web_sealaudit = { # The name of the log format log.format.format_label = "WebSEAL Audit Log Format" log.miscellaneous.log_data_type = "generic" log.miscellaneous.log_format_type = "other" # The log is in this format if any of the first ten lines match this regular expression log.format.autodetect_regular_expression = "^ Protected object: /" # The format of dates and times in this log log.format.date_format = "yyyy-mm-dd" log.format.time_format = "hh:mm:ss" # All log field parsing will be done using the parsing filters log.format.parse_only_with_filters = "true" # Log fields log.fields = { date = { label = "$lang_stats.field_labels.date" type = "date" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # date time = { label = "$lang_stats.field_labels.time" type = "time" index = 0 subindex = 0 hierarchy_dividers = "" left_to_right = false leading_divider = "false" } # time protected_object = { label = "$lang_stats.field_labels.protected_object" type = "page" index = 0 subindex = 0 hierarchy_dividers = "/?" left_to_right = true leading_divider = "true" } # protected_object requested_permissions = { label = "$lang_stats.field_labels.requested_permissions" type = "flat" index = 0 subindex = 0 } # requested_permissions authenticated_user = { label = "$lang_stats.field_labels.authenticated_user" type = "flat" index = 0 subindex = 0 } # authenticated_user principals = { label = "$lang_stats.field_labels.principals" type = "flat" index = 0 subindex = 0 } # principals qop = { label = "$lang_stats.field_labels.qop" type = "flat" index = 0 subindex = 0 } # qop result = { label = "$lang_stats.field_labels.result" type = "flat" index = 0 subindex = 0 } # result } # log.fields # # Log Parsing Filters log.parsing_filters = { # Parse out the date and time 1 = { label = "1" comment = "" value = "collect_fields_using_regexp('^() ([0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9])\\\\.', '*key,date,time')" } # 1 # Parse out the protected object field 2 = { label = "2" comment = "" value = "collect_fields_using_regexp('^() Protected object: (.*)$', '*KEY*,protected_object')" } # 2 # Parse out the requested permissions field 3 = { label = "3" comment = "" value = "collect_fields_using_regexp('^() Requested permissions: (.*)$', '*KEY*,requested_permissions')" } # 3 # Parse out the "authenticated user" field 4 = { label = "4" comment = "" value = "collect_fields_using_regexp('^() User: (.*)$', '*KEY*,user')" } # 4 # Parse out the principals field 5 = { label = "5" comment = "" value = "collect_fields_using_regexp('^() (.*)$', '*KEY*,principals')" } # 5 # Parse out the qop field 6 = { label = "6" comment = "" value = "collect_fields_using_regexp('^() qop: (.*)$', '*KEY*,qop')" } # 6 # Parse out the result field 7 = { label = "7" comment = "" value = "collect_fields_using_regexp('^() result: (.*)$', '*KEY*,result')" } # 7 # Accept the log entry when we get to the END_RECORD line 8 = { label = "8" comment = "" value = "accept_collected_entry_using_regexp('^()END RECORD', false)" } # 8 } # log.parsing_filters # Database fields database.fields = { date_time = { label = "$lang_stats.field_labels.date_time" log_field = "date_time" type = "string" suppress_top = 0 suppress_bottom = 3 display_format_type = "date_time" } # date_time day_of_week = { label = "$lang_stats.field_labels.day_of_week" log_field = "day_of_week" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "day_of_week" } # day_of_week hour_of_day = { label = "$lang_stats.field_labels.hour_of_day" log_field = "hour_of_day" type = "string" suppress_top = 0 suppress_bottom = 2 display_format_type = "hour_of_day" } # hour_of_day protected_object = { label = "$lang_stats.field_labels.protected_object" log_field = "protected_object" type = "string" suppress_top = 0 suppress_bottom = 9 } # protected_object requested_permissions = { label = "$lang_stats.field_labels.requested_permissions" log_field = "requested_permissions" type = "string" suppress_top = 0 suppress_bottom = 2 } # requested_permissions authenticated_user = { label = "$lang_stats.field_labels.authenticated_user" log_field = "authenticated_user" type = "string" suppress_top = 0 suppress_bottom = 2 } # authenticated_user principals = { label = "$lang_stats.field_labels.principals" log_field = "principals" type = "string" suppress_top = 0 suppress_bottom = 2 } # principals qop = { label = "$lang_stats.field_labels.qop" log_field = "qop" type = "string" suppress_top = 0 suppress_bottom = 2 } # qop result = { label = "$lang_stats.field_labels.result" log_field = "result" type = "string" suppress_top = 0 suppress_bottom = 2 } # result } # database.fields database.numerical_fields = { hits = { label = "$lang_stats.field_labels.hits" default = false requires_log_field = false type = "int" display_format_type = "integer" entries_field = true } # hits page_views = { label = "$lang_stats.field_labels.page_views" default = true requires_log_field = false type = "int" display_format_type = "integer" } # page_views } # database.numerical_fields log.filters = { mark_entry = { label = '$lang_admin.log_filters.mark_entry_label' comment = '$lang_admin.log_filters.mark_entry_comment' value = 'hits = 1;page_views = 1;' } # mark_entry } # log.filters create_profile_wizard_options = { date_time_tracking = true # How the reports should be grouped in the report menu report_groups = { date_time_group = "" day_of_week = true hour_of_day = true protected_object = true requested_permissions = true authenticated_user = true principals = true qop = true result = true } # report_groups } # create_profile_wizard_options not_supported = { bandwidth = true sessions = true visitors = true individualhosts = true } # not_supported } # web_sealaudit