:py:mod:`dissect.target.plugins.apps.webserver.citrix`
======================================================

.. py:module:: dissect.target.plugins.apps.webserver.citrix


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.webserver.citrix.CitrixWebserverPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.webserver.citrix.LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME
   dissect.target.plugins.apps.webserver.citrix.LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME_WITH_HEADERS


.. py:data:: LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME

   

.. py:data:: LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME_WITH_HEADERS

   

.. py:class:: CitrixWebserverPlugin(target: dissect.target.target.Target)


   Bases: :py:obj:`dissect.target.plugins.apps.webserver.apache.ApachePlugin`

   Apache log parsing plugin for Citrix specific logs.

   Citrix uses Apache with custom access log formats. These are::

       LogFormat "%{Citrix-ns-orig-srcip}i -> %{Citrix-ns-orig-destip}i %l %u %t [%P] "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "Time: %D microsecs"" combined_resptime_with_citrix_hdrs
       LogFormat "%a %l %u %t [%P] "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "Time: %D microsecs"" combined_resptime

   .. py:attribute:: __namespace__
      :value: 'citrix'

      

   .. py:attribute:: ACCESS_LOG_NAMES

      

   .. py:attribute:: ERROR_LOG_NAMES

      

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: infer_access_log_format(line: str) -> dissect.target.plugins.apps.webserver.apache.LogFormat
      :staticmethod:

      Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred.

      Three default log type examples from Apache (note that the ipv4 could also be ipv6)


      Combined::

          1.2.3.4 - - [19/Dec/2022:17:25:12 +0100] "GET / HTTP/1.1" 304 247 "-" "Mozilla/5.0
                      (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0
                      Safari/537.36"

      Common::

          1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] "GET / HTTP/1.1" 200 312

      vhost_combined::

          example.com:80 1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] "GET / HTTP/1.1" 200 312 "-"
          "Mozilla/5.0 (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko)
          Chrome/108.0.0.0 Safari/537.36"