Comments on: log2timeline updated http://blog.kiddaland.net/2010/03/log2timeline-updated-2/ Some useless talk mixed with hopefully interesting points every now and then Mon, 30 Aug 2010 00:38:37 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: kiddi http://blog.kiddaland.net/2010/03/log2timeline-updated-2/comment-page-1/#comment-2646 kiddi Fri, 12 Mar 2010 18:40:05 +0000 http://blog.kiddaland.net/?p=226#comment-2646 Hi, thank you for this comment, I've added it in my code already. The log files that I had in my hands had the 03 notion for month that was earlier than October, so obviously they can "swing" both ways Hi,
thank you for this comment, I’ve added it in my code already. The log files that I had in my hands had the 03 notion for month that was earlier than October, so obviously they can “swing” both ways

]]> By: Paul Bobby http://blog.kiddaland.net/2010/03/log2timeline-updated-2/comment-page-1/#comment-2640 Paul Bobby Fri, 12 Mar 2010 15:52:53 +0000 http://blog.kiddaland.net/?p=226#comment-2640 I changed line 697 to if( $words[0] =~ m/d{1,2}/d{1,2}/d{4}/ ) the month field can be 1 or 2 characters also I changed line 697 to

if( $words[0] =~ m/d{1,2}/d{1,2}/d{4}/ )

the month field can be 1 or 2 characters also

]]> By: Paul Bobby http://blog.kiddaland.net/2010/03/log2timeline-updated-2/comment-page-1/#comment-2603 Paul Bobby Thu, 11 Mar 2010 20:07:27 +0000 http://blog.kiddaland.net/?p=226#comment-2603 When running log2timeline with the mcafee option I get the following: pbobby@ubuntu:~/Documents/log2timeline$ log2timeline -z US/Eastern -f mcafee ./fred/AccessProtectionLog.txt Start processing file/dir [./fred/AccessProtectionLog.txt] ... Loading output file: mactime Starting to parse file using format: [mcafee] This is a plugin of unkown origin. It parses a log file and contains no requirements or any other relevant options or possibilites, use with care... ------------------------ File ./fred/AccessProtectionLog.txt is not of the right format. Error given from format file: The date field is not correctly formed(10/4/2009) ------------------------ Usage: log2timeline [OPTIONS] -f FORMAT LOG_FILE/LOG_DIR [--] [FORMAT FILE OPTIONS] pbobby@ubuntu:~/Documents/log2timeline$ When running log2timeline with the mcafee option I get the following:

pbobby@ubuntu:~/Documents/log2timeline$ log2timeline -z US/Eastern -f mcafee ./fred/AccessProtectionLog.txt
Start processing file/dir [./fred/AccessProtectionLog.txt] …
Loading output file: mactime
Starting to parse file using format: [mcafee]
This is a plugin of unkown origin. It parses a log file and contains no requirements or
any other relevant options or possibilites, use with care…
————————

File ./fred/AccessProtectionLog.txt is not of the right format.
Error given from format file: The date field is not correctly formed(10/4/2009)

————————

Usage:
log2timeline [OPTIONS] -f FORMAT LOG_FILE/LOG_DIR [--] [FORMAT FILE
OPTIONS]

pbobby@ubuntu:~/Documents/log2timeline$

]]> By: Paul Bobby http://blog.kiddaland.net/2010/03/log2timeline-updated-2/comment-page-1/#comment-2602 Paul Bobby Thu, 11 Mar 2010 20:06:43 +0000 http://blog.kiddaland.net/?p=226#comment-2602 Here's the first line of my AP log file. 10/4/2009 7:36:10 PM Would be blocked by port blocking rule (rule is currently not enforced) C:Documents and SettingspbobbyLocal SettingsApplication DataGoogleChromeApplicationchrome.exe Common Maximum Protection:Prevent HTTP communication 8.5.0.232:80 Here’s the first line of my AP log file.

10/4/2009 7:36:10 PM Would be blocked by port blocking rule (rule is currently not enforced) C:Documents and SettingspbobbyLocal SettingsApplication DataGoogleChromeApplicationchrome.exe Common Maximum Protection:Prevent HTTP communication 8.5.0.232:80

]]> By: John Jarvis http://blog.kiddaland.net/2010/03/log2timeline-updated-2/comment-page-1/#comment-2519 John Jarvis Sat, 06 Mar 2010 16:46:30 +0000 http://blog.kiddaland.net/?p=226#comment-2519 Great news about its inclusion in the next version of SIFT. Thanks for this, Kristinn; great tool! Great news about its inclusion in the next version of SIFT. Thanks for this, Kristinn; great tool!

]]>