Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Analysis plugin nsrlsvr: Incorrect results

See original GitHub issue

Plaso version:

1.5.0 Release

Operating system Plaso is running on:

XUbuntu 64 bit

Installation method:

Installed from GiFT

Description of problem:

Using the nsrlsvr analysis plugin of psort.py yields incorrect results. The response from the server is mis-interpreted, causing the suggestion that no hash is listed at all.

Source data:

Problem seems to be related to line-endings, and may depend on the OS of the client or the OS of the NSRL server. Problem can be fixed by rstrip-ing the response from the server in line 67 of plaso\analysis\nsrlsvr.py :

response = nsrl_socket.recv(self._RECEIVE_BUFFER_SIZE).rstrip()

Note that #1035 is related and needs fixing before this issue can be debugged.

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:12 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
joachimmetzcommented, Oct 15, 2016

Can you provide an example of such a line.

no need, already figured it out

https://codereview.appspot.com/312850043/

0reactions
joachimmetzcommented, Oct 22, 2016

changes merged

Read more comments on GitHub >

github_iconTop Results From Across the Web

Nsrlsvr Analysis Plugin - Plaso - Read the Docs
Running the analysis plugin . First run log2timeline to calculate the hashes: log2timeline.py --hashers md5 --storage-file timeline.plaso image.
Read more >
Plaso (log2timeline) - Read the Docs
Analysis plugin to look up file hashes in nsrlsvr and tag events. class plaso.analysis.nsrlsvr.NsrlsvrAnalysisPlugin. Bases: HashTaggingAnalysisPlugin.
Read more >
Build your own NSRL Server - sysforensics.org
remnux@remnux:~$ nsrlsvr -h Usage: nsrlsvr [-vbhsSo -f FILE -p PORT -t TIMEOUT] -v ... and you have a rendered webpage with your runkeys...
Read more >
All things time related....: 2015 - Plaso
Export the result of your queries and filters into a CSV file. ... More analysis plugins, nsrlsvr and known-good databases.
Read more >
Plaso Documentation. Release The Plaso Project Authors
Plugins Test data Parsers, formatters, events and event data How to write a ... filtering Analysis Plugins nsrlsvr tagging viper virustotal 12 Chapter...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Unable to use more than one tagging source

Next page

Analysis plugin nsrlsvr: KeyError in plaso/analysis/interface.py