%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /backups/router/usr/local/share/syslog-ng/include/scl/websense/
Upload File :
Create Path :
Current File : //backups/router/usr/local/share/syslog-ng/include/scl/websense/plugin.conf

#############################################################################
# Copyright (c) 2018 Balabit
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################

# Example log message (expected to be received via flags(no-parse))
# <159>Dec 19 10:48:57 EST 10.203.28.21 vendor=Websense product=Security product_version=7.7.0 action=permitted severity=1 category=153 user=- src_host=10.64.134.74 src_port=62189 dst_host=mail.google.com dst_ip=74.125.224.53 dst_port=443 bytes_out=197 bytes_in=76 http_response=200 http_method=CONNECT http_content_type=- http_user_agent=Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_enUS;_rv:1.9.2.23)_Gecko/20110920_Firefox/3.6.23 http_proxy_status_code=200 reason=- disposition=1034 policy=- role=8 duration=0 url=https://mail.google.com

block parser websense-parser(prefix(".websense.")) {
    channel {
        rewrite {
            # normal BSD timestamp, plus a timezone code. Remove the
            # timezone information for now.
            subst('([A-Za-z]{3} [0-9 ]\d \d{2}:\d{2}:\d{2}) [A-Z]{3,4}' "$1 " value("MSG"));

            # add a $PROGRAM field, so that syslog-parser() would extract
            # that properly
	    subst('(vendor=Websense)' "Websense: $1" value("MSG"));
        };
	parser {
            # by this time this message is a properly formatted syslog
            # message
            syslog-parser();

	    # extract name-value pairs.
	    kv-parser(prefix("`prefix`"));
	};
    };
};

application websense[syslog-raw] {
    filter { message("vendor=Websense" type(string) flags(substring)); };
    parser { websense-parser(); };
};

Zerion Mini Shell 1.0