Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

logs/windows: fix id, add filtering by EventID

This commit is contained in:
Oleksii Shevchuk 2019-03-10 19:30:27 +02:00
parent 862b797076
commit dd1128d95f
2 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pupy/modules/logs.py
View File

@ -28,6 +28,8 @@ class Logs(PupyModule):
help='Show time')
cls.arg_parser.add_argument('-w', '--width', action='store_true', default=False,
help='Show full content')
cls.arg_parser.add_argument(
'-I', '--event-id', help='Filter by event id (if applicable')
def run(self, args):
@ -40,16 +42,17 @@ class Logs(PupyModule):
date = datetime.fromtimestamp(item['date'])
date_str = ''
if date.date() == today:
date_str = date.strftime('%H:%M:%S')
date_str = Color(date.strftime('%H:%M:%S'), 'cyan')
elif date.date().year == today.year:
date_str = date.strftime('%d/%m %H:%M:%S')
date_str = Color(date.strftime('%d/%m %H:%M:%S'), 'grey')
else:
date_str = date.strftime('%Y/%d/%m %H:%M:%S')
date_str = Color(
date.strftime('%Y/%d/%m %H:%M:%S'), 'lightgrey')
items.append(Color(date_str, 'lightgrey'))
items.append(date_str)
if 'EventID' in item:
items.append(Color('EventID: ' + str(item['EventID']), 'green'))
items.append(Color(item['EventID'], 'green'))
msg = item['msg']
@ -66,7 +69,9 @@ class Logs(PupyModule):
items.append(msg)
return Line(*items)
for category, events in get_last_events(args.number, args.include, args.exclude).iteritems():
for category, events in get_last_events(
args.number, args.include, args.exclude, args.event_id
).iteritems():
if not events:
continue

22
pupy/packages/windows/all/readlogs.py
View File

@ -142,7 +142,9 @@ class EventLog(object):
return events_count
def get_events(self, logtype, server=''):
def get_events(self, logtype, server='', filter_event_id=None):
if filter_event_id is not None:
filter_event_id = int(filter_event_id)
UTC_OFFSET_TIMEDELTA = (
datetime.now() - datetime.utcnow()
@ -177,6 +179,11 @@ class EventLog(object):
break
for ev_obj in events:
event_id = int(winerror.HRESULT_CODE(ev_obj.EventID))
if filter_event_id is not None and event_id != filter_event_id:
continue
if not ev_obj.StringInserts:
continue
@ -259,10 +266,9 @@ class EventLog(object):
continue
yield {
'id': int(winerror.HRESULT_CODE(ev_obj.EventID)) + UTC_OFFSET_TIMEDELTA,
'EventID': int(winerror.HRESULT_CODE(ev_obj.EventID)),
'EventID': event_id,
'record': ev_obj.RecordNumber,
'date': int(ev_obj.TimeGenerated),
'date': int(ev_obj.TimeGenerated) + UTC_OFFSET_TIMEDELTA,
'computer': ev_obj.ComputerName,
'category': ev_obj.EventCategory,
'msg': message,
@ -281,7 +287,7 @@ class EventLog(object):
CloseEventLog(log)
def get_last_events(self, count=10, includes=[], excludes=[]):
def get_last_events(self, count=10, includes=[], excludes=[], eventid=None):
events = {}
includes = [
@ -295,7 +301,7 @@ class EventLog(object):
for log in self.sources:
amount = 0
for event in self.get_events(log):
for event in self.get_events(log, filter_event_id=eventid):
source = event.pop('source')
if source not in events:
@ -339,5 +345,5 @@ class EventLog(object):
return events
def get_last_events(count=10, includes=[], excludes=[]):
return EventLog().get_last_events(count, includes, excludes)
def get_last_events(count=10, includes=[], excludes=[], eventid=None):
return EventLog().get_last_events(count, includes, excludes, eventid)