OLD | NEW |
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 """Parser for Windows EventLog (EVT) files.""" | 2 """Parser for Windows EventLog (EVT) files.""" |
3 | 3 |
4 import pyevt | 4 import pyevt |
5 | 5 |
6 from dfdatetime import posix_time as dfdatetime_posix_time | 6 from dfdatetime import posix_time as dfdatetime_posix_time |
7 from dfdatetime import semantic_time as dfdatetime_semantic_time | 7 from dfdatetime import semantic_time as dfdatetime_semantic_time |
8 | 8 |
9 from plaso import dependencies | |
10 from plaso.containers import events | 9 from plaso.containers import events |
11 from plaso.containers import time_events | 10 from plaso.containers import time_events |
12 from plaso.lib import eventdata | 11 from plaso.lib import eventdata |
13 from plaso.lib import specification | 12 from plaso.lib import specification |
14 from plaso.parsers import interface | 13 from plaso.parsers import interface |
15 from plaso.parsers import manager | 14 from plaso.parsers import manager |
16 | 15 |
17 | 16 |
18 dependencies.CheckModuleVersion(u'pyevt') | |
19 | |
20 | |
21 class WinEvtRecordEventData(events.EventData): | 17 class WinEvtRecordEventData(events.EventData): |
22 """Windows EventLog (EVT) record event data. | 18 """Windows EventLog (EVT) record event data. |
23 | 19 |
24 Attributes: | 20 Attributes: |
25 computer_name (str): computer name stored in the event record. | 21 computer_name (str): computer name stored in the event record. |
26 event_category (int): event category. | 22 event_category (int): event category. |
27 event_identifier (int): event identifier. | 23 event_identifier (int): event identifier. |
28 event_type (int): event type. | 24 event_type (int): event type. |
29 facility (int): event facility. | 25 facility (int): event facility. |
30 message_identifier (int): event message identifier. | 26 message_identifier (int): event message identifier. |
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
229 u'unable to open file with error: {0:s}'.format(exception)) | 225 u'unable to open file with error: {0:s}'.format(exception)) |
230 return | 226 return |
231 | 227 |
232 try: | 228 try: |
233 self._ParseRecords(parser_mediator, evt_file) | 229 self._ParseRecords(parser_mediator, evt_file) |
234 finally: | 230 finally: |
235 evt_file.close() | 231 evt_file.close() |
236 | 232 |
237 | 233 |
238 manager.ParsersManager.RegisterParser(WinEvtParser) | 234 manager.ParsersManager.RegisterParser(WinEvtParser) |
OLD | NEW |