Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1527)

Unified Diff: plaso/parsers/utmp.yaml

Issue 343950043: [plaso] Migrated utmp construct-based parser to use dtfabric #1893 (Closed)
Patch Set: Changes after merge Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « plaso/parsers/utmp.py ('k') | tests/formatters/utmp.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: plaso/parsers/utmp.yaml
diff --git a/plaso/parsers/utmp.yaml b/plaso/parsers/utmp.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f920e9c959d9d620bf9c9c89bcecf0546eb1ccca
--- /dev/null
+++ b/plaso/parsers/utmp.yaml
@@ -0,0 +1,74 @@
+name: utmp
+type: format
+description: Utmp login records format
+urls: ["https://github.com/libyal/dtformats/blob/master/documentation/Utmp%20login%20records%20format.asciidoc"]
+---
+name: byte
+type: integer
+attributes:
+ format: unsigned
+ size: 1
+ units: bytes
+---
+name: int16
+type: integer
+attributes:
+ format: signed
+ size: 2
+ units: bytes
+---
+name: int32
+type: integer
+attributes:
+ format: signed
+ size: 4
+ units: bytes
+---
+name: uint32
+type: integer
+attributes:
+ format: unsigned
+ size: 4
+ units: bytes
+---
+name: utmp_entry
+type: structure
+attributes:
+ byte_order: little-endian
+members:
+- name: type
+ data_type: int32
+- name: pid
+ data_type: uint32
+- name: terminal
+ type: stream
+ element_data_type: byte
+ number_of_elements: 32
+- name: terminal_identifier
+ data_type: uint32
+- name: username
+ type: stream
+ element_data_type: byte
+ number_of_elements: 32
+- name: hostname
+ type: stream
+ element_data_type: byte
+ number_of_elements: 256
+- name: termination_status
+ data_type: int16
+- name: exit_status
+ data_type: int16
+- name: session
+ data_type: int32
+- name: timestamp
+ data_type: int32
+- name: microseconds
+ data_type: int32
+- name: ip_address
+ type: sequence
+ element_data_type: byte
+ number_of_elements: 16
+- name: unknown1
+ type: stream
+ element_data_type: byte
+ number_of_elements: 20
« no previous file with comments | « plaso/parsers/utmp.py ('k') | tests/formatters/utmp.py » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b