Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ISO 8601 timestamps in syslogs #907

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add support for ISO 8601 timestamps in syslogs #907

wants to merge 7 commits into from

Conversation

JSCU-CNI
Copy link
Contributor

@JSCU-CNI JSCU-CNI commented Oct 16, 2024
edited
Loading

This PR adds support for ISO 8601 timestamps in unix syslogs introduced in recent versions of Debian and Ubuntu distributions. The helper functions have been copied from #901. Once #860 is merged in main I propose to let the auth plugin import those functions from the helper file. Fixes #909.

@JSCU-CNI JSCU-CNI mentioned this pull request Oct 17, 2024
Merged
@Horofic Horofic requested a review from Poeloe November 1, 2024 11:17
Poeloe
Poeloe requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@Poeloe Poeloe left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the ISO timestamp format support has been merged to main for the AuthLogPlugin (#860), it's possible to add that support in this PR now.

@Schamper because I don't have a particular opinion about the placement of this helpers.py file, do you agree on its location?

dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Outdated Show resolved Hide resolved
@JSCU-CNI
Copy link
Contributor Author

Thanks for your review @Poeloe. I have implemented your suggestions in 65548b9.

@JSCU-CNI JSCU-CNI requested a review from Poeloe November 11, 2024 10:23
Poeloe
Poeloe requested changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@Poeloe Poeloe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also remove the RE_TS_ISO variable from the auth.py file and import the RE_LINE and RE_TS variable from the helpers.py file instead of defining it separately in the auth.py file?

dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
@JSCU-CNI
Copy link
Contributor Author

Implemented your suggestions in fc1471b.

@JSCU-CNI JSCU-CNI requested a review from Poeloe November 21, 2024 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Poeloe Poeloe Awaiting requested review from Poeloe

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Syslog plugin broken on recent Debian and Ubuntu distros
2 participants
@JSCU-CNI @Poeloe