diff --git a/dissect/target/plugins/os/unix/log/messages.py b/dissect/target/plugins/os/unix/log/messages.py index d739145dd..8a32ff83c 100644 --- a/dissect/target/plugins/os/unix/log/messages.py +++ b/dissect/target/plugins/os/unix/log/messages.py @@ -6,7 +6,7 @@ from dissect.target.exceptions import UnsupportedPluginError from dissect.target.helpers.record import TargetRecordDescriptor from dissect.target.helpers.utils import year_rollover_helper -from dissect.target.plugin import Plugin, export +from dissect.target.plugin import Plugin, alias, export MessagesRecord = TargetRecordDescriptor( "linux/log/messages", @@ -24,7 +24,9 @@ RE_DAEMON = re.compile(r"^[^:]+:\d+:\d+[^\[\]:]+\s([^\[:]+)[\[|:]{1}") RE_PID = re.compile(r"\w\[(\d+)\]") RE_MSG = re.compile(r"[^:]+:\d+:\d+[^:]+:\s(.*)$") -RE_CLOUD_INIT_LINE = re.compile(r"(?P.*) - (?P.*)\[(?P\w+)\]\: (?P.*)$") +RE_CLOUD_INIT_LINE = re.compile( + r"^(?P\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) - (?P.*)\[(?P\w+)\]\: (?P.*)$" +) class MessagesPlugin(Plugin): @@ -43,19 +45,12 @@ def check_compatible(self) -> None: if not self.log_files: raise UnsupportedPluginError("No log files found") - @export(record=MessagesRecord) - def syslog(self) -> Iterator[MessagesRecord]: - """Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs. - - See ``messages`` for more information. - """ - return self.messages() - + @alias("syslog") @export(record=MessagesRecord) def messages(self) -> Iterator[MessagesRecord]: """Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs. - Note: due to year rollover detection, the contents of the files are returned in reverse. + Due to year rollover detection, the contents of the files are returned in reverse. The messages log file holds information about a variety of events such as the system error messages, system startups and shutdowns, change in the network configuration, etc. Aims to store valuable, non-debug and