How to use the plaso.formatters.manager function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

log2timeline / plaso / tests / formatters / manager.py View on Github

def testGetUnformattedAttributes(self):
    """Tests the GetUnformattedAttributes function."""
    manager.FormattersManager.RegisterFormatter(test_lib.TestEventFormatter)

    _, event_data = containers_test_lib.CreateEventFromValues(
        self._TEST_EVENTS[0])

    unformatted_attributes = manager.FormattersManager.GetUnformattedAttributes(
        event_data)
    self.assertEqual(unformatted_attributes, ['random'])

    manager.FormattersManager.DeregisterFormatter(test_lib.TestEventFormatter)

log2timeline / plaso / tests / output / l2t_csv.py View on Github

'a_binary_field: binary; my_number: 123; some_additional_foo: True']

    event, event_data = containers_test_lib.CreateEventFromValues(
        self._TEST_EVENTS[0])
    output_values = self._formatter._GetOutputValues(event, event_data, None)
    self.assertEqual(len(output_values), 17)
    self.assertEqual(output_values, expected_output_values)

    event.timestamp = -9223372036854775808
    output_values = self._formatter._GetOutputValues(event, event_data, None)
    self.assertEqual(len(output_values), 17)
    expected_output_values[0] = '00/00/0000'
    expected_output_values[1] = '--:--:--'
    self.assertEqual(output_values, expected_output_values)

    formatters_manager.FormattersManager.DeregisterFormatter(
        L2TTestEventFormatter)

log2timeline / plaso / plaso / formatters / sam_users.py View on Github

'Username: {username}',
      'Full name: {fullname}',
      'Comments: {comments}',
      'RID: {account_rid}',
      'Login count: {login_count}']

  FORMAT_STRING_SHORT_PIECES = [
      '{username}',
      'RID: {account_rid}',
      'Login count: {login_count}']

  SOURCE_LONG = 'Registry Key: User Account Information'
  SOURCE_SHORT = 'REG'


manager.FormattersManager.RegisterFormatter(
    SAMUsersWindowsRegistryEventFormatter)

log2timeline / plaso / plaso / formatters / mactime.py View on Github

from plaso.formatters import manager


class MactimeFormatter(interface.EventFormatter):
  """Formatter for a mactime event."""

  DATA_TYPE = 'fs:mactime:line'

  # The format string.
  FORMAT_STRING = '{filename}'

  SOURCE_LONG = 'Mactime Bodyfile'
  SOURCE_SHORT = 'FILE'


manager.FormattersManager.RegisterFormatter(MactimeFormatter)

log2timeline / plaso / plaso / formatters / mac_appfirewall.py View on Github

FORMAT_STRING_PIECES = [
      'Computer: {computer_name}',
      'Agent: {agent}',
      'Status: {status}',
      'Process name: {process_name}',
      'Log: {action}']

  FORMAT_STRING_SHORT_PIECES = [
      'Process name: {process_name}',
      'Status: {status}']

  SOURCE_LONG = 'Mac AppFirewall Log'
  SOURCE_SHORT = 'LOG'


manager.FormattersManager.RegisterFormatter(MacAppFirewallLogFormatter)

log2timeline / plaso / plaso / formatters / chrome_cookies.py View on Github

FORMAT_STRING_PIECES = [
      '{url}',
      '({cookie_name})',
      'Flags:',
      '[HTTP only] = {httponly}',
      '[Persistent] = {persistent}']

  FORMAT_STRING_SHORT_PIECES = [
      '{host}',
      '({cookie_name})']

  SOURCE_LONG = 'Chrome Cookies'
  SOURCE_SHORT = 'WEBHIST'


manager.FormattersManager.RegisterFormatter(ChromeCookieFormatter)

log2timeline / plaso / plaso / output / mediator.py View on Github

def GetEventFormatter(self, event):
    """Retrieves the event formatter for a specific event type.

    Args:
      event (EventObject): event.

    Returns:
      EventFormatter: event formatter or None.
    """
    data_type = getattr(event, 'data_type', None)
    if not data_type:
      return None

    return formatters_manager.FormattersManager.GetFormatterObject(
        event.data_type)

log2timeline / plaso / plaso / formatters / appusage.py View on Github

class ApplicationUsageFormatter(interface.EventFormatter):
  """Formatter for a MacOS Application usage event."""

  DATA_TYPE = 'macosx:application_usage'

  FORMAT_STRING = (
      '{application} v.{app_version} (bundle: {bundle_id}). '
      'Launched: {count} time(s)')
  FORMAT_STRING_SHORT = '{application} ({count} time(s))'

  SOURCE_LONG = 'Application Usage'
  SOURCE_SHORT = 'LOG'


manager.FormattersManager.RegisterFormatter(ApplicationUsageFormatter)

log2timeline / plaso / plaso / formatters / winregservice.py View on Github

service_enums = human_readable_service_enums.SERVICE_ENUMS
      # Check if we need to can make the value more human readable.
      if service_value_name in service_enums.keys():
        service_enum = service_enums[service_value_name]
        # Find the human readable version of the name and fall back to the
        # raw value if it's not found.
        human_readable_value = service_enum.get(
            regvalue[service_value_name],
            regvalue[service_value_name])
        regvalue[service_value_name] = human_readable_value

    return super(WinRegistryServiceFormatter, self).GetMessages(
        formatter_mediator, event_data)


manager.FormattersManager.RegisterFormatter(WinRegistryServiceFormatter)

log2timeline / plaso / plaso / formatters / java_idx.py View on Github

class JavaIDXFormatter(interface.ConditionalEventFormatter):
  """Formatter for an Java WebStart Cache IDX download event."""

  DATA_TYPE = 'java:download:idx'

  FORMAT_STRING_PIECES = [
      'IDX Version: {idx_version}',
      'Host IP address: ({ip_address})',
      'Download URL: {url}']

  SOURCE_LONG = 'Java Cache IDX'
  SOURCE_SHORT = 'JAVA_IDX'


manager.FormattersManager.RegisterFormatter(JavaIDXFormatter)

How to use the plaso.formatters.manager function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

plaso

Package Health Score

Popular plaso functions

Similar packages