From 01ad505530cd83909b87965000eb4ec87b822b7b Mon Sep 17 00:00:00 2001 From: Daniel White Date: Fri, 4 Sep 2015 12:45:13 +0200 Subject: [PATCH] Code review: 258120043: Add ZeroMQ queuing to psort. --- .travis.yml | 3 +- config/dpkg/changelog | 2 +- config/dpkg/control | 2 +- docs/plaso.analysis.rst | 65 ++-- docs/plaso.cli.helpers.rst | 81 ++--- docs/plaso.cli.rst | 49 +-- docs/plaso.dfwinreg.rst | 41 ++- docs/plaso.engine.rst | 65 ++-- docs/plaso.events.rst | 41 ++- docs/plaso.filters.rst | 33 +- docs/plaso.formatters.rst | 325 +++++++++--------- docs/plaso.frontend.rst | 53 +-- docs/plaso.hashers.rst | 41 ++- docs/plaso.lib.rst | 93 ++--- docs/plaso.multi_processing.rst | 37 +- docs/plaso.output.rst | 89 ++--- docs/plaso.parsers.bencode_plugins.rst | 33 +- docs/plaso.parsers.cookie_plugins.rst | 33 +- docs/plaso.parsers.esedb_plugins.rst | 33 +- docs/plaso.parsers.olecf_plugins.rst | 37 +- docs/plaso.parsers.plist_plugins.rst | 73 ++-- docs/plaso.parsers.rst | 259 +++++++------- docs/plaso.parsers.shared.rst | 21 +- docs/plaso.parsers.sqlite_plugins.rst | 81 ++--- docs/plaso.parsers.winreg_plugins.rst | 121 +++---- docs/plaso.preprocessors.rst | 41 ++- docs/plaso.proto.rst | 21 +- docs/plaso.rst | 37 +- docs/plaso.serializer.rst | 33 +- docs/plaso.storage.rst | 27 +- docs/plaso.unix.rst | 21 +- docs/plaso.winnt.rst | 45 +-- plaso/__init__.py | 2 +- plaso/analysis/tagging.py | 1 - plaso/dependencies.py | 3 +- plaso/engine/queue.py | 2 +- plaso/engine/zeromq_queue.py | 323 +++++++++++++++++ plaso/frontend/psort.py | 249 +++++++++----- plaso/lib/errors.py | 15 + plaso/lib/timelib.py | 5 +- plaso/multi_processing/multi_process.py | 6 +- test_data/psort_test.json.plaso | Bin 0 -> 6512 bytes ...{psort_test.out => psort_test.proto.plaso} | Bin tests/cli/analysis_tool.py | 2 +- tests/engine/zeromq_queue.py | 44 +++ tests/frontend/analysis_frontend.py | 2 +- tests/frontend/psort.py | 44 ++- tests/frontend/test_lib.py | 35 ++ tests/lib/storage.py | 2 +- tests/output/pstorage.py | 2 +- tools/pinfo_test.py | 4 +- tools/psort.py | 25 ++ tools/psort_test.py | 2 +- 53 files changed, 1681 insertions(+), 1023 deletions(-) create mode 100644 plaso/engine/zeromq_queue.py create mode 100644 test_data/psort_test.json.plaso rename test_data/{psort_test.out => psort_test.proto.plaso} (100%) create mode 100644 tests/engine/zeromq_queue.py diff --git a/.travis.yml b/.travis.yml index e3c290e201..471e1200d6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,8 @@ language: python python: - "2.7" before_install: - - if test `uname -s` = 'Linux'; then sudo add-apt-repository ppa:gift/dev -y && sudo apt-get update -q && sudo apt-get install ipython libbde-python libesedb-python libevt-python libevtx-python libewf-python libfwsi-python liblnk-python libmsiecf-python libolecf-python libqcow-python libregf-python libsigscan-python libsmdev-python libsmraw-python libtsk libvhdi-python libvmdk-python libvshadow-python python-artifacts python-bencode python-binplist python-construct python-coverage python-coveralls python-dateutil python-dfvfs python-docopt python-dpkt python-hachoir-core python-hachoir-metadata python-hachoir-parser python-mock python-pefile python-protobuf python-psutil python-pyparsing python-requests python-six python-xlsxwriter python-yaml python-tz pytsk3; fi + - sudo rm -f /etc/apt/sources.list.d/travis_ci_zeromq3-source.list + - if test `uname -s` = 'Linux'; then sudo add-apt-repository ppa:gift/dev -y && sudo apt-get update -q && sudo apt-get install ipython libbde-python libesedb-python libevt-python libevtx-python libewf-python libfwsi-python liblnk-python libmsiecf-python libolecf-python libqcow-python libregf-python libsigscan-python libsmdev-python libsmraw-python libtsk libvhdi-python libvmdk-python libvshadow-python python-artifacts python-bencode python-binplist python-construct python-coverage python-coveralls python-dateutil python-dfvfs python-docopt python-dpkt python-hachoir-core python-hachoir-metadata python-hachoir-parser python-mock python-pefile python-protobuf python-psutil python-pyparsing python-requests python-six python-xlsxwriter python-yaml python-tz pytsk3 python-zmq; fi - sudo pip install ipython --upgrade script: - ./run_tests.py diff --git a/config/dpkg/changelog b/config/dpkg/changelog index d996e0c570..eb7f215aba 100644 --- a/config/dpkg/changelog +++ b/config/dpkg/changelog @@ -2,4 +2,4 @@ python-plaso (1.3.1-1) unstable; urgency=low * Auto-generated - -- Log2Timeline Thu, 03 Sep 2015 08:27:39 +0200 + -- Log2Timeline Fri, 04 Sep 2015 12:45:13 +0200 diff --git a/config/dpkg/control b/config/dpkg/control index 49f6327660..0d5592344f 100644 --- a/config/dpkg/control +++ b/config/dpkg/control @@ -8,7 +8,7 @@ Homepage: https://github.com/log2timeline/plaso/ Package: python-plaso Architecture: all -Depends: libprotobuf7 | libprotobuf8 | libprotobuf9, libyaml-0-2, libbde-python, libesedb-python, libevt-python, libevtx-python, libewf-python, libfwsi-python, liblnk-python, libmsiecf-python, libolecf-python, libqcow-python, libregf-python, libtsk, libsigscan-python, libsmdev-python, libsmraw-python, libvhdi-python, libvmdk-python, libvshadow-python, ipython, python-artifacts, python-bencode, python-binplist, python-construct, python-dateutil, python-dfvfs, python-dpkt, python-hachoir-core, python-hachoir-metadata, python-hachoir-parser, python-mock, python-pefile, python-protobuf, python-psutil, python-pyparsing, python-six, python-yaml, python-tz, pytsk3, ${shlibs:Depends}, ${misc:Depends} +Depends: libprotobuf7 | libprotobuf8 | libprotobuf9, libyaml-0-2, libbde-python, libesedb-python, libevt-python, libevtx-python, libewf-python, libfwsi-python, liblnk-python, libmsiecf-python, libolecf-python, libqcow-python, libregf-python, libtsk, libsigscan-python, libsmdev-python, libsmraw-python, libvhdi-python, libvmdk-python, libvshadow-python, ipython, python-artifacts, python-bencode, python-binplist, python-construct, python-dateutil, python-dfvfs, python-dpkt, python-hachoir-core, python-hachoir-metadata, python-hachoir-parser, python-mock, python-pefile, python-protobuf, python-psutil, python-pyparsing, python-six, python-yaml, python-tz, python-zmq, pytsk3, ${shlibs:Depends}, ${misc:Depends} Recommends: elasticsearch, libesedb-tools, libbde-tools, libevt-tools, libevtx-tools, libewf-tools, liblnk-tools, libmsiecf-tools, libolecf-tools, libqcow-tools, libregf-tools, libsmdev-tools, libsmraw-tools, libvhdi-tools, libvmdk-tools, libvshadow-tools, libtsk-dev, pyelasticsearch, python-requests, python-xlsxwriter, sleuthkit Description: Plaso Log2Timeline Log2Timeline is a framework to create super timelines. diff --git a/docs/plaso.analysis.rst b/docs/plaso.analysis.rst index 85896b5111..cea7d4fcf0 100644 --- a/docs/plaso.analysis.rst +++ b/docs/plaso.analysis.rst @@ -1,99 +1,102 @@ -analysis Package -================ +plaso.analysis package +====================== -:mod:`analysis` Package ------------------------ +Submodules +---------- -.. automodule:: plaso.analysis - :members: - :undoc-members: - :show-inheritance: - -:mod:`browser_search` Module ----------------------------- +plaso.analysis.browser_search module +------------------------------------ .. automodule:: plaso.analysis.browser_search :members: :undoc-members: :show-inheritance: -:mod:`chrome_extension` Module ------------------------------- +plaso.analysis.chrome_extension module +-------------------------------------- .. automodule:: plaso.analysis.chrome_extension :members: :undoc-members: :show-inheritance: -:mod:`file_hashes` Module -------------------------- +plaso.analysis.file_hashes module +--------------------------------- .. automodule:: plaso.analysis.file_hashes :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.analysis.interface module +------------------------------- .. automodule:: plaso.analysis.interface :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.analysis.manager module +----------------------------- .. automodule:: plaso.analysis.manager :members: :undoc-members: :show-inheritance: -:mod:`mediator` Module ----------------------- +plaso.analysis.mediator module +------------------------------ .. automodule:: plaso.analysis.mediator :members: :undoc-members: :show-inheritance: -:mod:`tagging` Module ---------------------- +plaso.analysis.tagging module +----------------------------- .. automodule:: plaso.analysis.tagging :members: :undoc-members: :show-inheritance: -:mod:`unique_domains_visited` Module ------------------------------------- +plaso.analysis.unique_domains_visited module +-------------------------------------------- .. automodule:: plaso.analysis.unique_domains_visited :members: :undoc-members: :show-inheritance: -:mod:`viper` Module -------------------- +plaso.analysis.viper module +--------------------------- .. automodule:: plaso.analysis.viper :members: :undoc-members: :show-inheritance: -:mod:`virustotal` Module ------------------------- +plaso.analysis.virustotal module +-------------------------------- .. automodule:: plaso.analysis.virustotal :members: :undoc-members: :show-inheritance: -:mod:`windows_services` Module ------------------------------- +plaso.analysis.windows_services module +-------------------------------------- .. automodule:: plaso.analysis.windows_services :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.analysis + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.cli.helpers.rst b/docs/plaso.cli.helpers.rst index 6aa53c75af..44484f03eb 100644 --- a/docs/plaso.cli.helpers.rst +++ b/docs/plaso.cli.helpers.rst @@ -1,131 +1,134 @@ -helpers Package -=============== +plaso.cli.helpers package +========================= -:mod:`helpers` Package ----------------------- +Submodules +---------- -.. automodule:: plaso.cli.helpers - :members: - :undoc-members: - :show-inheritance: - -:mod:`database_config` Module ------------------------------ +plaso.cli.helpers.database_config module +---------------------------------------- .. automodule:: plaso.cli.helpers.database_config :members: :undoc-members: :show-inheritance: -:mod:`elastic_output` Module ----------------------------- +plaso.cli.helpers.elastic_output module +--------------------------------------- .. automodule:: plaso.cli.helpers.elastic_output :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.cli.helpers.interface module +---------------------------------- .. automodule:: plaso.cli.helpers.interface :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.cli.helpers.manager module +-------------------------------- .. automodule:: plaso.cli.helpers.manager :members: :undoc-members: :show-inheritance: -:mod:`mysql_4n6time_output` Module ----------------------------------- +plaso.cli.helpers.mysql_4n6time_output module +--------------------------------------------- .. automodule:: plaso.cli.helpers.mysql_4n6time_output :members: :undoc-members: :show-inheritance: -:mod:`pstorage` Module ----------------------- +plaso.cli.helpers.pstorage module +--------------------------------- .. automodule:: plaso.cli.helpers.pstorage :members: :undoc-members: :show-inheritance: -:mod:`server_config` Module ---------------------------- +plaso.cli.helpers.server_config module +-------------------------------------- .. automodule:: plaso.cli.helpers.server_config :members: :undoc-members: :show-inheritance: -:mod:`shared_4n6time_output` Module ------------------------------------ +plaso.cli.helpers.shared_4n6time_output module +---------------------------------------------- .. automodule:: plaso.cli.helpers.shared_4n6time_output :members: :undoc-members: :show-inheritance: -:mod:`sqlite_4n6time_output` Module ------------------------------------ +plaso.cli.helpers.sqlite_4n6time_output module +---------------------------------------------- .. automodule:: plaso.cli.helpers.sqlite_4n6time_output :members: :undoc-members: :show-inheritance: -:mod:`tagging_analysis` Module ------------------------------- +plaso.cli.helpers.tagging_analysis module +----------------------------------------- .. automodule:: plaso.cli.helpers.tagging_analysis :members: :undoc-members: :show-inheritance: -:mod:`timesketch_out` Module ----------------------------- +plaso.cli.helpers.timesketch_out module +--------------------------------------- .. automodule:: plaso.cli.helpers.timesketch_out :members: :undoc-members: :show-inheritance: -:mod:`viper_analysis` Module ----------------------------- +plaso.cli.helpers.viper_analysis module +--------------------------------------- .. automodule:: plaso.cli.helpers.viper_analysis :members: :undoc-members: :show-inheritance: -:mod:`virustotal_analysis` Module ---------------------------------- +plaso.cli.helpers.virustotal_analysis module +-------------------------------------------- .. automodule:: plaso.cli.helpers.virustotal_analysis :members: :undoc-members: :show-inheritance: -:mod:`windows_services_analysis` Module ---------------------------------------- +plaso.cli.helpers.windows_services_analysis module +-------------------------------------------------- .. automodule:: plaso.cli.helpers.windows_services_analysis :members: :undoc-members: :show-inheritance: -:mod:`xlsx_output` Module -------------------------- +plaso.cli.helpers.xlsx_output module +------------------------------------ .. automodule:: plaso.cli.helpers.xlsx_output :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.cli.helpers + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.cli.rst b/docs/plaso.cli.rst index 05133cf42d..5cec4aab5a 100644 --- a/docs/plaso.cli.rst +++ b/docs/plaso.cli.rst @@ -1,58 +1,61 @@ -cli Package -=========== +plaso.cli package +================= -:mod:`cli` Package ------------------- +Subpackages +----------- -.. automodule:: plaso.cli - :members: - :undoc-members: - :show-inheritance: +.. toctree:: + + plaso.cli.helpers -:mod:`analysis_tool` Module ---------------------------- +Submodules +---------- + +plaso.cli.analysis_tool module +------------------------------ .. automodule:: plaso.cli.analysis_tool :members: :undoc-members: :show-inheritance: -:mod:`extraction_tool` Module ------------------------------ +plaso.cli.extraction_tool module +-------------------------------- .. automodule:: plaso.cli.extraction_tool :members: :undoc-members: :show-inheritance: -:mod:`hexdump` Module ---------------------- +plaso.cli.hexdump module +------------------------ .. automodule:: plaso.cli.hexdump :members: :undoc-members: :show-inheritance: -:mod:`storage_media_tool` Module --------------------------------- +plaso.cli.storage_media_tool module +----------------------------------- .. automodule:: plaso.cli.storage_media_tool :members: :undoc-members: :show-inheritance: -:mod:`tools` Module -------------------- +plaso.cli.tools module +---------------------- .. automodule:: plaso.cli.tools :members: :undoc-members: :show-inheritance: -Subpackages ------------ - -.. toctree:: - plaso.cli.helpers +Module contents +--------------- +.. automodule:: plaso.cli + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.dfwinreg.rst b/docs/plaso.dfwinreg.rst index 502baad9cf..ed8844f9d4 100644 --- a/docs/plaso.dfwinreg.rst +++ b/docs/plaso.dfwinreg.rst @@ -1,51 +1,54 @@ -dfwinreg Package -================ +plaso.dfwinreg package +====================== -:mod:`dfwinreg` Package ------------------------ +Submodules +---------- -.. automodule:: plaso.dfwinreg - :members: - :undoc-members: - :show-inheritance: - -:mod:`definitions` Module -------------------------- +plaso.dfwinreg.definitions module +--------------------------------- .. automodule:: plaso.dfwinreg.definitions :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.dfwinreg.interface module +------------------------------- .. automodule:: plaso.dfwinreg.interface :members: :undoc-members: :show-inheritance: -:mod:`path_expander` Module ---------------------------- +plaso.dfwinreg.path_expander module +----------------------------------- .. automodule:: plaso.dfwinreg.path_expander :members: :undoc-members: :show-inheritance: -:mod:`regf` Module ------------------- +plaso.dfwinreg.regf module +-------------------------- .. automodule:: plaso.dfwinreg.regf :members: :undoc-members: :show-inheritance: -:mod:`registry` Module ----------------------- +plaso.dfwinreg.registry module +------------------------------ .. automodule:: plaso.dfwinreg.registry :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.dfwinreg + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.engine.rst b/docs/plaso.engine.rst index f30331fb4b..d450615b2b 100644 --- a/docs/plaso.engine.rst +++ b/docs/plaso.engine.rst @@ -1,83 +1,94 @@ -engine Package -============== +plaso.engine package +==================== -:mod:`engine` Package ---------------------- +Submodules +---------- -.. automodule:: plaso.engine - :members: - :undoc-members: - :show-inheritance: - -:mod:`collector` Module ------------------------ +plaso.engine.collector module +----------------------------- .. automodule:: plaso.engine.collector :members: :undoc-members: :show-inheritance: -:mod:`engine` Module --------------------- +plaso.engine.engine module +-------------------------- .. automodule:: plaso.engine.engine :members: :undoc-members: :show-inheritance: -:mod:`knowledge_base` Module ----------------------------- +plaso.engine.knowledge_base module +---------------------------------- .. automodule:: plaso.engine.knowledge_base :members: :undoc-members: :show-inheritance: -:mod:`processing_status` Module -------------------------------- +plaso.engine.processing_status module +------------------------------------- .. automodule:: plaso.engine.processing_status :members: :undoc-members: :show-inheritance: -:mod:`profiler` Module ----------------------- +plaso.engine.profiler module +---------------------------- .. automodule:: plaso.engine.profiler :members: :undoc-members: :show-inheritance: -:mod:`queue` Module -------------------- +plaso.engine.queue module +------------------------- .. automodule:: plaso.engine.queue :members: :undoc-members: :show-inheritance: -:mod:`single_process` Module ----------------------------- +plaso.engine.single_process module +---------------------------------- .. automodule:: plaso.engine.single_process :members: :undoc-members: :show-inheritance: -:mod:`utils` Module -------------------- +plaso.engine.utils module +------------------------- .. automodule:: plaso.engine.utils :members: :undoc-members: :show-inheritance: -:mod:`worker` Module --------------------- +plaso.engine.worker module +-------------------------- .. automodule:: plaso.engine.worker :members: :undoc-members: :show-inheritance: +plaso.engine.zeromq_queue module +-------------------------------- + +.. automodule:: plaso.engine.zeromq_queue + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso.engine + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.events.rst b/docs/plaso.events.rst index cd919d2cc7..25fc487d6f 100644 --- a/docs/plaso.events.rst +++ b/docs/plaso.events.rst @@ -1,51 +1,54 @@ -events Package -============== +plaso.events package +==================== -:mod:`events` Package ---------------------- +Submodules +---------- -.. automodule:: plaso.events - :members: - :undoc-members: - :show-inheritance: - -:mod:`plist_event` Module -------------------------- +plaso.events.plist_event module +------------------------------- .. automodule:: plaso.events.plist_event :members: :undoc-members: :show-inheritance: -:mod:`shell_item_events` Module -------------------------------- +plaso.events.shell_item_events module +------------------------------------- .. automodule:: plaso.events.shell_item_events :members: :undoc-members: :show-inheritance: -:mod:`text_events` Module -------------------------- +plaso.events.text_events module +------------------------------- .. automodule:: plaso.events.text_events :members: :undoc-members: :show-inheritance: -:mod:`time_events` Module -------------------------- +plaso.events.time_events module +------------------------------- .. automodule:: plaso.events.time_events :members: :undoc-members: :show-inheritance: -:mod:`windows_events` Module ----------------------------- +plaso.events.windows_events module +---------------------------------- .. automodule:: plaso.events.windows_events :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.events + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.filters.rst b/docs/plaso.filters.rst index e7222a4d9c..92c669b4a7 100644 --- a/docs/plaso.filters.rst +++ b/docs/plaso.filters.rst @@ -1,35 +1,38 @@ -filters Package -=============== +plaso.filters package +===================== -:mod:`filters` Package ----------------------- +Submodules +---------- -.. automodule:: plaso.filters - :members: - :undoc-members: - :show-inheritance: - -:mod:`dynamic_filter` Module ----------------------------- +plaso.filters.dynamic_filter module +----------------------------------- .. automodule:: plaso.filters.dynamic_filter :members: :undoc-members: :show-inheritance: -:mod:`eventfilter` Module -------------------------- +plaso.filters.eventfilter module +-------------------------------- .. automodule:: plaso.filters.eventfilter :members: :undoc-members: :show-inheritance: -:mod:`filterlist` Module ------------------------- +plaso.filters.filterlist module +------------------------------- .. automodule:: plaso.filters.filterlist :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.filters + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.formatters.rst b/docs/plaso.formatters.rst index 2fbd8c673c..d5f36f3839 100644 --- a/docs/plaso.formatters.rst +++ b/docs/plaso.formatters.rst @@ -1,619 +1,622 @@ -formatters Package -================== +plaso.formatters package +======================== -:mod:`formatters` Package -------------------------- +Submodules +---------- -.. automodule:: plaso.formatters - :members: - :undoc-members: - :show-inheritance: - -:mod:`android_app_usage` Module -------------------------------- +plaso.formatters.android_app_usage module +----------------------------------------- .. automodule:: plaso.formatters.android_app_usage :members: :undoc-members: :show-inheritance: -:mod:`android_calls` Module ---------------------------- +plaso.formatters.android_calls module +------------------------------------- .. automodule:: plaso.formatters.android_calls :members: :undoc-members: :show-inheritance: -:mod:`android_sms` Module -------------------------- +plaso.formatters.android_sms module +----------------------------------- .. automodule:: plaso.formatters.android_sms :members: :undoc-members: :show-inheritance: -:mod:`appcompatcache` Module ----------------------------- +plaso.formatters.appcompatcache module +-------------------------------------- .. automodule:: plaso.formatters.appcompatcache :members: :undoc-members: :show-inheritance: -:mod:`appusage` Module ----------------------- +plaso.formatters.appusage module +-------------------------------- .. automodule:: plaso.formatters.appusage :members: :undoc-members: :show-inheritance: -:mod:`asl` Module ------------------ +plaso.formatters.asl module +--------------------------- .. automodule:: plaso.formatters.asl :members: :undoc-members: :show-inheritance: -:mod:`bencode_parser` Module ----------------------------- +plaso.formatters.bencode_parser module +-------------------------------------- .. automodule:: plaso.formatters.bencode_parser :members: :undoc-members: :show-inheritance: -:mod:`bsm` Module ------------------ +plaso.formatters.bsm module +--------------------------- .. automodule:: plaso.formatters.bsm :members: :undoc-members: :show-inheritance: -:mod:`chrome` Module --------------------- +plaso.formatters.chrome module +------------------------------ .. automodule:: plaso.formatters.chrome :members: :undoc-members: :show-inheritance: -:mod:`chrome_cache` Module --------------------------- +plaso.formatters.chrome_cache module +------------------------------------ .. automodule:: plaso.formatters.chrome_cache :members: :undoc-members: :show-inheritance: -:mod:`chrome_cookies` Module ----------------------------- +plaso.formatters.chrome_cookies module +-------------------------------------- .. automodule:: plaso.formatters.chrome_cookies :members: :undoc-members: :show-inheritance: -:mod:`chrome_extension_activity` Module ---------------------------------------- +plaso.formatters.chrome_extension_activity module +------------------------------------------------- .. automodule:: plaso.formatters.chrome_extension_activity :members: :undoc-members: :show-inheritance: -:mod:`chrome_preferences` Module --------------------------------- +plaso.formatters.chrome_preferences module +------------------------------------------ .. automodule:: plaso.formatters.chrome_preferences :members: :undoc-members: :show-inheritance: -:mod:`cups_ipp` Module ----------------------- +plaso.formatters.cups_ipp module +-------------------------------- .. automodule:: plaso.formatters.cups_ipp :members: :undoc-members: :show-inheritance: -:mod:`default` Module ---------------------- +plaso.formatters.default module +------------------------------- .. automodule:: plaso.formatters.default :members: :undoc-members: :show-inheritance: -:mod:`file_history` Module --------------------------- +plaso.formatters.file_history module +------------------------------------ .. automodule:: plaso.formatters.file_history :members: :undoc-members: :show-inheritance: -:mod:`filestat` Module ----------------------- +plaso.formatters.filestat module +-------------------------------- .. automodule:: plaso.formatters.filestat :members: :undoc-members: :show-inheritance: -:mod:`firefox` Module ---------------------- +plaso.formatters.firefox module +------------------------------- .. automodule:: plaso.formatters.firefox :members: :undoc-members: :show-inheritance: -:mod:`firefox_cache` Module ---------------------------- +plaso.formatters.firefox_cache module +------------------------------------- .. automodule:: plaso.formatters.firefox_cache :members: :undoc-members: :show-inheritance: -:mod:`firefox_cookies` Module ------------------------------ +plaso.formatters.firefox_cookies module +--------------------------------------- .. automodule:: plaso.formatters.firefox_cookies :members: :undoc-members: :show-inheritance: -:mod:`ganalytics` Module ------------------------- +plaso.formatters.ganalytics module +---------------------------------- .. automodule:: plaso.formatters.ganalytics :members: :undoc-members: :show-inheritance: -:mod:`gdrive` Module --------------------- +plaso.formatters.gdrive module +------------------------------ .. automodule:: plaso.formatters.gdrive :members: :undoc-members: :show-inheritance: -:mod:`hachoir` Module ---------------------- +plaso.formatters.hachoir module +------------------------------- .. automodule:: plaso.formatters.hachoir :members: :undoc-members: :show-inheritance: -:mod:`iis` Module ------------------ +plaso.formatters.iis module +--------------------------- .. automodule:: plaso.formatters.iis :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.formatters.interface module +--------------------------------- .. automodule:: plaso.formatters.interface :members: :undoc-members: :show-inheritance: -:mod:`ipod` Module ------------------- +plaso.formatters.ipod module +---------------------------- .. automodule:: plaso.formatters.ipod :members: :undoc-members: :show-inheritance: -:mod:`java_idx` Module ----------------------- +plaso.formatters.java_idx module +-------------------------------- .. automodule:: plaso.formatters.java_idx :members: :undoc-members: :show-inheritance: -:mod:`ls_quarantine` Module ---------------------------- +plaso.formatters.ls_quarantine module +------------------------------------- .. automodule:: plaso.formatters.ls_quarantine :members: :undoc-members: :show-inheritance: -:mod:`mac_appfirewall` Module ------------------------------ +plaso.formatters.mac_appfirewall module +--------------------------------------- .. automodule:: plaso.formatters.mac_appfirewall :members: :undoc-members: :show-inheritance: -:mod:`mac_document_versions` Module ------------------------------------ +plaso.formatters.mac_document_versions module +--------------------------------------------- .. automodule:: plaso.formatters.mac_document_versions :members: :undoc-members: :show-inheritance: -:mod:`mac_keychain` Module --------------------------- +plaso.formatters.mac_keychain module +------------------------------------ .. automodule:: plaso.formatters.mac_keychain :members: :undoc-members: :show-inheritance: -:mod:`mac_securityd` Module ---------------------------- +plaso.formatters.mac_securityd module +------------------------------------- .. automodule:: plaso.formatters.mac_securityd :members: :undoc-members: :show-inheritance: -:mod:`mac_wifi` Module ----------------------- +plaso.formatters.mac_wifi module +-------------------------------- .. automodule:: plaso.formatters.mac_wifi :members: :undoc-members: :show-inheritance: -:mod:`mackeeper_cache` Module ------------------------------ +plaso.formatters.mackeeper_cache module +--------------------------------------- .. automodule:: plaso.formatters.mackeeper_cache :members: :undoc-members: :show-inheritance: -:mod:`mactime` Module ---------------------- +plaso.formatters.mactime module +------------------------------- .. automodule:: plaso.formatters.mactime :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.formatters.manager module +------------------------------- .. automodule:: plaso.formatters.manager :members: :undoc-members: :show-inheritance: -:mod:`mcafeeav` Module ----------------------- +plaso.formatters.mcafeeav module +-------------------------------- .. automodule:: plaso.formatters.mcafeeav :members: :undoc-members: :show-inheritance: -:mod:`mediator` Module ----------------------- +plaso.formatters.mediator module +-------------------------------- .. automodule:: plaso.formatters.mediator :members: :undoc-members: :show-inheritance: -:mod:`msie_webcache` Module ---------------------------- +plaso.formatters.msie_webcache module +------------------------------------- .. automodule:: plaso.formatters.msie_webcache :members: :undoc-members: :show-inheritance: -:mod:`msiecf` Module --------------------- +plaso.formatters.msiecf module +------------------------------ .. automodule:: plaso.formatters.msiecf :members: :undoc-members: :show-inheritance: -:mod:`olecf` Module -------------------- +plaso.formatters.olecf module +----------------------------- .. automodule:: plaso.formatters.olecf :members: :undoc-members: :show-inheritance: -:mod:`opera` Module -------------------- +plaso.formatters.opera module +----------------------------- .. automodule:: plaso.formatters.opera :members: :undoc-members: :show-inheritance: -:mod:`oxml` Module ------------------- +plaso.formatters.oxml module +---------------------------- .. automodule:: plaso.formatters.oxml :members: :undoc-members: :show-inheritance: -:mod:`pcap` Module ------------------- +plaso.formatters.pcap module +---------------------------- .. automodule:: plaso.formatters.pcap :members: :undoc-members: :show-inheritance: -:mod:`pe` Module ----------------- +plaso.formatters.pe module +-------------------------- .. automodule:: plaso.formatters.pe :members: :undoc-members: :show-inheritance: -:mod:`plist` Module -------------------- +plaso.formatters.plist module +----------------------------- .. automodule:: plaso.formatters.plist :members: :undoc-members: :show-inheritance: -:mod:`pls_recall` Module ------------------------- +plaso.formatters.pls_recall module +---------------------------------- .. automodule:: plaso.formatters.pls_recall :members: :undoc-members: :show-inheritance: -:mod:`popcontest` Module ------------------------- +plaso.formatters.popcontest module +---------------------------------- .. automodule:: plaso.formatters.popcontest :members: :undoc-members: :show-inheritance: -:mod:`recycler` Module ----------------------- +plaso.formatters.recycler module +-------------------------------- .. automodule:: plaso.formatters.recycler :members: :undoc-members: :show-inheritance: -:mod:`safari` Module --------------------- +plaso.formatters.safari module +------------------------------ .. automodule:: plaso.formatters.safari :members: :undoc-members: :show-inheritance: -:mod:`safari_cookies` Module ----------------------------- +plaso.formatters.safari_cookies module +-------------------------------------- .. automodule:: plaso.formatters.safari_cookies :members: :undoc-members: :show-inheritance: -:mod:`selinux` Module ---------------------- +plaso.formatters.selinux module +------------------------------- .. automodule:: plaso.formatters.selinux :members: :undoc-members: :show-inheritance: -:mod:`shell_items` Module -------------------------- +plaso.formatters.shell_items module +----------------------------------- .. automodule:: plaso.formatters.shell_items :members: :undoc-members: :show-inheritance: -:mod:`skydrivelog` Module -------------------------- +plaso.formatters.skydrivelog module +----------------------------------- .. automodule:: plaso.formatters.skydrivelog :members: :undoc-members: :show-inheritance: -:mod:`skydrivelogerr` Module ----------------------------- +plaso.formatters.skydrivelogerr module +-------------------------------------- .. automodule:: plaso.formatters.skydrivelogerr :members: :undoc-members: :show-inheritance: -:mod:`skype` Module -------------------- +plaso.formatters.skype module +----------------------------- .. automodule:: plaso.formatters.skype :members: :undoc-members: :show-inheritance: -:mod:`symantec` Module ----------------------- +plaso.formatters.symantec module +-------------------------------- .. automodule:: plaso.formatters.symantec :members: :undoc-members: :show-inheritance: -:mod:`syslog` Module --------------------- +plaso.formatters.syslog module +------------------------------ .. automodule:: plaso.formatters.syslog :members: :undoc-members: :show-inheritance: -:mod:`task_scheduler` Module ----------------------------- +plaso.formatters.task_scheduler module +-------------------------------------- .. automodule:: plaso.formatters.task_scheduler :members: :undoc-members: :show-inheritance: -:mod:`text` Module ------------------- +plaso.formatters.text module +---------------------------- .. automodule:: plaso.formatters.text :members: :undoc-members: :show-inheritance: -:mod:`utmp` Module ------------------- +plaso.formatters.utmp module +---------------------------- .. automodule:: plaso.formatters.utmp :members: :undoc-members: :show-inheritance: -:mod:`utmpx` Module -------------------- +plaso.formatters.utmpx module +----------------------------- .. automodule:: plaso.formatters.utmpx :members: :undoc-members: :show-inheritance: -:mod:`windows` Module ---------------------- +plaso.formatters.windows module +------------------------------- .. automodule:: plaso.formatters.windows :members: :undoc-members: :show-inheritance: -:mod:`winevt` Module --------------------- +plaso.formatters.winevt module +------------------------------ .. automodule:: plaso.formatters.winevt :members: :undoc-members: :show-inheritance: -:mod:`winevt_rc` Module ------------------------ +plaso.formatters.winevt_rc module +--------------------------------- .. automodule:: plaso.formatters.winevt_rc :members: :undoc-members: :show-inheritance: -:mod:`winevtx` Module ---------------------- +plaso.formatters.winevtx module +------------------------------- .. automodule:: plaso.formatters.winevtx :members: :undoc-members: :show-inheritance: -:mod:`winfirewall` Module -------------------------- +plaso.formatters.winfirewall module +----------------------------------- .. automodule:: plaso.formatters.winfirewall :members: :undoc-members: :show-inheritance: -:mod:`winjob` Module --------------------- +plaso.formatters.winjob module +------------------------------ .. automodule:: plaso.formatters.winjob :members: :undoc-members: :show-inheritance: -:mod:`winlnk` Module --------------------- +plaso.formatters.winlnk module +------------------------------ .. automodule:: plaso.formatters.winlnk :members: :undoc-members: :show-inheritance: -:mod:`winprefetch` Module -------------------------- +plaso.formatters.winprefetch module +----------------------------------- .. automodule:: plaso.formatters.winprefetch :members: :undoc-members: :show-inheritance: -:mod:`winreg` Module --------------------- +plaso.formatters.winreg module +------------------------------ .. automodule:: plaso.formatters.winreg :members: :undoc-members: :show-inheritance: -:mod:`winregservice` Module ---------------------------- +plaso.formatters.winregservice module +------------------------------------- .. automodule:: plaso.formatters.winregservice :members: :undoc-members: :show-inheritance: -:mod:`winrestore` Module ------------------------- +plaso.formatters.winrestore module +---------------------------------- .. automodule:: plaso.formatters.winrestore :members: :undoc-members: :show-inheritance: -:mod:`xchatlog` Module ----------------------- +plaso.formatters.xchatlog module +-------------------------------- .. automodule:: plaso.formatters.xchatlog :members: :undoc-members: :show-inheritance: -:mod:`xchatscrollback` Module ------------------------------ +plaso.formatters.xchatscrollback module +--------------------------------------- .. automodule:: plaso.formatters.xchatscrollback :members: :undoc-members: :show-inheritance: -:mod:`zeitgeist` Module ------------------------ +plaso.formatters.zeitgeist module +--------------------------------- .. automodule:: plaso.formatters.zeitgeist :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.formatters + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.frontend.rst b/docs/plaso.frontend.rst index b9ff9d26e9..f4af670c74 100644 --- a/docs/plaso.frontend.rst +++ b/docs/plaso.frontend.rst @@ -1,75 +1,78 @@ -frontend Package -================ +plaso.frontend package +====================== -:mod:`frontend` Package ------------------------ +Submodules +---------- -.. automodule:: plaso.frontend - :members: - :undoc-members: - :show-inheritance: - -:mod:`analysis_frontend` Module -------------------------------- +plaso.frontend.analysis_frontend module +--------------------------------------- .. automodule:: plaso.frontend.analysis_frontend :members: :undoc-members: :show-inheritance: -:mod:`extraction_frontend` Module ---------------------------------- +plaso.frontend.extraction_frontend module +----------------------------------------- .. automodule:: plaso.frontend.extraction_frontend :members: :undoc-members: :show-inheritance: -:mod:`frontend` Module ----------------------- +plaso.frontend.frontend module +------------------------------ .. automodule:: plaso.frontend.frontend :members: :undoc-members: :show-inheritance: -:mod:`image_export` Module --------------------------- +plaso.frontend.image_export module +---------------------------------- .. automodule:: plaso.frontend.image_export :members: :undoc-members: :show-inheritance: -:mod:`log2timeline` Module --------------------------- +plaso.frontend.log2timeline module +---------------------------------- .. automodule:: plaso.frontend.log2timeline :members: :undoc-members: :show-inheritance: -:mod:`preg` Module ------------------- +plaso.frontend.preg module +-------------------------- .. automodule:: plaso.frontend.preg :members: :undoc-members: :show-inheritance: -:mod:`presets` Module ---------------------- +plaso.frontend.presets module +----------------------------- .. automodule:: plaso.frontend.presets :members: :undoc-members: :show-inheritance: -:mod:`psort` Module -------------------- +plaso.frontend.psort module +--------------------------- .. automodule:: plaso.frontend.psort :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.frontend + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.hashers.rst b/docs/plaso.hashers.rst index b990c0a7e5..4f097de4aa 100644 --- a/docs/plaso.hashers.rst +++ b/docs/plaso.hashers.rst @@ -1,51 +1,54 @@ -hashers Package -=============== +plaso.hashers package +===================== -:mod:`hashers` Package ----------------------- +Submodules +---------- -.. automodule:: plaso.hashers - :members: - :undoc-members: - :show-inheritance: - -:mod:`interface` Module ------------------------ +plaso.hashers.interface module +------------------------------ .. automodule:: plaso.hashers.interface :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.hashers.manager module +---------------------------- .. automodule:: plaso.hashers.manager :members: :undoc-members: :show-inheritance: -:mod:`md5` Module ------------------ +plaso.hashers.md5 module +------------------------ .. automodule:: plaso.hashers.md5 :members: :undoc-members: :show-inheritance: -:mod:`sha1` Module ------------------- +plaso.hashers.sha1 module +------------------------- .. automodule:: plaso.hashers.sha1 :members: :undoc-members: :show-inheritance: -:mod:`sha256` Module --------------------- +plaso.hashers.sha256 module +--------------------------- .. automodule:: plaso.hashers.sha256 :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.hashers + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.lib.rst b/docs/plaso.lib.rst index 35caaba917..74b6292348 100644 --- a/docs/plaso.lib.rst +++ b/docs/plaso.lib.rst @@ -1,155 +1,158 @@ -lib Package -=========== +plaso.lib package +================= -:mod:`lib` Package ------------------- +Submodules +---------- -.. automodule:: plaso.lib - :members: - :undoc-members: - :show-inheritance: - -:mod:`binary` Module --------------------- +plaso.lib.binary module +----------------------- .. automodule:: plaso.lib.binary :members: :undoc-members: :show-inheritance: -:mod:`bufferlib` Module ------------------------ +plaso.lib.bufferlib module +-------------------------- .. automodule:: plaso.lib.bufferlib :members: :undoc-members: :show-inheritance: -:mod:`definitions` Module -------------------------- +plaso.lib.definitions module +---------------------------- .. automodule:: plaso.lib.definitions :members: :undoc-members: :show-inheritance: -:mod:`errors` Module --------------------- +plaso.lib.errors module +----------------------- .. automodule:: plaso.lib.errors :members: :undoc-members: :show-inheritance: -:mod:`event` Module -------------------- +plaso.lib.event module +---------------------- .. automodule:: plaso.lib.event :members: :undoc-members: :show-inheritance: -:mod:`eventdata` Module ------------------------ +plaso.lib.eventdata module +-------------------------- .. automodule:: plaso.lib.eventdata :members: :undoc-members: :show-inheritance: -:mod:`filter_interface` Module ------------------------------- +plaso.lib.filter_interface module +--------------------------------- .. automodule:: plaso.lib.filter_interface :members: :undoc-members: :show-inheritance: -:mod:`lexer` Module -------------------- +plaso.lib.lexer module +---------------------- .. automodule:: plaso.lib.lexer :members: :undoc-members: :show-inheritance: -:mod:`limit` Module -------------------- +plaso.lib.limit module +---------------------- .. automodule:: plaso.lib.limit :members: :undoc-members: :show-inheritance: -:mod:`objectfilter` Module --------------------------- +plaso.lib.objectfilter module +----------------------------- .. automodule:: plaso.lib.objectfilter :members: :undoc-members: :show-inheritance: -:mod:`pfilter` Module ---------------------- +plaso.lib.pfilter module +------------------------ .. automodule:: plaso.lib.pfilter :members: :undoc-members: :show-inheritance: -:mod:`plist` Module -------------------- +plaso.lib.plist module +---------------------- .. automodule:: plaso.lib.plist :members: :undoc-members: :show-inheritance: -:mod:`py2to3` Module --------------------- +plaso.lib.py2to3 module +----------------------- .. automodule:: plaso.lib.py2to3 :members: :undoc-members: :show-inheritance: -:mod:`registry` Module ----------------------- +plaso.lib.registry module +------------------------- .. automodule:: plaso.lib.registry :members: :undoc-members: :show-inheritance: -:mod:`specification` Module ---------------------------- +plaso.lib.specification module +------------------------------ .. automodule:: plaso.lib.specification :members: :undoc-members: :show-inheritance: -:mod:`storage` Module ---------------------- +plaso.lib.storage module +------------------------ .. automodule:: plaso.lib.storage :members: :undoc-members: :show-inheritance: -:mod:`timelib` Module ---------------------- +plaso.lib.timelib module +------------------------ .. automodule:: plaso.lib.timelib :members: :undoc-members: :show-inheritance: -:mod:`utils` Module -------------------- +plaso.lib.utils module +---------------------- .. automodule:: plaso.lib.utils :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.lib + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.multi_processing.rst b/docs/plaso.multi_processing.rst index c77dfa883a..73bae81fdf 100644 --- a/docs/plaso.multi_processing.rst +++ b/docs/plaso.multi_processing.rst @@ -1,43 +1,46 @@ -multi_processing Package -======================== +plaso.multi_processing package +============================== -:mod:`multi_processing` Package -------------------------------- +Submodules +---------- -.. automodule:: plaso.multi_processing - :members: - :undoc-members: - :show-inheritance: - -:mod:`multi_process` Module ---------------------------- +plaso.multi_processing.multi_process module +------------------------------------------- .. automodule:: plaso.multi_processing.multi_process :members: :undoc-members: :show-inheritance: -:mod:`process_info` Module --------------------------- +plaso.multi_processing.process_info module +------------------------------------------ .. automodule:: plaso.multi_processing.process_info :members: :undoc-members: :show-inheritance: -:mod:`rpc` Module ------------------ +plaso.multi_processing.rpc module +--------------------------------- .. automodule:: plaso.multi_processing.rpc :members: :undoc-members: :show-inheritance: -:mod:`xmlrpc` Module --------------------- +plaso.multi_processing.xmlrpc module +------------------------------------ .. automodule:: plaso.multi_processing.xmlrpc :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.multi_processing + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.output.rst b/docs/plaso.output.rst index 4009bb1867..15f2d99944 100644 --- a/docs/plaso.output.rst +++ b/docs/plaso.output.rst @@ -1,147 +1,150 @@ -output Package -============== +plaso.output package +==================== -:mod:`output` Package ---------------------- +Submodules +---------- -.. automodule:: plaso.output - :members: - :undoc-members: - :show-inheritance: - -:mod:`dynamic` Module ---------------------- +plaso.output.dynamic module +--------------------------- .. automodule:: plaso.output.dynamic :members: :undoc-members: :show-inheritance: -:mod:`elastic` Module ---------------------- +plaso.output.elastic module +--------------------------- .. automodule:: plaso.output.elastic :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.output.interface module +----------------------------- .. automodule:: plaso.output.interface :members: :undoc-members: :show-inheritance: -:mod:`json_line` Module ------------------------ +plaso.output.json_line module +----------------------------- .. automodule:: plaso.output.json_line :members: :undoc-members: :show-inheritance: -:mod:`json_out` Module ----------------------- +plaso.output.json_out module +---------------------------- .. automodule:: plaso.output.json_out :members: :undoc-members: :show-inheritance: -:mod:`l2t_csv` Module ---------------------- +plaso.output.l2t_csv module +--------------------------- .. automodule:: plaso.output.l2t_csv :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.output.manager module +--------------------------- .. automodule:: plaso.output.manager :members: :undoc-members: :show-inheritance: -:mod:`mediator` Module ----------------------- +plaso.output.mediator module +---------------------------- .. automodule:: plaso.output.mediator :members: :undoc-members: :show-inheritance: -:mod:`mysql_4n6time` Module ---------------------------- +plaso.output.mysql_4n6time module +--------------------------------- .. automodule:: plaso.output.mysql_4n6time :members: :undoc-members: :show-inheritance: -:mod:`null` Module ------------------- +plaso.output.null module +------------------------ .. automodule:: plaso.output.null :members: :undoc-members: :show-inheritance: -:mod:`pstorage` Module ----------------------- +plaso.output.pstorage module +---------------------------- .. automodule:: plaso.output.pstorage :members: :undoc-members: :show-inheritance: -:mod:`rawpy` Module -------------------- +plaso.output.rawpy module +------------------------- .. automodule:: plaso.output.rawpy :members: :undoc-members: :show-inheritance: -:mod:`shared_4n6time` Module ----------------------------- +plaso.output.shared_4n6time module +---------------------------------- .. automodule:: plaso.output.shared_4n6time :members: :undoc-members: :show-inheritance: -:mod:`sqlite_4n6time` Module ----------------------------- +plaso.output.sqlite_4n6time module +---------------------------------- .. automodule:: plaso.output.sqlite_4n6time :members: :undoc-members: :show-inheritance: -:mod:`timesketch_out` Module ----------------------------- +plaso.output.timesketch_out module +---------------------------------- .. automodule:: plaso.output.timesketch_out :members: :undoc-members: :show-inheritance: -:mod:`tln` Module ------------------ +plaso.output.tln module +----------------------- .. automodule:: plaso.output.tln :members: :undoc-members: :show-inheritance: -:mod:`xlsx` Module ------------------- +plaso.output.xlsx module +------------------------ .. automodule:: plaso.output.xlsx :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.output + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.bencode_plugins.rst b/docs/plaso.parsers.bencode_plugins.rst index 69e7fd994e..4d0f317f9b 100644 --- a/docs/plaso.parsers.bencode_plugins.rst +++ b/docs/plaso.parsers.bencode_plugins.rst @@ -1,35 +1,38 @@ -bencode_plugins Package -======================= +plaso.parsers.bencode_plugins package +===================================== -:mod:`bencode_plugins` Package ------------------------------- +Submodules +---------- -.. automodule:: plaso.parsers.bencode_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`interface` Module ------------------------ +plaso.parsers.bencode_plugins.interface module +---------------------------------------------- .. automodule:: plaso.parsers.bencode_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`transmission` Module --------------------------- +plaso.parsers.bencode_plugins.transmission module +------------------------------------------------- .. automodule:: plaso.parsers.bencode_plugins.transmission :members: :undoc-members: :show-inheritance: -:mod:`utorrent` Module ----------------------- +plaso.parsers.bencode_plugins.utorrent module +--------------------------------------------- .. automodule:: plaso.parsers.bencode_plugins.utorrent :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.bencode_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.cookie_plugins.rst b/docs/plaso.parsers.cookie_plugins.rst index 7a707e112e..97b5f6ada9 100644 --- a/docs/plaso.parsers.cookie_plugins.rst +++ b/docs/plaso.parsers.cookie_plugins.rst @@ -1,35 +1,38 @@ -cookie_plugins Package -====================== +plaso.parsers.cookie_plugins package +==================================== -:mod:`cookie_plugins` Package ------------------------------ +Submodules +---------- -.. automodule:: plaso.parsers.cookie_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`ganalytics` Module ------------------------- +plaso.parsers.cookie_plugins.ganalytics module +---------------------------------------------- .. automodule:: plaso.parsers.cookie_plugins.ganalytics :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.cookie_plugins.interface module +--------------------------------------------- .. automodule:: plaso.parsers.cookie_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.parsers.cookie_plugins.manager module +------------------------------------------- .. automodule:: plaso.parsers.cookie_plugins.manager :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.cookie_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.esedb_plugins.rst b/docs/plaso.parsers.esedb_plugins.rst index 6a3df8d0a9..4fd38b46a6 100644 --- a/docs/plaso.parsers.esedb_plugins.rst +++ b/docs/plaso.parsers.esedb_plugins.rst @@ -1,35 +1,38 @@ -esedb_plugins Package -===================== +plaso.parsers.esedb_plugins package +=================================== -:mod:`esedb_plugins` Package ----------------------------- +Submodules +---------- -.. automodule:: plaso.parsers.esedb_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`file_history` Module --------------------------- +plaso.parsers.esedb_plugins.file_history module +----------------------------------------------- .. automodule:: plaso.parsers.esedb_plugins.file_history :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.esedb_plugins.interface module +-------------------------------------------- .. automodule:: plaso.parsers.esedb_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`msie_webcache` Module ---------------------------- +plaso.parsers.esedb_plugins.msie_webcache module +------------------------------------------------ .. automodule:: plaso.parsers.esedb_plugins.msie_webcache :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.esedb_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.olecf_plugins.rst b/docs/plaso.parsers.olecf_plugins.rst index 6de129ca2b..a87c4b52ab 100644 --- a/docs/plaso.parsers.olecf_plugins.rst +++ b/docs/plaso.parsers.olecf_plugins.rst @@ -1,43 +1,46 @@ -olecf_plugins Package -===================== +plaso.parsers.olecf_plugins package +=================================== -:mod:`olecf_plugins` Package ----------------------------- +Submodules +---------- -.. automodule:: plaso.parsers.olecf_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`automatic_destinations` Module ------------------------------------- +plaso.parsers.olecf_plugins.automatic_destinations module +--------------------------------------------------------- .. automodule:: plaso.parsers.olecf_plugins.automatic_destinations :members: :undoc-members: :show-inheritance: -:mod:`default` Module ---------------------- +plaso.parsers.olecf_plugins.default module +------------------------------------------ .. automodule:: plaso.parsers.olecf_plugins.default :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.olecf_plugins.interface module +-------------------------------------------- .. automodule:: plaso.parsers.olecf_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`summary` Module ---------------------- +plaso.parsers.olecf_plugins.summary module +------------------------------------------ .. automodule:: plaso.parsers.olecf_plugins.summary :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.olecf_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.plist_plugins.rst b/docs/plaso.parsers.plist_plugins.rst index 26b4772230..1b45e5cffa 100644 --- a/docs/plaso.parsers.plist_plugins.rst +++ b/docs/plaso.parsers.plist_plugins.rst @@ -1,115 +1,118 @@ -plist_plugins Package -===================== +plaso.parsers.plist_plugins package +=================================== -:mod:`plist_plugins` Package ----------------------------- +Submodules +---------- -.. automodule:: plaso.parsers.plist_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`airport` Module ---------------------- +plaso.parsers.plist_plugins.airport module +------------------------------------------ .. automodule:: plaso.parsers.plist_plugins.airport :members: :undoc-members: :show-inheritance: -:mod:`appleaccount` Module --------------------------- +plaso.parsers.plist_plugins.appleaccount module +----------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.appleaccount :members: :undoc-members: :show-inheritance: -:mod:`bluetooth` Module ------------------------ +plaso.parsers.plist_plugins.bluetooth module +-------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.bluetooth :members: :undoc-members: :show-inheritance: -:mod:`default` Module ---------------------- +plaso.parsers.plist_plugins.default module +------------------------------------------ .. automodule:: plaso.parsers.plist_plugins.default :members: :undoc-members: :show-inheritance: -:mod:`install_history` Module ------------------------------ +plaso.parsers.plist_plugins.install_history module +-------------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.install_history :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.plist_plugins.interface module +-------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`ipod` Module ------------------- +plaso.parsers.plist_plugins.ipod module +--------------------------------------- .. automodule:: plaso.parsers.plist_plugins.ipod :members: :undoc-members: :show-inheritance: -:mod:`macuser` Module ---------------------- +plaso.parsers.plist_plugins.macuser module +------------------------------------------ .. automodule:: plaso.parsers.plist_plugins.macuser :members: :undoc-members: :show-inheritance: -:mod:`safari` Module --------------------- +plaso.parsers.plist_plugins.safari module +----------------------------------------- .. automodule:: plaso.parsers.plist_plugins.safari :members: :undoc-members: :show-inheritance: -:mod:`softwareupdate` Module ----------------------------- +plaso.parsers.plist_plugins.softwareupdate module +------------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.softwareupdate :members: :undoc-members: :show-inheritance: -:mod:`spotlight` Module ------------------------ +plaso.parsers.plist_plugins.spotlight module +-------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.spotlight :members: :undoc-members: :show-inheritance: -:mod:`spotlight_volume` Module ------------------------------- +plaso.parsers.plist_plugins.spotlight_volume module +--------------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.spotlight_volume :members: :undoc-members: :show-inheritance: -:mod:`timemachine` Module -------------------------- +plaso.parsers.plist_plugins.timemachine module +---------------------------------------------- .. automodule:: plaso.parsers.plist_plugins.timemachine :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.plist_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.rst b/docs/plaso.parsers.rst index a829a5dca0..b1df135858 100644 --- a/docs/plaso.parsers.rst +++ b/docs/plaso.parsers.rst @@ -1,457 +1,460 @@ -parsers Package -=============== +plaso.parsers package +===================== -:mod:`parsers` Package ----------------------- +Subpackages +----------- -.. automodule:: plaso.parsers - :members: - :undoc-members: - :show-inheritance: +.. toctree:: -:mod:`android_app_usage` Module -------------------------------- + plaso.parsers.bencode_plugins + plaso.parsers.cookie_plugins + plaso.parsers.esedb_plugins + plaso.parsers.olecf_plugins + plaso.parsers.plist_plugins + plaso.parsers.shared + plaso.parsers.sqlite_plugins + plaso.parsers.winreg_plugins + +Submodules +---------- + +plaso.parsers.android_app_usage module +-------------------------------------- .. automodule:: plaso.parsers.android_app_usage :members: :undoc-members: :show-inheritance: -:mod:`asl` Module ------------------ +plaso.parsers.asl module +------------------------ .. automodule:: plaso.parsers.asl :members: :undoc-members: :show-inheritance: -:mod:`bencode_parser` Module ----------------------------- +plaso.parsers.bencode_parser module +----------------------------------- .. automodule:: plaso.parsers.bencode_parser :members: :undoc-members: :show-inheritance: -:mod:`bsm` Module ------------------ +plaso.parsers.bsm module +------------------------ .. automodule:: plaso.parsers.bsm :members: :undoc-members: :show-inheritance: -:mod:`chrome_cache` Module --------------------------- +plaso.parsers.chrome_cache module +--------------------------------- .. automodule:: plaso.parsers.chrome_cache :members: :undoc-members: :show-inheritance: -:mod:`chrome_preferences` Module --------------------------------- +plaso.parsers.chrome_preferences module +--------------------------------------- .. automodule:: plaso.parsers.chrome_preferences :members: :undoc-members: :show-inheritance: -:mod:`cups_ipp` Module ----------------------- +plaso.parsers.cups_ipp module +----------------------------- .. automodule:: plaso.parsers.cups_ipp :members: :undoc-members: :show-inheritance: -:mod:`custom_destinations` Module ---------------------------------- +plaso.parsers.custom_destinations module +---------------------------------------- .. automodule:: plaso.parsers.custom_destinations :members: :undoc-members: :show-inheritance: -:mod:`esedb` Module -------------------- +plaso.parsers.esedb module +-------------------------- .. automodule:: plaso.parsers.esedb :members: :undoc-members: :show-inheritance: -:mod:`filestat` Module ----------------------- +plaso.parsers.filestat module +----------------------------- .. automodule:: plaso.parsers.filestat :members: :undoc-members: :show-inheritance: -:mod:`firefox_cache` Module ---------------------------- +plaso.parsers.firefox_cache module +---------------------------------- .. automodule:: plaso.parsers.firefox_cache :members: :undoc-members: :show-inheritance: -:mod:`hachoir` Module ---------------------- +plaso.parsers.hachoir module +---------------------------- .. automodule:: plaso.parsers.hachoir :members: :undoc-members: :show-inheritance: -:mod:`iis` Module ------------------ +plaso.parsers.iis module +------------------------ .. automodule:: plaso.parsers.iis :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.interface module +------------------------------ .. automodule:: plaso.parsers.interface :members: :undoc-members: :show-inheritance: -:mod:`java_idx` Module ----------------------- +plaso.parsers.java_idx module +----------------------------- .. automodule:: plaso.parsers.java_idx :members: :undoc-members: :show-inheritance: -:mod:`mac_appfirewall` Module ------------------------------ +plaso.parsers.mac_appfirewall module +------------------------------------ .. automodule:: plaso.parsers.mac_appfirewall :members: :undoc-members: :show-inheritance: -:mod:`mac_keychain` Module --------------------------- +plaso.parsers.mac_keychain module +--------------------------------- .. automodule:: plaso.parsers.mac_keychain :members: :undoc-members: :show-inheritance: -:mod:`mac_securityd` Module ---------------------------- +plaso.parsers.mac_securityd module +---------------------------------- .. automodule:: plaso.parsers.mac_securityd :members: :undoc-members: :show-inheritance: -:mod:`mac_wifi` Module ----------------------- +plaso.parsers.mac_wifi module +----------------------------- .. automodule:: plaso.parsers.mac_wifi :members: :undoc-members: :show-inheritance: -:mod:`mactime` Module ---------------------- +plaso.parsers.mactime module +---------------------------- .. automodule:: plaso.parsers.mactime :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.parsers.manager module +---------------------------- .. automodule:: plaso.parsers.manager :members: :undoc-members: :show-inheritance: -:mod:`mcafeeav` Module ----------------------- +plaso.parsers.mcafeeav module +----------------------------- .. automodule:: plaso.parsers.mcafeeav :members: :undoc-members: :show-inheritance: -:mod:`mediator` Module ----------------------- +plaso.parsers.mediator module +----------------------------- .. automodule:: plaso.parsers.mediator :members: :undoc-members: :show-inheritance: -:mod:`msiecf` Module --------------------- +plaso.parsers.msiecf module +--------------------------- .. automodule:: plaso.parsers.msiecf :members: :undoc-members: :show-inheritance: -:mod:`olecf` Module -------------------- +plaso.parsers.olecf module +-------------------------- .. automodule:: plaso.parsers.olecf :members: :undoc-members: :show-inheritance: -:mod:`opera` Module -------------------- +plaso.parsers.opera module +-------------------------- .. automodule:: plaso.parsers.opera :members: :undoc-members: :show-inheritance: -:mod:`oxml` Module ------------------- +plaso.parsers.oxml module +------------------------- .. automodule:: plaso.parsers.oxml :members: :undoc-members: :show-inheritance: -:mod:`pcap` Module ------------------- +plaso.parsers.pcap module +------------------------- .. automodule:: plaso.parsers.pcap :members: :undoc-members: :show-inheritance: -:mod:`pe` Module ----------------- +plaso.parsers.pe module +----------------------- .. automodule:: plaso.parsers.pe :members: :undoc-members: :show-inheritance: -:mod:`plist` Module -------------------- +plaso.parsers.plist module +-------------------------- .. automodule:: plaso.parsers.plist :members: :undoc-members: :show-inheritance: -:mod:`pls_recall` Module ------------------------- +plaso.parsers.pls_recall module +------------------------------- .. automodule:: plaso.parsers.pls_recall :members: :undoc-members: :show-inheritance: -:mod:`plugins` Module ---------------------- +plaso.parsers.plugins module +---------------------------- .. automodule:: plaso.parsers.plugins :members: :undoc-members: :show-inheritance: -:mod:`popcontest` Module ------------------------- +plaso.parsers.popcontest module +------------------------------- .. automodule:: plaso.parsers.popcontest :members: :undoc-members: :show-inheritance: -:mod:`recycler` Module ----------------------- +plaso.parsers.recycler module +----------------------------- .. automodule:: plaso.parsers.recycler :members: :undoc-members: :show-inheritance: -:mod:`safari_cookies` Module ----------------------------- +plaso.parsers.safari_cookies module +----------------------------------- .. automodule:: plaso.parsers.safari_cookies :members: :undoc-members: :show-inheritance: -:mod:`selinux` Module ---------------------- +plaso.parsers.selinux module +---------------------------- .. automodule:: plaso.parsers.selinux :members: :undoc-members: :show-inheritance: -:mod:`skydrivelog` Module -------------------------- +plaso.parsers.skydrivelog module +-------------------------------- .. automodule:: plaso.parsers.skydrivelog :members: :undoc-members: :show-inheritance: -:mod:`skydrivelogerr` Module ----------------------------- +plaso.parsers.skydrivelogerr module +----------------------------------- .. automodule:: plaso.parsers.skydrivelogerr :members: :undoc-members: :show-inheritance: -:mod:`sqlite` Module --------------------- +plaso.parsers.sqlite module +--------------------------- .. automodule:: plaso.parsers.sqlite :members: :undoc-members: :show-inheritance: -:mod:`symantec` Module ----------------------- +plaso.parsers.symantec module +----------------------------- .. automodule:: plaso.parsers.symantec :members: :undoc-members: :show-inheritance: -:mod:`syslog` Module --------------------- +plaso.parsers.syslog module +--------------------------- .. automodule:: plaso.parsers.syslog :members: :undoc-members: :show-inheritance: -:mod:`text_parser` Module -------------------------- +plaso.parsers.text_parser module +-------------------------------- .. automodule:: plaso.parsers.text_parser :members: :undoc-members: :show-inheritance: -:mod:`utmp` Module ------------------- +plaso.parsers.utmp module +------------------------- .. automodule:: plaso.parsers.utmp :members: :undoc-members: :show-inheritance: -:mod:`utmpx` Module -------------------- +plaso.parsers.utmpx module +-------------------------- .. automodule:: plaso.parsers.utmpx :members: :undoc-members: :show-inheritance: -:mod:`winevt` Module --------------------- +plaso.parsers.winevt module +--------------------------- .. automodule:: plaso.parsers.winevt :members: :undoc-members: :show-inheritance: -:mod:`winevtx` Module ---------------------- +plaso.parsers.winevtx module +---------------------------- .. automodule:: plaso.parsers.winevtx :members: :undoc-members: :show-inheritance: -:mod:`winfirewall` Module -------------------------- +plaso.parsers.winfirewall module +-------------------------------- .. automodule:: plaso.parsers.winfirewall :members: :undoc-members: :show-inheritance: -:mod:`winjob` Module --------------------- +plaso.parsers.winjob module +--------------------------- .. automodule:: plaso.parsers.winjob :members: :undoc-members: :show-inheritance: -:mod:`winlnk` Module --------------------- +plaso.parsers.winlnk module +--------------------------- .. automodule:: plaso.parsers.winlnk :members: :undoc-members: :show-inheritance: -:mod:`winprefetch` Module -------------------------- +plaso.parsers.winprefetch module +-------------------------------- .. automodule:: plaso.parsers.winprefetch :members: :undoc-members: :show-inheritance: -:mod:`winreg` Module --------------------- +plaso.parsers.winreg module +--------------------------- .. automodule:: plaso.parsers.winreg :members: :undoc-members: :show-inheritance: -:mod:`winrestore` Module ------------------------- +plaso.parsers.winrestore module +------------------------------- .. automodule:: plaso.parsers.winrestore :members: :undoc-members: :show-inheritance: -:mod:`xchatlog` Module ----------------------- +plaso.parsers.xchatlog module +----------------------------- .. automodule:: plaso.parsers.xchatlog :members: :undoc-members: :show-inheritance: -:mod:`xchatscrollback` Module ------------------------------ +plaso.parsers.xchatscrollback module +------------------------------------ .. automodule:: plaso.parsers.xchatscrollback :members: :undoc-members: :show-inheritance: -Subpackages ------------ - -.. toctree:: - plaso.parsers.bencode_plugins - plaso.parsers.cookie_plugins - plaso.parsers.esedb_plugins - plaso.parsers.olecf_plugins - plaso.parsers.plist_plugins - plaso.parsers.shared - plaso.parsers.sqlite_plugins - plaso.parsers.winreg_plugins +Module contents +--------------- +.. automodule:: plaso.parsers + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.shared.rst b/docs/plaso.parsers.shared.rst index 90276f0a0d..f56dde9ec5 100644 --- a/docs/plaso.parsers.shared.rst +++ b/docs/plaso.parsers.shared.rst @@ -1,19 +1,22 @@ -shared Package -============== +plaso.parsers.shared package +============================ -:mod:`shared` Package ---------------------- +Submodules +---------- -.. automodule:: plaso.parsers.shared +plaso.parsers.shared.shell_items module +--------------------------------------- + +.. automodule:: plaso.parsers.shared.shell_items :members: :undoc-members: :show-inheritance: -:mod:`shell_items` Module -------------------------- -.. automodule:: plaso.parsers.shared.shell_items +Module contents +--------------- + +.. automodule:: plaso.parsers.shared :members: :undoc-members: :show-inheritance: - diff --git a/docs/plaso.parsers.sqlite_plugins.rst b/docs/plaso.parsers.sqlite_plugins.rst index a9cc4a6342..d336bc4ecd 100644 --- a/docs/plaso.parsers.sqlite_plugins.rst +++ b/docs/plaso.parsers.sqlite_plugins.rst @@ -1,131 +1,134 @@ -sqlite_plugins Package -====================== +plaso.parsers.sqlite_plugins package +==================================== -:mod:`sqlite_plugins` Package ------------------------------ +Submodules +---------- -.. automodule:: plaso.parsers.sqlite_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`android_calls` Module ---------------------------- +plaso.parsers.sqlite_plugins.android_calls module +------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.android_calls :members: :undoc-members: :show-inheritance: -:mod:`android_sms` Module -------------------------- +plaso.parsers.sqlite_plugins.android_sms module +----------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.android_sms :members: :undoc-members: :show-inheritance: -:mod:`appusage` Module ----------------------- +plaso.parsers.sqlite_plugins.appusage module +-------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.appusage :members: :undoc-members: :show-inheritance: -:mod:`chrome` Module --------------------- +plaso.parsers.sqlite_plugins.chrome module +------------------------------------------ .. automodule:: plaso.parsers.sqlite_plugins.chrome :members: :undoc-members: :show-inheritance: -:mod:`chrome_cookies` Module ----------------------------- +plaso.parsers.sqlite_plugins.chrome_cookies module +-------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.chrome_cookies :members: :undoc-members: :show-inheritance: -:mod:`chrome_extension_activity` Module ---------------------------------------- +plaso.parsers.sqlite_plugins.chrome_extension_activity module +------------------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.chrome_extension_activity :members: :undoc-members: :show-inheritance: -:mod:`firefox` Module ---------------------- +plaso.parsers.sqlite_plugins.firefox module +------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.firefox :members: :undoc-members: :show-inheritance: -:mod:`firefox_cookies` Module ------------------------------ +plaso.parsers.sqlite_plugins.firefox_cookies module +--------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.firefox_cookies :members: :undoc-members: :show-inheritance: -:mod:`gdrive` Module --------------------- +plaso.parsers.sqlite_plugins.gdrive module +------------------------------------------ .. automodule:: plaso.parsers.sqlite_plugins.gdrive :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.sqlite_plugins.interface module +--------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`ls_quarantine` Module ---------------------------- +plaso.parsers.sqlite_plugins.ls_quarantine module +------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.ls_quarantine :members: :undoc-members: :show-inheritance: -:mod:`mac_document_versions` Module ------------------------------------ +plaso.parsers.sqlite_plugins.mac_document_versions module +--------------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.mac_document_versions :members: :undoc-members: :show-inheritance: -:mod:`mackeeper_cache` Module ------------------------------ +plaso.parsers.sqlite_plugins.mackeeper_cache module +--------------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.mackeeper_cache :members: :undoc-members: :show-inheritance: -:mod:`skype` Module -------------------- +plaso.parsers.sqlite_plugins.skype module +----------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.skype :members: :undoc-members: :show-inheritance: -:mod:`zeitgeist` Module ------------------------ +plaso.parsers.sqlite_plugins.zeitgeist module +--------------------------------------------- .. automodule:: plaso.parsers.sqlite_plugins.zeitgeist :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.sqlite_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.parsers.winreg_plugins.rst b/docs/plaso.parsers.winreg_plugins.rst index 0a331504ef..b4a4a8af07 100644 --- a/docs/plaso.parsers.winreg_plugins.rst +++ b/docs/plaso.parsers.winreg_plugins.rst @@ -1,211 +1,214 @@ -winreg_plugins Package -====================== +plaso.parsers.winreg_plugins package +==================================== -:mod:`winreg_plugins` Package ------------------------------ +Submodules +---------- -.. automodule:: plaso.parsers.winreg_plugins - :members: - :undoc-members: - :show-inheritance: - -:mod:`appcompatcache` Module ----------------------------- +plaso.parsers.winreg_plugins.appcompatcache module +-------------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.appcompatcache :members: :undoc-members: :show-inheritance: -:mod:`bagmru` Module --------------------- +plaso.parsers.winreg_plugins.bagmru module +------------------------------------------ .. automodule:: plaso.parsers.winreg_plugins.bagmru :members: :undoc-members: :show-inheritance: -:mod:`ccleaner` Module ----------------------- +plaso.parsers.winreg_plugins.ccleaner module +-------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.ccleaner :members: :undoc-members: :show-inheritance: -:mod:`default` Module ---------------------- +plaso.parsers.winreg_plugins.default module +------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.default :members: :undoc-members: :show-inheritance: -:mod:`interface` Module ------------------------ +plaso.parsers.winreg_plugins.interface module +--------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.interface :members: :undoc-members: :show-inheritance: -:mod:`lfu` Module ------------------ +plaso.parsers.winreg_plugins.lfu module +--------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.lfu :members: :undoc-members: :show-inheritance: -:mod:`mountpoints` Module -------------------------- +plaso.parsers.winreg_plugins.mountpoints module +----------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.mountpoints :members: :undoc-members: :show-inheritance: -:mod:`mrulist` Module ---------------------- +plaso.parsers.winreg_plugins.mrulist module +------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.mrulist :members: :undoc-members: :show-inheritance: -:mod:`mrulistex` Module ------------------------ +plaso.parsers.winreg_plugins.mrulistex module +--------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.mrulistex :members: :undoc-members: :show-inheritance: -:mod:`msie_zones` Module ------------------------- +plaso.parsers.winreg_plugins.msie_zones module +---------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.msie_zones :members: :undoc-members: :show-inheritance: -:mod:`officemru` Module ------------------------ +plaso.parsers.winreg_plugins.officemru module +--------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.officemru :members: :undoc-members: :show-inheritance: -:mod:`outlook` Module ---------------------- +plaso.parsers.winreg_plugins.outlook module +------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.outlook :members: :undoc-members: :show-inheritance: -:mod:`run` Module ------------------ +plaso.parsers.winreg_plugins.run module +--------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.run :members: :undoc-members: :show-inheritance: -:mod:`sam_users` Module ------------------------ +plaso.parsers.winreg_plugins.sam_users module +--------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.sam_users :members: :undoc-members: :show-inheritance: -:mod:`services` Module ----------------------- +plaso.parsers.winreg_plugins.services module +-------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.services :members: :undoc-members: :show-inheritance: -:mod:`shutdown` Module ----------------------- +plaso.parsers.winreg_plugins.shutdown module +-------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.shutdown :members: :undoc-members: :show-inheritance: -:mod:`task_scheduler` Module ----------------------------- +plaso.parsers.winreg_plugins.task_scheduler module +-------------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.task_scheduler :members: :undoc-members: :show-inheritance: -:mod:`terminal_server` Module ------------------------------ +plaso.parsers.winreg_plugins.terminal_server module +--------------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.terminal_server :members: :undoc-members: :show-inheritance: -:mod:`timezone` Module ----------------------- +plaso.parsers.winreg_plugins.timezone module +-------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.timezone :members: :undoc-members: :show-inheritance: -:mod:`typedurls` Module ------------------------ +plaso.parsers.winreg_plugins.typedurls module +--------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.typedurls :members: :undoc-members: :show-inheritance: -:mod:`usb` Module ------------------ +plaso.parsers.winreg_plugins.usb module +--------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.usb :members: :undoc-members: :show-inheritance: -:mod:`usbstor` Module ---------------------- +plaso.parsers.winreg_plugins.usbstor module +------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.usbstor :members: :undoc-members: :show-inheritance: -:mod:`userassist` Module ------------------------- +plaso.parsers.winreg_plugins.userassist module +---------------------------------------------- .. automodule:: plaso.parsers.winreg_plugins.userassist :members: :undoc-members: :show-inheritance: -:mod:`winrar` Module --------------------- +plaso.parsers.winreg_plugins.winrar module +------------------------------------------ .. automodule:: plaso.parsers.winreg_plugins.winrar :members: :undoc-members: :show-inheritance: -:mod:`winver` Module --------------------- +plaso.parsers.winreg_plugins.winver module +------------------------------------------ .. automodule:: plaso.parsers.winreg_plugins.winver :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.parsers.winreg_plugins + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.preprocessors.rst b/docs/plaso.preprocessors.rst index 23b99310c6..c82ca2b8a1 100644 --- a/docs/plaso.preprocessors.rst +++ b/docs/plaso.preprocessors.rst @@ -1,51 +1,54 @@ -preprocessors Package -===================== +plaso.preprocessors package +=========================== -:mod:`preprocessors` Package ----------------------------- +Submodules +---------- -.. automodule:: plaso.preprocessors - :members: - :undoc-members: - :show-inheritance: - -:mod:`interface` Module ------------------------ +plaso.preprocessors.interface module +------------------------------------ .. automodule:: plaso.preprocessors.interface :members: :undoc-members: :show-inheritance: -:mod:`linux` Module -------------------- +plaso.preprocessors.linux module +-------------------------------- .. automodule:: plaso.preprocessors.linux :members: :undoc-members: :show-inheritance: -:mod:`macosx` Module --------------------- +plaso.preprocessors.macosx module +--------------------------------- .. automodule:: plaso.preprocessors.macosx :members: :undoc-members: :show-inheritance: -:mod:`manager` Module ---------------------- +plaso.preprocessors.manager module +---------------------------------- .. automodule:: plaso.preprocessors.manager :members: :undoc-members: :show-inheritance: -:mod:`windows` Module ---------------------- +plaso.preprocessors.windows module +---------------------------------- .. automodule:: plaso.preprocessors.windows :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.preprocessors + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.proto.rst b/docs/plaso.proto.rst index 5cb34bc891..e918cfed10 100644 --- a/docs/plaso.proto.rst +++ b/docs/plaso.proto.rst @@ -1,19 +1,22 @@ -proto Package -============= +plaso.proto package +=================== -:mod:`proto` Package --------------------- +Submodules +---------- -.. automodule:: plaso.proto +plaso.proto.plaso_storage_pb2 module +------------------------------------ + +.. automodule:: plaso.proto.plaso_storage_pb2 :members: :undoc-members: :show-inheritance: -:mod:`plaso_storage_pb2` Module -------------------------------- -.. automodule:: plaso.proto.plaso_storage_pb2 +Module contents +--------------- + +.. automodule:: plaso.proto :members: :undoc-members: :show-inheritance: - diff --git a/docs/plaso.rst b/docs/plaso.rst index 978bbbfbe4..c2b21325de 100644 --- a/docs/plaso.rst +++ b/docs/plaso.rst @@ -1,22 +1,6 @@ -plaso Package +plaso package ============= -:mod:`plaso` Package --------------------- - -.. automodule:: plaso.__init__ - :members: - :undoc-members: - :show-inheritance: - -:mod:`dependencies` Module --------------------------- - -.. automodule:: plaso.dependencies - :members: - :undoc-members: - :show-inheritance: - Subpackages ----------- @@ -42,3 +26,22 @@ Subpackages plaso.unix plaso.winnt +Submodules +---------- + +plaso.dependencies module +------------------------- + +.. automodule:: plaso.dependencies + :members: + :undoc-members: + :show-inheritance: + + +Module contents +--------------- + +.. automodule:: plaso + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.serializer.rst b/docs/plaso.serializer.rst index bdc135d7ce..a6f4adab84 100644 --- a/docs/plaso.serializer.rst +++ b/docs/plaso.serializer.rst @@ -1,35 +1,38 @@ -serializer Package -================== +plaso.serializer package +======================== -:mod:`serializer` Package -------------------------- +Submodules +---------- -.. automodule:: plaso.serializer - :members: - :undoc-members: - :show-inheritance: - -:mod:`interface` Module ------------------------ +plaso.serializer.interface module +--------------------------------- .. automodule:: plaso.serializer.interface :members: :undoc-members: :show-inheritance: -:mod:`json_serializer` Module ------------------------------ +plaso.serializer.json_serializer module +--------------------------------------- .. automodule:: plaso.serializer.json_serializer :members: :undoc-members: :show-inheritance: -:mod:`protobuf_serializer` Module ---------------------------------- +plaso.serializer.protobuf_serializer module +------------------------------------------- .. automodule:: plaso.serializer.protobuf_serializer :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.serializer + :members: + :undoc-members: + :show-inheritance: diff --git a/docs/plaso.storage.rst b/docs/plaso.storage.rst index 70118f4a0e..a5f9bb203e 100644 --- a/docs/plaso.storage.rst +++ b/docs/plaso.storage.rst @@ -1,27 +1,30 @@ -storage Package -=============== +plaso.storage package +===================== -:mod:`storage` Package ----------------------- +Submodules +---------- -.. automodule:: plaso.storage +plaso.storage.collection module +------------------------------- + +.. automodule:: plaso.storage.collection :members: :undoc-members: :show-inheritance: -:mod:`collection` Module ------------------------- +plaso.storage.factory module +---------------------------- -.. automodule:: plaso.storage.collection +.. automodule:: plaso.storage.factory :members: :undoc-members: :show-inheritance: -:mod:`factory` Module ---------------------- -.. automodule:: plaso.storage.factory +Module contents +--------------- + +.. automodule:: plaso.storage :members: :undoc-members: :show-inheritance: - diff --git a/docs/plaso.unix.rst b/docs/plaso.unix.rst index 3e7322c00c..380363a203 100644 --- a/docs/plaso.unix.rst +++ b/docs/plaso.unix.rst @@ -1,19 +1,22 @@ -unix Package -============ +plaso.unix package +================== -:mod:`unix` Package -------------------- +Submodules +---------- -.. automodule:: plaso.unix +plaso.unix.bsmtoken module +-------------------------- + +.. automodule:: plaso.unix.bsmtoken :members: :undoc-members: :show-inheritance: -:mod:`bsmtoken` Module ----------------------- -.. automodule:: plaso.unix.bsmtoken +Module contents +--------------- + +.. automodule:: plaso.unix :members: :undoc-members: :show-inheritance: - diff --git a/docs/plaso.winnt.rst b/docs/plaso.winnt.rst index 82847162e6..c94888cd85 100644 --- a/docs/plaso.winnt.rst +++ b/docs/plaso.winnt.rst @@ -1,59 +1,62 @@ -winnt Package -============= +plaso.winnt package +=================== -:mod:`winnt` Package --------------------- +Submodules +---------- -.. automodule:: plaso.winnt - :members: - :undoc-members: - :show-inheritance: - -:mod:`environ_expand` Module ----------------------------- +plaso.winnt.environ_expand module +--------------------------------- .. automodule:: plaso.winnt.environ_expand :members: :undoc-members: :show-inheritance: -:mod:`human_readable_service_enums` Module ------------------------------------------- +plaso.winnt.human_readable_service_enums module +----------------------------------------------- .. automodule:: plaso.winnt.human_readable_service_enums :members: :undoc-members: :show-inheritance: -:mod:`known_folder_ids` Module ------------------------------- +plaso.winnt.known_folder_ids module +----------------------------------- .. automodule:: plaso.winnt.known_folder_ids :members: :undoc-members: :show-inheritance: -:mod:`language_ids` Module --------------------------- +plaso.winnt.language_ids module +------------------------------- .. automodule:: plaso.winnt.language_ids :members: :undoc-members: :show-inheritance: -:mod:`shell_folder_ids` Module ------------------------------- +plaso.winnt.shell_folder_ids module +----------------------------------- .. automodule:: plaso.winnt.shell_folder_ids :members: :undoc-members: :show-inheritance: -:mod:`time_zones` Module ------------------------- +plaso.winnt.time_zones module +----------------------------- .. automodule:: plaso.winnt.time_zones :members: :undoc-members: :show-inheritance: + +Module contents +--------------- + +.. automodule:: plaso.winnt + :members: + :undoc-members: + :show-inheritance: diff --git a/plaso/__init__.py b/plaso/__init__.py index a1e8cf9f8e..91d34eace2 100644 --- a/plaso/__init__.py +++ b/plaso/__init__.py @@ -3,7 +3,7 @@ __version__ = '1.3.1' VERSION_DEV = True -VERSION_DATE = '20150903' +VERSION_DATE = '20150904' def GetVersion(): diff --git a/plaso/analysis/tagging.py b/plaso/analysis/tagging.py index 0f17b6e206..6e6ade0923 100644 --- a/plaso/analysis/tagging.py +++ b/plaso/analysis/tagging.py @@ -146,7 +146,6 @@ def CompileReport(self, analysis_mediator): Returns: The analysis report (instance of AnalysisReport). """ - logging.info(u'Compiling a report.') report = event.AnalysisReport(self.NAME) report.SetTags(self._tags) report.SetText([u'Tagging plugin produced {0:d} tags.'.format( diff --git a/plaso/dependencies.py b/plaso/dependencies.py index 3e94474fb7..b9f6bd0f5e 100644 --- a/plaso/dependencies.py +++ b/plaso/dependencies.py @@ -56,7 +56,8 @@ (u'six', u'__version__', u'1.1.0', None), (u'sqlite3', u'sqlite_version', u'3.7.8', None), (u'xlsxwriter', u'__version__', u'0.6.5', None), - (u'yaml', u'__version__', u'3.10', None)] + (u'yaml', u'__version__', u'3.10', None), + (u'zmq', u'__version__', u'2.1.11', None)] # The tuple values are: # module_name, version_attribute_name, minimum_version, maximum_version diff --git a/plaso/engine/queue.py b/plaso/engine/queue.py index 6c34996605..5daadc9b91 100644 --- a/plaso/engine/queue.py +++ b/plaso/engine/queue.py @@ -31,7 +31,7 @@ def PushItem(self, item): @abc.abstractmethod def PopItem(self): - """Pops an item off the queue or None on timeout. + """Pops an item off the queue. Raises: QueueEmpty: when the queue is empty. diff --git a/plaso/engine/zeromq_queue.py b/plaso/engine/zeromq_queue.py new file mode 100644 index 0000000000..528dd0100d --- /dev/null +++ b/plaso/engine/zeromq_queue.py @@ -0,0 +1,323 @@ +# -*- coding: utf-8 -*- +"""ZeroMQ implementations of the Plaso queue interface.""" + +import abc +import logging + +import zmq + +from plaso.engine import queue +from plaso.lib import errors + + +class ZeroMQQueue(queue.Queue): + """Class that defines an interfaces for ZeroMQ backed Plaso queues. + + Attributes: + name: A name to use to identify the queue. + port: The TCP port that the queue is connected or bound to. If the queue is + not yet bound or connected to a port, this value will be None. + """ + + _SOCKET_ADDRESS = u'tcp://127.0.0.1' + _SOCKET_TYPE = None + SOCKET_CONNECTION_BIND = 1 + SOCKET_CONNECTION_CONNECT = 2 + SOCKET_CONNECTION_TYPE = None + + def __init__( + self, delay_start=True, linger_seconds=10, port=None, timeout_seconds=5, + name=u'Unnamed'): + """Initializes a ZeroMQ backed queue. + + Args: + delay_start: Optional boolean that governs whether a ZeroMQ socket + should be created the first time the queue is pushed to or + popped from, rather than at queue object initialization. + This is useful if a queue needs to be passed to a + child process from a parent. + linger_seconds: Optional number of seconds that the underlying ZeroMQ + socket can remain open after the queue object has been + closed, to allow queued items to be transferred to other + ZeroMQ sockets. + port: The TCP port to use for the queue. The default is None, which + indicates that the queue should choose a random port to bind to. + timeout_seconds: Optional number of seconds that calls to PopItem and + PushItem may block for, before returning + queue.QueueEmpty. + name: Optional name to identify the queue. + + Raises: + ValueError: If the queue is configured to connect to an endpoint, + but no port is specified. + """ + if (self.SOCKET_CONNECTION_TYPE == self.SOCKET_CONNECTION_CONNECT + and not port): + raise ValueError(u'No port specified to connect to.') + self._linger_seconds = linger_seconds + self._timeout_milliseconds = timeout_seconds * 1000 + self._zmq_socket = None + self.name = name + self.port = port + if not delay_start: + self._CreateZMQSocket() + + @property + def timeout_seconds(self): + """Maximum number of seconds that calls to Pop or Push items can take.""" + return divmod(self._timeout_milliseconds, 1000)[0] + + @timeout_seconds.setter + def timeout_seconds(self, value): + """Maximum number of seconds that calls to Pop or Push items can take.""" + self._timeout_milliseconds = value * 1000 + self._SetSocketTimeouts() + + def _SetSocketTimeouts(self): + """Sets the timeouts for socket send and receive.""" + if self._SOCKET_TYPE == zmq.PULL: + self._zmq_socket.setsockopt( + zmq.RCVTIMEO, self._timeout_milliseconds) + elif self._SOCKET_TYPE == zmq.PUSH: + self._zmq_socket.setsockopt( + zmq.SNDTIMEO, self._timeout_milliseconds) + + def _CreateZMQSocket(self): + """Creates a ZeroMQ socket.""" + zmq_context = zmq.Context() + self._zmq_socket = zmq_context.socket(self._SOCKET_TYPE) + self._SetSocketTimeouts() + + if self.port: + address = u'{0:s}:{1:d}'.format(self._SOCKET_ADDRESS, self.port) + if self.SOCKET_CONNECTION_TYPE == self.SOCKET_CONNECTION_CONNECT: + self._zmq_socket.connect(address) + logging.debug(u'{0:s} Connected to {1:s}'.format(self.name, address)) + else: + self._zmq_socket.bind(address) + logging.debug(u'{0:s} Bound to specified port {1:s}'.format( + self.name, address)) + else: + self.port = self._zmq_socket.bind_to_random_port(self._SOCKET_ADDRESS) + logging.debug(u'{0:s} Bound to random port {1:d}'.format( + self.name, self.port)) + + def Start(self): + """Starts this queue, causing the creation of a ZeroMQ socket. + + Raises: + QueueAlreadyStarted: If the queue is already started, and a socket already + exists. + """ + if self._zmq_socket: + raise errors.QueueAlreadyStarted + self._CreateZMQSocket() + + # pylint: disable=arguments-differ + def Close(self, abort=False): + """Closes the queue. + + Args: + abort: If the Close is the result of an abort condition. + + Raises: + QueueAlreadyClosed: If the queue is not started, or has already been + closed. + """ + if abort: + self._linger_seconds = 0 + + if not self._zmq_socket: + # If we're aborting, things have already gone badly, so we won't throw + # an additional exception. + if abort: + return + raise errors.QueueAlreadyClosed + + self._zmq_socket.close(self._linger_seconds) + + @abc.abstractmethod + def Empty(self): + """Empties all items from the queue.""" + + def IsEmpty(self): + """Checks if the queue is empty. + + ZeroMQ queues don't have a concept of "empty" - there could always be + messages on the queue that a producer or consumer is unaware of. Thus, + the queue is never empty, so we return False. Note that it is possible that + a queue is unable to pop an item from a queue within a timeout, which will + cause PopItem to return a QueueFull exception, but this is a slightly + different condition. + + Returns: + False + """ + return False + + @abc.abstractmethod + def PushItem(self, item, block=True): + """Pushes an item on to the queue. + + Args: + item: The item to push on the queue. + block: Optional argument to indicate whether the push should be performed + in blocking or non-block mode. + """ + + @abc.abstractmethod + def PopItem(self): + """Pops an item off the queue.""" + + +class ZeroMQPullQueue(ZeroMQQueue): + """Parent class for Plaso queues backed by ZeroMQ PULL sockets. + + This class should not be instantiated directly, a subclass should be + instantiated instead. + + Instances of this class or subclasses may only be used to pop items, not to + push. + """ + + _SOCKET_TYPE = zmq.PULL + + def Empty(self): + """Empties the queue.""" + try: + while True: + if self._zmq_socket: + self._zmq_socket.recv_pyobj() + except zmq.error.Again: + pass + + def PopItem(self): + """Pops an item off the queue. + + If no ZeroMQ socket has been created, one will be created the first + time this method is called. + + Raises: + QueueEmpty: If the queue is empty, and no item could be popped within the + queue timeout. + """ + logging.debug(u'Pop on {0:s} queue, port {1:d}'.format( + self.name, self.port)) + if not self._zmq_socket: + self._CreateZMQSocket() + try: + return self._zmq_socket.recv_pyobj() + except zmq.error.Again: + raise errors.QueueEmpty + except KeyboardInterrupt: + self.Close(abort=True) + raise + + def PushItem(self, item, block=True): + """Pushes an item on to the queue. + + Provided for compatibility with the API, but doesn't actually work. + + Args: + item: The item to push on to the queue. + block: Optional argument to indicate whether the push should be performed + in blocking or non-block mode. + + Raises: + WrongQueueType: As Push is not supported this queue. + """ + raise errors.WrongQueueType + + +class ZeroMQPullBindQueue(ZeroMQPullQueue): + """A Plaso queue backed by a ZeroMQ PULL socket that binds to a port. + + This queue may only be used to pop items, not to push. + """ + SOCKET_CONNECTION_TYPE = ZeroMQQueue.SOCKET_CONNECTION_BIND + + +class ZeroMQPullConnectQueue(ZeroMQPullQueue): + """A Plaso queue backed by a ZeroMQ PULL socket that connects to a port. + + This queue may only be used to pop items, not to push. + """ + SOCKET_CONNECTION_TYPE = ZeroMQQueue.SOCKET_CONNECTION_CONNECT + + +class ZeroMQPushQueue(ZeroMQQueue): + """Parent class for Plaso queues backed by ZeroMQ PUSH sockets. + + This class should not be instantiated directly, a subclass should be + instantiated instead. + + Instances of this class or subclasses may only be used to push items, not to + pop. + """ + + _SOCKET_TYPE = zmq.PUSH + + def PopItem(self): + """Pops an item of the queue. + + Provided for compatibility with the API, but doesn't actually work. + + Raises: + WrongQueueType: As Pull is not supported this queue. + """ + raise errors.WrongQueueType + + def PushItem(self, item, block=True): + """Push an item on to the queue. + + If no ZeroMQ socket has been created, one will be created the first time + this method is called. + + Args: + item: The item to push on to the queue. + block: Optional argument to indicate whether the push should be performed + in blocking or non-block mode. + + Raises: + QueueFull: If the push failed, due to the queue being full for the + duration of the timeout. + """ + logging.debug(u'Push on {0:s} queue, port {1:d}'.format( + self.name, self.port)) + if not self._zmq_socket: + self._CreateZMQSocket() + try: + if block: + self._zmq_socket.send_pyobj(item) + else: + self._zmq_socket.send_pyobj(item, zmq.DONTWAIT) + except zmq.error.Again: + if block: + raise errors.QueueFull + except KeyboardInterrupt: + self.Close(abort=True) + raise + + def Empty(self): + """Empties all items from the queue. + + Raises: + WrongQueueType: As this queue type does not support emptying. + """ + raise errors.WrongQueueType + + +class ZeroMQPushBindQueue(ZeroMQPushQueue): + """A Plaso queue backed by a ZeroMQ PUSH socket that binds to a port. + + This queue may only be used to push items, not to pop. + """ + SOCKET_CONNECTION_TYPE = ZeroMQQueue.SOCKET_CONNECTION_BIND + + +class ZeroMQPushConnectQueue(ZeroMQPushQueue): + """A Plaso queue backed by a ZeroMQ PUSH socket that connects to a port. + + This queue may only be used to push items, not to pop. + """ + SOCKET_CONNECTION_TYPE = ZeroMQQueue.SOCKET_CONNECTION_CONNECT diff --git a/plaso/frontend/psort.py b/plaso/frontend/psort.py index 91fb5a8706..2de30dafaa 100644 --- a/plaso/frontend/psort.py +++ b/plaso/frontend/psort.py @@ -14,9 +14,11 @@ from plaso.analysis import mediator as analysis_mediator from plaso.engine import knowledge_base from plaso.engine import queue +from plaso.engine import zeromq_queue from plaso.frontend import analysis_frontend from plaso.frontend import frontend from plaso.lib import bufferlib +from plaso.lib import event from plaso.lib import pfilter from plaso.lib import timelib from plaso.multi_processing import multi_process @@ -50,6 +52,7 @@ def __init__(self): self._output_format = None self._preferred_language = u'en-US' self._quiet_mode = False + self._use_zeromq = False def _AppendEvent(self, event_object, output_buffer, event_queues): """Appends an event object to an output buffer and queues. @@ -129,13 +132,14 @@ def GetTimeSlice(self, event_time_string, duration=5, timezone=pytz.UTC): return frontend.TimeSlice(event_timestamp, duration=duration) def _ProcessAnalysisPlugins( - self, analysis_plugins, analysis_output_queue, storage_file, counter, - preferred_encoding=u'utf-8'): + self, analysis_plugins, analysis_report_incoming_queue, storage_file, + counter, preferred_encoding=u'utf-8'): """Runs the analysis plugins. Args: analysis_plugins: the analysis plugins. - analysis_output_queue: the analysis output queue (instance of Queue). + analysis_report_incoming_queue: the analysis output queue (instance of + Queue). storage_file: a storage file object (instance of StorageFile). counter: a counter object (instance of collections.Counter). preferred_encoding: optional preferred encoding. The default is "utf-8". @@ -170,7 +174,7 @@ def _ProcessAnalysisPlugins( # Go over each output. analysis_queue_consumer = PsortAnalysisReportQueueConsumer( - analysis_output_queue, storage_file, self._filter_expression, + analysis_report_incoming_queue, storage_file, self._filter_expression, preferred_encoding=preferred_encoding) analysis_queue_consumer.ConsumeItems() @@ -274,25 +278,34 @@ def GetAnalysisPluginsAndEventQueues(self, analysis_plugins_string): if not analysis_plugins_string: return [], [] - # Start queues and load up plugins. - event_queue_producers = [] - event_queues = [] + event_producers = [] + # These are the queues analysis plugins will read from. + analysis_plugin_input_queues = [] analysis_plugins_list = [ name.strip() for name in analysis_plugins_string.split(u',')] for _ in range(0, len(analysis_plugins_list)): - # TODO: add upper queue limit. - analysis_plugin_queue = multi_process.MultiProcessingQueue(timeout=5) - event_queues.append(analysis_plugin_queue) - event_queue_producers.append( - queue.ItemQueueProducer(event_queues[-1])) + if self._use_zeromq: + output_queue = zeromq_queue.ZeroMQPushBindQueue() + # Start the queue so it can bind to a random port, and we can get the + # port number to use in the input queue. + output_queue.Start() + queue_port = output_queue.port + input_queue = zeromq_queue.ZeroMQPullConnectQueue( + port=queue_port, delay_start=True) + analysis_plugin_input_queues.append(input_queue) + else: + input_queue = multi_process.MultiProcessingQueue(timeout=5) + analysis_plugin_input_queues.append(input_queue) + output_queue = input_queue + event_producers.append(queue.ItemQueueProducer(output_queue)) analysis_plugins = analysis_manager.AnalysisPluginManager.LoadPlugins( - analysis_plugins_list, event_queues) + analysis_plugins_list, analysis_plugin_input_queues) analysis_plugins = list(analysis_plugins) - return analysis_plugins, event_queue_producers + return analysis_plugins, event_producers def SetQuietMode(self, quiet_mode=False): """Sets whether tools is in quiet mode or not. @@ -302,6 +315,14 @@ def SetQuietMode(self, quiet_mode=False): """ self._quiet_mode = quiet_mode + def SetUseZeroMQ(self, use_zeromq=False): + """Sets whether the tool is using ZeroMQ for queueing or not. + + Args: + use_zeromq: boolean, when True the tool will use ZeroMQ for queuing. + """ + self._use_zeromq = use_zeromq + def ProcessStorage( self, output_module, storage_file, analysis_plugins, event_queue_producers, deduplicate_events=True, @@ -326,8 +347,8 @@ def ProcessStorage( interest. Returns: - A counter (an instance of counter.Counter) that contains the analysis - plugin results or None. + A counter (an instance of collections.Counter) that tracks the number of + events extracted from storage, and the analysis plugin results. Raises: RuntimeError: if a non-recoverable situation is encountered. @@ -345,39 +366,23 @@ def ProcessStorage( # TODO: allow for single processing. # TODO: add upper queue limit. - analysis_output_queue = multi_process.MultiProcessingQueue(timeout=5) + analysis_queue_port = None + if self._use_zeromq: + analysis_report_incoming_queue = zeromq_queue.ZeroMQPullBindQueue( + delay_start=False, port=None, linger_seconds=5) + analysis_queue_port = analysis_report_incoming_queue.port + else: + analysis_report_incoming_queue = multi_process.MultiProcessingQueue( + timeout=5) - if analysis_plugins: - logging.info(u'Starting analysis plugins.') - # Within all preprocessing objects, try to get the last one that has - # time zone information stored in it, the highest chance of it - # containing the information we are seeking (defaulting to the last - # one). - pre_objs = storage_file.GetStorageInformation() - pre_obj = pre_objs[-1] - for obj in pre_objs: - if getattr(obj, u'time_zone_str', u''): - pre_obj = obj - - # Fill in the collection information. - pre_obj.collection_information = {} - if preferred_encoding: - cmd_line = u' '.join(sys.argv) - try: - pre_obj.collection_information[u'cmd_line'] = cmd_line.decode( - preferred_encoding) - except UnicodeDecodeError: - pass - pre_obj.collection_information[u'file_processed'] = ( - self._storage_file) - pre_obj.collection_information[u'method'] = u'Running Analysis Plugins' - analysis_plugin_names = [plugin.NAME for plugin in analysis_plugins] - pre_obj.collection_information[u'plugins'] = analysis_plugin_names - time_of_run = timelib.Timestamp.GetNow() - pre_obj.collection_information[u'time_of_run'] = time_of_run - - pre_obj.counter = collections.Counter() + pre_obj = self._GetLastGoodPreprocess(storage_file) + if pre_obj is None: + pre_obj = event.PreprocessObject() + if analysis_plugins: + self._StartAnalysisPlugins( + analysis_plugins, pre_obj, preferred_encoding, analysis_queue_port, + analysis_report_incoming_queue) # Assign the preprocessing object to the storage. # This is normally done in the construction of the storage object, # however we cannot do that here since the preprocessing object is @@ -386,37 +391,13 @@ def ProcessStorage( # to access this protected member of the class. # pylint: disable=protected-access storage_file._pre_obj = pre_obj - - knowledge_base_object = knowledge_base.KnowledgeBase(pre_obj=pre_obj) - - # Now we need to start all the plugins. - for analysis_plugin in analysis_plugins: - analysis_report_queue_producer = queue.ItemQueueProducer( - analysis_output_queue) - - completion_event = multiprocessing.Event() - analysis_mediator_object = analysis_mediator.AnalysisMediator( - analysis_report_queue_producer, knowledge_base_object, - data_location=self._data_location, - completion_event=completion_event) - analysis_process = multiprocessing.Process( - name=u'Analysis {0:s}'.format(analysis_plugin.plugin_name), - target=analysis_plugin.RunPlugin, - args=(analysis_mediator_object,)) - process_info = PsortAnalysisProcess( - completion_event, analysis_plugin, analysis_process) - self._analysis_process_info.append(process_info) - - analysis_process.start() - logging.info( - u'Plugin: [{0:s}] started.'.format(analysis_plugin.plugin_name)) else: event_queue_producers = [] output_buffer = output_interface.EventBuffer( output_module, deduplicate_events) with output_buffer: - counter = self.ProcessOutput( + counter = self.ProcessEventsFromStorage( storage_file, output_buffer, my_filter=self._filter_object, filter_buffer=self._filter_buffer, analysis_queues=event_queue_producers) @@ -430,8 +411,8 @@ def ProcessStorage( # Get all reports and tags from analysis plugins. self._ProcessAnalysisPlugins( - analysis_plugins, analysis_output_queue, storage_file, counter, - preferred_encoding=preferred_encoding) + analysis_plugins, analysis_report_incoming_queue, storage_file, + counter, preferred_encoding=preferred_encoding) if self._output_file_object: self._output_file_object.close() @@ -444,19 +425,127 @@ def ProcessStorage( return counter - def ProcessOutput( + def _StartAnalysisPlugins( + self, analysis_plugins, pre_obj, preferred_encoding=u'utf-8', + analysis_queue_port=None, analysis_report_incoming_queue=None): + """Start all the analysis plugin. + + Args: + analysis_plugins: list of analysis plugin objects (instance of + AnalysisPlugin) that should be started. + pre_obj: The preprocessor object (instance of PreprocessObject). + preferred_encoding: optional preferred encoding to use for the preprocess + object. + analysis_queue_port: optional TCP port that the ZeroMQ analysis report + queues should use. + analysis_report_incoming_queue: optional queue (instance of Queue) that + reports should to pushed to, when ZeroMQ + is not in use. + """ + logging.info(u'Starting analysis plugins.') + self._SetAnalysisPluginProcessInformation( + analysis_plugins, pre_obj, preferred_encoding) + + knowledge_base_object = knowledge_base.KnowledgeBase(pre_obj=pre_obj) + for analysis_plugin in analysis_plugins: + if self._use_zeromq: + analysis_plugin_output_queue = zeromq_queue.ZeroMQPushConnectQueue( + delay_start=True, port=analysis_queue_port) + else: + analysis_plugin_output_queue = analysis_report_incoming_queue + + analysis_report_queue_producer = queue.ItemQueueProducer( + analysis_plugin_output_queue) + + completion_event = multiprocessing.Event() + analysis_mediator_object = analysis_mediator.AnalysisMediator( + analysis_report_queue_producer, knowledge_base_object, + data_location=self._data_location, + completion_event=completion_event) + analysis_process = multiprocessing.Process( + name=u'Analysis {0:s}'.format(analysis_plugin.plugin_name), + target=analysis_plugin.RunPlugin, + args=(analysis_mediator_object,)) + + process_info = PsortAnalysisProcess( + completion_event, analysis_plugin, analysis_process) + self._analysis_process_info.append(process_info) + + analysis_process.start() + logging.info( + u'Plugin: [{0:s}] started.'.format(analysis_plugin.plugin_name)) + + logging.info(u'Analysis plugins running') + + def _SetAnalysisPluginProcessInformation( + self, analysis_plugins, pre_obj, preferred_encoding): + """Sets analysis plugin options in a preprocessor object. + + Args: + analysis_plugins: the list of analysis plugins to add. + pre_obj: the preprocessor object (instance of PreprocessObject). + preferred_encoding: the preferred encoding to use for the preprocess + object. + """ + # TODO: We shouldn't be touching the command line here, move to tools + if preferred_encoding: + cmd_line = u' '.join(sys.argv) + try: + pre_obj.collection_information[u'cmd_line'] = cmd_line.decode( + preferred_encoding) + except UnicodeDecodeError: + pass + pre_obj.collection_information[u'file_processed'] = ( + self._storage_file) + pre_obj.collection_information[u'method'] = u'Running Analysis Plugins' + analysis_plugin_names = [plugin.NAME for plugin in analysis_plugins] + pre_obj.collection_information[u'plugins'] = analysis_plugin_names + time_of_run = timelib.Timestamp.GetNow() + pre_obj.collection_information[u'time_of_run'] = time_of_run + pre_obj.counter = collections.Counter() + + def _GetLastGoodPreprocess(self, storage_file): + """Gets the last stored preprocessing object with time zone information. + + From all preprocessing objects, try to get the last one that has + time zone information stored in it, the highest chance of it containing + the information we are seeking (defaulting to the last one). If there are + no preprocessing objects in the file, we'll make a new one + + Args: + storage_file: a Plaso storage file object. + + Returns: + A preprocess object (instance of PreprocessObject), or None if there are + no preprocess objects in the storage file. + """ + pre_objs = storage_file.GetStorageInformation() + if not pre_objs: + return None + pre_obj = pre_objs[-1] + for obj in pre_objs: + if getattr(obj, u'time_zone_str', u''): + pre_obj = obj + + return pre_obj + + def ProcessEventsFromStorage( self, storage_file, output_buffer, my_filter=None, filter_buffer=None, analysis_queues=None): """Reads event objects from the storage to process and filter them. Args: - storage_file: The storage file object (instance of StorageFile). - output_buffer: The output buffer object (instance of EventBuffer). - my_filter: Optional filter object (instance of PFilter). + storage_file: the storage file object (instance of StorageFile). + output_buffer: the output buffer object (instance of EventBuffer). + my_filter: optional filter object (instance of PFilter). The default is None. - filter_buffer: Optional filter buffer used to store previously discarded + filter_buffer: optional filter buffer used to store previously discarded events to store time slice history. The default is None. - analysis_queues: Optional list of analysis queues. The default is None. + analysis_queues: optional list of analysis queues. The default is None. + + Returns: + A Counter object (instance of collections.Counter), that tracks the + number of unique events extracted from storage. """ counter = collections.Counter() my_limit = getattr(my_filter, u'limit', 0) diff --git a/plaso/lib/errors.py b/plaso/lib/errors.py index 70b7e88c31..aab76e43d9 100644 --- a/plaso/lib/errors.py +++ b/plaso/lib/errors.py @@ -48,6 +48,14 @@ class ProxyFailedToStart(Error): """Raised when unable to start a proxy.""" +class QueueAlreadyClosed(Error): + """Raised when an attempt is made to close a queue that's already closed.""" + + +class QueueAlreadyStarted(Error): + """Raised when an attempt is made to start queue that's already started.""" + + class QueueClose(Error): """Class that implements a queue close exception.""" @@ -104,6 +112,13 @@ class WrongPlistPlugin(Error): """Error reporting wrong plist plugin used.""" +class WrongQueueType(Error): + """Raised when an unsupported operation is attempted on a queue. + + For example, attempting to Pop from a Push-only queue. + """ + + class WrongPlugin(Error): """Raised when the plugin is of the wrong type.""" diff --git a/plaso/lib/timelib.py b/plaso/lib/timelib.py index 2a08d8b537..6748677bb8 100644 --- a/plaso/lib/timelib.py +++ b/plaso/lib/timelib.py @@ -714,7 +714,7 @@ def FromWebKitTime(cls, webkit_time): @classmethod def GetNow(cls): - """Retrieves the current time (now) as a timestamp in UTC.""" + """Current number of microseconds since the Unix epoch in UTC.""" time_elements = time.gmtime() return calendar.timegm(time_elements) * 1000000 @@ -722,8 +722,7 @@ def GetNow(cls): def IsLeapYear(cls, year): """Determines if a year is a leap year. - A leap year is dividable by 4 and not by 100 or by 400 - without a remainder. + A leap year is divisible by 4 and not by 100 or by 400. Args: year: The year as in 1970. diff --git a/plaso/multi_processing/multi_process.py b/plaso/multi_processing/multi_process.py index f44b6c1647..e1fd3c5f3f 100644 --- a/plaso/multi_processing/multi_process.py +++ b/plaso/multi_processing/multi_process.py @@ -1278,10 +1278,12 @@ def PushItem(self, item, block=True): pass def PopItem(self): - """Pops an item off the queue or None on timeout. + """Pops an item off the queue. Raises: - QueueEmpty: when the queue is empty. + QueueClose: if the queue has already been closed. + QueueEmpty: if no item could be retrieved from the queue within the + specified timeout. """ try: # If no timeout is specified the queue will block if empty otherwise diff --git a/test_data/psort_test.json.plaso b/test_data/psort_test.json.plaso new file mode 100644 index 0000000000000000000000000000000000000000..b8f5837a6f965c9a13066df65eca022afae75e5e GIT binary patch literal 6512 zcmd6scTg1DwuearC^-p;WKfbIaeyHsnIUHxf@GB;iVR4WjN~K?2oeTRau89HfXI+@ z76FkoqyZ$$8}B*ysGNK6dw;xF^}1_ScUSdquT`sS_xkqQIvTim)L2+pgjnW*cq&Sq z1o!bVPk0z3#h8bkyOZ?;Cm%a^eot@DZl1n=Tr8d66oKcodNVj!ShN@!IY!|GwRdrM zw)S*#f%4lvbas7e0FE2EMZDC`{F%%^ItXvKlIY~2BCnfmLLilbZbpOfGqpuZMD;MF zH=t8X7&OY3zftUlT3&VlxmYy&?3-NmB-N~0N!cd}GwKe2=}V;!*5y>_=BDkU7mr3e z_B-~Mme~BZqN|33Sh#{?S}d0C#D!K<69pfZ*&?tC$!s6ByngD1M@g3xM4n^xnPhCN zTu-53VIW8^Sf7MKb%7gypfuh8`yqP1M5=;BZIoPsd&GU`;dfIhlH(6$K0$tRWao0~ z(yPIK)wnjFVk7)e$3<7y6Jbo#&`%U$Md`|LXTq}>KaQHP5=(H@Bz79`N;5pGKXvUv zR-mN-*ngj>#6cSA4n01wKRHZ#ZHZ5JC}Nn7iaJB zv?j!F9lU7{am(RZ*Jo3S0!x_ebGACEVCqus69p=Xr()~69w;9Kz+%TyUATJ@rBdD312kD`#$tz5S!Ea~ zn#JmFZRiku%Du$i>_YWSn)XT;-ls+N%#F%;4ubCd5Zlhu-swFN)%%5!V(_&jrQ*>H zK>IDYr?h&ShR)<)+C-@(<$W`@RLNqp7ic8X8Os zOYNtOJ?MfEa9hK~PXWKr1cFOjlR=mnP=_%JjJZCr_HeOuw)3>+zxCq~1jqJXZetkt*eSVXfol8+p1eqXVf^dzDTTM4)~QEh-eIrkVz)&m`Hm!C-6d;Ec=14p zHfC5!W)u0=>P=W1M^$9h?tHLw-}Kr&)$6Ezh7(X9ms>mp)au#-WkM96Q<8|*yt+yH zn)0-q+Hy@fK=`tEN?CMnOepa8c%79!yX7%)%3+N1uXvrHwszis22Ao%@Uol^7S=$T zJa@r}Kvzz(-ud%3@Jy>3%ImcoRwjEowaepe`*!#ntDBR&eHk}S$17@Q7;_!y#g)q< zlMgTaDn#JXYJ!;G1naF|9lE-^c)I-Qa3kZ6%QaEzPKw8bOqFb`$O8JgjY*(^9M0es zY!^a+WgklGEy$v`r;g9DS-AY2n^b0gm;G?^^+|qKScJV)-ND57^T&P9cILL44?aC7 zkm*=zjkp%i)X)U|V0#&=mHOFC4`{nNMM~7nvW=6`#NOyjYAf>)8?CQJe}jx!M(Qy5 z8lR*i12AM}TqizLA=Blp9T2=|Zq%gIi?he*=hyZ{$KX5-q z=x7cRM~VAN6#H^1MCs&zc$zEyz7WDwHK;PUU*^5f9<9Xa5ugmneN$RwU}iJ}BWYn= z48CJVZ}_#rPr8k1=7B$TF43D&_8RhVbtZ&~@k3X?tgC2YBL-9)zxEY@9iPO8?-P5n zWU;ZwOV?s!-O2nTjh3b$bHSOVH*7->9C-b*mUoK-@N=0Z`>3*g3pJODTPa9VEWvY* zW3lU;_xH^!SC)`_W#5)VW}=6w1}a8fX3p z;VVb1Q_dYtvuo~CszId8P^fVe=b+U*DP2WY#?PHzAk`WDzUc0w2wK4xC@BHWOy9dk zFXJo~H3yFxxOI5XUbGqA*ZPK)Ooxpo-3sKPXY?IS`N4V55 zZ0g)i`J?i;SD@_eB_mSzZoroOzQ9vCDf69ZOeRDHziCmmi8kM`uRV5T`TAnJpAJ2B zpa;TklaEowb0D|FGE7Y`cNGW{LfRTa$YOXAn{U5#xxn6v$CPFB%d$>Djeuq0;(SwL zImEJnHGHF0S)#1Z%ehHgzR1qc1)Q7)|fo*14Y5&8z}in69DI_8GcSrAf4qb{H?^ z3g!U6AG#F(x{E+yJ3CNDyLt1iJn1WZV2PF6j(u`D7Px(y*oogE>_Cc>=dsqi3XeE}_Ga?TZ zmr(2b7|Z$*9SsAW-{dPs&3l1TcdSmuN}uCOGCjFJ$0p%Ac89f?L{k06&0`j4Q3D}` zWaQy=)R$ME(^=2Y*(8(?4%ZW`K#E_dowE^r+4gnm-}c+2rV;!_&+D^2b3@Y@O?w>5 zOtZy{Yjw)dat~--`shV353>rCRu3r|smnJenEOx^kc~f-hkhyy+;zj|>~M^9zNFh(ou}JR3}%$pL{o)u#!d2 zam$f6rAn`g>n7EeHsEs2H@QZoxVu?oZr*HE+M^ERcZVVMKolD3)G zw#~4%7-sU_tvbFcv#+a?WmZaVkZ;SW8Hh_$&(VfEwJ~*o(5IIh;c5Na7Vt(XUzmTB>fG=PlqU;e6bpNW!O?`xJYPpJ ziww6ZSKun{q{ioQWe|=o@qiqm4(~Sp{q^y#96h%cIquftFhY)FYTOm0G8upG6O_`M zWe|s=$FOnAZ)`02gN+|a{K3XatSV9ERaNatFSOk91o}SYJ0Hg;Z!|pUow6N2 za(=&Fg%GKk@<^ni-`JgPH{lsK3=8b8XDIbp?b22%MM{>6-6IN_Tu&`gNu>Y zn(x8GIpS6Cxf9@_SR8A;Oq_sdM8wTB7NvFl<^c}4a%L~xA8_pEq%PF0xS>+r)gw@W z48T@yux%CT3Lm*<^X|1GV}1DbnA0+_tryCKgQ`A`*SU^BMNeE@Q!?V=%+w4R7+PbU z;n+4P>y&KfEFMS~W@Ap4yKu^kTxe0~BiW>GI9?HL(3GVBef^9S6FV<7Tbd*CD^4kW zr2mQmKDL6NFE03X)t#3#>IR06t3N8tSX~8doeRWLITHhwUmYtaG^XO4qT*%)4tA{K zLBt9}U94Xsy@g7*jYF@oE0$Zxr6 zbDAmkL1*fQI74UE+7ww>7+bL-`g~Es;p4gg>7Yu$wI^^R0vmTZpOxc=XYurh0Mj5B zwb}Sk7ZBfRR12@;aqQlA&iIZV6|OmVq&V#KaHrMyi`At3^r1v@Q&{j2^%Q!dw81nx zxymOy(?81Y8nfQ4wf4)rB%}U-t8u9iP{z`VL!Me+5`9b|j5JRqK)TeIt^;nB%pe=| zjWE*-W)LHz-gJ-$l&vx!E8au2y5ouz6a^=z)TrV0-!7sXpXoGM`?i10cYC)(H<&-w zNP9rx8V@W(A2K?4@DTd3-^95>_DINdW`5ae^VnwiTwGjo&6r4Bl1KUpjhW%SM}9>9 zP0!**WuBMrIX~-Po(Hu1uheULuRaqpEW}q4G4L1mTQr?*kx1GB`JA5ei|L5j-{b4> zuHZB_B#=(!T?^}2L(JkV3=9r{XY+-QXP~KHt-8N6SF~yuV5g=5c!v#;E=|E54JFyF zk$f@{*Vpi0TDv52chIM;3&=|FeiuC2oNUfca(LEW>~cM%K7d}HS%qXTNlbvYnJLi) zZI8{*b!IU7fS@E*Xf=mK)$U3DC)mpv8%eV(l;Di!@RB$i!D{LcxH?y! zDDSHiO)(V92`Sdjt5tdX=D5Nxadj#*Fz0+E$|2mxLR!w&nrPtaGZE_>ya>P4r$A$( z`3YOa%L^RSINt8s%N$`^F3TA4hU-)~?A?Cj2!Bfv<$(exK2G(ax-oW)m+sYVngiru zW{}&)$Qg(L{k#ft?Yd>Z(K*Ki)B@Pl>FDAI&Qa9>W+l*IkX)oaNV4s}QRMbVGd54{n0d`F*ZKPYM#9(qdo zO~UtEb*?rS@7QaN`p0>jYjYZ10`-CumRsuDDRwv>qY)>FpN&18}^>UvhHjzH=nMTi62xu0gg^2P}e3sKEt9{EHSP?&F7C7HHf`+ z8`57nd5L|Vw$+Itf@xE7c{%YR;;7mihfdr+y+`#?79sA`oJy5~swyLLG$k!bRX~(e z@8FugLk?9)4N9X!PS}^s+Zizh`YiP4wYF8}5Zt5*Yz?(3mL$Q%;Iz-R#t9x;30(bf zu~8D!HT1iV+&sT#2!^U}%057e=|D|BoM2H4xHNS3KpEjBXMm{aUAfh1+_f$cmgqj? zPX0YVzPx>5G_rp{(eMo?WBW}0W=7j6MD8}LM5`izRWDL4Go<7_Wohy#PkRM##6*Sn z4f0vxC!}tk%Ys#2aRMwT(!9Yd%9cO|f+PkOfmFKY-nF#ASc3Vf*Q#1-El+Cn%<4HB zF9oG48gGvn8xZ;^*}Ltk_FdMhJv&iykJ;Q={RdRP?UvGpNcBFJSYPk7tJ8+)$nHz8 z-X$srRhjqrRZF_*G31&r2Tf=}c^#eepGE?@IqX;aRIxe-h^$L)^gQ)=p_Iwq*9l0b z&ZE1Y9q)$lrUL}$-_Pi?OYA{+am`mv6 z*R!(QTTfV&{Pw7E#j@)6`e4t~7qNBG7KUBT1o95!3w4{fGan5cij|^!{oXNHB-qcO z<|X+@ZdUnGN{a@1e)U)ydM^%whQKlKnypZ*W`zjo0s>Mwr7 zpZccD|J46&k@V{z|7uC|a}X7x|D3^p1#>^u(U@(9iy0KU==|Sj5JdJ*`7as#oBkpy s{dE88Fa0kW{G0yYXOQB`KmA|KAZ8H2kF69eBFx!>*&)fmyo!bOU!1s7O#lD@ literal 0 HcmV?d00001 diff --git a/test_data/psort_test.out b/test_data/psort_test.proto.plaso similarity index 100% rename from test_data/psort_test.out rename to test_data/psort_test.proto.plaso diff --git a/tests/cli/analysis_tool.py b/tests/cli/analysis_tool.py index 69ffc28707..cffb0d7bc7 100644 --- a/tests/cli/analysis_tool.py +++ b/tests/cli/analysis_tool.py @@ -45,7 +45,7 @@ def testParseOptions(self): with self.assertRaises(errors.BadConfigOption): test_tool.ParseOptions(options) - options.storage_file = self._GetTestFilePath([u'psort_test.out']) + options.storage_file = self._GetTestFilePath([u'psort_test.proto.plaso']) test_tool.ParseOptions(options) diff --git a/tests/engine/zeromq_queue.py b/tests/engine/zeromq_queue.py new file mode 100644 index 0000000000..5bc5c0af03 --- /dev/null +++ b/tests/engine/zeromq_queue.py @@ -0,0 +1,44 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +"""Tests for the the zeromq queue.""" + +import unittest + +from plaso.engine import zeromq_queue +from tests.engine import test_lib + + +class testZeroMQPushPullQueues(test_lib.EngineTestCase): + """Tests for the Push and Pull type ZeroMQ queues.""" + + def testSocketCreation(self): + """Tests that ZeroMQ sockets are created when a new queue is created.""" + push_queue = zeromq_queue.ZeroMQPushBindQueue(delay_start=False) + pull_queue = zeromq_queue.ZeroMQPullBindQueue(delay_start=False) + self.assertIsNotNone(push_queue._zmq_socket) + self.assertIsNotNone(pull_queue._zmq_socket) + + def testQueueStart(self): + """Tests that delayed creation of ZeroMQ sockets occurs correctly.""" + push_queue = zeromq_queue.ZeroMQPushBindQueue(delay_start=True) + pull_queue = zeromq_queue.ZeroMQPullBindQueue(delay_start=True) + self.assertIsNone(push_queue._zmq_socket) + self.assertIsNone(pull_queue._zmq_socket) + push_queue.Start() + self.assertIsNotNone(push_queue._zmq_socket) + pull_queue.Start() + self.assertIsNotNone(pull_queue._zmq_socket) + + def testItemCanBeQueuedAndDequeued(self): + """Tests than an item can be transferred between push and pull queues.""" + push_queue = zeromq_queue.ZeroMQPushBindQueue(delay_start=False) + pull_queue = zeromq_queue.ZeroMQPullConnectQueue( + delay_start=False, port=push_queue.port) + item = u'This is an item.' + push_queue.PushItem(item) + popped_item = pull_queue.PopItem() + self.assertEqual(item, popped_item) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/frontend/analysis_frontend.py b/tests/frontend/analysis_frontend.py index 44e3716e3d..90ee5102b7 100644 --- a/tests/frontend/analysis_frontend.py +++ b/tests/frontend/analysis_frontend.py @@ -17,7 +17,7 @@ def testOpenStorage(self): """Tests the OpenStorage function.""" test_front_end = analysis_frontend.AnalysisFrontend() - storage_file_path = self._GetTestFilePath([u'psort_test.out']) + storage_file_path = self._GetTestFilePath([u'psort_test.proto.plaso']) storage_file = test_front_end.OpenStorage(storage_file_path) self.assertIsInstance(storage_file, storage.StorageFile) diff --git a/tests/frontend/psort.py b/tests/frontend/psort.py index 202bab79f3..b23276f100 100644 --- a/tests/frontend/psort.py +++ b/tests/frontend/psort.py @@ -22,7 +22,7 @@ class PsortTestEvent(event.EventObject): - DATA_TYPE = 'test:event:psort' + DATA_TYPE = u'test:event:psort' def __init__(self, timestamp): super(PsortTestEvent, self).__init__() @@ -38,7 +38,7 @@ def __init__(self, timestamp): class PsortTestEventFormatter(formatters_interface.EventFormatter): - DATA_TYPE = 'test:event:psort' + DATA_TYPE = u'test:event:psort' FORMAT_STRING = u'My text goes along: {some} lines' @@ -114,18 +114,19 @@ def setUp(self): self._front_end = psort.PsortFrontend() # TODO: have sample output generated from the test. - self._test_file = os.path.join(self._TEST_DATA_PATH, u'psort_test.out') + self._test_file_proto = self._GetTestFilePath([u'psort_test.proto.plaso']) + self._test_file_json = self._GetTestFilePath([u'psort_test.json.plaso']) self.first = timelib.Timestamp.CopyFromString(u'2012-07-24 21:45:24') self.last = timelib.Timestamp.CopyFromString(u'2016-11-18 01:15:43') def testReadEntries(self): - """Ensure returned EventObjects from the storage are within timebounds.""" + """Ensure returned EventObjects from the storage are within time bounds.""" timestamp_list = [] pfilter.TimeRangeCache.ResetTimeConstraints() pfilter.TimeRangeCache.SetUpperTimestamp(self.last) pfilter.TimeRangeCache.SetLowerTimestamp(self.first) - storage_file = storage.StorageFile(self._test_file, read_only=True) + storage_file = storage.StorageFile(self._test_file_proto, read_only=True) storage_file.SetStoreLimit() event_object = storage_file.GetSortedEntry() @@ -147,7 +148,7 @@ def testProcessStorage(self): test_front_end.SetPreferredLanguageIdentifier(u'en-US') test_front_end.SetQuietMode(True) - storage_file_path = self._GetTestFilePath([u'psort_test.out']) + storage_file_path = self._GetTestFilePath([u'psort_test.proto.plaso']) storage_file = test_front_end.OpenStorage(storage_file_path, read_only=True) output_writer = test_lib.StringIOOutputWriter() @@ -205,7 +206,7 @@ def testOutput(self): event_buffer = TestEventBuffer( output_module, check_dedups=False, store=storage_file) - self._front_end.ProcessOutput(storage_file, event_buffer) + self._front_end.ProcessEventsFromStorage(storage_file, event_buffer) event_buffer.Flush() lines = [] @@ -228,6 +229,35 @@ def testOutput(self): formatters_manager.FormattersManager.DeregisterFormatter( PsortTestEventFormatter) + def testGetLastGoodPreprocess(self): + """Tests the last good preprocess method.""" + test_front_end = psort.PsortFrontend() + storage_file = test_front_end.OpenStorage( + self._test_file_json, read_only=True) + preprocessor_object = test_front_end._GetLastGoodPreprocess(storage_file) + self.assertIsNotNone(preprocessor_object) + timezone = getattr(preprocessor_object, u'zone') + self.assertEqual(timezone.zone, u'Iceland') + + def testSetAnalysisPluginProcessInformation(self): + """Test the _SetAnalysisPluginProcessInformation method.""" + test_front_end = psort.PsortFrontend() + analysis_plugins = [test_lib.TestAnalysisPlugin(None)] + + preprocess_object = event.PreprocessObject() + preprocess_object.SetCollectionInformationValues({}) + test_front_end._SetAnalysisPluginProcessInformation( + analysis_plugins, preprocess_object, u'utf-8') + self.assertIsNotNone(preprocess_object) + plugin_names = preprocess_object.collection_information[u'plugins'] + time_of_run = preprocess_object.collection_information[u'time_of_run'] + method = preprocess_object.collection_information[u'method'] + + for analysis_plugin in analysis_plugins: + self.assertIn(analysis_plugin.NAME, plugin_names) + self.assertAlmostEqual(timelib.Timestamp.GetNow(), time_of_run, 2000000) + self.assertIsNotNone(method) + # TODO: add bogus data location test. diff --git a/tests/frontend/test_lib.py b/tests/frontend/test_lib.py index bb9443169d..0e64258320 100644 --- a/tests/frontend/test_lib.py +++ b/tests/frontend/test_lib.py @@ -5,6 +5,8 @@ import os import unittest +from plaso.analysis import interface as analysis_interface + class StringIOOutputWriter(object): """Class that implements a StringIO output writer.""" @@ -38,6 +40,39 @@ def Write(self, string): self._string_io.write(string) +class TestAnalysisPlugin(analysis_interface.AnalysisPlugin): + """Test analysis plugin.""" + + NAME = u'test_analysis_plugin' + + def CompileReport(self, unused_analysis_mediator): + """Compiles a report of the analysis. + + After the plugin has received every copy of an event to + analyze this function will be called so that the report + can be assembled. + + Args: + analysis_mediator: The analysis mediator object (instance of + AnalysisMediator). + + Returns: + The analysis report (instance of AnalysisReport). + """ + return + + def ExamineEvent( + self, unused_analysis_mediator, unused_event_object, **unused_kwargs): + """Analyzes an event object. + + Args: + analysis_mediator: The analysis mediator object (instance of + AnalysisMediator). + event_object: An event object (instance of EventObject). + """ + return + + class FrontendTestCase(unittest.TestCase): """The unit test case for a front-end.""" diff --git a/tests/lib/storage.py b/tests/lib/storage.py index 31a3d0fdc4..a158daed85 100644 --- a/tests/lib/storage.py +++ b/tests/lib/storage.py @@ -281,7 +281,7 @@ def setUp(self): # TODO: have sample output generated from the test. # TODO: Use input data with a defined year. syslog parser chooses a # year based on system clock; forcing updates to test file if regenerated. - self.test_file = os.path.join(u'test_data', u'psort_test.out') + self.test_file = os.path.join(u'test_data', u'psort_test.proto.plaso') self.first = timelib.Timestamp.CopyFromString(u'2012-07-20 15:44:14') self.last = timelib.Timestamp.CopyFromString(u'2016-11-18 01:15:43') diff --git a/tests/output/pstorage.py b/tests/output/pstorage.py index a8b1461ea5..09fa75bc61 100644 --- a/tests/output/pstorage.py +++ b/tests/output/pstorage.py @@ -19,7 +19,7 @@ class PstorageTest(test_lib.OutputModuleTestCase): def setUp(self): """Sets up the objects needed for this test.""" - self.test_filename = os.path.join(u'test_data', u'psort_test.out') + self.test_filename = os.path.join(u'test_data', u'psort_test.proto.plaso') # Show full diff results, part of TestCase so does not follow our naming # conventions. diff --git a/tools/pinfo_test.py b/tools/pinfo_test.py index 525e7d2279..d357f5eceb 100644 --- a/tools/pinfo_test.py +++ b/tools/pinfo_test.py @@ -19,7 +19,7 @@ def setUp(self): def testCompareStorageInformation(self): """Tests the CompareStorageInformation function.""" - test_file1 = self._GetTestFilePath([u'psort_test.out']) + test_file1 = self._GetTestFilePath([u'psort_test.proto.plaso']) test_file2 = self._GetTestFilePath([u'pinfo_test.out']) options = cli_test_lib.TestOptions() @@ -43,7 +43,7 @@ def testCompareStorageInformation(self): def testPrintStorageInformation(self): """Tests the PrintStorageInformation function.""" - test_file = self._GetTestFilePath([u'psort_test.out']) + test_file = self._GetTestFilePath([u'psort_test.proto.plaso']) options = cli_test_lib.TestOptions() options.storage_file = test_file diff --git a/tools/psort.py b/tools/psort.py index 2bffa6de28..af5928f11c 100755 --- a/tools/psort.py +++ b/tools/psort.py @@ -96,6 +96,16 @@ def _ParseAnalysisPluginOptions(self, options): self._analysis_plugins = analysis_plugin_string + def _ParseExperimentalOptions(self, options): + """Parses the experimental plugin options. + + Args: + options: the command line arguments (instance of argparse.Namespace). + """ + use_zeromq = getattr(options, u'use_zeromq', False) + if use_zeromq: + self._front_end.SetUseZeroMQ(use_zeromq) + def _ParseFilterOptions(self, options): """Parses the filter options. @@ -269,6 +279,17 @@ def AddAnalysisPluginOptions(self, argument_group, plugin_names): helpers_manager.ArgumentHelperManager.AddCommandLineArguments( argument_group, u'analysis') + def AddExperimentalOptions(self, argument_group): + """Adds experimental options to the argument group + + Args: + argument_group: The argparse argument group (instance of + argparse._ArgumentGroup). + """ + argument_group.add_argument( + u'--use_zeromq', action=u'store_true', dest=u'use_zeromq', help=( + u'Enables experimental queueing using ZeroMQ')) + def AddFilterOptions(self, argument_group): """Adds the filter options to the argument group. @@ -414,6 +435,9 @@ def ParseArguments(self): u'A comma separated list of analysis plugin names to be loaded ' u'or "--analysis list" to see a list of available plugins.')) + experimental_group = argument_parser.add_argument_group(u'Experimental') + self.AddExperimentalOptions(experimental_group) + info_group = argument_parser.add_argument_group(u'Informational Arguments') self.AddLogFileOptions(info_group) @@ -549,6 +573,7 @@ def ParseOptions(self, options): super(PsortTool, self).ParseOptions(options) self._ParseDataLocationOption(options) self._ParseAnalysisPluginOptions(options) + self._ParseExperimentalOptions(options) self._ParseFilterOptions(options) self._front_end.SetStorageFile(self._storage_file_path) diff --git a/tools/psort_test.py b/tools/psort_test.py index 2ef30ac11f..8ed1643d1c 100644 --- a/tools/psort_test.py +++ b/tools/psort_test.py @@ -113,7 +113,7 @@ def testListOutputModules(self): def testProcessStorageWithMissingParameters(self): """Test the ProcessStorage function with half-configured output module.""" options = cli_test_lib.TestOptions() - options.storage_file = self._GetTestFilePath([u'psort_test.out']) + options.storage_file = self._GetTestFilePath([u'psort_test.proto.plaso']) options.output_format = u'test_missing' output_manager.OutputManager.RegisterOutput(