dissect.target.plugins.os.unix.log.messages

Module Contents

Classes

MessagesPlugin

Unix messages log plugin.

Attributes

MessagesRecord
DEFAULT_TS_LOG_FORMAT
RE_CLOUD_INIT_LINE

dissect.target.plugins.os.unix.log.messages.MessagesRecord

dissect.target.plugins.os.unix.log.messages.DEFAULT_TS_LOG_FORMAT = '%b %d %H:%M:%S'

dissect.target.plugins.os.unix.log.messages.RE_CLOUD_INIT_LINE

class dissect.target.plugins.os.unix.log.messages.MessagesPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Unix messages log plugin.

log_files

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

messages() → Iterator[MessagesRecord]

Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs.

Due to year rollover detection, the log contents could be returned in reversed or mixed chronological order.

The messages log file holds information about a variety of events such as the system error messages, system startups and shutdowns, change in the network configuration, etc. Aims to store valuable, non-debug and non-critical messages. This log should be considered the “general system activity” log.

References

• https://geek-university.com/linux/var-log-messages-file/

• https://www.geeksforgeeks.org/file-timestamps-mtime-ctime-and-atime-in-linux/

• https://cloudinit.readthedocs.io/en/latest/development/logging.html#logging-command-output