423 lines
20 KiB
Python
423 lines
20 KiB
Python
|
#!/usr/bin/python
|
||
|
# -*- coding: utf-8 -*-
|
||
|
#
|
||
|
# Copyright 2014 The Plaso Project Authors.
|
||
|
# Please see the AUTHORS file for details on individual authors.
|
||
|
#
|
||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
# you may not use this file except in compliance with the License.
|
||
|
# You may obtain a copy of the License at
|
||
|
#
|
||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||
|
#
|
||
|
# Unless required by applicable law or agreed to in writing, software
|
||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
# See the License for the specific language governing permissions and
|
||
|
# limitations under the License.
|
||
|
|
||
|
"""This file contains formatters for the parsed Rubanetra events. Additionally, a Java Instant formatter was defined
|
||
|
as well."""
|
||
|
from plaso.formatters import interface
|
||
|
|
||
|
__author__ = 'Stefan Swerk (stefan_rubanetra@swerk.priv.at)'
|
||
|
|
||
|
|
||
|
class RubanetraBaseActivityFormatter(interface.ConditionalEventFormatter):
|
||
|
""" Formatter for a Rubanetra BaseActivity """
|
||
|
|
||
|
DATA_TYPE = 'java:rubanetra:base_activity'
|
||
|
SOURCE_SHORT = 'LOG'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.BaseActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = [
|
||
|
u'activityType: \'{activity_type}\'',
|
||
|
u'firstTimestamp: \'{first_timestamp}\'',
|
||
|
u'lastTimestamp: \'{last_timestamp}\'',
|
||
|
u'description: \'{description}\'',
|
||
|
u'sourceAddress: \'{source_address}\'',
|
||
|
u'destinationAddress: \'{destination_address}\'',
|
||
|
u'compoundFrameNumbers: \'{compound_frame_number_list}\'',
|
||
|
u'isReplaced: \'{replaced}\'',
|
||
|
u'optionalFields: \'{optional_field_dict}\'']
|
||
|
|
||
|
|
||
|
class RubanetraPcapActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:pcap_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.PcapActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES \
|
||
|
+ [u'totalSize: \'{pcap_total_size}\'',
|
||
|
u'frameNumber: \'{pcap_frame_number}\'',
|
||
|
u'wireLength: \'{pcap_packet_wirelen}\'',
|
||
|
u'headerCount: \'{pcap_header_count}\'']
|
||
|
|
||
|
|
||
|
class RubanetraHttpRequestActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:http_request_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.HttpRequestActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'serverAddress: \'{server_address}\'',
|
||
|
u'clientAddress: \'{client_address}\'',
|
||
|
u'httpVersion: \'{http_version}\'',
|
||
|
u'httpMethod: \'{http_method}\'',
|
||
|
u'httpQueryString: \'{http_query_string}\'',
|
||
|
u'httpQueryParameters: \'{http_query_parameters}\'',
|
||
|
u'httpRequestHeader: \'{http_request_header_dict}\'',
|
||
|
u'url: \'{url}\'',
|
||
|
u'originalHttpHeader: \'{orig_http_header}\'',
|
||
|
u'contentType: \'{content_type}\'',
|
||
|
u'isResponse: \'{is_response}\'',
|
||
|
u'JNetPcapHttpString: \'{jnetpcap_http_string}\'']
|
||
|
|
||
|
|
||
|
class RubanetraHttpResponseActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:http_response_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.HttpResponseActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'httpVersion: \'{http_version}\'',
|
||
|
u'httpStatusCode: \'{response_status_code}\'',
|
||
|
u'httpStatusLine: \'{response_status_line}\'',
|
||
|
u'httpResponseHeader: \'{response_header_dict}\'',
|
||
|
u'originalHttpHeader: \'{orig_http_header}\'',
|
||
|
u'contentType: \'{content_type}\'',
|
||
|
u'JNetPcapHttpString: \'{jnetpcap_http_string}\'']
|
||
|
|
||
|
|
||
|
class RubanetraDnsActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:dns_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.DnsActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'questionRecords: \'{question_record_list}\'',
|
||
|
u'answerRecords: \'{answer_record_list}\'',
|
||
|
u'authorityRecords: \'{authority_record_list}\'',
|
||
|
u'additionalRecords: \'{additional_record_list}\'',
|
||
|
u'dnsMessageHeader: \'{dns_message_header}\'',
|
||
|
u'isResponse: \'{is_response_bool}\'']
|
||
|
|
||
|
|
||
|
class RubanetraHttpImageActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:http_image_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.HttpImageActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'imageType: \'{image_type}\'',
|
||
|
u'imagePath: \'{image_path}\'']
|
||
|
|
||
|
|
||
|
class RubanetraArpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:arp_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.ArpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'hardwareType: \'{hardware_type}\'',
|
||
|
u'protocolType: \'{protocol_type}\'',
|
||
|
u'hardwareAddressLength: \'{hardware_address_length}\'',
|
||
|
u'protocolAddressLength: \'{protocol_address_length}\'',
|
||
|
u'senderHardwareAddress: \'{sender_mac_address}\'',
|
||
|
u'targetHardwareAddress: \'{target_mac_address}\'',
|
||
|
u'senderProtocolAddress: \'{sender_protocol_address}\'',
|
||
|
u'targetProtocolAddress: \'{target_protocol_address}\'',
|
||
|
u'JNetPcapArpString: \'{jnetpcap_arp}\'']
|
||
|
|
||
|
|
||
|
class RubanetraDhcpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:dhcp_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.DhcpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'dhcpMessage: \'{dhcp_message}\'']
|
||
|
|
||
|
|
||
|
class RubanetraEthernetActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:ethernet_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.EthernetActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'sourceMacAddress: \'{source_mac_address}\'',
|
||
|
u'destinationMacAddress: \'{destination_mac_address}\'',
|
||
|
u'ethernetType: \'{ethernet_type}\'',
|
||
|
u'ethernetTypeEnum: \'{ethernet_type_enum}\'',
|
||
|
u'JNetPcapEthernetString: \'{jnetpcap_ethernet}\'']
|
||
|
|
||
|
|
||
|
class RubanetraFtpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:ftp_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.FtpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'ftpActivityType: \'{ftp_type}\'',
|
||
|
u'command: \'{command}\'',
|
||
|
u'reply: \'{reply}\'',
|
||
|
u'list: \'{list}\'']
|
||
|
|
||
|
|
||
|
class RubanetraIcmpv4ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:icmpv4_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Icmpv4Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'icmpSubType: \'{icmp_subtype}\'',
|
||
|
u'icmpPacket: \'{icmp_packet}\'',
|
||
|
u'icmpMessage: \'{icmp_message}\'',
|
||
|
u'icmpType: \'{icmp_type}\'',
|
||
|
u'icmpCode: \'{icmp_code}\'',
|
||
|
u'sourceAddress: \'{source_address}\'',
|
||
|
u'destinationAddress: \'{destination_address}\'',
|
||
|
u'identifier: \'{identifier}\'',
|
||
|
u'sequence: \'{sequence}\'',
|
||
|
u'JNetPcapIcmpString: \'{jnetpcap_icmp}\'']
|
||
|
|
||
|
|
||
|
class RubanetraIcmpv6ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:icmpv6_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Icmpv6Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'icmpSubType: \'{icmp_subtype}\'',
|
||
|
u'icmpPacket: \'{icmp_packet}\'',
|
||
|
u'icmpMessage: \'{icmp_message}\'',
|
||
|
u'icmpType: \'{icmp_type}\'',
|
||
|
u'JNetPcapIcmpString: \'{jnetpcap_icmp}\'']
|
||
|
|
||
|
|
||
|
class RubanetraIpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:ip_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.IpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'version: \'{version}\'',
|
||
|
u'protocol: \'{protocol}\'',
|
||
|
u'sourceAddress: \'{source_address}\'',
|
||
|
u'destinationAddress: \'{destination_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraIpv4ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:ipv4_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Ipv4Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'internetHeaderLength: \'{internet_header_length}\'',
|
||
|
u'differentiatedServicesCodePoint: \'{differentiated_services_code_point}\'',
|
||
|
u'totalLength: \'{total_length}\'',
|
||
|
u'identification: \'{identification}\'',
|
||
|
u'flags: \'{flags}\'',
|
||
|
u'fragmentOffset: \'{fragment_offset}\'',
|
||
|
u'timeToLive: \'{time_to_live}\'',
|
||
|
u'headerChecksum: \'{header_checksum}\'',
|
||
|
u'options: \'{options}\'',
|
||
|
u'JNetPcapIpv4String: \'{jnetpcap_ip4}\'']
|
||
|
|
||
|
|
||
|
class RubanetraIpv6ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:ipv6_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Ipv6Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'trafficClass: \'{traffic_class}\'',
|
||
|
u'flowLabel: \'{flow_label}\'',
|
||
|
u'payloadLength: \'{payload_length}\'',
|
||
|
u'nextHeader: \'{next_header}\'',
|
||
|
u'hopLimit: \'{hop_limit}\'',
|
||
|
u'JNetPcapIpv6String: \'{jnetpcap_ip6}\'',
|
||
|
u'KrakenIpv6String: \'{kraken_ip6}\'']
|
||
|
|
||
|
|
||
|
class RubanetraMsnActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:msn_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.MsnActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'account: \'{account}\'',
|
||
|
u'chat: \'{chat}\'']
|
||
|
|
||
|
|
||
|
class RubanetraNetbiosActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:Netbios_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.NetbiosActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'datagramPacket: \'{datagram_packet}\'',
|
||
|
u'namePacket: \'{name_packet}\'']
|
||
|
|
||
|
|
||
|
class RubanetraPop3ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:pop3_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Pop3Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'subType: \'{sub_type}\'',
|
||
|
u'header: \'{header}\'',
|
||
|
u'data: \'{data}\'',
|
||
|
u'command: \'{command}\'',
|
||
|
u'response: \'{response}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSmtpCommandActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:smtp_command_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.SmtpCommandActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'command: \'{command}\'',
|
||
|
u'parameter: \'{parameter}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSmtpReplyActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:smtp_reply_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.SmtpReplyActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'code: \'{code}\'',
|
||
|
u'message: \'{message}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSmtpSendActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:smtp_send_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.SmtpSendActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'header: \'{header}\'',
|
||
|
u'data: \'{data}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSnmpv1ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:snmpv1_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Snmpv1Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'pdu: \'{pdu}\'',
|
||
|
u'sourceSocketAddress: \'{source_socket_address}\'',
|
||
|
u'destinationSocketAddress: \'{destination_socket_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSnmpv2ActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:snmpv2_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.Snmpv2Activity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraSnmpv1ActivityFormatter.FORMAT_STRING_PIECES
|
||
|
|
||
|
|
||
|
class RubanetraTcpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:tcp_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.TcpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'sourcePort: \'{source_port}\'',
|
||
|
u'destinationPort: \'{destination_port}\'',
|
||
|
u'sequenceNumber: \'{sequence_number}\'',
|
||
|
u'acknowledgeNumber: \'{acknowledge_number}\'',
|
||
|
u'relativeSequenceNumber: \'{relative_sequence_number}\'',
|
||
|
u'relativeAcknowledgeNumber: \'{relative_acknowledge_number}\'',
|
||
|
u'dataOffset: \'{data_offset}\'',
|
||
|
u'controlBits: \'{control_bits}\'',
|
||
|
u'windowSize: \'{window_size}\'',
|
||
|
u'checksum: \'{checksum}\'',
|
||
|
u'urgentPointer: \'{urgent_pointer}\'',
|
||
|
u'tcpLength: \'{tcp_length}\'',
|
||
|
u'options: \'{options}\'',
|
||
|
u'padding: \'{padding}\'',
|
||
|
u'syn: \'{syn}\'',
|
||
|
u'ack: \'{ack}\'',
|
||
|
u'psh: \'{psh}\'',
|
||
|
u'fin: \'{fin}\'',
|
||
|
u'rst: \'{rst}\'',
|
||
|
u'urg: \'{urg}\'',
|
||
|
u'direction: \'{direction}\'',
|
||
|
u'clientState: \'{client_state}\'',
|
||
|
u'serverState: \'{server_state}\'',
|
||
|
u'JNetPcapTcpString: \'{jnetpcap_tcp}\'',
|
||
|
u'sourceAddress: \'{source_address}\'',
|
||
|
u'destinationAddress: \'{destination_address}\'',
|
||
|
u'sourceSocketAddress: \'{source_socket_address}\'',
|
||
|
u'destinationSocketAddress: \'{destination_socket_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraTelnetActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:telnet_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.TelnetActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'subType: \'{sub_type}\'',
|
||
|
u'command: \'{command}\'',
|
||
|
u'option: \'{option}\'',
|
||
|
u'ansiMode: \'{ansi_mode}\'',
|
||
|
u'arguments: \'{arguments}\'',
|
||
|
u'text: \'{text}\'',
|
||
|
u'title: \'{title}\'']
|
||
|
|
||
|
|
||
|
class RubanetraTlsActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:tls_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.TlsActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'clientToServerTraffic: \'{client_to_server_traffic}\'',
|
||
|
u'serverToClientTraffic: \'{server_to_client_traffic}\'']
|
||
|
|
||
|
|
||
|
class RubanetraUdpActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:udp_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.UdpActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'sourcePort: \'{source_port}\'',
|
||
|
u'destinationPort: \'{destination_port}\'',
|
||
|
u'length: \'{length}\'',
|
||
|
u'checksum: \'{checksum}\'',
|
||
|
u'JNetPcapUdpString: \'{jnetpcap_udp}\'',
|
||
|
u'sourceSocketAddress: \'{source_socket_address}\'',
|
||
|
u'destinationSocketAddress: \'{destination_socket_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraOpenSSHActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:open_ssh_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.OpenSSHActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'clientToServerTraffic: \'{client_to_server_traffic}\'',
|
||
|
u'serverToClientTraffic: \'{server_to_client_traffic}\'']
|
||
|
|
||
|
|
||
|
class RubanetraDropboxTlsActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:dropbox_tls_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.DropboxActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'clientAddress: \'{client_address}\'',
|
||
|
u'serverAddress: \'{server_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSpiderOakActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:spideroak_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.SpiderOakActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'clientAddress: \'{client_address}\'',
|
||
|
u'serverAddress: \'{server_address}\'']
|
||
|
|
||
|
|
||
|
class RubanetraSkypePayloadActivityFormatter(RubanetraBaseActivityFormatter):
|
||
|
DATA_TYPE = 'java:rubanetra:skype_payload_activity'
|
||
|
SOURCE_LONG = 'at.jku.fim.rubanetra.SkypePayloadActivity'
|
||
|
|
||
|
FORMAT_STRING_PIECES = RubanetraBaseActivityFormatter.FORMAT_STRING_PIECES + \
|
||
|
[u'sourceObjectId: \'{source_object_id}\'',
|
||
|
u'destinationObjectId: \'{destination_object_id}\'',
|
||
|
u'sourceHost: \'{source_host}\'',
|
||
|
u'destinationHost: \'{destination_host}\'']
|
||
|
|
||
|
|
||
|
class JavaInstantFormatter(interface.EventFormatter):
|
||
|
""" Formatter for a Java Instant """
|
||
|
|
||
|
DATA_TYPE = 'java:time:Instant'
|
||
|
SOURCE_SHORT = 'JAVA'
|
||
|
SOURCE_LONG = 'java.time.Instant'
|
||
|
|
||
|
FORMAT_STRING = (
|
||
|
u'epoch_seconds: \'{instant_epoch_seconds}, nano: \'{instant_nano}\'')
|
||
|
FORMAT_STRING_SHORT = (u'{instant_epoch_seconds}.{instant_nano}\'')
|