def form(self, query, result):
result.para(
'NOTICE: This loader attempts to load IIS log files completely automatically by determining field names and types from the header comments, if this loader fails, please use the "Simple" loader'
)
def test(query, result):
self.parse(query)
result.text(
"The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
)
self.display_test_log(result)
return True
result.wizard(names=(
"Step 1: Select Log File",
"Step 2: View test result",
"Step 3: Save Preset",
"Step 4: End",
),
callbacks=(
LogFile.get_file,
test,
FlagFramework.Curry(LogFile.save_preset, log=self),
LogFile.end,
))
def form(self, query, result):
def test_csv(query, result):
self.parse(query)
result.start_table()
result.row("Unprocessed text from file", colspan=5)
sample = []
count = 0
for line in self.read_record():
sample.append(line)
count += 1
if count > 3:
break
result.row('\n'.join(sample), bgcolor='lightgray')
result.end_table()
self.draw_type_selector(result)
def test(query, result):
self.parse(query)
result.text(
"The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
)
self.display_test_log(result)
return True
result.wizard(names=[
"Step 1: Select Log File", "Step 2: Configure Columns",
"Step 3: View test result", "Step 4: Save Preset", "Step 5: End"
],
callbacks=[
LogFile.get_file, test_csv, test,
FlagFramework.Curry(LogFile.save_preset, log=self),
LogFile.end
])
def form(self,query,result):
""" This draws the form required to fulfill all the parameters for this report
"""
def configure(query, result):
result.start_table(hstretch=False)
result.const_selector("Choose Format String", 'format', formats.values(), formats.keys())
result.ruler()
result.checkbox("Split Request into Method/URL/Version", "split_req", "true")
result.end_table()
def extra_options(query, result):
self.parse(query)
result.start_table()
result.row("Raw text from file")
sample = []
count =0
for line in self.read_record():
sample.append(line)
count +=1
if count>3:
break
[result.row(s,bgcolor='lightgray') for s in sample]
result.end_table()
result.start_table()
result.heading("Select Options:")
result.row("Select Fields to ignore:")
for i in range(len(self.fields)):
try:
result.checkbox(self.fields[i].name, 'ignore%s' % i, 'true')
except: pass
result.end_table()
#self.draw_type_selector(result)
def test(query,result):
self.parse(query)
result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.")
self.display_test_log(result)
return True
result.wizard(
names = (
"Step 1: Select Log File",
"Step 2: Select Format String",
"Step 3: Select Options",
"Step 4: View test result",
"Step 5: Save Preset",
"Step 6: End",
),
callbacks = (
LogFile.get_file,
configure,
extra_options,
test,
FlagFramework.Curry(LogFile.save_preset, log=self),
LogFile.end,
))
def form(self, query, result):
def test(query, result):
self.parse(query)
result.text(
"The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
)
self.display_test_log(result)
return True
result.wizard(names=(
"Step 1: Select Log File",
"Step 2: View test result",
"Step 3: Save Preset",
"Step 4: End",
),
callbacks=(
LogFile.get_file,
test,
FlagFramework.Curry(LogFile.save_preset, log=self),
LogFile.end,
))
def display_data(self,
query,
result,
max,
cb,
slack=False,
overread=False):
""" Displays the data.
The callback takes care of paging the data from self. The callback cb is used to actually render the data:
'def cb(offset,data,result)
offset is the offset in the file where we start, data is the data.
"""
#Set limits for the dump
try:
limit = int(query['hexlimit'])
except KeyError:
limit = 0
oldslack = self.slack
oldoverread = self.overread
self.slack = slack
self.overread = overread
self.seek(limit)
data = self.read(max + 1)
self.slack = oldslack
self.overread = oldoverread
## We try to use our own private toolbar if possible:
#toolbar_id = result.new_toolbar()
toolbar_id = 1
if (not data or len(data) == 0):
result.text("No Data Available")
else:
cb(limit, data, result)
#Do the navbar
new_query = query.clone()
previous = limit - max
if previous < 0:
if limit > 0:
previous = 0
else:
previous = None
if previous != None:
new_query.set('hexlimit', 0)
result.toolbar(text="Start",
icon="stock_first.png",
link=new_query,
toolbar=toolbar_id,
pane="self")
else:
result.toolbar(text="Start",
icon="stock_first_gray.png",
toolbar=toolbar_id,
pane="self")
if previous != None:
new_query.set('hexlimit', previous)
result.toolbar(text="Previous page",
icon="stock_left.png",
link=new_query,
toolbar=toolbar_id,
pane="self")
else:
result.toolbar(text="Previous page",
icon="stock_left_gray.png",
toolbar=toolbar_id,
pane="self")
next = limit + max
## If we did not read a full page, we do not display
## the next arrow
if len(data) >= max:
new_query.set('hexlimit', next)
result.toolbar(text="Next page",
icon="stock_right.png",
link=new_query,
toolbar=toolbar_id,
pane="self")
else:
result.toolbar(text="Next page",
icon="stock_right_gray.png",
toolbar=toolbar_id,
pane="self")
if len(data) >= max:
new_query.set('hexlimit', self.size - self.size % 1024)
result.toolbar(text="End",
icon="stock_last.png",
link=new_query,
toolbar=toolbar_id,
pane="self")
else:
result.toolbar(text="End",
icon="stock_last_gray.png",
toolbar=toolbar_id,
pane="self")
## Allow the user to skip to a certain page directly:
result.toolbar(cb=FlagFramework.Curry(goto_page_cb,
variable='hexlimit'),
text="Current Offset %s" % limit,
icon="stock_next-page.png",
toolbar=toolbar_id,
pane="popup")
return result
def form(self, query, result):
""" This draws the form required to fulfill all the parameters for this report
"""
def configure_filters(query, result):
self.parse(query)
result.start_table()
result.row("Unprocessed text from file")
sample = []
count = 0
for line in self.read_record():
sample.append(line)
count += 1
if count > 3:
break
[result.row(s, bgcolor='lightgray') for s in sample]
result.end_table()
result.start_table()
result.ruler()
tmp = result.__class__(result)
tmp.heading("Step:")
result.row(tmp, " Select pre-filter(s) to use on the data")
result.ruler()
pre_selector(result)
result.end_table()
result.start_table()
## Show the filtered sample:
result.row("Prefiltered data:", align="left")
sample = [self.prefilter_record(record) for record in sample]
[result.row(s, bgcolor='lightgray') for s in sample]
result.end_table()
def configure_seperators(query, result):
self.parse(query)
result.start_table(hstretch=False)
result.const_selector("Simple Field Separator:",
'delimiter',
delimiters.values(),
delimiters.keys(),
autosubmit=True)
result.end_table()
self.draw_type_selector(result)
def test(query, result):
self.parse(query)
result.text(
"The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing."
)
self.display_test_log(result)
return True
result.wizard(
names=[
"Step 1: Select Log File", "Step 2: Configure preprocessors",
"Step 3: Configure Columns", "Step 4: View test result",
"Step 5: Save Preset", "Step 6: End"
],
callbacks=[
LogFile.get_file, configure_filters, configure_seperators,
test,
FlagFramework.Curry(LogFile.save_preset, log=self), LogFile.end
],
)
socket.inet_ntoa(struct.pack(
">L", connection['src_ip'])), connection['src_port'],
socket.inet_ntoa(struct.pack(">L", connection['dest_ip'])),
connection['dest_port'], connection['l'])
if options.stats:
stats_fd = open(options.stats, 'ab')
stats_fd.write(stat)
stats_fd.close()
#for i in range(len(connection['packets'])):
# tmp.append("%s" % ((connection['packets'][i], connection['offset'][i],
# connection['length'][i]),))
#stats_fd.write("%s\n" % ','.join(tmp))
processor = reassembler.Reassembler(
packet_callback=FlagFramework.Curry(Callback, options=options))
for f in args:
try:
pcap_file = pypcap.PyPCAP(open(f, "rb"))
except IOError:
continue
while 1:
try:
packet = pcap_file.dissect()
processor.process(packet)
except StopIteration:
break
add_constraints = {
'category': TableActions.selector_constraint,
# 'inode_id': store_inode,
}
edit_constraints = {
'category': TableActions.selector_constraint,
# 'inode_id': store_inode,
}
def __init__(self, case=None, id=None):
self.form_actions = {
#'inode_id': self.inode_action,
'inode_id': TableActions.noop,
'note': TableActions.textarea,
'category': FlagFramework.Curry(TableActions.selector_display,
table='annotate', field='category', case=case),
}
TableObj.TableObj.__init__(self,case,id)
## We add callback to allow annotation of Inode displays:
def render_annotate_inode_id(self, inode_id, row, result):
inode = ''
if not inode_id: return ''
link = FlagFramework.query_type(case=self.case,
family='Disk Forensics',
report='ViewFile',
mode = 'Summary',
inode_id = inode_id)
## This is the table object which is responsible for the
def test(query,result):
self.parse(query)
result.text("The following is the result of importing the first few lines from the log file into the database.\nPlease check that the importation was successfull before continuing.")
self.display_test_log(result)
return True
result.wizard(
names = [ "Step 1: Select Log File",
"Step 2: Add Columns",
"Step 3: Save Preset",
"Step : Test",
"Step 4: End"],
callbacks = [ LogFile.get_file,
add_columns,
test,
FlagFramework.Curry(LogFile.save_preset, log=self),
LogFile.end
],
)
class PadType(ColumnTypes.ColumnType, ColumnTypes.LogParserMixin):
def __init__(self, regex='.', **kwargs):
ColumnTypes.ColumnType.__init__(self, name="-", column="-")
self.re = re.compile(regex)
self.ignore = True
def insert(self, value):
pass
def log_parse(self, row):
m = self.re.match(row)
s = '\x00' * 1024
buf = format.Buffer(string=s)
fd = None
fdsize = 0
## print 'File Size %s' % fdsize
struct = DAFTFormats.DynamicStruct(buf)
struct.create_fields(query, 'parameter_')
struct.read(buf)
popup_row = {}
for i in range(struct.count):
tmp = result.__class__(result)
tmp.popup(FlagFramework.Curry(popup_cb,
column_number=i,
mode='insert'),
"Insert column",
icon="insert.png")
tmp.popup(FlagFramework.Curry(popup_cb, column_number=i),
"Edit column",
icon="edit.png")
tmp.popup(FlagFramework.Curry(delete_col_cb, column_number=i),
"Delete column",
icon="delete.png")
popup_row[query['name_%s' % i]] = tmp
result.popup(settings_cb, "Change settings", icon="page.png")
result.popup(FlagFramework.Curry(popup_cb,
column_number=struct.count),
"Add new column",
