fix: multilinelog, timeliner fix timezone issue

EC-DIGIT-CSIRC · Jun 13, 2024 · 08a1d02 · 08a1d02
1 parent 8979376
commit 08a1d02
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 11 deletions.
diff --git a/analysers/timeliner.py b/analysers/timeliner.py
@@ -244,7 +244,8 @@ def __extract_ts_wifi_known_networks(case_folder: str) -> Generator[dict, None,
                 ssid = item['SSID']
                 # WIFI added
                 try:
-                    added = datetime.strptime(item['AddedAt'], '%Y-%m-%d %H:%M:%S.%f', tz=timezone.utc)
+                    added = datetime.strptime(item['AddedAt'], '%Y-%m-%d %H:%M:%S.%f')
+                    added = added.replace(tzinfo=timezone.utc)
                     ts_event = {
                         'message': 'WIFI %s added' % ssid,
                         'timestamp': added.timestamp(),
@@ -260,7 +261,8 @@ def __extract_ts_wifi_known_networks(case_folder: str) -> Generator[dict, None,
 
                 # WIFI modified
                 try:
-                    updated = datetime.strptime(item['UpdatedAt'], '%Y-%m-%d %H:%M:%S.%f', tz=timezone.utc)
+                    updated = datetime.strptime(item['UpdatedAt'], '%Y-%m-%d %H:%M:%S.%f')
+                    updated = updated.replace(tzinfo=timezone.utc)
                     ts_event = {
                         'message': 'WIFI %s added' % updated,
                         'timestamp': updated.timestamp(),
@@ -276,7 +278,8 @@ def __extract_ts_wifi_known_networks(case_folder: str) -> Generator[dict, None,
 
                 # Password for wifi modified
                 try:
-                    modified_password = datetime.strptime(item['__OSSpecific__']['WiFiNetworkPasswordModificationDate'], '%Y-%m-%d %H:%M:%S.%f', tz=timezone.utc)
+                    modified_password = datetime.strptime(item['__OSSpecific__']['WiFiNetworkPasswordModificationDate'], '%Y-%m-%d %H:%M:%S.%f')
+                    modified_password = modified_password.replace(tzinfo=timezone.utc)
                     ts_event = {
                         'message': 'Password for WIFI %s modified' % ssid,
                         'timestamp': modified_password.timestamp(),
@@ -301,6 +304,8 @@ def analyse_path(case_folder: str, output_file: str = 'timeliner.jsonl') -> bool
         with open(output_file, 'w') as f:
             for func in globals():
                 if func.startswith('__extract_ts_'):
+                    if func != '__extract_ts_mobileactivation':
+                        continue
                     for event in globals()[func](case_folder):  # call the function
                         line = json.dumps(event)
                         f.write(line)

diff --git a/utils/multilinelog.py b/utils/multilinelog.py
@@ -1,7 +1,7 @@
 import re
 import io
 import utils.misc as misc
-from datetime import datetime
+from datetime import datetime, timezone
 
 
 def extract_from_file(fname):
@@ -74,13 +74,11 @@ def build_from_logentry(line):
     # timestamp
     timeregex = re.search(r"(?<=^)(.*?)(?= \[[0-9]+)", line)  # Regex for timestamp
     if timeregex:
-        timestamp = timeregex.group(1)
-        weekday, month, day, time, year = (str.split(timestamp[:24]))
-        day = day_converter(day)
-        month = month_converter(month)
-        timestamp = datetime.fromisoformat(f"{year}-{month}-{day}T{time}Z")
-        entry['timestamp'] = float(timestamp.timestamp())
-        entry['datetime'] = timestamp.strftime("%Y-%m-%dT%H:%M:%S+00:00")
+        timestamp_str = timeregex.group(1)
+        timestamp = datetime.strptime(timestamp_str, "%a %b %d %H:%M:%S %Y")
+        timestamp = timestamp.replace(tzinfo=timezone.utc)
+        entry['timestamp'] = timestamp.timestamp()
+        entry['datetime'] = timestamp.isoformat()
 
         # log level
         loglevelregex = re.search(r"\<(.*?)\>", line)