Ejemplo n.º 1
0
    def ProduceEventWithEventData(self, event, event_data):
        """Produces an event.

    Args:
      event (EventObject): event.
      event_data (EventData): event data.

    Raises:
      InvalidEvent: if the event timestamp value is not set or out of bounds or
          if the event data (attribute container) values cannot be hashed.
    """
        if event.timestamp is None:
            raise errors.InvalidEvent('Event timestamp value not set.')

        if event.timestamp < self._INT64_MIN or event.timestamp > self._INT64_MAX:
            raise errors.InvalidEvent('Event timestamp value out of bounds.')

        try:
            event_data_hash = event_data.GetAttributeValuesHash()
        except TypeError as exception:
            raise errors.InvalidEvent(
                'Unable to hash event data values with error: {0!s}'.format(
                    exception))

        if event_data_hash != self._last_event_data_hash:
            # Make a copy of the event data before adding additional values.
            event_data = copy.deepcopy(event_data)

            self.ProcessEventData(event_data,
                                  parser_chain=self.GetParserChain(),
                                  file_entry=self._file_entry)

            if self._event_data_stream_identifier:
                event_data.SetEventDataStreamIdentifier(
                    self._event_data_stream_identifier)

            self._storage_writer.AddEventData(event_data)

            self._last_event_data_hash = event_data_hash
            self._last_event_data_identifier = event_data.GetIdentifier()

        if self._last_event_data_identifier:
            event.SetEventDataIdentifier(self._last_event_data_identifier)

        # TODO: remove this after structural fix is in place
        # https://github.com/log2timeline/plaso/issues/1691
        event.parser = self.GetParserChain()

        self._storage_writer.AddEvent(event)
        self._number_of_events += 1

        self.last_activity_timestamp = time.time()
Ejemplo n.º 2
0
    def ProduceEventWithEventData(self, event, event_data):
        """Produces an event.

    Args:
      event (EventObject): event.
      event_data (EventData): event data.

    Raises:
      InvalidEvent: if the event has no timestamp set.
    """
        if event.timestamp is None:
            raise errors_lib.InvalidEvent('Event must have a timestamp set.')

        event_data_hash = event_data.GetAttributeValuesHash()
        if event_data_hash != self._last_event_data_hash:
            # Make a copy of the event data before adding additional values.
            event_data = copy.deepcopy(event_data)

            # TODO: refactor to ProcessEventData.
            self.ProcessEvent(event_data,
                              parser_chain=self.GetParserChain(),
                              file_entry=self._file_entry)

            self._storage_writer.AddEventData(event_data)

            self._last_event_data_hash = event_data_hash
            self._last_event_data_identifier = event_data.GetIdentifier()

        if self._last_event_data_identifier:
            event.SetEventDataIdentifier(self._last_event_data_identifier)

        # TODO: remove this after structural fix is in place
        # https://github.com/log2timeline/plaso/issues/1691
        event.parser = self.GetParserChain()

        self._storage_writer.AddEvent(event)
        self._number_of_events += 1

        self.last_activity_timestamp = time.time()
Ejemplo n.º 3
0
    def ProduceEventWithEventData(self, event, event_data):
        """Produces an event.

    Args:
      event (EventObject): event.
      event_data (EventData): event data.

    Raises:
      InvalidEvent: if the event date_time or timestamp value is not set, or
          the timestamp value is out of bounds, or if the event data (attribute
          container) values cannot be hashed.
    """
        parser_chain = self.GetParserChain()

        if event.date_time is None:
            raise errors.InvalidEvent(
                'Date time value not set in event produced by: {0:s}.'.format(
                    parser_chain))

        if event.timestamp is None:
            raise errors.InvalidEvent(
                'Timestamp value not set in event produced by: {0:s}.'.format(
                    parser_chain))

        if event.timestamp < self._INT64_MIN or event.timestamp > self._INT64_MAX:
            raise errors.InvalidEvent(
                'Timestamp value out of bounds in event produced by: {0:s}.'.
                format(parser_chain))

        # TODO: rename this to event_data.parser_chain or equivalent.
        event_data.parser = parser_chain

        try:
            event_data_hash = event_data.GetAttributeValuesHash()
        except TypeError as exception:
            raise errors.InvalidEvent((
                'Unable to hash event data values produced by: {0:s} with error: '
                '{1!s}').format(parser_chain, exception))

        if event_data_hash != self._last_event_data_hash:
            if self._event_data_stream_identifier:
                event_data.SetEventDataStreamIdentifier(
                    self._event_data_stream_identifier)

            self._storage_writer.AddAttributeContainer(event_data)

            self._last_event_data_hash = event_data_hash
            self._last_event_data_identifier = event_data.GetIdentifier()

        if self._last_event_data_identifier:
            event.SetEventDataIdentifier(self._last_event_data_identifier)

        self._storage_writer.AddAttributeContainer(event)

        if self._parser_chain_components:
            parser_name = self._parser_chain_components[-1]
            self._session.parsers_counter[parser_name] += 1
        self._session.parsers_counter['total'] += 1

        self._number_of_events += 1

        self.last_activity_timestamp = time.time()