dissect.target.plugins.apps.webservers.apache
#
Module Contents#
Classes#
Generic enumeration. |
|
Apache log parsing plugin. |
Functions#
Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred. |
Attributes#
- dissect.target.plugins.apps.webservers.apache.COMMON_REGEX = '(?P<remote_ip>.*?) (?P<remote_logname>.*?) (?P<remote_user>.*?) \\[(?P<ts>.*)\\] "(?P<method>.*?)...'#
- dissect.target.plugins.apps.webservers.apache.REFERER_USER_AGENT_REGEX = '"(?P<referer>.*?)" "(?P<useragent>.*?)"'#
- class dissect.target.plugins.apps.webservers.apache.LogFormat#
Bases:
enum.Enum
Generic enumeration.
Derive from this class to define new enumerations.
- VHOST_COMBINED#
- COMBINED#
- COMMON#
- dissect.target.plugins.apps.webservers.apache.infer_log_format(line: str) LogFormat | None #
Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred.
- Three default log type examples from Apache (note that the ipv4 could also be ipv6)::
- combined = ‘1.2.3.4 - - [19/Dec/2022:17:25:12 +0100] “GET / HTTP/1.1” 304 247 “-” “Mozilla/5.0
(Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36”’
common = ‘1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] “GET / HTTP/1.1” 200 312’ vhost_combined = ‘example.com:80 1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] “GET / HTTP/1.1” 200 312 “-”
“Mozilla/5.0 (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36”’
- class dissect.target.plugins.apps.webservers.apache.ApachePlugin(target: dissect.target.target.Target)#
Bases:
dissect.target.plugin.Plugin
Apache log parsing plugin.
- Apache has three default log formats, which this plugin can all parse automatically. These are::
LogFormat “%v:%p %h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” vhost_combined LogFormat “%h %l %u %t “%r” %>s %O “%{Referer}i” “%{User-Agent}i”” combined LogFormat “%h %l %u %t “%r” %>s %O” common
For the definitions of each format string, see https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
- __namespace__ = 'apache'#
- check_compatible() bool #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- get_log_paths() list[pathlib.Path] #
Discover any present Apache log paths on the target system.
References
- access() Iterator[dissect.target.plugins.apps.webservers.webservers.WebserverAccessLogRecord] #
Return contents of Apache access log files in unified WebserverAccessLogRecord format.