Skip to content

Commit

Permalink
version v0.26.0
Browse files Browse the repository at this point in the history
  • Loading branch information
cuhsat committed Jun 8, 2024
1 parent bb89b4a commit 31e17c3
Show file tree
Hide file tree
Showing 7 changed files with 182 additions and 280 deletions.
74 changes: 0 additions & 74 deletions cmd/flog.evtx/main.go

This file was deleted.

30 changes: 13 additions & 17 deletions cmd/flog/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// Usage:
//
// flog [-pqhv] [-D DIRECTORY] [FILE ...]
// flog [-pqhv] [-D DIR] [FILE ...]
//
// The flags are:
//
Expand All @@ -20,13 +20,14 @@
// The arguments are:
//
// file
// The artifact file(s) to process.
// The event log file(s) to process.
// Defaults to STDIN if not given.
package main

import (
"flag"
"io"
"path/filepath"

"github.com/cuhsat/fact/internal/fact"
"github.com/cuhsat/fact/internal/sys"
Expand All @@ -51,28 +52,23 @@ func main() {
}

if *h || len(files) == 0 {
sys.Usage("flog [-pqhv] [-D DIRECTORY] [FILE ...]")
}

args := make([]string, 0)

if len(*D) > 0 {
args = append(args, "-D", *D)
}

if *p {
args = append(args, "-p")
sys.Usage("flog [-pqhv] [-D DIR] [FILE ...]")
}

if *q {
args = append(args, "-q")
sys.Progress = nil
}

g := new(errgroup.Group)

g.Go(func() error {
return flog.Evtx(files, args)
})
for _, f := range files {
if filepath.Ext(f) == flog.Evtx {
g.Go(func() (err error) {
_, err = flog.LogEvent(f, *D, *p)
return
})
}
}

if err := g.Wait(); err != nil {
sys.Fatal(err)
Expand Down
61 changes: 61 additions & 0 deletions internal/flog/evtx.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
// Evtx functions.
package flog

import (
"os"
"path/filepath"

"github.com/cuhsat/fact/internal/fact/ez"
"github.com/cuhsat/fact/internal/sys"
)

func ImportEvent(src, dir string) (lines []string, err error) {
log, err := evtxecmd(src, src+".json", dir)

if err != nil {
return
}

lines, err = ReadLines(log)

if err != nil {
return
}

err = os.Remove(log)

return
}

func ExportEvent(b []byte, dst string) (err error) {
f, err := os.Create(dst)

if err != nil {
return
}

_, err = f.Write(b)

f.Close()

return
}

func evtxecmd(src, dst, dir string) (log string, err error) {
asm, err := ez.Path("EvtxECmd.dll")

if err != nil {
return
}

if len(dir) == 0 {
dir = filepath.Dir(dst)
}

dst = filepath.Base(dst)
log = filepath.Join(dir, dst)

_, err = sys.StdCall("dotnet", asm, "-f", src, "--fj", "--json", dir, "--jsonf", dst)

return
}
118 changes: 0 additions & 118 deletions pkg/flog/evtx/evtx.go

This file was deleted.

63 changes: 0 additions & 63 deletions pkg/flog/evtx/evtx_test.go

This file was deleted.

Loading

0 comments on commit 31e17c3

Please sign in to comment.