SEPparser icon indicating copy to clipboard operation
SEPparser copied to clipboard

Published 20 hours ago verified publisher icon Beercow

Support for other languages

Open nkl0x55 opened this issue 4 years ago • 10 comments

Hi, would like to check if this tool support other languages installation of SEP, e.g. Chinese, Japanese, etc.

Thank you.

nkl0x55 avatar Mar 30 '21 04:03 nkl0x55

I do not have data to test this so I’m thinking it will choke at some point.

Beercow avatar Mar 30 '21 10:03 Beercow

Yup, tested it on a Japanese installation, choke while parsing. Any plan to add support for other languages?

nkl0x55 avatar Mar 31 '21 03:03 nkl0x55

I would be happy to add support. I don’t have data in other languages so I might need a copy. Would be willing to sign a NDA if need be.

Let’s try this first. The lates commit to SEPparser has a -v option. Add -v and get me the error message. I might be able to figure it out from that.

Beercow avatar Mar 31 '21 09:03 Beercow

Hi, apologies for the delay. Below is the error message.

Searching for Symantec logs.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AtpiMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AtpiMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AVMan.log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AVMan.log: 'charmap' codec can't encode characters in position 304-324: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4300, in main
  File "SEPparser.py", line 3613, in parse_avman
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode characters in position 304-324: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\BashMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\BashMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\CommonMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\CommonMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\cve-actions.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\cve-actions.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\cve.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\cve.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\ElamMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\ElamMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\EntitlementMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\EntitlementMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\GUP.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\GUP.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\HidMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\HidMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\LocalRep.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\LocalRep.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\LUMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\LUMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NacMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NacMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NetSecMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NetSecMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NTRMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\NTRMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\processlog.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\processlog.log. Log is empty.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\rawlog.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\rawlog.log. Log is empty.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\RebootMgrMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\RebootMgrMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\RepMgtMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\RepMgtMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\seclog.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\seclog.log. Log is empty.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\SubmissionsMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\SubmissionsMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\syslog.log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\syslog.log: 'charmap' codec can't encode characters in position 214-221: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4284, in main
  File "SEPparser.py", line 3257, in parse_syslog
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode characters in position 214-221: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\TDADMan.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\TDADMan.log. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\tralog.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\tralog.log. Log is empty.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03112021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03112021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03122021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03122021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03132021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03132021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03142021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03142021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03152021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03152021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03172021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03172021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03182021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03182021.Log: 'charmap' codec can't encode character '\u0183' in position 232: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0183' in position 232: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03192021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03192021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03202021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03202021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03212021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03212021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03222021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03222021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03232021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03232021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03242021.Log

Problem parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\03242021.Log: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>

Traceback (most recent call last):
  File "SEPparser.py", line 4303, in main
  File "SEPparser.py", line 3663, in parse_daily_av
  File "c:\users\ieuser\appdata\local\programs\python\python39\lib\encodings\cp1252.py", line 19, in encode
UnicodeEncodeError: 'charmap' codec can't encode character '\u0702' in position 237: character maps to <undefined>
Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\serialize.dat

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\AV\serialize.dat. Unknown File Type.

Started parsing J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\PchCmp\AWSFileTransfer.log

Skipping J:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Logs\PchCmp\AWSFileTransfer.log. Unknown File Type.

Processed 39 file(s) in 0.2460 seconds

nkl0x55 avatar Apr 07 '21 07:04 nkl0x55

Thanks for the output. Might take a little bit before I look more into this. Been a little busy the last couple of weeks.

Beercow avatar Apr 09 '21 03:04 Beercow

One other thing. Are you running it on Windows or Linux? From the output, I would guess it’s Windows. Could you try running it on Linux and see if you get the same error?

Beercow avatar Apr 09 '21 03:04 Beercow

I just made an update. Can you try and see if this fixes your issue?

Beercow avatar Apr 12 '21 15:04 Beercow

Hi, I compiled it into a executable and ran it. Using the latest codes available, the parsing does not choke like previous.

However, looking at the output, the text are gibberish for non English text.

I do 2 more test using Linux and running it direct.

nkl0x55 avatar Apr 13 '21 06:04 nkl0x55

I may need a sample of one of the logs to get this working.

Beercow avatar Apr 20 '21 22:04 Beercow

Is there any chance I can get one of the logs that is causing the issue? (I’ll sign a NDA if need be) I’ll have to close this soon due to lack of response.

Beercow avatar Nov 12 '21 02:11 Beercow