[Main]
DisplayName=Firewall Logs
Icon=op_log.dll, 1
OpenIcon=op_log.dll, 1
DataTable=
Childs=Plugins, conn_log_allow, conn_log_block, systemlog, Traffic
[Settings]
OvewriteUserMenus=yes
ShowTooltips=no
GridLines=yes
ShowDirectionText=yes
ShowIconForDirection=no
ShowShortTodayDate=yes
ResolveIP=yes
ShowPortAliase=yes
SizeUnit=auto
ShowShortFileName=yes
ShowIconForFile=yes
ShowRawAppExtesion=no
[PresetsVer]
IniSectionVer=68, 00000000
[Fields]
100000="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
100100="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
100101="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
100200="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
100300="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
100500="Count", VISIBLE|FORMAT_RIGHT, 80, TEXT_INTEGER,
20001="", HIDE, 100, TEXT_KEY,
20002="Block Reason", VISIBLE, 150, <ad_int.ofp>, <ad_int.ofp> RULE_NUMBER_LOOKUP
20003="Details", VISIBLE, 150, TEXT_STRING, RULE_STRING
20004="Ad-String/Ad-Size", VISIBLE, 150, TEXT_STRING, RULE_STRING
20005="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
21001="", HIDE, 100, TEXT_KEY,
21002="Block Reason", VISIBLE, 150, <cnt_int.ofp>, <cnt_int.ofp> RULE_NUMBER_LOOKUP
21003="URL", VISIBLE, 150, TEXT_STRING, RULE_STRING
21004="Keyword", VISIBLE, 150, TEXT_STRING, RULE_STRING
21005="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
22001="", HIDE, 100, TEXT_KEY,
22002="Event", VISIBLE, 80, <dns_int.ofp>, <dns_int.ofp> RULE_NUMBER_LOOKUP
22003="IP", VISIBLE, 160, TEXT_STRING, RULE_STRING
22004="Domain Name", VISIBLE, 220, TEXT_STRING, RULE_STRING
22005="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
23001="", HIDE, 100, TEXT_KEY,
23002="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
23003="Sender", VISIBLE, 180, TEXT_STRING, RULE_STRING
23004="Sender's e-mail", VISIBLE, 180, TEXT_STRING, RULE_STRING
23005="File Name", VISIBLE, 150, TEXT_STRING, RULE_STRING
23006="File Type", VISIBLE, 150, TEXT_APP_EXT, RULE_APP_EXT
23007="Action", VISIBLE, 180, <file_int.ofp>, <file_int.ofp> RULE_NUMBER_LOOKUP
25001="", HIDE, 100, TEXT_KEY,
25002="Action", VISIBLE, 150, <web_int.ofp>, <web_int.ofp> RULE_NUMBER_LOOKUP
25003="URL", VISIBLE, 150, TEXT_STRING, RULE_STRING
25004="Details", INVISIBLE, 150, TEXT_STRING, RULE_STRING
25005="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
24001="", HIDE, 100, TEXT_KEY,
24002="IP Address", VISIBLE, 140, <prot_int.ofp>, RULE_IPADDR
24003="", HIDE, 100, TEXT_IPADDR,
24004="Attack Type", VISIBLE, 100, <prot_int.ofp>, <prot_int.ofp> RULE_NUMBER_LOOKUP
24005="", HIDE, 100, TEXT_LONG,
24006="Scan Port Details", VISIBLE, 210, <prot_int.ofp>,
24007="Date/Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
30021="", HIDE, 100, TEXT_KEY,
30022="", HIDE, 150, TEXT_DWORD,
30010="", HIDE, 150, TEXT_DWORD,
30023="State", HIDE, 150, TEXT_DIRECTION, RULE_DIRECTION
30024="Direction", INVISIBLE, 80, TEXT_DIRECTION, RULE_DIRECTION
30033="Protocol", VISIBLE, 100, TEXT_PROTOCOL, RULE_PROTOCOL
30031="Remote Address", VISIBLE, 100, TEXT_IPADDR, RULE_IPADDR
30032="Remote Port", VISIBLE, 100, TEXT_PORT, RULE_PORT
30029="Local Address", INVISIBLE, 100, TEXT_IPADDR, RULE_IPADDR
30030="Local Port", INVISIBLE, 100, TEXT_PORT, RULE_PORT
30034="Sent", INVISIBLE, 100, TEXT_DATASIZE, RULE_DATASIZE
30035="Recv", INVISIBLE, 100, TEXT_DATASIZE, RULE_DATASIZE
30027="Start Time", VISIBLE, 100, TEXT_DATETIME, RULE_DATETIME
30028="Up Time", INVISIBLE, 100, TEXT_TIMESPAN, RULE_TIMESPAN
30036="BPS", INVISIBLE, 100, TEXT_DATASPEED, RULE_DATASPEED
30025="Reason", VISIBLE, 300, TEXT_REASON, RULE_REASON
30037="Requested Address", INVISIBLE, 300, TEXT_STRING, RULE_STRING
30038="Application", VISIBLE, 120, TEXT_PROCESS, RULE_PROCESS
30040="", HIDE, 100, TEXT_KEY,
30043="Filename", VISIBLE, 150, TEXT_FILENAME,
30047="", HIDE, 0, ,
30050="", HIDE, 100, TEXT_KEY,
30051="Date/Time", VISIBLE, 150, TEXT_DATETIME,
30052="IP Address", VISIBLE, 150, TEXT_IPADD_RAW,
30053="DNS name", VISIBLE, 150, TEXT_STRING,
30055="", HIDE, 100, TEXT_KEY,
30057="Context", VISIBLE, 150, TEXT_DWORD,
30058="Allow/Block Reason", VISIBLE, 150, TEXT_STRING,
30054="Filename", VISIBLE, 150, TEXT_STRING,
1001="", HIDE, 100, TEXT_KEY,
1002="Date/Time", VISIBLE, 100, TEXT_DATETIME,
1003="Event", VISIBLE, 350, TEXT_STRING,
900034="Send", VISIBLE|FORMAT_RIGHT, 140, TEXT_DATASIZE, RULE_DATASIZE
900035="Recv", VISIBLE|FORMAT_RIGHT, 140, TEXT_DATASIZE, RULE_DATASIZE
[AliaseToIDMapping]
tr_send_sum=900034
tr_recv_sum=900035
ps_ads_key_count=100000
ps_content_key_count=100100
ps_content_url_count=100101
ps_dns_count=100200
ps_attach_file_count=100300
ps_act_cont_event_count=100500
[Ads]
Childs=ps_ads_block,ps_ads_keywords
DisplayName=Ads
DataTable=ads_log
EnableDBNotify=no
Icon=ad_int.ofp, 0
OpenIcon=ad_int.ofp, 0
DefaultOrder=20005, 20002, 20003, 20004
CanAddFilter=1
CanClearLog=1
SortField=fld_20005_11
AscSort=no
[ps_ads_block]
DisplayName=Last 10 Ads blocked
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 * from ads_log
DefaultOrder=20005, 20002, 20003, 20004
SortField=fld_20005_11
AscSort=no
[ps_ads_keywords]
DisplayName=Most popular keywords
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_20004_9/*Keyword*/, count(fld_20004_9) as ps_ads_key_count from ads_log group by fld_20004_9 order by 2 desc
DefaultOrder=20004, 100000
SortField=
AscSort=no
[Content]
Childs=ps_content_keywords,ps_content_often,ps_content_10
DisplayName=Content
DataTable=cnt_log
EnableDBNotify=no
Icon=cnt_int.ofp, 0
OpenIcon=cnt_int.ofp, 0
DefaultOrder=21005, 21002, 21003, 21004
CanAddFilter=1
CanClearLog=1
SortField=fld_21005_11
AscSort=no
[ps_content_keywords]
DisplayName=Most often keywords used for blocking
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_21004_9/*Keyword*/, count(fld_21004_9) as ps_content_key_count from cnt_log group by fld_21004_9 order by 2 desc
DefaultOrder=21004, 100100
[ps_content_often]
DisplayName=Most often sites blocked
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_21003_9/*URL*/, count(fld_21003_9) as ps_content_url_count from cnt_log group by fld_21003_9 order by 2 desc
DefaultOrder=21003, 100101
[ps_content_10]
DisplayName=Last 10 sites blocked
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 * FROM cnt_log order by fld_21005_11/*Date Time*/ desc
DefaultOrder=21005, 21002, 21003, 21004
SortField=
AscSort=no
[Dns]
Childs=ps_dNS_cache_used,ps_dNS_cache_10_used,ps_dNS_cache_10_new
DisplayName=DNS Cache
DataTable=dns_log
EnableDBNotify=no
Icon=dns_int.ofp, 0
OpenIcon=dns_int.ofp, 0
DefaultOrder=22005, 22004, 22002, 22003
CanAddFilter=1
CanClearLog=1
SortField=fld_22005_11
AscSort=no
[ps_dNS_cache_used]
DisplayName=Most used records
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_22004_9/*Host*/, count(fld_22004_9) as ps_dns_count from dns_log WHERE fld_22002_7=2/*Event Type*/ group by fld_22004_9 order by 2 desc
DefaultOrder=22004, 100200
[ps_dNS_cache_10_used]
DisplayName=Last 10 used records
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 fld_22003_9/*IP*/, fld_22004_9/*Host*/, fld_22005_11/*Date Time*/ FROM dns_log WHERE fld_22002_7=2/*Event Type*/ order by fld_22005_11/*Date Time*/ desc
DefaultOrder=22005, 22004, 22003
[ps_dNS_cache_10_new]
DisplayName=Last 10 new records
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 fld_22003_9/*IP*/, fld_22004_9/*Host*/, fld_22005_11/*Date Time*/ FROM dns_log WHERE fld_22002_7=0/*Event Type*/ order by fld_22005_11/*Date Time*/ desc
DefaultOrder=22005, 22004, 22003
[EmailAttachments]
Childs=ps_attachment_quar,ps_attachment_10
DisplayName=Attachments Filter
DataTable=email_log
EnableDBNotify=no
Icon=file_int.ofp, 0
OpenIcon=file_int.ofp, 0
DefaultOrder=23002, 23003, 23004, 23005, 23006, 23007
CanAddFilter=1
CanClearLog=1
SortField=fld_23002_11
AscSort=no
[ps_attachment_quar]
DisplayName=Most often renamed file types
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_23006_9/*File type*/, count(fld_23006_9) as ps_attach_file_count FROM email_log where fld_23007_2=1 or fld_23007_2=3 group by fld_23006_9 order by 2 desc
DefaultOrder=23006, 100300
[ps_attachment_10]
DisplayName=Last 10 e-mails with attachments
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 * FROM email_log order by fld_23002_11/*Date Time*/ desc
DefaultOrder=23002, 23003, 23004, 23005, 23006, 23007
[Protect]
Childs=ps_suspicious_packets,ps_atack_10
DisplayName=Attack Detection
DataTable=select * from prot_log where (fld_24004_6 <> 3)
EnableDBNotify=no
Icon=prot_int.ofp, 0
OpenIcon=prot_int.ofp, 0
DefaultOrder=24007, 24004, 24002, 24006
CanAddFilter=1
CanClearLog=1
SortField=fld_24007_11
AscSort=no
[ps_suspicious_packets]
DisplayName=Suspicious packets
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=select fld_24007_11/*Date Time*/, fld_24002_8/*IP*/, fld_24006_10/*Scan data*/, fld_24005_7/*Scan count*/, fld_24003_8/*IP1*/ from prot_log where fld_24004_6=3 order by 1 desc
DefaultOrder=24007, 24002, 24006
SortField=
AscSort=no
[ps_atack_10]
DisplayName=Last 10 Attacks detected
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 * FROM prot_log where fld_24004_6 <> 3 ORDER BY fld_24007_11/*Date Time*/ desc
DefaultOrder=24007, 24004, 24002, 24006
SortField=
AscSort=no
[Web]
Childs=ps_active_content_blocked,ps_active_content_active,ps_active_content_10
DisplayName=Active Content
DataTable=web_log
EnableDBNotify=no
Icon=web_int.ofp, 0
OpenIcon=web_int.ofp, 0
DefaultOrder=25005, 25002, 25003, 25004
CanAddFilter=1
CanClearLog=1
SortField=fld_25005_11
AscSort=no
[ps_active_content_blocked]
DisplayName=Most often active elements blocked
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_25002_7/*Event Type*/, count(fld_25002_7) as ps_act_cont_event_count from web_log group by fld_25002_7/*Event Type*/ order by 2 desc
DefaultOrder=25002, 100500
[ps_active_content_active]
DisplayName=Sites with a lot of active elements
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT fld_25003_9/*URL*/, count(fld_25003_9) as ps_act_cont_event_count from web_log group by fld_25003_9 order by 2 desc
DefaultOrder=25003, 100500
[ps_active_content_10]
DisplayName=Last 10 active elements blocked
Icon=op_log.dll, 16
OpenIcon=op_log.dll, 16
DataTable=SELECT TOP 10 fld_25003_9/*URL*/, fld_25002_7/*Elements*/, fld_25005_11/*Date Time*/ FROM web_log order by fld_25005_11/*Date Time*/ desc
DefaultOrder=25005, 25002, 25003
SortField=
AscSort=no
[conn_log_allow]
Childs=ps_conn_log_allow_today,ps_conn_log_allow_10_min,conn_log_allow_netbios_filter,conn_log_allow_web_filter,conn_log_allow_email_filter,
DisplayName=Allowed Connections
DataTable=select * from conn_log where (fld_30023_7 = 1) or (fld_30023_7 = 2)
EnableDBNotify=no
Icon=engine.dll, 1
OpenIcon=engine.dll, 1
DefaultOrder=30023, 30027, 30038, 30024, 30033, 30031, 30032, 30029, 30030, 30025, 30037, 30028, 30036, 30034, 30035
CanAddFilter=1
CanClearLog=1
SortField=fld_30027_11
AscSort=no
[ps_conn_log_allow_today]
DisplayName=Allowed Today
IsFilter=true
EnableDBNotify=false
DefaultOrder=30023, 30027, 30038, 30024, 30033, 30031, 30032, 30029, 30030, 30025, 30037, 30028, 30036, 30034, 30035
SortField=fld_30027_11
AscSort=no |
