truekonrads/dchplogs2timeline.py

## dchplogs2timeline.py
#!/usr/bin/env python
# Parse Windows DHCP logs and turn them into a timeline
# By Konrads Smelkovs (c) 2016
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 #    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 #    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
 # WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

import sqlite3
import os
import sys
import re
from datetime import datetime
import time
HEAD = "ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid."
conn = sqlite3.connect("dhcplogs.sqlite3")
conn.execute('''CREATE TABLE dhcplogs
             (  eventid int,
                datetime int,
                ip text,
                host text,
                mac text,
                user text,
                tid integer)''')
for (dirpath, dirnames, filenames) in os.walk(sys.argv[0]):
    dhcplogfiles = filter(lambda x: re.match("DhcpSrvLog-\w+\.log"), filenames)
    for fn in dhcplogfiles:
        fullfn = os.path.join(dirpath, fn)
        f = open(fullfn, "rb")
        pos = f.read(10240).indexOf("ID,Date")
        f.seek(pos)
        headerline = f.readline().strip()
        assert headline == HEAD, "Expected header, got ``{}''".format(
            headerline)
        print "[DD] Processing {}".format(fullfn)
        i = 0
        for line in f.xreadlines():
            i += 1
            row = line.split(",")
            d = datetime.strptime("{} {}", row[1], row[2])
            epoch = int(time.mktime(d.timetuple()))
            c.execute("insert into dhcplogs values(?,?,?,?,?,?,?)",
                      (row[0], epoch, row[4], row[5], row[6], row[7], row[8]))
        print "[DD] Processed {} rows".format(i)
	#!/usr/bin/env python
	# Parse Windows DHCP logs and turn them into a timeline
	# By Konrads Smelkovs (c) 2016
	# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
	# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
	# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
	# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
	# OF SUCH DAMAGE.

	import sqlite3
	import os
	import sys
	import re
	from datetime import datetime
	import time
	HEAD = "ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid."
	conn = sqlite3.connect("dhcplogs.sqlite3")
	conn.execute('''CREATE TABLE dhcplogs
	( eventid int,
	datetime int,
	ip text,
	host text,
	mac text,
	user text,
	tid integer)''')
	for (dirpath, dirnames, filenames) in os.walk(sys.argv[0]):
	dhcplogfiles = filter(lambda x: re.match("DhcpSrvLog-\w+\.log"), filenames)
	for fn in dhcplogfiles:
	fullfn = os.path.join(dirpath, fn)
	f = open(fullfn, "rb")
	pos = f.read(10240).indexOf("ID,Date")
	f.seek(pos)
	headerline = f.readline().strip()
	assert headline == HEAD, "Expected header, got ``{}''".format(
	headerline)
	print "[DD] Processing {}".format(fullfn)
	i = 0
	for line in f.xreadlines():
	i += 1
	row = line.split(",")
	d = datetime.strptime("{} {}", row[1], row[2])
	epoch = int(time.mktime(d.timetuple()))
	c.execute("insert into dhcplogs values(?,?,?,?,?,?,?)",
	(row[0], epoch, row[4], row[5], row[6], row[7], row[8]))
	print "[DD] Processed {} rows".format(i)