Plaso data location

google · Sep 23, 2015 · f5ca294 · f5ca294
1 parent af79ac4
commit f5ca294
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 19 deletions.
diff --git a/timesketch.conf b/timesketch.conf
@@ -62,6 +62,6 @@ UPLOAD_FOLDER = u'/tmp'
 CELERY_BROKER_URL='redis://ip:port',
 CELERY_RESULT_BACKEND='redis://ip:port'
 
-# Path to Plaso WinEvtx message string database.
+# Path to plaso data directory.
 # If not set, defaults to system prefix + share/plaso
-#WINEVT_DB = u'/path/to/dir/with/plaso/data/files'
+#PLASO_DATA_LOCATION = u'/path/to/dir/with/plaso/data/files'
diff --git a/timesketch/lib/tasks.py b/timesketch/lib/tasks.py
@@ -30,18 +30,13 @@
 celery = create_celery_app()
 
 
-def get_data_location(data_location=None):
-    """Get the location (path) to the winevt-rc.db file.
-
-    Args:
-        data_location: Path to the directory where the database file is located.
-                       If this is None we will use sys.prefix + share/plaso as
-                       default.
+def get_data_location():
+    """Path to the plaso data directory.
 
     Returns:
-        The path to where the database file is located or None if not existing.
+        The path to where the plaso data directory is or None if not existing.
     """
-
+    data_location = current_app.config.get(u'PLASO_DATA_LOCATION', None)
     if not data_location:
         data_location = os.path.join(sys.prefix, u'share', u'plaso')
     if not os.path.exists(data_location):
@@ -61,15 +56,13 @@ def run_plaso(source_file_path, timeline_name, index_name):
     Returns:
         Dictionary with count of processed events.
     """
-    # Try to read the winevt-rc database path from the config file.
-    data_location = get_data_location(
-        data_location=current_app.config.get(u'WINEVT_DB', None))
+    plaso_data_location = get_data_location()
     analysis_plugins = None
     flush_interval_ms = 1000
 
     # Use the Psort frontend for processing.
     frontend = psort.PsortFrontend()
-    frontend.SetDataLocation(data_location)
+    frontend.SetDataLocation(plaso_data_location)
     storage_file = frontend.OpenStorage(
         source_file_path, read_only=True)
 

diff --git a/timesketch/lib/tasks_test.py b/timesketch/lib/tasks_test.py
@@ -13,6 +13,8 @@
 # limitations under the License.
 """Tests for tasks."""
 
+from flask import current_app
+
 from timesketch.lib.testlib import BaseTest
 from timesketch.lib.tasks import get_data_location
 
@@ -21,9 +23,8 @@ class TestTasks(BaseTest):
     """Tests for the functionality on the tasks module."""
     def test_get_data_location(self):
         """Test to get data_location path."""
-        data_location_none = get_data_location(
-            data_location=u'/tmp/non_existing')
-        data_location_exists = get_data_location(
-            data_location=u'/tmp')
+        data_location_none = get_data_location()
+        current_app.config[u'PLASO_DATA_LOCATION'] = u'/tmp'
+        data_location_exists = get_data_location()
         self.assertFalse(data_location_none)
         self.assertEqual(u'/tmp', data_location_exists)