Comments (8)
joachimmetz
commented on August 21, 2024
@AlexForensic this is not an "error" this is a warning that a particular file cannot be correctly parsed. Can you provide more details? (such as the ones requested in the github issue template)
from plaso.
AlexForensic
commented on August 21, 2024
@joachimmetz this fils is access.log file extracted from debian 11. My command uses the parser "text".
from plaso.
joachimmetz
commented on August 21, 2024
Unfortunately this is insufficient information for me do anything with this report.
from plaso.
AlexForensic
commented on August 21, 2024
@joachimmetz ok sorry. What information do you require?
from plaso.
joachimmetz
commented on August 21, 2024
Have a look at the issue template https://github.com/log2timeline/plaso/issues/new?assignees=&labels=&projects=&template=problem-report.md&title=
I also would need to have an example of the log lines that the warning applies to, so sharing a short section of the log that can reproduce the issue could be beneficial
from plaso.
AlexForensic
commented on August 21, 2024
192.168.10.1 - - [27/Sep/2022:11:26:31 +0200] "GET /code/Chat/server.php HTTP/1.1" 200 660 "https:///code/FicheClient/Bienvenue.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
::1 - - [27/Sep/2022:11:26:31 +0200] "GET /server-status?auto HTTP/1.1" 200 1396 "-" "-"
192.168.10.1 - - [27/Sep/2022:11:26:32 +0200] "GET /code/Chat/server.php HTTP/1.1" 200 5197 "/code/FicheClient/Bienvenue.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
::1 - - [27/Sep/2022:11:26:32 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:26:33 +0200] "GET /server-status?auto HTTP/1.1" 200 1389 "-" "-"
::1 - - [27/Sep/2022:11:26:34 +0200] "GET /server-status?auto HTTP/1.1" 200 1397 "-" "-"
::1 - - [27/Sep/2022:11:26:35 +0200] "GET /server-status?auto HTTP/1.1" 200 1394 "-" "-"
::1 - - [27/Sep/2022:11:26:36 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:26:37 +0200] "GET /server-status?auto HTTP/1.1" 200 1395 "-" "-"
::1 - - [27/Sep/2022:11:26:38 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:26:39 +0200] "GET /server-status?auto HTTP/1.1" 200 1394 "-" "-"
::1 - - [27/Sep/2022:11:26:40 +0200] "GET /server-status?auto HTTP/1.1" 200 1397 "-" "-"
::1 - - [27/Sep/2022:11:26:41 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:26:42 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:26:43 +0200] "GET /server-status?auto HTTP/1.1" 200 1396 "-" "-"
::1 - - [27/Sep/2022:11:26:44 +0200] "GET /server-status?auto HTTP/1.1" 200 1404 "-" "-"
::1 - - [27/Sep/2022:11:26:45 +0200] "GET /server-status?auto HTTP/1.1" 200 1405 "-" "-"
::1 - - [27/Sep/2022:11:26:46 +0200] "GET /server-status?auto HTTP/1.1" 200 1405 "-" "-"
::1 - - [27/Sep/2022:11:26:47 +0200] "GET /server-status?auto HTTP/1.1" 200 1402 "-" "-"
::1 - - [27/Sep/2022:11:26:48 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:26:49 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:26:50 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:26:51 +0200] "GET /server-status?auto HTTP/1.1" 200 1403 "-" "-"
::1 - - [27/Sep/2022:11:26:52 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:26:53 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:26:54 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:26:55 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
192.168.10.1 - - [27/Sep/2022:11:26:56 +0200] "GET /code/Chat/server.php HTTP/1.1" 200 813 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
::1 - - [27/Sep/2022:11:26:56 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:26:57 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:26:58 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:26:59 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:00 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:27:01 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
192.168.10.1 - - [27/Sep/2022:11:27:01 +0200] "GET /code/Chat/server.php HTTP/1.1" 200 813 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
::1 - - [27/Sep/2022:11:27:02 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:03 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:27:04 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:05 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:27:06 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:27:07 +0200] "GET /server-status?auto HTTP/1.1" 200 1404 "-" "-"
::1 - - [27/Sep/2022:11:27:08 +0200] "GET /server-status?auto HTTP/1.1" 200 1402 "-" "-"
::1 - - [27/Sep/2022:11:27:09 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
31.36.119.140 - - [27/Sep/2022:11:27:10 +0200] "GET /code/Chat/server.php HTTP/1.1" 200 813 "https://code/FicheClient/Bienvenue.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
::1 - - [27/Sep/2022:11:27:10 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:27:11 +0200] "GET /server-status?auto HTTP/1.1" 200 1408 "-" "-"
::1 - - [27/Sep/2022:11:27:12 +0200] "GET /server-status?auto HTTP/1.1" 200 1408 "-" "-"
::1 - - [27/Sep/2022:11:27:13 +0200] "GET /server-status?auto HTTP/1.1" 200 1402 "-" "-"
::1 - - [27/Sep/2022:11:27:14 +0200] "GET /server-status?auto HTTP/1.1" 200 1407 "-" "-"
::1 - - [27/Sep/2022:11:27:15 +0200] "GET /server-status?auto HTTP/1.1" 200 1404 "-" "-"
::1 - - [27/Sep/2022:11:27:16 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:17 +0200] "GET /server-status?auto HTTP/1.1" 200 1405 "-" "-"
::1 - - [27/Sep/2022:11:27:18 +0200] "GET /server-status?auto HTTP/1.1" 200 1398 "-" "-"
::1 - - [27/Sep/2022:11:27:19 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:20 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:21 +0200] "GET /server-status?auto HTTP/1.1" 200 1406 "-" "-"
::1 - - [27/Sep/2022:11:27:22 +0200] "GET /server-status?auto HTTP/1.1" 200 1371 "-" "-"
::1 - - [27/Sep/2022:11:27:23 +0200] "GET /server-status?auto HTTP/1.1" 200 1403 "-" "-"
::1 - - [27/Sep/2022:11:27:24 +0200] "GET /server-status?auto HTTP/1.1" 200 1409 "-" "-"
192.168.10.1 - - [27/Sep/2022:11:27:25 +0200] "GET /code/hal42/index.html?module=demande_production HTTP/1.1" 200 7513 "https:/code/FicheClient/Bienvenue.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
::1 - - [27/Sep/2022:11:27:25 +0200] "GET /server-status?auto HTTP/1.1" 200 1408 "-" "-"
192.168.10.1 - - [27/Sep/2022:11:27:25 +0200] "GET /code/api/S?id=11 HTTP/1.1" 200 723 "https://no-ip.org:8181/code/hal42/index.html?module=demande_production" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
192.168.10.1 - - [27/Sep/2022:11:27:25 +0200] "GET /code/api/ProdGraph_TypeProduction HTTP/1.1" 200 622 "https://.no-ip.org:8181/code/hal42/index.html?module=demande_production" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
192.168.10.1 - - [27/Sep/2022:11:27:25 +0200] "GET /code/api/enums/?url=enums&list=ProdGraphique HTTP/1.1" 200 39383 "https://.no-ip.org:8181/code/hal42/index.html?module=demande_production" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
192.168.10.1 - - [27/Sep/2022:11:27:25 +0200] "GET /code/api/ProdGraph_Magasin HTTP/1.1" 200 7844 "https://-ip.org:8181/code/hal42/index.html?module=demande_production" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
70,88 0%
from plaso.
joachimmetz
commented on August 21, 2024
Thanks I'll take a closer look when time permits
from plaso.
joachimmetz
commented on August 21, 2024
@AlexForensic what version of Plaso are you running?
log2timeline.py --parsers=text/apache_access access.log on my test machine with HEAD does not generate any of the extraction warnings you mention. Are you sure these section of the log generates the warnings for you?
from plaso.
Related Issues (20)
- Change winlnk parser to not generate distributed_link_tracking event data for duplicate identifier
- Add TeamViewer log parser HOT 1
- Image export: change default behavior to not export file system metadata files
- Windows shim databases produce spurious UTMP events HOT 1
- Replace Redis with Valkey
- Remove obsolete functionality
- acstore pre-release causing AttributeError: 'SQLiteStorageFile' object has no attribute '_CONTAINER_SCHEMA_TO_SQLITE_TYPE_MAPPINGS' HOT 9
- Remove indirect dependencies HOT 11
- Unable to use parser in event filter after version 20230717? HOT 3
- winevtx: unable to parse evtx files without dependency identifier and string integer and FILETIME values HOT 5
- Failed to parse bitlocker encrypted image, but success with same image mounted with bdemount
- Add support for MS HTTP Error logs HOT 1
- CI tests failing HOT 1
- Add support for Hadoop YARN timeline server logs HOT 1
- How to integrate plaso/log2timeline into an airflow container? HOT 1
- AttributeError: 'str' object has no attribute 'get' in DeserializeValue HOT 3
- IndexError: list index out of range in _GetNormalizedPath HOT 4
- Empty username causes TypeError: unsupported format string passed to NoneType.__format__ in debug log statement HOT 5
- Processing BSD full disk image HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from plaso.