How to use the plaso.formatters.interface function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / tests / formatters / interface.py View on Github 
from plaso.lib import definitions
from tests.containers import test_lib as containers_test_lib
from tests.formatters import test_lib
class BrokenConditionalEventFormatter(interface.ConditionalEventFormatter):
"""An event object for testing the conditional event formatter."""
DATA_TYPE = 'test:broken_conditional'
FORMAT_STRING_PIECES = ['{too} {many} formatting placeholders']
SOURCE_SHORT = 'LOG'
SOURCE_LONG = 'Some Text File.'
class ConditionalTestEventFormatter(interface.ConditionalEventFormatter):
"""A test conditional event formatter."""
DATA_TYPE = 'test:event:conditional'
FORMAT_STRING_PIECES = [
'Description: {description}',
'Comment',
'Value: 0x{numeric:02x}',
'Optional: {optional}',
'Text: {text}']
SOURCE_SHORT = 'LOG'
SOURCE_LONG = 'Some Text File.'
class WrongEventFormatter(interface.EventFormatter):# -*- coding: utf-8 -*-
"""The Windows Scheduled Task (job) event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
from plaso.lib import errors
class WinJobFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Windows Scheduled Task (job) event."""
DATA_TYPE = 'windows:tasks:job'
FORMAT_STRING_PIECES = [
'Application: {application}',
'{parameters}',
'Scheduled by: {username}',
'Working directory: {working_directory}',
'Trigger type: {trigger_type}']
SOURCE_LONG = 'Windows Scheduled Task Job'
SOURCE_SHORT = 'JOB'
_TRIGGER_TYPES = {
0x0000: 'ONCE',FORMAT_STRING_PIECES = [
'Bookmark {type}',
'{title}',
'({url})',
'[{places_title}]',
'visit count {visit_count}']
FORMAT_STRING_SHORT_PIECES = [
'Bookmarked {title}',
'({url})']
SOURCE_LONG = 'Firefox History'
SOURCE_SHORT = 'WEBHIST'
class FirefoxPageVisitFormatter(interface.ConditionalEventFormatter):
"""The Firefox page visited event formatter."""
DATA_TYPE = 'firefox:places:page_visited'
# Transitions defined in the source file:
# src/toolkit/components/places/nsINavHistoryService.idl
# Also contains further explanation into what each of these settings mean.
_URL_TRANSITIONS = {
1: 'LINK',
2: 'TYPED',
3: 'BOOKMARK',
4: 'EMBED',
5: 'REDIRECT_PERMANENT',
6: 'REDIRECT_TEMPORARY',
7: 'DOWNLOAD',
8: 'FRAMED_LINK',class SkypeAccountFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Skype account event."""
DATA_TYPE = 'skype:event:account'
FORMAT_STRING_PIECES = [
'{username}',
'[{email}]',
'Country: {country}']
SOURCE_LONG = 'Skype Account'
SOURCE_SHORT = 'LOG'
class SkypeChatFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Skype chat message event."""
DATA_TYPE = 'skype:event:chat'
FORMAT_STRING_PIECES = [
'From: {from_account}',
'To: {to_account}',
'[{title}]',
'Message: [{text}]']
FORMAT_STRING_SHORT_PIECES = [
'From: {from_account}',
'To: {to_account}']
SOURCE_LONG = 'Skype Chat MSG'
SOURCE_SHORT = 'LOG'# -*- coding: utf-8 -*-
"""The PCAP event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
class PCAPFormatter(interface.ConditionalEventFormatter):
"""Formatter for a PCAP event."""
DATA_TYPE = 'metadata:pcap'
FORMAT_STRING_PIECES = [
'Source IP: {source_ip}',
'Destination IP: {dest_ip}',
'Source Port: {source_port}',
'Destination Port: {dest_port}',
'Protocol: {protocol}',
'Type: {stream_type}',
'Size: {size}',
'Protocol Data: {protocol_data}',
'Stream Data: {stream_data}',
'First Packet ID: {first_packet_id}',
'Last Packet ID: {last_packet_id}',# -*- coding: utf-8 -*-
"""The syslog file event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
class SyslogLineFormatter(interface.ConditionalEventFormatter):
"""Formatter for a syslog line event."""
DATA_TYPE = 'syslog:line'
FORMAT_STRING_SEPARATOR = ''
FORMAT_STRING_PIECES = [
'{severity} ',
'[',
'{reporter}',
', pid: {pid}',
'] {body}']
SOURCE_LONG = 'Log File'
SOURCE_SHORT = 'LOG'# -*- coding: utf-8 -*-
"""The Android WebViewCache database event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
# TODO: move to android_webview.py.
class AndroidWebViewCacheFormatter(interface.ConditionalEventFormatter):
"""Formatter for Android WebViewCache event data."""
DATA_TYPE = 'android:webviewcache'
FORMAT_STRING_PIECES = [
'URL: {url}',
'Content Length: {content_length}']
FORMAT_STRING_SHORT_PIECES = [
'{url}']
SOURCE_LONG = 'Android WebViewCache'
SOURCE_SHORT = 'WebViewCache'
manager.FormattersManager.RegisterFormatter(AndroidWebViewCacheFormatter)# -*- coding: utf-8 -*-
"""The MacKeeper Cache event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
class MacKeeperCacheFormatter(interface.ConditionalEventFormatter):
"""Formatter for a MacKeeper Cache event."""
DATA_TYPE = 'mackeeper:cache'
FORMAT_STRING_PIECES = [
'{description}',
'<{event_type}>',
':',
'{text}',
'[',
'URL: {url}',
'Event ID: {record_id}',
'Room: {room}',
']']
FORMAT_STRING_SHORT_PIECES = [# -*- coding: utf-8 -*-
"""The plist event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
class PlistFormatter(interface.ConditionalEventFormatter):
"""Formatter for a plist key event."""
DATA_TYPE = 'plist:key'
FORMAT_STRING_SEPARATOR = ''
FORMAT_STRING_PIECES = [
'{root}/',
'{key}',
' {desc}']
SOURCE_LONG = 'Plist Entry'
SOURCE_SHORT = 'PLIST'
manager.FormattersManager.RegisterFormatter(PlistFormatter)# -*- coding: utf-8 -*-
"""The XChat log file event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
class XChatLogFormatter(interface.ConditionalEventFormatter):
"""Formatter for a XChat log file entry event."""
DATA_TYPE = 'xchat:log:line'
FORMAT_STRING_PIECES = [
'[nickname: {nickname}]',
'{text}']
SOURCE_LONG = 'XChat Log File'
SOURCE_SHORT = 'LOG'
manager.FormattersManager.RegisterFormatter(XChatLogFormatter)plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
81 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser