dissect.target.plugins.apps.webserver.citrix¶
Module Contents¶
Classes¶
Apache log parsing plugin for Citrix specific logs. |
Attributes¶
- dissect.target.plugins.apps.webserver.citrix.LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME¶
- dissect.target.plugins.apps.webserver.citrix.LOG_FORMAT_CITRIX_NETSCALER_ACCESS_COMBINED_RESPONSE_TIME_WITH_HEADERS¶
- class dissect.target.plugins.apps.webserver.citrix.CitrixWebserverPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugins.apps.webserver.apache.ApachePluginApache log parsing plugin for Citrix specific logs.
Citrix uses Apache with custom access log formats. These are:
LogFormat "%{Citrix-ns-orig-srcip}i -> %{Citrix-ns-orig-destip}i %l %u %t [%P] "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "Time: %D microsecs"" combined_resptime_with_citrix_hdrs LogFormat "%a %l %u %t [%P] "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "Time: %D microsecs"" combined_resptime
- __namespace__ = 'citrix'¶
- ACCESS_LOG_NAMES¶
- ERROR_LOG_NAMES¶
- check_compatible() None¶
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- static infer_access_log_format(line: str) dissect.target.plugins.apps.webserver.apache.LogFormat¶
Attempt to infer what standard LogFormat is used. Returns None if no known format can be inferred.
Three default log type examples from Apache (note that the ipv4 could also be ipv6)
Combined:
1.2.3.4 - - [19/Dec/2022:17:25:12 +0100] "GET / HTTP/1.1" 304 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
Common:
1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] "GET / HTTP/1.1" 200 312
vhost_combined:
example.com:80 1.2.3.4 - - [19/Dec/2022:17:25:40 +0100] "GET / HTTP/1.1" 200 312 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64); AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"