sysdiagnose icon indicating copy to clipboard operation
sysdiagnose copied to clipboard
verified publisher icon EC-DIGIT-CSIRC

sysdiagnose-logarchive.py+33 : implementation missing

Open aaronkaplan opened this issue 2 years ago • 3 comments

Need to implement the export and parsing via httsp://github.com/ydkhatri/UnifiedLogReader. The UnifiedLogReader has a different format than the OS X /usr/bin/log show command.

aaronkaplan avatar Apr 13 '23 08:04 aaronkaplan

I believe this is now done in commit be65b6e4a084c659978950dc9c138dba17b5f7cc

cvandeplas avatar Apr 25 '24 13:04 cvandeplas

I'll test it further once I have access to a mac

cvandeplas avatar Apr 25 '24 13:04 cvandeplas

thanks

aaronkaplan avatar Apr 26 '24 09:04 aaronkaplan

I believe this is now done in commit be65b6e

correction: since that commit there is support for the unifiedlogreader, but the formats are still very different. I'll have a look if it's possible to unify it in a way.

cvandeplas avatar Jun 05 '24 06:06 cvandeplas

unification at source is maybe not the best, as we'd need to re-process all the log files. However, this can be caught by a library. In PR #64 I've added the convert_entry_to_unifiedlog_format() function in parsers/logarchive.py to convert the apple format into unifiedlog_json. Later we could consider a more transparent library (a LogarchiveReader perhaps?

cvandeplas avatar Jun 16 '24 05:06 cvandeplas

finally implemented it as the absence of an easy to use timestamp on the mandiant logarchive format was quite annoying. Now the rest of the code should also be agnostic to the format.

cvandeplas avatar Jun 21 '24 13:06 cvandeplas