dissect.target.plugins.os.windows.log.intunemanagementextension

Module Contents

Classes

IntuneManagementExtensionLogParserPlugin

Parse Microsoft Intune Management Extension logs (including rotated logs).

Attributes

IntuneManagementExtensionLogRecord
LOG_PATTERN

dissect.target.plugins.os.windows.log.intunemanagementextension.IntuneManagementExtensionLogRecord

dissect.target.plugins.os.windows.log.intunemanagementextension.LOG_PATTERN

class dissect.target.plugins.os.windows.log.intunemanagementextension.IntuneManagementExtensionLogParserPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Parse Microsoft Intune Management Extension logs (including rotated logs).

This plugin processes both the primary IntuneManagementExtension.log file and any timestamped rotated versions (e.g. IntuneManagementExtension-20251009-135155.log).

Each parsed entry includes metadata such as timestamp, log type, thread ID, component name, and message content.

LOG_DIR = 'sysvol/ProgramData/Microsoft/IntuneManagementExtension/Logs'

check_compatible() → None

Verify that the Intune Management Extension logs exist in the target.

Raises:

UnsupportedPluginError – If the log directory or log files are missing.

intunemanagementextension() → collections.abc.Iterator[IntuneManagementExtensionLogRecord]

Parse Intune Management Extension log files.

Yields:

IntuneManagementExtensionLogRecord – One record per parsed log line.