def _wmi_to_ts(self, wmi_ts):
''' Convert a wmi formatted timestamp into an epoch using wmi.to_time().
'''
year, month, day, hour, minute, second, microsecond, tz = \
wmi.to_time(wmi_ts)
dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute,
second=second, microsecond=microsecond)
return int(calendar.timegm(dt.timetuple()))
def _wmi_to_ts(self, wmi_ts):
''' Convert a wmi formatted timestamp into an epoch using wmi.to_time()
'''
import wmi
year, month, day, hour, minute, second, microsecond, tz = wmi.to_time(wmi_ts)
dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute,
second=second, microsecond=microsecond)
return int(time.mktime(dt.timetuple())) + (self.tz_offset * 60 * 60)
def _wmi_to_ts(wmi_ts):
"""Convert a wmi formatted timestamp into an epoch using wmi.to_time().
"""
year, month, day, hour, minute, second, microsecond, tz = \
wmi.to_time(wmi_ts)
dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute,
second=second, microsecond=microsecond)
return int(calendar.timegm(dt.timetuple()))
def getSysuptime(wmiObj):
LastBootUpTime = ""
CurrentTime = ""
for u in wmiObj.Win32_OperatingSystem():
LastBootUpTime = u.LastBootUpTime
CurrentTime = u.LocalDateTime
cT = wmi.to_time(CurrentTime)
cTobj= datetime(*cT[0:6])
Lt = wmi.to_time(LastBootUpTime)
Ltobj = datetime(*Lt[0:6])
secs_up = (cTobj - Ltobj).total_seconds()
#secs_up = int([uptime.SystemUpTime for uptime in c.Win32_PerfFormattedData_PerfOS_System()][0])
mins, secs = divmod(secs_up,60)
hours, mins = divmod(mins,60)
days, hours = divmod(hours,24)
uptime = "%.0fdays and %.0fhours, %.0fminutes, %.0fseconds" % (days,hours,mins,secs)
return uptime
def _wmi_to_ts(self, wmi_ts):
''' Convert a wmi formatted timestamp into an epoch using wmi.to_time().
'''
year, month, day, hour, minute, second, microsecond, tz = wmi.to_time(wmi_ts)
tz_delta = timedelta(minutes=int(tz))
if '+' in wmi_ts:
tz_delta = - tz_delta
dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute,
second=second, microsecond=microsecond) + tz_delta
return int(calendar.timegm(dt.timetuple()))
def _wmi_to_ts(self, wmi_ts):
''' Convert a wmi formatted timestamp into an epoch using wmi.to_time().
'''
year, month, day, hour, minute, second, microsecond, tz = wmi.to_time(wmi_ts)
tz_delta = timedelta(minutes=int(tz))
if '+' in wmi_ts:
tz_delta = - tz_delta
dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute,
second=second, microsecond=microsecond) + tz_delta
return int(calendar.timegm(dt.timetuple()))
def search_log(self):
if self.eventtype_cb.get() == "" or self.log_cb.get() == "":
if self.eventtype_cb.get() == "":
self.status_text.set("Please select an Event Type.")
elif self.log_cb.get() == "":
self.status_text.set("Please select a Logfile.")
else:
# Set status message.
self.status_text.set("Searching. This may take a while.")
self.window.update_idletasks()
print("Searching. This may take a while.")
# Gets selected filters.
eventtype = self.eventtype_cb.current()
eventlog = self.log_cb.get()
# Prints selected filter information.
print("---------------------------------------")
print("Event Type: \t" + self.eventtype_cb.get())
print("Logfile: \t" + eventlog)
print("Time Filter: \t" + self.time_cb.get())
print("---------------------------------------\n")
# Creates new .txt file to record events.
self.file = open(os.path.join(self.desktop, "Event Log.txt"),
"w",
encoding="utf-8")
break_txt = "---------------------------------------\n"
eventtype_txt = "Event Type: \t" + self.eventtype_cb.get() + "\n"
logfile_txt = "Logfile: \t" + eventlog + "\n"
timefilter_txt = "Time Filter: \t" + self.time_cb.get() + "\n"
break2_txt = "---------------------------------------\n\n"
textlist = [
break_txt, eventtype_txt, logfile_txt, timefilter_txt,
break2_txt
]
self.file.writelines(textlist)
# PC to connect to.
c = wmi.WMI()
# Run through events and filter based on filter selections.
count = 0
for self.log in c.Win32_NTLogEvent(EventType=eventtype,
Logfile=eventlog):
self.timegen = list(wmi.to_time(self.log.timegenerated))
self.timegen.remove(self.timegen[7])
self.timegen.remove(self.timegen[6])
self.convert_eventlog_time()
self.time_format()
now = datetime.now()
self.timenow = [
now.year, now.month, now.day, now.hour, now.minute,
now.second
]
self.timegenerated = str(self.timegen_formatted[2]) + "/" + str(self.timegen_formatted[1]) + "/" + \
str(self.timegen_formatted[0]) + " " + str(self.timegen_formatted[3]) + ":" + \
str(self.timegen_formatted[4]) + ":" + str(self.timegen_formatted[5])
# IF NO TIME FILTER SELECTED #
if self.time_cb.get() == "":
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
# IF TIME FILTER SELECTED = 1 HOUR #
if self.time_cb.get() == "Last hour":
if self.timenow[3] - 1 < 0:
self.timenow[3] = 23
self.validate_time_filter_24_hours()
else:
self.timenow[3] = self.timenow[3] - 1
if self.timegen >= self.timenow:
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
# IF TIME FILTER SELECTED = 12 HOURS #
if self.time_cb.get() == "Last 12 hours":
if self.timenow[3] - 12 < 0:
self.timenow[3] = 24 + (self.timenow[3] - 12)
self.validate_time_filter_24_hours()
else:
self.timenow[3] = self.timenow[3] - 12
if self.timegen >= self.timenow:
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
# IF TIME FILTER SELECTED = 24 HOURS #
if self.time_cb.get() == "Last 24 hours":
self.validate_time_filter_24_hours()
if self.timegen >= self.timenow:
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
# IF TIME FILTER SELECTED = 7 DAYS #
if self.time_cb.get() == "Last 7 days":
self.validate_time_filter_7_days()
if self.timegen >= self.timenow:
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
# IF TIME FILTER SELECTED = 30 DAYS #
if self.time_cb.get() == "Last 30 days":
self.validate_time_filter_30_days()
if self.timegen >= self.timenow:
count += 1
if count != 0:
self.print_to_console()
self.write_to_file()
self.file.close()
if count == 0:
os.remove(self.desktop + "Event Log.txt")
else:
os.startfile(self.desktop + "Event Log.txt")
if count == 1:
self.status_text.set("Search complete. " + str(count) +
" event found.")
print("Search complete. " + str(count) + " event found.")
else:
self.status_text.set("Search complete. " + str(count) +
" events found.")
print("Search complete. " + str(count) + " events found.")
def test_to_time (self):
"Check conversion from time-string to time-tuple"
for t, s in self.times:
t = tuple (list (t) + ([None] * 8))[:8]
self.assertEquals (wmi.to_time (s), t)
def test_to_time (self):
"Check conversion from time-string to time-tuple"
for t, s in self.times:
t = tuple (list (t) + ([None] * 8))[:8]
self.assertEquals (wmi.to_time (s), t)
import wmi
c = wmi.WMI()
for process in c.Win32_Process():
(domain, return_value, user) = process.GetOwner()
if process.CreationDate is not None:
time_tuple = wmi.to_time(process.CreationDate)
real_time = "%02d/%02d/%d %d:%02d:%02d" % (
time_tuple[1], time_tuple[2], time_tuple[0], time_tuple[3],
time_tuple[4], time_tuple[5])
else:
real_time = ""
print process.Name, process.ProcessId, process.ParentProcessId, user, real_time, process.CommandLine
import wmi
c = wmi.WMI ()
for process in c.Win32_Process ():
(domain, return_value, user) = process.GetOwner()
if process.CreationDate is not None:
time_tuple = wmi.to_time(process.CreationDate)
real_time = "%02d/%02d/%d %d:%02d:%02d" % (time_tuple[1], time_tuple[2], time_tuple[0],
time_tuple[3], time_tuple[4], time_tuple[5])
else:
real_time = ""
print process.Name, process.ProcessId, process.ParentProcessId, user, real_time, process.CommandLine
