Linux Auth.log

33 views

Skip to first unread message

Markus Bauer

unread,

Oct 29, 2021, 6:59:01 PM10/29/21

to log2timeline-discuss

Hello,

I discovered log2timeline recently and really like it but I discovered that I was not able to find a shell-session opened by www-data in the timeline and when I checked the logs I found the evidence in the auth.log

Is there a reason log2timeline do not parse that file?

Joachim Metz

unread,

Oct 30, 2021, 12:38:38 AM10/30/21

to Markus Bauer, log2timeline-discuss

Markus, there are many formats that Plaso log2timeline does not support

https://github.com/log2timeline/plaso/issues?q=is%3Aissue+is%3Aopen+label%3Aparsers+label%3Aenhancement

If you want format support here is how you can help

1. collect / create test data that can be shared, preferable test data that represents the necessary edge cases

2. document the format, including the edge cases and common corruption cases

3. write the parse and submit a PR to the project

--
You received this message because you are subscribed to the Google Groups "log2timeline-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to log2timeline-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/log2timeline-discuss/25b16b35-e07c-4823-87ed-d8845e237728n%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages