How to use the plaso.formatters.manager.FormattersManager function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

log2timeline / plaso / tests / output / l2t_csv.py View on Github

expected_event_body = (
        '06/27/2012,18:17:01,UTC,M...,LOG,Syslog,Content Modification Time,-,'
        'ubuntu,Reporter  PID: 8442 (pam_unix(cron:session): session '
        'closed for user root),Reporter  PID: 8442 '
        '(pam_unix(cron:session): session closed for user root),'
        '2,log/syslog.1,-,Malware Printed,'
        '-,a_binary_field: binary; my_number: 123; some_additional_foo: True\n')

    event_body = self._output_writer.ReadOutput()
    self.assertEqual(event_body, expected_event_body)

    # Ensure that the only commas returned are the 16 delimiters.
    self.assertEqual(event_body.count(','), 16)

    formatters_manager.FormattersManager.DeregisterFormatter(
        L2TTestEventFormatter)

log2timeline / plaso / plaso / formatters / firefox_cookies.py View on Github

FORMAT_STRING_PIECES = [
      '{url}',
      '({cookie_name})',
      'Flags:',
      '[HTTP only]: {httponly}',
      '(GA analysis: {ga_data})']

  FORMAT_STRING_SHORT_PIECES = [
      '{host}',
      '({cookie_name})']

  SOURCE_LONG = 'Firefox Cookies'
  SOURCE_SHORT = 'WEBHIST'


manager.FormattersManager.RegisterFormatter(FirefoxCookieFormatter)

log2timeline / plaso / plaso / formatters / android_sms.py View on Github

DATA_TYPE = 'android:messaging:sms'

  FORMAT_STRING_PIECES = [
      'Type: {sms_type}',
      'Address: {address}',
      'Status: {sms_read}',
      'Message: {body}']

  FORMAT_STRING_SHORT_PIECES = ['{body}']

  SOURCE_LONG = 'Android SMS messages'
  SOURCE_SHORT = 'SMS'


manager.FormattersManager.RegisterFormatter(AndroidSmsFormatter)

log2timeline / plaso / plaso / formatters / selinux.py View on Github

DATA_TYPE = 'selinux:line'

  FORMAT_STRING_SEPARATOR = ''

  FORMAT_STRING_PIECES = [
      '[',
      'audit_type: {audit_type}',
      ', pid: {pid}',
      ']',
      ' {body}']

  SOURCE_LONG = 'Audit log File'
  SOURCE_SHORT = 'LOG'


manager.FormattersManager.RegisterFormatter(SELinuxFormatter)

log2timeline / plaso / plaso / formatters / safari_cookies.py View on Github

cookie_flags = event_values.get('flags', None)
    if cookie_flags == 0:
      del event_values['flags']
    elif cookie_flags:
      flags = []
      for flag_value, flag_description in iter(self._COOKIE_FLAGS.items()):
        if cookie_flags & flag_value:
          flags.append(flag_description)

      event_values['flags'] = '|'.join(flags)

    return self._ConditionalFormatMessages(event_values)


manager.FormattersManager.RegisterFormatter(SafariCookieFormatter)

log2timeline / plaso / plaso / formatters / mcafeeav.py View on Github

'File Name: {filename}',
      'User: {username}',
      '{trigger_location}',
      '{status}',
      '{rule}',
      '{action}']

  FORMAT_STRING_SHORT_PIECES = [
      '{filename}',
      '{action}']

  SOURCE_LONG = 'McAfee Access Protection Log'
  SOURCE_SHORT = 'LOG'


manager.FormattersManager.RegisterFormatter(
    McafeeAccessProtectionLogEventFormatter)

log2timeline / plaso / plaso / formatters / winreg.py View on Github

"""
    if self.DATA_TYPE != event_data.data_type:
      raise errors.WrongFormatter('Unsupported data type: {0:s}.'.format(
          event_data.data_type))

    source_long = getattr(event_data, 'source_long', 'UNKNOWN')

    # TODO: remove source_append, which is kept for backwards compatibility.
    source_append = getattr(event_data, 'source_append', None)
    if source_append:
      source_long = '{0:s} {1:s}'.format(source_long, source_append)

    return self.SOURCE_SHORT, source_long


manager.FormattersManager.RegisterFormatter(WinRegistryGenericFormatter)

log2timeline / plaso / plaso / formatters / android_app_usage.py View on Github

class AndroidApplicationFormatter(interface.ConditionalEventFormatter):
  """Formatter for an Application Last Resumed event."""

  DATA_TYPE = 'android:event:last_resume_time'

  FORMAT_STRING_PIECES = [
      'Package: {package}',
      'Component: {component}']

  SOURCE_LONG = 'Android App Usage'
  SOURCE_SHORT = 'LOG'


manager.FormattersManager.RegisterFormatter(AndroidApplicationFormatter)

log2timeline / plaso / plaso / formatters / bsm.py View on Github

"""
    if self.DATA_TYPE != event_data.data_type:
      raise errors.WrongFormatter('Unsupported data type: {0:s}.'.format(
          event_data.data_type))

    event_values = event_data.CopyToDict()

    event_type = event_values.get('event_type', None)
    if event_type:
      event_values['event_type_string'] = bsmtoken.BSM_AUDIT_EVENT.get(
          event_type, 'UNKNOWN')

    return self._ConditionalFormatMessages(event_values)


manager.FormattersManager.RegisterFormatter(BSMFormatter)

log2timeline / plaso / plaso / filters / value_expanders.py View on Github

def _GetSources(self, event):
    """Retrieves a formatted source strings.

    Args:
      event (EventObject): event.

    Returns:
      tuple(str, str): short and long source string.
    """
    try:
      # TODO: refactor to pass event and event_data as separate arguments.
      source_short, source_long = (
          formatters_manager.FormattersManager.GetSourceStrings(event, event))
    except KeyError as exception:
      logging.warning(
          'Unable to correctly assemble event with error: {0!s}'.format(
              exception))

    return source_short, source_long

How to use the plaso.formatters.manager.FormattersManager function in plaso

To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.

plaso

Package Health Score

Popular plaso functions

Similar packages