Python OutputMediator Beispiele

Beispiel #1

  def _CreateOutputMediator(self, storage_file=None):
    """Creates a test output mediator.

    Args:
      storage_file (Optional[StorageFile]): storage file.

    Returns:
      OutputMediator: output mediator.
    """
    knowledge_base_object = knowledge_base.KnowledgeBase()

    if storage_file:
      # TODO: clean up
      for session in storage_file.GetSessions():
        if not session.source_configurations:
          storage_file.ReadSystemConfiguration(knowledge_base_object)
        else:
          for source_configuration in session.source_configurations:
            knowledge_base_object.ReadSystemConfigurationArtifact(
                source_configuration.system_configuration,
                session_identifier=session.identifier)

    output_mediator = mediator.OutputMediator(
        knowledge_base_object, data_location=shared_test_lib.TEST_DATA_PATH)

    return output_mediator

Beispiel #2

Datei: test_lib.py Projekt: dfjxs/plaso

    def _CreateOutputMediator(self, dynamic_time=True, storage_file=None):
        """Creates a test output mediator.

    Args:
      dynamic_time (Optional[bool]): True if date and time values should be
          represented in their granularity or semantically.
      storage_file (Optional[StorageFile]): storage file.

    Returns:
      OutputMediator: output mediator.
    """
        knowledge_base_object = knowledge_base.KnowledgeBase()

        if storage_file:
            for session in storage_file.GetSessions():
                for source_configuration in session.source_configurations or []:
                    knowledge_base_object.ReadSystemConfigurationArtifact(
                        source_configuration.system_configuration,
                        session_identifier=session.identifier)

        output_mediator = mediator.OutputMediator(
            knowledge_base_object,
            data_location=shared_test_lib.TEST_DATA_PATH,
            dynamic_time=dynamic_time)

        return output_mediator

Beispiel #3

Datei: tool_options.py Projekt: tincho9/plaso

  def _CreateOutputModule(self, options):
    """Creates the output module.

    Args:
      options (argparse.Namespace): command line arguments.

    Returns:
      OutputModule: output module.
    """
    formatter_mediator = formatters_mediator.FormatterMediator(
        data_location=self._data_location)

    try:
      formatter_mediator.SetPreferredLanguageIdentifier(
          self._preferred_language)
    except (KeyError, TypeError) as exception:
      raise RuntimeError(exception)

    mediator = output_mediator.OutputMediator(
        self._knowledge_base, formatter_mediator,
        preferred_encoding=self.preferred_encoding)
    mediator.SetTimezone(self._preferred_time_zone)

    try:
      output_module = output_manager.OutputManager.NewOutputModule(
          self._output_format, mediator)

    except (KeyError, ValueError) as exception:
      raise RuntimeError(
          'Unable to create output module with error: {0!s}'.format(
              exception))

    if output_manager.OutputManager.IsLinearOutputModule(self._output_format):
      output_file_object = open(self._output_filename, 'wb')
      output_writer = tools.FileObjectOutputWriter(output_file_object)
      output_module.SetOutputWriter(output_writer)

    helpers_manager.ArgumentHelperManager.ParseOptions(options, output_module)

    # Check if there are parameters that have not been defined and need to
    # in order for the output module to continue. Prompt user to supply
    # those that may be missing.
    missing_parameters = output_module.GetMissingArguments()
    while missing_parameters:
      for parameter in missing_parameters:
        value = self._PromptUserForInput(
            'Missing parameter {0:s} for output module'.format(parameter))
        if value is None:
          logger.warning(
              'Unable to set the missing parameter for: {0:s}'.format(
                  parameter))
          continue

        setattr(options, parameter, value)

      helpers_manager.ArgumentHelperManager.ParseOptions(
          options, output_module)
      missing_parameters = output_module.GetMissingArguments()

    return output_module

Beispiel #4

Datei: psort.py Projekt: tavernier/plaso

    def testInternalExportEventsDeduplicate(self):
        """Tests the _ExportEvents function with deduplication."""
        knowledge_base_object = knowledge_base.KnowledgeBase()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object,
            data_location=shared_test_lib.TEST_DATA_PATH)

        formatters_directory_path = self._GetDataFilePath(['formatters'])
        output_mediator_object.ReadMessageFormattersFromDirectory(
            formatters_directory_path)

        output_module = TestOutputModule(output_mediator_object)

        test_engine = psort.PsortMultiProcessEngine()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            self._CreateTestStorageFile(temp_file)
            self._ReadSessionConfiguration(temp_file, knowledge_base_object)

            storage_reader = (storage_factory.StorageFactory.
                              CreateStorageReaderForFile(temp_file))
            storage_reader.ReadSystemConfiguration(knowledge_base_object)

            test_engine._ExportEvents(storage_reader, output_module)

        self.assertEqual(len(output_module.events), 15)
        self.assertEqual(len(output_module.macb_groups), 3)

Beispiel #5

Datei: output_engine.py Projekt: cshanahan/plaso

    def testInternalExportEvents(self):
        """Tests the _ExportEvents function."""
        knowledge_base_object = knowledge_base.KnowledgeBase()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object,
            data_location=shared_test_lib.TEST_DATA_PATH)

        formatters_directory_path = self._GetDataFilePath(['formatters'])
        output_mediator_object.ReadMessageFormattersFromDirectory(
            formatters_directory_path)

        output_module = TestOutputModule(output_mediator_object)

        test_engine = output_engine.OutputAndFormattingMultiProcessEngine()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            self._CreateTestStorageFile(temp_file)
            self._ReadSessionConfiguration(temp_file, knowledge_base_object)

            storage_reader = (storage_factory.StorageFactory.
                              CreateStorageReaderForFile(temp_file))
            for session in storage_reader.GetSessions():
                knowledge_base_object.SetActiveSession(session.identifier)
                for source_configuration in session.source_configurations or []:
                    knowledge_base_object.ReadSystemConfigurationArtifact(
                        source_configuration.system_configuration)

            test_engine._ExportEvents(storage_reader,
                                      output_module,
                                      deduplicate_events=False)

        self.assertEqual(len(output_module.events), 17)
        self.assertEqual(len(output_module.macb_groups), 3)

Beispiel #6

    def testInternalExportEvents(self):
        """Tests the _ExportEvents function."""
        knowledge_base_object = knowledge_base.KnowledgeBase()
        output_writer = cli_test_lib.TestOutputWriter()

        formatter_mediator = formatters_mediator.FormatterMediator()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object, formatter_mediator)

        output_module = TestOutputModule(output_mediator_object)
        output_module.SetOutputWriter(output_writer)

        test_engine = psort.PsortMultiProcessEngine()

        formatters_manager.FormattersManager.RegisterFormatter(
            TestEventFormatter)

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            self._CreateTestStorageFile(temp_file)

            storage_reader = (storage_factory.StorageFactory.
                              CreateStorageReaderForFile(temp_file))
            storage_reader.ReadPreprocessingInformation(knowledge_base_object)

            test_engine._ExportEvents(storage_reader,
                                      output_module,
                                      deduplicate_events=False)

        formatters_manager.FormattersManager.DeregisterFormatter(
            TestEventFormatter)

        self.assertEqual(len(output_module.events), 17)
        self.assertEqual(len(output_module.macb_groups), 3)

Beispiel #7

Datei: test_lib.py Projekt: tavernier/plaso

  def _TestGetMessageStrings(
      self, event_data, expected_message, expected_short_message):
    """Tests the formatting of the message strings.

    This function invokes the GetMessageStrings function of the event data
    formatter on the event data and compares the resulting messages strings
    with those expected.

    Args:
      event_data (EventData): event data.
      expected_message (str): expected message string.
      expected_short_message (str): expected short message string.
    """
    knowledge_base_object = knowledge_base.KnowledgeBase()
    output_mediator_object = output_mediator.OutputMediator(
        knowledge_base_object, data_location=shared_test_lib.TEST_DATA_PATH)

    formatters_directory_path = self._GetDataFilePath(['formatters'])
    output_mediator_object.ReadMessageFormattersFromDirectory(
        formatters_directory_path)

    fields_formatting_helper = dynamic.DynamicFieldFormattingHelper(
        output_mediator_object)

    message = fields_formatting_helper.GetFormattedField(
        'message', None, event_data, None, None)
    self.assertEqual(message, expected_message)

    message_short = fields_formatting_helper.GetFormattedField(
        'message_short', None, event_data, None, None)
    self.assertEqual(message_short, expected_short_message)

Beispiel #8

Datei: psort.py Projekt: tavernier/plaso

    def testAnalyzeEvents(self):
        """Tests the AnalyzeEvents function."""
        test_file_path = self._GetTestFilePath(['psort_test.plaso'])
        self._SkipIfPathNotExists(test_file_path)

        session = sessions.Session()
        knowledge_base_object = knowledge_base.KnowledgeBase()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object,
            data_location=shared_test_lib.TEST_DATA_PATH)

        output_mediator_object.SetPreferredLanguageIdentifier('en-US')

        output_module = null.NullOutputModule(output_mediator_object)

        data_location = ''
        analysis_plugin = tagging.TaggingAnalysisPlugin()
        analysis_plugins = {'tagging': analysis_plugin}
        # TODO: set tag file.

        configuration = configurations.ProcessingConfiguration()

        test_engine = psort.PsortMultiProcessEngine()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            shutil.copyfile(test_file_path, temp_file)

            storage_writer = storage_factory.StorageFactory.CreateStorageWriter(
                definitions.DEFAULT_STORAGE_FORMAT, session, temp_file)

            counter = test_engine.AnalyzeEvents(knowledge_base_object,
                                                storage_writer, output_module,
                                                data_location,
                                                analysis_plugins,
                                                configuration)

        # TODO: assert if tests were successful.
        _ = counter

        test_filter = filters_test_lib.TestEventFilter()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            shutil.copyfile(test_file_path, temp_file)

            storage_writer = storage_factory.StorageFactory.CreateStorageWriter(
                definitions.DEFAULT_STORAGE_FORMAT, session, temp_file)

            counter = test_engine.AnalyzeEvents(knowledge_base_object,
                                                storage_writer,
                                                data_location,
                                                analysis_plugins,
                                                configuration,
                                                event_filter=test_filter)

        # TODO: assert if tests were successful.
        _ = counter

Beispiel #9

  def testGetUsername(self):
    """Tests the GetUsername function."""
    output_mediator = mediator.OutputMediator(self._knowledge_base, None)

    _, event_data, _ = containers_test_lib.CreateEventFromValues(
        self._TEST_EVENTS[0])
    username = output_mediator.GetUsername(event_data)
    self.assertEqual(username, 'root')

Beispiel #10

Datei: test_lib.py Projekt: tavernier/plaso

    def _CreateOutputMediator(self):
        """Creates a test output mediator.

    Returns:
      OutputMediator: output mediator.
    """
        knowledge_base_object = knowledge_base.KnowledgeBase()
        return output_mediator.OutputMediator(knowledge_base_object)

Beispiel #11

  def testReadMessageFormattersFromDirectory(self):
    """Tests the ReadMessageFormattersFromDirectory function."""
    test_directory_path = self._GetTestFilePath(['formatters'])
    self._SkipIfPathNotExists(test_directory_path)

    output_mediator = mediator.OutputMediator(self._knowledge_base, None)

    output_mediator.ReadMessageFormattersFromDirectory(test_directory_path)
    self.assertEqual(len(output_mediator._message_formatters), 2)

Beispiel #12

  def testGetMACBRepresentation(self):
    """Tests the GetMACBRepresentation function."""
    output_mediator = mediator.OutputMediator(self._knowledge_base, None)

    event, event_data, _ = containers_test_lib.CreateEventFromValues(
        self._TEST_EVENTS[0])
    macb_representation = output_mediator.GetMACBRepresentation(
        event, event_data)
    self.assertEqual(macb_representation, '..C.')

Beispiel #13

  def testReadMessageFormattersFile(self):
    """Tests the _ReadMessageFormattersFile function."""
    test_file_path = self._GetTestFilePath(['formatters', 'format_test.yaml'])
    self._SkipIfPathNotExists(test_file_path)

    output_mediator = mediator.OutputMediator(self._knowledge_base, None)

    output_mediator._ReadMessageFormattersFile(test_file_path)
    self.assertEqual(len(output_mediator._message_formatters), 2)

Beispiel #14

Datei: psort.py Projekt: mutedmouse/plaso

    def testOutput(self):
        """Testing if psort can output data."""
        formatters_manager.FormattersManager.RegisterFormatter(
            PsortTestEventFormatter)

        events = []
        events.append(PsortTestEvent(5134324321))
        events.append(PsortTestEvent(2134324321))
        events.append(PsortTestEvent(9134324321))
        events.append(PsortTestEvent(15134324321))
        events.append(PsortTestEvent(5134324322))
        events.append(PsortTestEvent(5134024321))

        output_writer = cli_test_lib.TestOutputWriter()

        with shared_test_lib.TempDirectory() as dirname:
            temp_file = os.path.join(dirname, u'plaso.db')

            storage_file = storage.StorageFile(temp_file, read_only=False)
            pfilter.TimeRangeCache.ResetTimeConstraints()
            storage_file.SetStoreLimit()
            storage_file.AddEventObjects(events)
            storage_file.Close()

            with storage.StorageFile(temp_file) as storage_file:
                storage_file.store_range = [1]
                output_mediator_object = output_mediator.OutputMediator(
                    self._formatter_mediator, storage_file)
                output_module = TestOutputModule(output_mediator_object)
                output_module.SetOutputWriter(output_writer)
                event_buffer = TestEventBuffer(output_module,
                                               check_dedups=False,
                                               store=storage_file)

                self._front_end.ProcessEventsFromStorage(
                    storage_file, event_buffer)

        event_buffer.Flush()
        lines = []
        output = output_writer.ReadOutput()
        for line in output.split(b'\n'):
            if line == b'.':
                continue
            if line:
                lines.append(line)

        # One more line than events (header row).
        self.assertEqual(len(lines), 7)
        self.assertTrue(b'My text goes along: My text dude. lines' in lines[2])
        self.assertTrue(b'LOG/' in lines[2])
        self.assertTrue(b'None in Particular' in lines[2])
        self.assertEqual(lines[0], (
            b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,'
            b'version,filename,inode,notes,format,extra'))

        formatters_manager.FormattersManager.DeregisterFormatter(
            PsortTestEventFormatter)

Beispiel #15

Datei: mediator.py Projekt: william-billaud/plaso

    def setUp(self):
        """Makes preparations before running an individual test."""
        knowledge_base_object = knowledge_base.KnowledgeBase()

        hostname_artifact = artifacts.HostnameArtifact(name='myhost')
        knowledge_base_object.SetHostname(hostname_artifact)

        self._output_mediator = mediator.OutputMediator(
            knowledge_base_object, None)

Beispiel #16

Datei: psteal_tool.py Projekt: Team-Firebugs/plaso

    def _ParseOutputModuleOptions(self, options):
        """Parses the output module options.

    Args:
      options (argparse.Namespace): command line arguments.

    Raises:
      BadConfigOption: if the options are invalid.
    """
        preferred_time_zone = self._preferred_time_zone or u'UTC'

        formatter_mediator = formatters_mediator.FormatterMediator(
            data_location=self._data_location)

        try:
            formatter_mediator.SetPreferredLanguageIdentifier(
                self._preferred_language)
        except (KeyError, TypeError) as exception:
            raise RuntimeError(exception)

        output_mediator_object = output_mediator.OutputMediator(
            self._knowledge_base,
            formatter_mediator,
            preferred_encoding=self.preferred_encoding)
        output_mediator_object.SetTimezone(preferred_time_zone)

        try:
            self._output_module = output_manager.OutputManager.NewOutputModule(
                self._output_format, output_mediator_object)

        except IOError as exception:
            raise RuntimeError(
                u'Unable to create output module with error: {0:s}'.format(
                    exception))

        if not self._output_module:
            raise RuntimeError(u'Missing output module.')

        if isinstance(self._output_module,
                      output_interface.LinearOutputModule):
            if not self._output_filename:
                raise errors.BadConfigOption(
                    (u'Output format: {0:s} requires an output file').format(
                        self._output_format))

            if os.path.exists(self._output_filename):
                raise errors.BadConfigOption(
                    u'Output file already exists: {0:s}.'.format(
                        self._output_filename))

            output_file_object = open(self._output_filename, u'wb')
            output_writer = tools.FileObjectOutputWriter(output_file_object)

            self._output_module.SetOutputWriter(output_writer)

        helpers_manager.ArgumentHelperManager.ParseOptions(
            options, self._output_module)

Beispiel #17

    def _CreateOutputMediator(self):
        """Creates a test output mediator.

    Returns:
      OutputMediator: output mediator.
    """
        knowledge_base_object = knowledge_base.KnowledgeBase()
        formatter_mediator = formatters_mediator.FormatterMediator()
        return output_mediator.OutputMediator(knowledge_base_object,
                                              formatter_mediator)

Beispiel #18

Datei: psort.py Projekt: arunthirukkonda/plaso

    def testAnalyzeEvents(self):
        """Tests the AnalyzeEvents function."""
        storage_file_path = self._GetTestFilePath(['psort_test.json.plaso'])

        session = sessions.Session()
        knowledge_base_object = knowledge_base.KnowledgeBase()

        formatter_mediator = formatters_mediator.FormatterMediator()
        formatter_mediator.SetPreferredLanguageIdentifier('en-US')

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object, formatter_mediator)

        output_module = null.NullOutputModule(output_mediator_object)

        data_location = ''
        analysis_plugin = tagging.TaggingAnalysisPlugin()
        analysis_plugins = {'tagging': analysis_plugin}
        # TODO: set tag file.

        test_engine = psort.PsortMultiProcessEngine()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            shutil.copyfile(storage_file_path, temp_file)

            storage_writer = storage_zip_file.ZIPStorageFileWriter(
                session, temp_file)

            counter = test_engine.AnalyzeEvents(knowledge_base_object,
                                                storage_writer, output_module,
                                                data_location,
                                                analysis_plugins)

        # TODO: assert if tests were successful.
        _ = counter

        test_filter = filters_test_lib.TestEventFilter()

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, 'storage.plaso')
            shutil.copyfile(storage_file_path, temp_file)

            storage_writer = storage_zip_file.ZIPStorageFileWriter(
                session, temp_file)

            counter = test_engine.AnalyzeEvents(knowledge_base_object,
                                                storage_writer,
                                                data_location,
                                                analysis_plugins,
                                                event_filter=test_filter)

        # TODO: assert if tests were successful.
        _ = counter

Beispiel #19

Datei: test_lib.py Projekt: vertigo0001/plaso

    def _CreateOutputMediator(self, storage_object=None):
        """Creates a test output mediator.

    Args:
      storage_object: optional storage file object (instance of StorageFile)
                      that defines the storage. The default is None.

    Returns:
      An output mediator (instance of OutputMediator).
    """
        formatter_mediator = formatters_mediator.FormatterMediator()
        return mediator.OutputMediator(formatter_mediator, storage_object)

Beispiel #20

Datei: psort.py Projekt: william-billaud/plaso

    def testExportEvents(self):
        """Tests the ExportEvents function."""
        test_file_path = self._GetTestFilePath(['psort_test.plaso'])
        self._SkipIfPathNotExists(test_file_path)

        knowledge_base_object = knowledge_base.KnowledgeBase()
        output_writer = cli_test_lib.TestBinaryOutputWriter()

        formatters_manager.FormattersManager.Reset()
        formatters_directory_path = self._GetDataFilePath(['formatters'])
        formatters_manager.FormattersManager.ReadFormattersFromDirectory(
            formatters_directory_path)

        formatter_mediator = formatters_mediator.FormatterMediator()
        formatter_mediator.SetPreferredLanguageIdentifier('en-US')

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object,
            formatter_mediator,
            data_location=shared_test_lib.TEST_DATA_PATH)

        output_module = dynamic.DynamicOutputModule(output_mediator_object)
        output_module.SetOutputWriter(output_writer)

        configuration = configurations.ProcessingConfiguration()

        storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
            test_file_path)

        test_engine = psort.PsortMultiProcessEngine()
        test_engine.ExportEvents(knowledge_base_object, storage_reader,
                                 output_module, configuration)

        lines = []
        output = output_writer.ReadOutput()
        # TODO: add test output writer that produces strings also see:
        # https://github.com/log2timeline/plaso/issues/1963
        output = codecs.decode(output, 'utf-8')
        for line in output.split('\n'):
            lines.append(line)

        self.assertEqual(len(lines), 22)

        expected_line = ('2014-11-18T01:15:43+00:00,'
                         'Content Modification Time,'
                         'LOG,'
                         'Log File,'
                         '[---] last message repeated 5 times ---,'
                         'syslog,'
                         'OS:/tmp/test/test_data/syslog,'
                         'repeated')
        self.assertEqual(lines[14], expected_line)

Beispiel #21

  def _CreateOutputMediator(self, dynamic_time=True):
    """Creates a test output mediator.

    Args:
      dynamic_time (Optional[bool]): True if date and time values should be
          represented in their granularity or semantically.

    Returns:
      OutputMediator: output mediator.
    """
    knowledge_base_object = knowledge_base.KnowledgeBase()

    return mediator.OutputMediator(
        knowledge_base_object, data_location=shared_test_lib.TEST_DATA_PATH,
        dynamic_time=dynamic_time)

Beispiel #22

Datei: mediator_test.py Projekt: cnbird1999/plaso

    def testGetConfigurationValue(self):
        """Tests the GetConfigurationValue function."""
        expected_config_value = u'My test config setting.'

        config = test_lib.TestConfig()
        config.my_setting = expected_config_value

        output_mediator = mediator.OutputMediator(None, None, config=config)
        self.assertNotEqual(output_mediator, None)

        config_value = output_mediator.GetConfigurationValue(u'my_setting')
        self.assertEqual(config_value, expected_config_value)

        config_value = output_mediator.GetConfigurationValue(u'bogus')
        self.assertEqual(config_value, None)

Beispiel #23

Datei: test_lib.py Projekt: vonnopsled/plaso

    def _CreateOutputMediator(self, storage_file=None):
        """Creates a test output mediator.

    Args:
      storage_file: optional storage file object (instance of StorageFile).

    Returns:
      An output mediator (instance of OutputMediator).
    """
        formatter_mediator = formatters_mediator.FormatterMediator()
        output_mediator = mediator.OutputMediator(formatter_mediator)

        if storage_file:
            output_mediator.SetStorageFile(storage_file)

        return output_mediator

Beispiel #24

Datei: test_lib.py Projekt: cnbird1999/plaso

    def _CreateOutputMediator(self, config=None, storage_object=None):
        """Creates a test output mediator.

    Args:
      config: optional configuration object, containing config information.
              The default is None.
      storage_object: optional storage file object (instance of StorageFile)
                      that defines the storage. The default is None.

    Returns:
      An output mediator (instance of OutputMediator).
    """
        formatter_mediator = formatters_mediator.FormatterMediator()
        return mediator.OutputMediator(formatter_mediator,
                                       storage_object,
                                       config=config)

Beispiel #25

Datei: tool_options.py Projekt: hyuunnn/plaso

    def _CreateOutputMediator(self):
        """Creates an output mediator.

    Raises:
      BadConfigOption: if the message formatters file or directory cannot be
          read.
    """
        self._output_mediator = output_mediator.OutputMediator(
            self._knowledge_base,
            data_location=self._data_location,
            dynamic_time=self._output_dynamic_time,
            preferred_encoding=self.preferred_encoding)

        self._output_mediator.SetTimeZone(self._output_time_zone)

        self._ReadMessageFormatters()

Beispiel #26

    def testInternalExportEvents(self):
        """Tests the _ExportEvents function."""
        knowledge_base_object = knowledge_base.KnowledgeBase()
        output_writer = cli_test_lib.TestOutputWriter()

        formatter_mediator = formatters_mediator.FormatterMediator()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object, formatter_mediator)

        output_module = TestOutputModule(output_mediator_object)
        output_module.SetOutputWriter(output_writer)

        test_engine = psort.PsortMultiProcessEngine()

        formatters_manager.FormattersManager.RegisterFormatter(
            TestEventFormatter)

        with shared_test_lib.TempDirectory() as temp_directory:
            temp_file = os.path.join(temp_directory, u'storage.plaso')
            self._CreateTestStorageFile(temp_file)

            storage_reader = storage_zip_file.ZIPStorageFileReader(temp_file)
            storage_reader.ReadPreprocessingInformation(knowledge_base_object)

            event_buffer = TestEventBuffer(output_module, check_dedups=False)

            test_engine._ExportEvents(storage_reader, event_buffer)

        event_buffer.Flush()

        formatters_manager.FormattersManager.DeregisterFormatter(
            TestEventFormatter)

        lines = []
        output = output_writer.ReadOutput()
        for line in output.split(b'\n'):
            lines.append(line)

        self.assertEqual(len(lines), 8)

        self.assertTrue(b'My text goes along: My text dude. lines' in lines[2])
        self.assertTrue(b'LOG/' in lines[2])
        self.assertTrue(b'None in Particular' in lines[2])
        self.assertEqual(lines[0], (
            b'date,time,timezone,MACB,source,sourcetype,type,user,host,short,desc,'
            b'version,filename,inode,notes,format,extra'))

Beispiel #27

Datei: psort.py Projekt: tavernier/plaso

    def testExportEvents(self):
        """Tests the ExportEvents function."""
        test_file_path = self._GetTestFilePath(['psort_test.plaso'])
        self._SkipIfPathNotExists(test_file_path)

        knowledge_base_object = knowledge_base.KnowledgeBase()

        test_file_object = io.StringIO()

        output_mediator_object = output_mediator.OutputMediator(
            knowledge_base_object,
            data_location=shared_test_lib.TEST_DATA_PATH)

        formatters_directory_path = self._GetDataFilePath(['formatters'])
        output_mediator_object.ReadMessageFormattersFromDirectory(
            formatters_directory_path)

        output_mediator_object.SetPreferredLanguageIdentifier('en-US')

        output_module = dynamic.DynamicOutputModule(output_mediator_object)
        output_module._file_object = test_file_object

        configuration = configurations.ProcessingConfiguration()

        storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
            test_file_path)

        test_engine = psort.PsortMultiProcessEngine()

        test_engine.ExportEvents(knowledge_base_object, storage_reader,
                                 output_module, configuration)

        output = test_file_object.getvalue()
        lines = output.split('\n')

        self.assertEqual(len(lines), 22)

        expected_line = ('2014-11-18T01:15:43+00:00,'
                         'Content Modification Time,'
                         'LOG,'
                         'Log File,'
                         '[---] last message repeated 5 times ---,'
                         'syslog,'
                         'OS:/tmp/test/test_data/syslog,'
                         'repeated')
        self.assertEqual(lines[14], expected_line)

Beispiel #28

Datei: psort.py Projekt: robeweber/plaso

    def CreateOutputModule(self,
                           output_format,
                           preferred_encoding=u'utf-8',
                           timezone=u'UTC'):
        """Create an output module.

    Args:
      output_format (str): output format.
      preferred_encoding (Optional[str]): preferred encoding to output.
      timezone (Optional[str]): timezone to use for timestamps in output.

    Returns:
      OutputModule: output module.

    Raises:
      RuntimeError: if a non-recoverable situation is encountered.
    """
        formatter_mediator = formatters_mediator.FormatterMediator(
            data_location=self._data_location)

        try:
            formatter_mediator.SetPreferredLanguageIdentifier(
                self._preferred_language)
        except (KeyError, TypeError) as exception:
            raise RuntimeError(exception)

        output_mediator_object = output_mediator.OutputMediator(
            self._knowledge_base,
            formatter_mediator,
            preferred_encoding=preferred_encoding)
        output_mediator_object.SetTimezone(timezone)

        try:
            output_module = output_manager.OutputManager.NewOutputModule(
                output_format, output_mediator_object)

        except IOError as exception:
            raise RuntimeError(
                u'Unable to create output module with error: {0:s}'.format(
                    exception))

        if not output_module:
            raise RuntimeError(u'Missing output module.')

        return output_module

Beispiel #29

Datei: psort.py Projekt: vertigo0001/plaso

    def GetOutputModule(self,
                        storage_file,
                        preferred_encoding=u'utf-8',
                        timezone=pytz.UTC):
        """Return an output module.

    Args:
      storage_file: the storage file object (instance of StorageFile).
      preferred_encoding: optional preferred encoding. The default is "utf-8".
      timezone: optional timezone. The default is UTC.

    Returns:
      an output module object (instance of OutputModule) or None if not able to
      open one up.

    Raises:
      RuntimeError: if a non-recoverable situation is encountered.
    """
        formatter_mediator = self.GetFormatterMediator()

        try:
            formatter_mediator.SetPreferredLanguageIdentifier(
                self._preferred_language)
        except (KeyError, TypeError) as exception:
            raise RuntimeError(exception)

        output_mediator_object = output_mediator.OutputMediator(
            formatter_mediator,
            storage_file,
            preferred_encoding=preferred_encoding,
            timezone=timezone)

        try:
            output_module = output_manager.OutputManager.NewOutputModule(
                self._output_format, output_mediator_object)

        except IOError as exception:
            raise RuntimeError(
                u'Unable to create output module with error: {0:s}'.format(
                    exception))

        if not output_module:
            raise RuntimeError(u'Missing output module.')

        return output_module

Beispiel #30

Datei: psort.py Projekt: tincho9/plaso

  def testExportEvents(self):
    """Tests the ExportEvents function."""
    storage_file_path = self._GetTestFilePath(['psort_test.plaso'])

    knowledge_base_object = knowledge_base.KnowledgeBase()
    output_writer = cli_test_lib.TestOutputWriter()

    formatter_mediator = formatters_mediator.FormatterMediator()
    formatter_mediator.SetPreferredLanguageIdentifier('en-US')

    output_mediator_object = output_mediator.OutputMediator(
        knowledge_base_object, formatter_mediator)

    output_module = dynamic.DynamicOutputModule(output_mediator_object)
    output_module.SetOutputWriter(output_writer)

    configuration = configurations.ProcessingConfiguration()

    storage_reader = storage_factory.StorageFactory.CreateStorageReaderForFile(
        storage_file_path)

    test_engine = psort.PsortMultiProcessEngine()
    counter = test_engine.ExportEvents(
        knowledge_base_object, storage_reader, output_module, configuration)

    self.assertEqual(counter['Stored Events'], 0)

    lines = []
    output = output_writer.ReadOutput()
    for line in output.split(b'\n'):
      lines.append(line)

    self.assertEqual(len(lines), 22)

    expected_line = (
        '2014-11-18T01:15:43+00:00,'
        'Content Modification Time,'
        'LOG,'
        'Log File,'
        '[---] last message repeated 5 times ---,'
        'syslog,'
        'OS:/tmp/test/test_data/syslog,'
        'repeated')
    self.assertEqual(lines[14], expected_line)