dissect.etl.etl¶
Module Contents¶
Classes¶
The main interface when controlling an ETL file. |
|
Functions¶
Parse the event payload using the appropriate manifest, if available. |
- class dissect.etl.etl.ETL(fh: BinaryIO)¶
The main interface when controlling an ETL file.
- fh¶
- buffer_header = None¶
- logfile_header¶
- pointer_size¶
- is_64bit¶
- start_time¶
- buffer_size¶
- start¶
- end¶
- calculate_timestamp(time_delta: int) datetime.datetime¶
- get_filetime_for_event(time_delta: int) int¶
- class dissect.etl.etl.Buffer(etl: ETL, offset: int)¶
- fh¶
- etl¶
- offset¶
- property header: dissect.etl.c_etl.c_etl.BufferHeader¶
- property size: int¶
- property data: memoryview¶
- property data_offset: int¶
- property filled_bytes: int¶
- property next_buffer: int¶
- __iter__() collections.abc.Iterator[EventRecord]¶
- read_record(offset: int) EventRecord¶
Parse a record from a given offset inside a buffer.
- open() BinaryIO¶
- class dissect.etl.etl.EventRecord¶
- __slots__ = ('_event', '_header')¶
- property header: dissect.etl.headers.headers.Header¶
A header of the type Header
- property size: int¶
Size of the whole record.
- property aligned_size: int¶
- __repr__() str¶
- class dissect.etl.etl.Event(header: dissect.etl.headers.headers.Header, event_manifest: types.ModuleType)¶
- __slots__ = ['_event', '_header', '_manifest', '_record', '_struct']¶
- __getattr__(attribute: str) Any¶
- provider_name() str | None¶
Returns the manifest provider name.
- ts() datetime.datetime¶
Returns the event timestamp.
- provider_id() uuid.UUID¶
Returns the GUID of the provider from the header.
- symbol() str | None¶
- event_values() dict[str, Any]¶
Create an items view that holds event and header data.
The header data is additional information provided from a specific header. The event data is from a specific manifest file if it exists.
- __repr__() str¶
- dissect.etl.etl.parse_payload(header: dissect.etl.headers.headers.Header) Event¶
Parse the event payload using the appropriate manifest, if available.