Code review - Issue 321000043: [plaso] Refactored log2timeline front-end to tool #160https://codereview.appspot.com/2017-05-29T19:38:25+00:00rietveld
Message from joachim.metz@gmail.com
2017-05-14T18:28:54+00:00Joachim Metzurn:md5:8ab78cec5b53e019299205bc1f92815b
Message from joachim.metz@gmail.com
2017-05-15T04:42:07+00:00Joachim Metzurn:md5:41bf1c8fa76444d87711a77aca47cf20
Code updated.
Message from joachim.metz@gmail.com
2017-05-16T04:51:32+00:00Joachim Metzurn:md5:5ede9c07ff6dd9a2f2828479e397b6d4
Code updated.
Message from unknown
2017-05-20T05:36:19+00:00Joachim Metzurn:md5:f00e58e477d565e18426ef3273a1ae6c
Message from joachim.metz@gmail.com
2017-05-20T05:36:25+00:00Joachim Metzurn:md5:89f0d0c8e3417ddb13006b7825f968f6
Code updated.
Message from onager@deerpie.com
2017-05-26T23:53:47+00:00onagerurn:md5:34bb7fe2a41b4b47c9f34ae972a23f93
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/extraction_tool.py
File plaso/cli/extraction_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/extraction_tool.py#newcode238
plaso/cli/extraction_tool.py:238: u'Path to a directory containing artifact definitions.'))
Please add some statement about what Plaso does with these definitions.
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py
File plaso/cli/log2timeline_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py#newcode667
plaso/cli/log2timeline_tool.py:667: """Processes the sources and extract events.
extracts
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py#newcode706
plaso/cli/log2timeline_tool.py:706: # If the source is a directory or a storage media image
Remove this comment, as it isn't needed any more (and isn't complete any more, either)
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/psteal_tool.py
File plaso/cli/psteal_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/psteal_tool.py#newcode122
plaso/cli/psteal_tool.py:122: u'Unable to write to storage file: {0:s}'.format(storage_file_path))
Change to "File {0:s} is not writable" or similar. This isn't actually trying to write to the file.
https://codereview.appspot.com/321000043/diff/60001/plaso/frontend/extraction_frontend.py
File plaso/frontend/extraction_frontend.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/frontend/extraction_frontend.py#newcode116
plaso/frontend/extraction_frontend.py:116: use_zeromq=True, worker_memory_limit=None):
Shouldn't this be in the processing config?
Message from joachim.metz@gmail.com
2017-05-27T07:01:36+00:00Joachim Metzurn:md5:19ba3863a15f32b5b6de90a1801f610f
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/extraction_tool.py
File plaso/cli/extraction_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/extraction_tool.py#newcode238
plaso/cli/extraction_tool.py:238: u'Path to a directory containing artifact definitions.'))
On 2017/05/26 23:53:46, onager wrote:
> Please add some statement about what Plaso does with these definitions.
Done.
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py
File plaso/cli/log2timeline_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py#newcode667
plaso/cli/log2timeline_tool.py:667: """Processes the sources and extract events.
On 2017/05/26 23:53:46, onager wrote:
> extracts
Done.
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/log2timeline_tool.py#newcode706
plaso/cli/log2timeline_tool.py:706: # If the source is a directory or a storage media image
On 2017/05/26 23:53:46, onager wrote:
> Remove this comment, as it isn't needed any more (and isn't complete any more,
> either)
Done.
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/psteal_tool.py
File plaso/cli/psteal_tool.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/cli/psteal_tool.py#newcode122
plaso/cli/psteal_tool.py:122: u'Unable to write to storage file: {0:s}'.format(storage_file_path))
On 2017/05/26 23:53:46, onager wrote:
> Change to "File {0:s} is not writable" or similar. This isn't actually trying to
> write to the file.
Done.
https://codereview.appspot.com/321000043/diff/60001/plaso/frontend/extraction_frontend.py
File plaso/frontend/extraction_frontend.py (right):
https://codereview.appspot.com/321000043/diff/60001/plaso/frontend/extraction_frontend.py#newcode116
plaso/frontend/extraction_frontend.py:116: use_zeromq=True, worker_memory_limit=None):
the idea was that processing configuration can be passed to a stand-alone worker and changed. zero-mq or not is defined on start and does not change once the queue has been set up.
Message from unknown
2017-05-27T07:16:38+00:00Joachim Metzurn:md5:62882b165769d39c682da739099d0bb5
Message from joachim.metz@gmail.com
2017-05-27T07:16:41+00:00Joachim Metzurn:md5:5d5ae5a8bf52a8286d4881c50f227323
Code updated.
Message from onager@deerpie.com
2017-05-29T18:59:16+00:00onagerurn:md5:668229f6501bfb8ddb79b1c54040c23a
LGTM
Message from joachim.metz@gmail.com
2017-05-29T19:38:25+00:00Joachim Metzurn:md5:86c3fb9db74739dccf7fb0d821ca18a8
Changes have been merged with master branch. To close the review and clean up the feature branch you can run: python ./utils/review.py close cleanup