def ParseLine(self, parser_context):
"""Return an event object extracted from the current line.
Args:
parser_context: A parser context object (instance of ParserContext).
Returns:
An event object (instance of TextEvent).
"""
if not self.attributes['time']:
raise errors.TimestampNotCorrectlyFormed(
u'Unable to parse timestamp, time not set.')
if not self.attributes['iyear']:
raise errors.TimestampNotCorrectlyFormed(
u'Unable to parse timestamp, year not set.')
times = self.attributes['time'].split(':')
if self.local_zone:
timezone = parser_context.timezone
else:
timezone = pytz.UTC
if len(times) < 3:
raise errors.TimestampNotCorrectlyFormed(
(u'Unable to parse timestamp, not of the format HH:MM:SS '
u'[{0:s}]').format(self.PrintLine()))
try:
secs = times[2].split('.')
if len(secs) == 2:
sec, us = secs
else:
sec = times[2]
us = 0
timestamp = timelib.Timestamp.FromTimeParts(
int(self.attributes['iyear']),
self.attributes['imonth'],
self.attributes['iday'],
int(times[0]),
int(times[1]),
int(sec),
microseconds=int(us),
timezone=timezone)
except ValueError as exception:
raise errors.TimestampNotCorrectlyFormed(
u'Unable to parse: {0:s} with error: {1:s}'.format(
self.PrintLine(), exception))
return self.CreateEvent(timestamp, getattr(self, 'entry_offset', 0),
self.attributes)
def ParseLine(self, parser_mediator):
"""Parse a single line from the SELinux audit file.
This method extends the one from TextParser slightly, creating a
SELinux event with the timestamp (UTC) taken from log entries.
Args:
parser_mediator: A parser mediator object (instance of ParserMediator).
"""
if not self.timestamp:
raise errors.TimestampNotCorrectlyFormed(
u'Unable to parse entry, timestamp not defined.')
offset = getattr(self, u'entry_offset', 0)
event_object = SELinuxLineEvent(self.timestamp, offset,
self.attributes)
parser_mediator.ProduceEvent(event_object)
self.timestamp = 0
def ParseLine(self, parser_context):
"""Parse a single line from the SELinux audit file.
This method extends the one from TextParser slightly, creating a
SELinux event with the timestamp (UTC) taken from log entries.
Args:
parser_context: A parser context object (instance of ParserContext).
Returns:
An event object (instance of EventObject) that is constructed
from the selinux entry.
"""
if not self.timestamp:
raise errors.TimestampNotCorrectlyFormed(
u'Unable to parse entry, timestamp not defined.')
offset = getattr(self, 'entry_offset', 0)
event_object = SELinuxLineEvent(self.timestamp, offset,
self.attributes)
self.timestamp = 0
return event_object
