dissect.etl.etl¶
Module Contents¶
Classes¶
The main interface when controlling an ETL file. |
|
Functions¶
Parse the event payload using the appropriate manifest, if available. |
Attributes¶
- dissect.etl.etl.c_etl¶
- class dissect.etl.etl.ETL(fh)¶
The main interface when controlling an ETL file.
- calculate_timestamp(time_delta: int) datetime.datetime¶
- get_filetime_for_event(time_delta: int) int¶
- class dissect.etl.etl.Buffer(etl, offset)¶
- property header¶
- property size: int¶
- property data: memoryview¶
- property data_offset: int¶
- property filled_bytes: int¶
- property next_buffer: int¶
- __iter__() Iterable[EventRecord]¶
- read_record(offset)¶
Parse a record from a given offset inside a buffer.
- open()¶
- class dissect.etl.etl.EventRecord¶
- property header: dissect.etl.headers.headers.Header¶
A header of the type Header
- property size: int¶
Size of the whole record.
- property aligned_size¶
- __slots__ = ('_header', '_event')¶
- __repr__()¶
Return repr(self).
- class dissect.etl.etl.Event(header: dissect.etl.headers.headers.Header, event_manifest)¶
- __slots__ = ['_record', '_manifest', '_struct', '_event', '_header']¶
- __getattr__(attribute: str)¶
- provider_name() str | None¶
Returns the manifest provider name.
- ts() datetime.datetime¶
Returns the event timestamp.
- provider_id() uuid.UUID¶
Returns the GUID of the provider from the header.
- symbol()¶
- event_values() dict[str, Any]¶
Create an items view that holds event and header data.
The header data is additional information provided from a specific header. The event data is from a specific manifest file if it exists.
- __repr__()¶
Return repr(self).
- dissect.etl.etl.parse_payload(header: dissect.etl.headers.headers.Header)¶
Parse the event payload using the appropriate manifest, if available.