:py:mod:`dissect.target.plugins.os.unix.log.messages` ===================================================== .. py:module:: dissect.target.plugins.os.unix.log.messages Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.log.messages.MessagesPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.unix.log.messages.MessagesRecord dissect.target.plugins.os.unix.log.messages.DEFAULT_TS_LOG_FORMAT dissect.target.plugins.os.unix.log.messages.RE_CLOUD_INIT_LINE .. py:data:: MessagesRecord .. py:data:: DEFAULT_TS_LOG_FORMAT :value: '%b %d %H:%M:%S' .. py:data:: RE_CLOUD_INIT_LINE .. py:class:: MessagesPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Unix messages log plugin. .. py:attribute:: log_files .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an :class:`UnsupportedPluginError`. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: messages() -> collections.abc.Iterator[MessagesRecord] Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs. Due to year rollover detection, the log contents could be returned in reversed or mixed chronological order. The messages log file holds information about a variety of events such as the system error messages, system startups and shutdowns, change in the network configuration, etc. Aims to store valuable, non-debug and non-critical messages. This log should be considered the "general system activity" log. .. rubric:: References - https://geek-university.com/linux/var-log-messages-file/ - https://www.geeksforgeeks.org/file-timestamps-mtime-ctime-and-atime-in-linux/ - https://cloudinit.readthedocs.io/en/latest/development/logging.html#logging-command-output