Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for ISO 8601 timestamps in syslogs #907

Merged
merged 8 commits into from
Dec 2, 2024
Merged

Add support for ISO 8601 timestamps in syslogs #907

merged 8 commits into from
Dec 2, 2024
+106 −55

Conversation

JSCU-CNI
Copy link
Contributor

@JSCU-CNI JSCU-CNI commented Oct 16, 2024
edited
Loading

This PR adds support for ISO 8601 timestamps in unix syslogs introduced in recent versions of Debian and Ubuntu distributions. The helper functions have been copied from #901. Once #860 is merged in main I propose to let the auth plugin import those functions from the helper file. Fixes #909.

@JSCU-CNI JSCU-CNI mentioned this pull request Oct 17, 2024
Merged
@Horofic Horofic requested a review from Poeloe November 1, 2024 11:17
Poeloe
Poeloe requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@Poeloe Poeloe left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the ISO timestamp format support has been merged to main for the AuthLogPlugin (#860), it's possible to add that support in this PR now.

@Schamper because I don't have a particular opinion about the placement of this helpers.py file, do you agree on its location?

dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/helpers.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Outdated Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Outdated Show resolved Hide resolved
@JSCU-CNI
Copy link
Contributor Author

Thanks for your review @Poeloe. I have implemented your suggestions in 65548b9.

@JSCU-CNI JSCU-CNI requested a review from Poeloe November 11, 2024 10:23
Poeloe
Poeloe requested changes Nov 18, 2024
View reviewed changes
Copy link
Contributor

@Poeloe Poeloe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also remove the RE_TS_ISO variable from the auth.py file and import the RE_LINE and RE_TS variable from the helpers.py file instead of defining it separately in the auth.py file?

dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
dissect/target/plugins/os/unix/log/messages.py Show resolved Hide resolved
@JSCU-CNI
Copy link
Contributor Author

Implemented your suggestions in fc1471b.

@JSCU-CNI JSCU-CNI requested a review from Poeloe November 21, 2024 13:53
Poeloe
Poeloe approved these changes Nov 29, 2024
View reviewed changes
Copy link
Contributor

@Poeloe Poeloe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@codecov Codecov
Copy link

codecov bot commented Nov 29, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 82.05128% with 7 lines in your changes missing coverage. Please review.

Project coverage is 77.89%. Comparing base (af1abe4) to head (5972340).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
dissect/target/plugins/os/unix/log/helpers.py 85.18% 4 Missing ⚠️
dissect/target/plugins/os/unix/log/messages.py 70.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #907      +/-   ##
==========================================
- Coverage   77.89%   77.89%   -0.01%     
==========================================
  Files         324      325       +1     
  Lines       27879    27888       +9     
==========================================
+ Hits        21717    21724       +7     
- Misses       6162     6164       +2
Flag Coverage Δ
unittests 77.89% <82.05%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Horofic Horofic merged commit f36ce59 into fox-it:main Dec 2, 2024
18 of 20 checks passed
@JSCU-CNI JSCU-CNI deleted the feature/unix-syslog-iso-8601 branch December 2, 2024 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Poeloe Poeloe Poeloe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Syslog plugin broken on recent Debian and Ubuntu distros
3 participants
@JSCU-CNI @Poeloe @Horofic