dissect.target.plugins.apps.webservers.apache#

Module Contents#

Classes#

LogFormat

Generic enumeration.

ApachePlugin

Apache log parsing plugin.

Functions#

infer_log_format

Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred.

Attributes#

dissect.target.plugins.apps.webservers.apache.COMMON_REGEX = '(?P<remote_ip>.*?) (?P<remote_logname>.*?) (?P<remote_user>.*?) \\[(?P<ts>.*)\\] "(?P<method>.*?)...'#
dissect.target.plugins.apps.webservers.apache.REFERER_USER_AGENT_REGEX = '"(?P<referer>.*?)" "(?P<useragent>.*?)"'#
class dissect.target.plugins.apps.webservers.apache.LogFormat#

Bases: enum.Enum

Generic enumeration.

Derive from this class to define new enumerations.

VHOST_COMBINED#
COMBINED#
COMMON#
dissect.target.plugins.apps.webservers.apache.infer_log_format(line: str) LogFormat | None#

Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred.

Three default log type examples from Apache (note that the ipv4 could also be ipv6)::
combined = ‘1.2.3.4 - - [19/Dec/2022:17:25:12 +0100] “GET / HTTP/1.1” 304 247 “-” “Mozilla/5.0

(Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36”’

common = ‘1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] “GET / HTTP/1.1” 200 312’ vhost_combined = ‘example.com:80 1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] “GET / HTTP/1.1” 200 312 “-”

“Mozilla/5.0 (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36”’

class dissect.target.plugins.apps.webservers.apache.ApachePlugin(target: dissect.target.target.Target)#

Bases: dissect.target.plugin.Plugin

Apache log parsing plugin.

Apache has three default log formats, which this plugin can all parse automatically. These are::

LogFormat “%v:%p %h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” vhost_combined LogFormat “%h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” combined LogFormat “%h %l %u %t “%r” %>s %O” common

For the definitions of each format string, see https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats

__namespace__ = 'apache'#
check_compatible() bool#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

get_log_paths() list[pathlib.Path]#

Discover any present Apache log paths on the target system.

References

access() Iterator[dissect.target.plugins.apps.webservers.webservers.WebserverAccessLogRecord]#

Return contents of Apache access log files in unified WebserverAccessLogRecord format.