dfir-orc icon indicating copy to clipboard operation
dfir-orc copied to clipboard

Published 20 hours ago verified publisher icon DFIR-ORC

GetSamples "logging" element not taken into account

Open qlemaire opened this issue 4 years ago • 3 comments

Hello,

While testing GetSamples command, I tried to display verbose information via XML configuration file (cf https://dfir-orc.github.io/GetSamples.html#output):

<getsamples nolimits="">
        <logging verbose="" debug="" />
</getsamples>

Here is the commandline:

C:\> DFIR-Orc_x64.exe GetSamples /config=test.xml

The nolimits attribute seems to be taken into account (otherwise, the command wouldn't execute), but not the "logging" element: image

The "equivalent" commandline is verbose, as expected:

C:\> DFIR-Orc_x64.exe GetSamples /verbose /debug /nolimits

image

Am I missing anything?

Thanks

qlemaire avatar Mar 26 '20 08:03 qlemaire

Hi Quentin,

We have reproduced this issue internally. We'll have a fix for this.

Thank you for the report. Jean

jgautier-anssi avatar Mar 26 '20 14:03 jgautier-anssi

Affects multiple commands. Should be fix with 10.1.0-rc4

fabienfl-orc avatar Jan 18 '21 13:01 fabienfl-orc

Configuration should be possible with upcoming version. This version should correctly forward log options to GetThis process with such GetSamples Configuration:

    <log>
        <file level="debug" backtrace="error">
            <output disposition="truncate">GetSamples.log</output>
        </file>
    </log>

fabienfl-orc avatar Feb 11 '21 10:02 fabienfl-orc