How to use the plaso.parsers.manager.ParsersManager.RegisterParser function in plaso
To help you get started, we’ve selected a few plaso examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
log2timeline / plaso / tests / parsers / manager.py View on Github 
def testGetParserAndPluginNames(self):
"""Tests the GetParserAndPluginNames function."""
TestParserWithPlugins.RegisterPlugin(TestPlugin)
manager.ParsersManager.RegisterParser(TestParserWithPlugins)
manager.ParsersManager.RegisterParser(TestParser)
parser_names = manager.ParsersManager.GetParserAndPluginNames(
parser_filter_expression='test_parser')
self.assertEqual(parser_names, ['test_parser'])
parser_names = manager.ParsersManager.GetParserAndPluginNames(
parser_filter_expression='!test_parser')
self.assertNotIn('test_parser', parser_names)
expected_parser_names = [
'test_parser_with_plugins',
'test_parser_with_plugins/test_plugin']
parser_names = manager.ParsersManager.GetParserAndPluginNames(
parser_filter_expression='test_parser_with_plugins/test_plugin')
self.assertEqual(parser_names, expected_parser_names)# a structural fix.
self._line_structures = self.LINE_STRUCTURES
self._day_of_month = None
self._month = None
self._year = None
# TODO: Examine other versions of the file format and if this parser should
# support them. For now just checking if it contains the IIS header.
if self._SIGNATURE in line:
return True
return False
manager.ParsersManager.RegisterParser(WinIISParser)'unable to read droid file identifier with error: {0!s}.'.format(
exception))
if lnk_file.birth_droid_file_identifier:
try:
self._ParseDistributedTrackingIdentifier(
parser_mediator, lnk_file.birth_droid_file_identifier, display_name)
except (TypeError, ValueError) as exception:
parser_mediator.ProduceExtractionWarning((
'unable to read birth droid file identifier with error: '
'{0!s}.').format(exception))
lnk_file.close()
manager.ParsersManager.RegisterParser(WinLnkParser)# pylint: disable=unused-argument
def VerifyStructure(self, parser_mediator, line):
"""Verifies that this is an apache access log file.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
line (str): line from the text file.
Returns:
bool: True if this is the correct parser, False otherwise.
"""
return max([parser.matches(line) for _, parser in self.LINE_STRUCTURES])
manager.ParsersManager.RegisterParser(ApacheAccessParser)Returns:
bool: True if the line is in the expected format, False if not.
"""
try:
structure = self._DPKG_LOG_LINE.parseString(line)
except pyparsing.ParseException as exception:
logger.debug(
'Unable to parse Debian dpkg.log file with error: {0!s}'.format(
exception))
return False
return 'date_time' in structure and 'body' in structure
manager.ParsersManager.RegisterParser(DpkgParser)
try:
dfdatetime_time_elements.TimeElementsInMilliseconds(
time_elements_tuple=time_elements_tuple)
except ValueError:
logger.debug(
'Not a Mac Wifi log file, invalid date and time: {0!s}'.format(
time_elements_tuple))
return False
self._last_month = time_elements_tuple[1]
return True
manager.ParsersManager.RegisterParser(MacWifiLogParser)file_size = file_object.get_size()
while file_offset < file_size:
try:
self._ParseRecord(parser_mediator, file_object)
except errors.ParseError as exception:
if file_offset == 0:
raise errors.UnableToParseFile(
'Unable to parse first event record with error: {0!s}'.format(
exception))
# TODO: skip to next event record.
file_offset = file_object.get_offset()
manager.ParsersManager.RegisterParser(BSMParser)try:
record, record_length = self._ReadStructureFromFileObject(
file_object, file_offset, record_map)
file_offset += record_length
except (ValueError, errors.ParseError) as exception:
parser_mediator.ProduceExtractionWarning(
'Unable to parse page record with error: {0!s}'.format(
exception))
break
event_data = self._BuildEventData(record)
parser_mediator.ProduceEventWithEventData(event, event_data)
manager.ParsersManager.RegisterParser(FseventsdParser)date_time, definitions.TIME_DESCRIPTION_DELETED)
parser_mediator.ProduceEventWithEventData(event, event_data)
self._ExtractExtensionInstallEvents(extensions_dict, parser_mediator)
profile_dict = json_dict.get('profile', None)
if profile_dict:
content_settings_dict = profile_dict.get('content_settings', None)
if content_settings_dict:
exceptions_dict = content_settings_dict.get('exceptions', None)
if exceptions_dict:
self._ExtractContentSettingsExceptions(
exceptions_dict, parser_mediator)
manager.ParsersManager.RegisterParser(ChromePreferencesParser)try:
timestamp, event_data = self._ReadEntry(
parser_mediator, file_object, file_offset)
except errors.ParseError as exception:
break
date_time = dfdatetime_posix_time.PosixTimeInMicroseconds(
timestamp=timestamp)
event = time_events.DateTimeValuesEvent(
date_time, definitions.TIME_DESCRIPTION_START)
parser_mediator.ProduceEventWithEventData(event, event_data)
file_offset = file_object.tell()
manager.ParsersManager.RegisterParser(UtmpxParser)plaso
Plaso (log2timeline) - Super timeline all the things
Package Health Score
81 / 100Popular plaso functions
- plaso.containers.events
- plaso.containers.events.EventData
- plaso.containers.sessions.Session
- plaso.containers.time_events
- plaso.containers.time_events.DateTimeValuesEvent
- plaso.engine.knowledge_base.KnowledgeBase
- plaso.formatters.interface
- plaso.formatters.interface.ConditionalEventFormatter
- plaso.formatters.manager
- plaso.formatters.manager.FormattersManager
- plaso.formatters.manager.FormattersManager.RegisterFormatter
- plaso.lib.definitions
- plaso.lib.errors
- plaso.lib.errors.BadConfigObject
- plaso.lib.errors.BadConfigOption
- plaso.lib.errors.ParseError
- plaso.lib.errors.UnableToParseFile
- plaso.lib.py2to3
- plaso.lib.timelib.Timestamp.CopyFromString
- plaso.parsers.manager.ParsersManager.RegisterParser