Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chained block reads #14

Open
jtmoon79 opened this issue Aug 8, 2022 · 2 comments
Open

chained block reads #14

jtmoon79 opened this issue Aug 8, 2022 · 2 comments
Labels
difficult A difficult problem; a major coding effort or difficult algorithm to perfect enhancement New feature or request

Comments

@jtmoon79
Copy link
Owner

jtmoon79 commented Aug 8, 2022
edited
Loading

Problem

Currently, only one "depth" of compressed or archived file is supported.
e.g. can read syslog stored in logs.tar. Cannot read syslog.gz in logs.tar, nor logs.tar stored in logs.tar.xz.
e.g. can read syslog stored in syslog.gz. Cannot read syslog.gz stored in syslog.gz.xz. Cannot read a the special gzip+tar file logs.tgz.

Related, only plain text files are extractable from compressed files or archived files. EVTX, Journal files, and utmp files stored as a compressed or archived file are not readable. See FileType

Solution

Refactor BlockReader reading to handle arbitrary "chains" of reads for text files and UTMPX files.

Currently, JournalReader reads Journal files using libsystemd calls for reading. BlockReader is not used by the JournalReader. Processing Journal files that are compressed or archived are outside the scope of this issue.

Currently, EvtxReader reads EVTX files using EvtxParser. BlockReader is not used by the EvtxReader. Processing EVTX files that are compressed or archived are outside the scope of this issue.

Relates to Issue #7.
@jtmoon79 jtmoon79 added the enhancement New feature or request label Aug 8, 2022
@jtmoon79
Copy link
Owner Author

jtmoon79 commented Aug 8, 2022

This is a decent amount of work. Additionally, if done well enough, it could be it's own separate rust library.

jtmoon79 added a commit that referenced this issue Aug 9, 2022
@jtmoon79
common.rs NFC comment improvements, connect Issues
1755c3b 
connect Issues via comments and this commit message.

Issue #18
Issue #16
Issue #14
Issue #7
@jtmoon79 jtmoon79 changed the title refactor chained block reads chained block reads Oct 4, 2022
@jtmoon79
Copy link
Owner Author

jtmoon79 commented Oct 4, 2022

Also touches Issue #13

@jtmoon79 jtmoon79 added the difficult A difficult problem; a major coding effort or difficult algorithm to perfect label Apr 29, 2023
@jtmoon79 jtmoon79 mentioned this issue Jul 12, 2023
Open
@jtmoon79 jtmoon79 mentioned this issue Aug 29, 2023
Open
This was referenced Apr 20, 2024
Closed
Closed
jtmoon79 added a commit that referenced this issue May 4, 2024
@jtmoon79
filepreprocessor.rs refactor process_path_tar
2c70ee3 
Refactor process_path_tar to be more predictable, and to notify about
unsupported archive in archive files (log.xz with logs.tar).

Issue #7
Issue #14
Issue #16
Issue #285
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
difficult A difficult problem; a major coding effort or difficult algorithm to perfect enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jtmoon79