plaso
plaso copied to clipboard
log2timeline
Super timeline all the things
**Description of problem:** Add a parser for FreeDesktop.org Trash Info Files. Path: ```%%users.homedir%%/.local/share/Trash/info/*.trashinfo``` https://specifications.freedesktop.org/trash-spec/trashspec-latest.html
Add a parser for MySQL log files. There are several: Error log | Problems encountered starting, running, or stopping mysqld -- | -- General query log | Established client connections...
Add a MongoDB Log File parser. Example (src: https://www.mongodb.com/docs/manual/reference/log-messages/#log-messages): ``` {"t":{"$date":"2020-05-01T15:16:17.180+00:00"},"s":"I", "c":"NETWORK", "id":12345, "ctx":"listener", "msg":"Listening on","attr":{"address":"127.0.0.1"}} ``` Location setting: https://www.mongodb.com/docs/manual/reference/configuration-options/#mongodb-setting-systemLog.path
Add a parser for Tomcat Log Files. See: https://tomcat.apache.org/tomcat-10.0-doc/logging.html In particular the access log: https://tomcat.apache.org/tomcat-10.0-doc/config/valve.html#Access_Logging
Add a parser for Jenkins Log Files. "Linux: By default logs should be made available in /var/log/jenkins/jenkins.log, unless customized in /etc/default/jenkins (for *.deb) or via /etc/sysconfig/jenkins (for */rpm)" src: https://wiki.jenkins.io/display/JENKINS/Logging.html
Add a parser for HAProxy log files. Paths: - '/var/log/haproxy/*' - '/var/log/haproxy.log' - '/var/log/haproxy-traffic.log' - '/var/log/haproxy-admin.log' Default Log Format (src: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#8.2.1) ``` Feb 6 12:12:09 localhost \ haproxy[14385]: Connect from...
Add a parser for Nginx Access/Error log files. Path: /var/log/nginx/access.log References: - https://docs.nginx.com/nginx/admin-guide/monitoring/logging/ - https://nginx.org/en/docs/http/ngx_http_log_module.html?&_ga=2.39244515.1358330861.1660889084-715350934.1660889084#log_format
Add a parser for Apache error logs. Paths: - '/var/log/apache/error*' - '/var/log/apache/error.log*' - '/var/log/apache2/error*' - '/var/log/apache2/error.log*' - '/var/log/httpd/error*' - '/var/log/httpd/error.log*' Typical log format: ``` [Fri Sep 09 10:42:29.902022 2011] [core:error]...
Description of problem: Add a parser for UFW log files. Path: /var/log/ufw.log Pseudo Log Entry (src: https://help.ubuntu.com/community/UFW) ``` Feb 4 23:33:37 hostname kernel: [ 3529.289825] [UFW BLOCK] IN=eth0 OUT= MAC=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd...
Description of problem: Add a parser for Samba log files. Path: /var/log/samba/*.log Sample Standard Log Format: ``` [2017/07/04 21:07:41.410381, 4, pid=21757] ../auth/auth_log.c:848(log_successful_authz_event_human_readable) Successful AuthZ: [SMB2,krb5] user [SAMDOM]\[Administrator] [S-1-5-21-469703510-2364959079-1506205053-500] at [Di,...