dissect.target.plugins.apps.webservers.iis
#
Module Contents#
Classes#
IIS 7 (and above) logs plugin. |
Functions#
Replace "-" placeholder in dict values with None |
|
Replace all character that are not allowed in the field name by flow.record |
Attributes#
- dissect.target.plugins.apps.webservers.iis.LOG_RECORD_NAME = 'filesystem/windows/iis/logs'#
- dissect.target.plugins.apps.webservers.iis.BASIC_RECORD_FIELDS = [('datetime', 'ts'), ('net.ipaddress', 'client_ip'), ('net.ipaddress', 'server_ip'), ('string',...#
- dissect.target.plugins.apps.webservers.iis.BasicRecordDescriptor#
- dissect.target.plugins.apps.webservers.iis.FIELD_NAME_INVALID_CHARS_RE#
- class dissect.target.plugins.apps.webservers.iis.IISLogsPlugin(target)#
Bases:
dissect.target.plugin.Plugin
IIS 7 (and above) logs plugin.
References
- APPLICATION_HOST_CONFIG = 'sysvol/windows/system32/inetsrv/config/applicationHost.config'#
- __namespace__ = 'iis'#
- check_compatible() None #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- get_log_dirs() list[tuple[str, str]] #
- iter_log_format_path_pairs() list[tuple[str, str]] #
- parse_autodetect_format_log(path: pathlib.Path) Iterator[BasicRecordDescriptor] #
- parse_iis_format_log(path: pathlib.Path) Iterator[BasicRecordDescriptor] #
Parse log file in IIS format and stream log records.
This format is not the default IIS log format.
References
- parse_w3c_format_log(path: pathlib.Path) Iterator[dissect.target.helpers.record.TargetRecordDescriptor] #
Parse log file in W3C format and stream log records.
This is the default logging format for IIS [^3].
References
- iter_log_paths(log_dir: str) Iterator[pathlib.Path] #
- logs() Iterator[dissect.target.helpers.record.TargetRecordDescriptor] #
Return contents of IIS (v7 and above) log files.
Internet Information Services (IIS) for Windows Server is a manageable web server for hosting anything on the web. Logs files might, for example, contain traces that indicate that the web server has been exploited. Supported log formats: IIS, W3C.
- access() Iterator[dissect.target.plugins.apps.webservers.webservers.WebserverAccessLogRecord] #
Return contents of IIS (v7 and above) log files in unified WebserverAccessLogRecord format.
See function
iis.logs
for more information and more verbose IIS records.
- dissect.target.plugins.apps.webservers.iis.replace_dash_with_none(data: dict) dict #
Replace “-” placeholder in dict values with None
- dissect.target.plugins.apps.webservers.iis.normalise_field_name(field: str) str #
Replace all character that are not allowed in the field name by flow.record with _, and strip all hanging _ from start / end of the string.