crash.software
Projects
Pull Requests
Issues
Builds
LogonTracer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY LogonTracer Commits 630a63cd
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    logontracer.py
    skipped 1276 lines
    1277 1277   
    1278 1278   if eventid in EVENT_ID:
    1279 1279   logtime = hit["@timestamp"].replace("T", " ").split(".")[0]
    1280  - etime = datetime.datetime.strptime(logtime, "%Y-%m-%d %H:%M:%S") + datetime.timedelta(hours=tzone)
     1280 + try:
     1281 + etime = datetime.datetime.strptime(logtime.split(".")[0], "%Y-%m-%d %H:%M:%S") + datetime.timedelta(hours=tzone)
     1282 + except:
     1283 + etime = datetime.datetime.strptime(logtime.split(".")[0], "%Y-%m-%dT%H:%M:%S") + datetime.timedelta(hours=tzone)
     1284 + 
    1281 1285   stime = datetime.datetime(*etime.timetuple()[:4])
    1282 1286   
    1283 1287   if starttime is None:
    skipped 191 lines
    1475 1479   if eventid == 1102:
    1476 1480   logtime = hit["@timestamp"]
    1477 1481   try:
    1478  - etime = datetime.datetime.strptime(logtime, "%Y-%m-%d %H:%M:%S") + datetime.timedelta(hours=tzone)
     1482 + etime = datetime.datetime.strptime(logtime.split(".")[0], "%Y-%m-%d %H:%M:%S") + datetime.timedelta(hours=tzone)
    1479 1483   except:
    1480  - etime = datetime.datetime.strptime(logtime, "%Y-%m-%d %H:%M:%S") + datetime.timedelta(hours=tzone)
     1484 + etime = datetime.datetime.strptime(logtime.split(".")[0], "%Y-%m-%dT%H:%M:%S") + datetime.timedelta(hours=tzone)
    1481 1485   deletelog.append(etime.strftime("%Y-%m-%d %H:%M:%S"))
    1482 1486   
    1483  - if hasattr(event.event_data, "SubjectUserName"):
    1484  - username = event.event_data.SubjectUserName.split("@")[0]
     1487 + if hasattr(event.user_data, "SubjectUserName"):
     1488 + username = event.user_data.SubjectUserName.split("@")[0]
    1485 1489   if username[-1:] not in "$":
    1486 1490   deletelog.append(username.lower())
    1487 1491   else:
    skipped 1 lines
    1489 1493   else:
    1490 1494   deletelog.append("-")
    1491 1495   
    1492  - if hasattr(event.event_data, "SubjectDomainName"):
    1493  - deletelog.append(event.event_data.SubjectDomainName)
     1496 + if hasattr(event.user_data, "SubjectDomainName"):
     1497 + deletelog.append(event.user_data.SubjectDomainName)
    1494 1498   else:
    1495 1499   deletelog.append("-")
    1496 1500   
    skipped 217 lines
Please wait...
Page is in error, reload to recover