Merge pull request #898 from stark4n6/lava-output

Update sysShutdown
abrignoni · Oct 24, 2024 · 56e1bbb · 56e1bbb
2 parents 7c8475d + e4d5477
commit 56e1bbb
Showing 1 changed file with 31 additions and 18 deletions.
diff --git a/scripts/artifacts/sysShutdown.py b/scripts/artifacts/sysShutdown.py
@@ -1,5 +1,5 @@
 __artifacts_v2__ = {
-    "sysShutdown": {
+    "get_sysShutdown": {
         "name": "Sysdiagnose - Shutdown Log",
         "description": "Parses the shutdown.log file from Sysdiagnose logs, based off work by Kaspersky Lab https://github.com/KasperskyLab/iShutdown",
         "author": "@KevinPagano3",
@@ -9,6 +9,7 @@
         "category": "Sysdiagnose",
         "notes": "",
         "paths": ('*/shutdown.log'),
+        "output_types": "none", #["html","tsv","timeline","lava"]
         "function": "get_sysShutdown"
     }
 }
@@ -18,12 +19,15 @@
 import re
 
 from scripts.artifact_report import ArtifactHtmlReport
+from scripts.lavafuncs import lava_process_artifact, lava_insert_sqlite_data
 from scripts.ilapfuncs import logfunc, tsv, timeline, is_platform_windows, convert_ts_int_to_utc, convert_utc_human_to_timezone
 
 def get_sysShutdown(files_found, report_folder, seeker, wrap_text, time_offset):
 
     data_list_shutdown_log = []
     data_list_shutdown_reboot = []
+    category = "Sysdiagnose"
+    module_name = "get_sysShutdown"
 
     for file_found in files_found:
         file_found = str(file_found)
@@ -44,7 +48,6 @@ def get_sysShutdown(files_found, report_folder, seeker, wrap_text, time_offset):
                 sigterm_match = re.search(r'SIGTERM: \[(\d+)\]', line)
                 if sigterm_match:
                     timestamp = int(sigterm_match.group(1))
-                    #reboot_time = datetime.utcfromtimestamp(timestamp).strftime('%Y-%m-%d %H:%M:%S')
                     reboot_time = convert_utc_human_to_timezone(convert_ts_int_to_utc(timestamp),time_offset)
                     data_list_shutdown_reboot.append((reboot_time,reboots,file_found))
                     reboots += 1
@@ -57,19 +60,24 @@ def get_sysShutdown(files_found, report_folder, seeker, wrap_text, time_offset):
 
     # Shutdown Log Processes Report    
     if len(data_list_shutdown_log) > 0:
-        report = ArtifactHtmlReport('Sysdiagnose - Shutdown Log Processes')
-        report.start_artifact_report(report_folder, 'Sysdiagnose - Shutdown Log Processes')
-        report.add_script()
-        data_headers = ('Timestamp','Entry Number','PID','Path','Source File')
+        report1 = ArtifactHtmlReport('Sysdiagnose - Shutdown Log Processes')
+        report1.start_artifact_report(report_folder, 'Sysdiagnose - Shutdown Log Processes')
+        report1.add_script()
+        data_headers1 = ('Timestamp','Entry Number','PID','Path','Source File')
+        data_headers1_lava = (('Timestamp','datetime'),'Entry Number','PID','Path','Source File')
 
-        report.write_artifact_data_table(data_headers, data_list_shutdown_log, file_found)
-        report.end_artifact_report()
+        report1.write_artifact_data_table(data_headers1, data_list_shutdown_log, file_found)
+        report1.end_artifact_report()
+
+        tsv(report_folder, data_headers1, data_list_shutdown_log, 'Sysdiagnose - Shutdown Log Processes')
+
+        timeline(report_folder, 'Sysdiagnose - Shutdown Log Processes', data_list_shutdown_log, data_headers1)
 
-        tsvname = f'Sysdiagnose - Shutdown Log Processes'
-        tsv(report_folder, data_headers, data_list_shutdown_log, tsvname)
+        #data_headers1[0] = (data_headers1[0], 'datetime')
+
+        table_name1, object_columns1, column_map1 = lava_process_artifact(category, module_name, 'Sysdiagnose - Shutdown Log Processes', data_headers1_lava, len(data_list_shutdown_log))
+        lava_insert_sqlite_data(table_name1, data_list_shutdown_log, object_columns1, data_headers1_lava, column_map1)
 
-        tlactivity = f'Sysdiagnose - Shutdown Log Processes'
-        timeline(report_folder, tlactivity, data_list_shutdown_log, data_headers)
     else:
         logfunc('No Sysdiagnose - Shutdown Log Processes data available')
 
@@ -78,16 +86,21 @@ def get_sysShutdown(files_found, report_folder, seeker, wrap_text, time_offset):
         report = ArtifactHtmlReport('Sysdiagnose - Shutdown Log Reboots')
         report.start_artifact_report(report_folder, 'Sysdiagnose - Shutdown Log Reboots')
         report.add_script()
-        data_headers = ('Timestamp','Reboot Number','Source File')
+        data_headers2 = ('Timestamp','Reboot Number','Source File')
+        data_headers2_lava = (('Timestamp','datetime'),'Reboot Number','Source File')
 
-        report.write_artifact_data_table(data_headers, data_list_shutdown_reboot, file_found)
+        report.write_artifact_data_table(data_headers2, data_list_shutdown_reboot, file_found)
         report.end_artifact_report()
 
-        tsvname = f'Sysdiagnose - Shutdown Log Reboots'
-        tsv(report_folder, data_headers, data_list_shutdown_reboot, tsvname)
+        tsv(report_folder, data_headers2, data_list_shutdown_reboot, 'Sysdiagnose - Shutdown Log Reboots')
+
+        timeline(report_folder, 'Sysdiagnose - Shutdown Log Reboots', data_list_shutdown_reboot, data_headers2)
+
+        #data_headers2[0] = (data_headers2[0], 'datetime')
+
+        table_name2, object_columns2, column_map2 = lava_process_artifact(category, module_name, 'Sysdiagnose - Shutdown Log Reboots', data_headers2_lava, len(data_list_shutdown_reboot))
+        lava_insert_sqlite_data(table_name2, data_list_shutdown_reboot, object_columns2, data_headers2_lava, column_map2)
 
-        tlactivity = f'Sysdiagnose - Shutdown Log Reboots'
-        timeline(report_folder, tlactivity, data_list_shutdown_reboot, data_headers)
     else:
         logfunc('No Sysdiagnose - Shutdown Log Reboots data available')