def testParseSetupLogWithTimeZone(self): """Tests the Parse function on setupapi.setup.log with a time zone.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile(['setupapi.setup.log'], parser, timezone='CET') number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 32) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2015-11-22 17:53:16.599', 'data_type': 'setupapi:log:line', 'timestamp': '2015-11-22 16:53:16.599000' } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseSetupLog(self): """Tests the Parse function on setupapi.setup.log.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile(['setupapi.setup.log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 32) events = list(storage_writer.GetEvents()) expected_event_values = { 'timestamp': '2015-11-22 17:53:16.599000'} self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'timestamp': '2015-11-22 17:53:28.973000'} self.CheckEventValues(storage_writer, events[2], expected_event_values) expected_event_values = { 'timestamp': '2015-11-22 17:53:29.305000'} self.CheckEventValues(storage_writer, events[4], expected_event_values) expected_message = 'Setup Plug and Play Device Install' expected_short_message = 'Setup Plug and Play Device Install' event_data = self._GetEventDataOfEvent(storage_writer, events[4]) self._TestGetMessageStrings( event_data, expected_message, expected_short_message) expected_message = ( 'Setup online Device Install (Hardware initiated) - SW' '\\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}' '\\{53172480-4791-11D0-A5D6-28DB04C10000}') expected_short_message = ( 'Setup online Device Install (Hardware initiated) - SW' '\\{97ebaacc-95bd-11d0-a3e...') event_data = self._GetEventDataOfEvent(storage_writer, events[14]) self._TestGetMessageStrings( event_data, expected_message, expected_short_message) expected_event_values = { 'timestamp': '2015-11-22 17:57:17.502000'} self.CheckEventValues(storage_writer, events[30], expected_event_values) expected_message = ( 'Setup Import Driver Package - C:\\Windows\\system32' '\\spool\\tools\\Microsoft XPS Document Writer\\prnms001.Inf') expected_short_message = ( 'Setup Import Driver Package - C:\\Windows\\system32\\spool' '\\tools\\Microsoft XPS D...') event_data = self._GetEventDataOfEvent(storage_writer, events[30]) self._TestGetMessageStrings( event_data, expected_message, expected_short_message)
def testParseSetupLog(self): """Tests the Parse function on setupapi.setup.log.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile(['setupapi.setup.log'], parser) self.assertEqual(storage_writer.number_of_events, 32) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2015-11-22 17:53:16.599', 'data_type': 'setupapi:log:line' } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'date_time': '2015-11-22 17:53:28.973', 'data_type': 'setupapi:log:line' } self.CheckEventValues(storage_writer, events[2], expected_event_values) expected_event_values = { 'date_time': '2015-11-22 17:53:29.305', 'data_type': 'setupapi:log:line', 'entry_type': 'Setup Plug and Play Device Install' } self.CheckEventValues(storage_writer, events[4], expected_event_values) expected_event_values = { 'date_time': '2015-11-22 17:53:43.429', 'data_type': 'setupapi:log:line', 'entry_type': ('Setup online Device Install (Hardware initiated) - SW' '\\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}' '\\{53172480-4791-11D0-A5D6-28DB04C10000}') } self.CheckEventValues(storage_writer, events[14], expected_event_values) expected_event_values = { 'date_time': '2015-11-22 17:57:17.502', 'data_type': 'setupapi:log:line', 'entry_type': ('Setup Import Driver Package - C:\\Windows\\system32' '\\spool\\tools\\Microsoft XPS Document Writer\\prnms001.Inf') } self.CheckEventValues(storage_writer, events[30], expected_event_values)
def testParseDevLog(self): """Tests the Parse function on setupapi.dev.log.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile(['setupapi.dev.log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 388) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2015-11-22 17:59:28.110000') event = events[2] self.CheckTimestamp(event.timestamp, '2016-10-05 11:16:03.747000') event = events[4] event_data = self._GetEventDataOfEvent(storage_writer, event) self.CheckTimestamp(event.timestamp, '2016-10-05 11:16:16.471000') expected_message = ( 'Device Install (Hardware initiated) - SWD\\IP_TUNNEL_VBUS' '\\Teredo_Tunnel_Device') expected_short_message = ( 'Device Install (Hardware initiated) - SWD\\IP_TUNNEL_VBUS' '\\Teredo_Tunnel_Device') self._TestGetMessageStrings( event_data, expected_message, expected_short_message) event = events[57] event_data = self._GetEventDataOfEvent(storage_writer, event) expected_message = ( 'Device Install (DiInstallDriver) - C:\\Windows\\System32' '\\DriverStore\\FileRepository\\prnms003.inf_x86_8f17aac186c70ea6' '\\prnms003.inf - SUCCESS') expected_short_message = ( 'SUCCESS - Device Install (DiInstallDriver) - C:\\Windows\\System32' '\\DriverStore\\...') self._TestGetMessageStrings( event_data, expected_message, expected_short_message) event = events[386] event_data = self._GetEventDataOfEvent(storage_writer, event) self.CheckTimestamp(event.timestamp, '2016-11-22 23:50:30.938000') expected_message = ( 'Device Install (Hardware initiated) - SWD\\WPDBUSENUM' '\\_??_USBSTOR#Disk&Ven_Generic&Prod_Flash_Disk&Rev_8.07#99E2116A&0' '#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}') expected_short_message = ( 'Device Install (Hardware initiated) - SWD\\WPDBUSENUM' '\\_??_USBSTOR#Disk&Ven_Gen...') self._TestGetMessageStrings( event_data, expected_message, expected_short_message)
def testParseDevLog(self): """Tests the Parse function on setupapi.dev.log.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile(['setupapi.dev.log'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 388) events = list(storage_writer.GetEvents()) expected_event_values = { 'data_type': 'setupapi:log:line', 'timestamp': '2015-11-22 17:59:28.110000'} self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_event_values = { 'data_type': 'setupapi:log:line', 'timestamp': '2016-10-05 11:16:03.747000'} self.CheckEventValues(storage_writer, events[2], expected_event_values) expected_event_values = { 'data_type': 'setupapi:log:line', 'entry_type': ( 'Device Install (Hardware initiated) - SWD\\IP_TUNNEL_VBUS' '\\Teredo_Tunnel_Device'), 'timestamp': '2016-10-05 11:16:16.471000'} self.CheckEventValues(storage_writer, events[4], expected_event_values) expected_event_values = { 'data_type': 'setupapi:log:line', 'entry_type': ( 'Device Install (DiInstallDriver) - C:\\Windows\\System32' '\\DriverStore\\FileRepository\\prnms003.inf_x86_8f17aac186c70ea6' '\\prnms003.inf'), 'exit_status': 'SUCCESS', 'timestamp': '2016-10-12 03:36:30.998000'} self.CheckEventValues(storage_writer, events[57], expected_event_values) expected_event_values = { 'data_type': 'setupapi:log:line', 'entry_type': ( 'Device Install (Hardware initiated) - SWD\\WPDBUSENUM' '\\_??_USBSTOR#Disk&Ven_Generic&Prod_Flash_Disk&Rev_8.07#99E2116A&0' '#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}'), 'timestamp': '2016-11-22 23:50:30.938000'} self.CheckEventValues(storage_writer, events[386], expected_event_values)
def testParseSetupLogWithTimeZone(self): """Tests the Parse function on setupapi.setup.log with a time zone.""" parser = setupapi.SetupapiLogParser() storage_writer = self._ParseFile( ['setupapi.setup.log'], parser, timezone='CET') self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 32) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2015-11-22 16:53:16.599000')