def _ParseLogLine(self, parser_mediator, structure):
"""Parse a single log line and and produce an event object.
Args:
parser_mediator: A parser mediator object (instance of ParserMediator).
structure: A pyparsing.ParseResults object from a line in the
log file.
"""
log_dict = structure.asDict()
date = log_dict.get(u'date', None)
time = log_dict.get(u'time', None)
if not (date and time):
logging.warning(
u'Unable to extract timestamp from Winfirewall logline.')
return
year, month, day = date
hour, minute, second = time
if self.use_local_zone:
zone = parser_mediator.timezone
else:
zone = pytz.UTC
timestamp = timelib.Timestamp.FromTimeParts(year,
month,
day,
hour,
minute,
second,
timezone=zone)
if not timestamp:
return
# TODO: refactor this into a WinFirewall specific event object.
event_object = time_events.TimestampEvent(
timestamp, eventdata.EventTimestamp.WRITTEN_TIME, self.DATA_TYPE)
for key, value in log_dict.items():
if key in (u'time', u'date'):
continue
if value == u'-':
continue
if isinstance(value, pyparsing.ParseResults):
setattr(event_object, key, u''.join(value))
else:
try:
save_value = int(value)
except ValueError:
save_value = value
setattr(event_object, key, save_value)
parser_mediator.ProduceEvent(event_object)
def _ParseLogLine(self, parser_mediator, structure):
"""Parse a single log line and and produce an event object.
Args:
parser_mediator: A parser mediator object (instance of ParserMediator).
structure: A pyparsing.ParseResults object from a line in the
log file.
"""
log_dict = structure.asDict()
date = log_dict.get(u'date', None)
time = log_dict.get(u'time', None)
if not date and not time:
parser_mediator.ProduceParseError(
u'unable to extract timestamp from logline.')
return
if self._use_local_zone:
zone = parser_mediator.timezone
else:
zone = pytz.UTC
try:
timestamp = timelib.Timestamp.FromTimeParts(date[0],
date[1],
date[2],
time[0],
time[1],
time[2],
timezone=zone)
except errors.TimestampError as exception:
parser_mediator.ProduceParseError(
u'unable to determine timestamp with error: {0:s}'.format(
exception))
return
# TODO: refactor this into a WinFirewall specific event object.
event_object = time_events.TimestampEvent(
timestamp, eventdata.EventTimestamp.WRITTEN_TIME, self.DATA_TYPE)
for key, value in log_dict.items():
if key in (u'time', u'date') or value == u'-':
continue
if isinstance(value, pyparsing.ParseResults):
setattr(event_object, key, u''.join(value))
else:
# TODO: determine why this code construction is needed.
try:
save_value = int(value)
except ValueError:
save_value = value
setattr(event_object, key, save_value)
parser_mediator.ProduceEvent(event_object)