" comment = "mark default realm" value = "if ((realm eq '(empty)') and (user_name ne '(not authenticated)')) then realm = 'default realm';" } # default_realm mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'connections = 1;' } # mark_entry # status = { # value = "node rule;foreach rule 'rewrite_rules.client_server_status' (if ((status eq node_value(subnode_by_name(rule, 'regexp')))) then (status = status . ' (' . expand(node_value(subnode_by_name(rule, 'result'))) . ')'; last; ); );" # disabled = "false" # label = "Status to text" # comment = "This rewrites the Client/server status field to plain text" # } # status # clean_users = { # value = "node rule;foreach rule 'rewrite_rules.user_lookup' (if (contains(user_name, '='.node_value(subnode_by_name(rule, 'regexp')).',')) then (user_name = expand(node_value(subnode_by_name(rule, 'result'))); last; ); );" # disabled = "false" # label = "LDAP to user name" # comment = "This rewrites the user_name field to the user's name, if in ldap format (contains '=extranet_id,' )" # } # clean_users } # log.filters database.numerical_fields = { connections = { #label = "$lang_stats.field_labels.connections" label = "connections" default = true requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # connections visitors = { label = "$lang_stats.field_labels.visitors" default = true requires_log_field = true log_field = "user_name" type = "unique" display_format_type = "integer" } # visitors bytes_in = { label = "bytes in" default = true requires_log_field = true log_field = "bytes_in" type = "float" display_format_type = "bandwidth" } # bytes_in bytes_out = { label = "bytes out" default = true requires_log_field = true log_field = "bytes_out" type = "float" display_format_type = "bandwidth" } # bytes_out duration = { label = "duration" default = true requires_log_field = true log_field = "duration" type = "int" display_format_type = "duration_compact" } # duration } # database.numerical_fields create_profile_wizard_options = { report_groups = { date_time_group = "" users_group = { source_host = true user_name = true realm = true group = true } destination_group = { dest_host = true dest_port = true method = true } other_group = { auth_method = true timezone = true version = true } } } # create_profile_wizard_options } # aventail_extranet_access