You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the problem:
My infrastructure team has recently installed a new SIFT workstation from an AMI directly out of the AWS marketplace. I was expecting to be able to use log2timeline.py right out of the box. However, I am being presented with a call stack error when attempting to run log2timeline.
Please provide a clear and detailed description of what the problem is.
I realize that the below is only attempting to run the python with no file or switches, but it does not matter what I attempt to run, even log2timeline.py -h will not execute to give me the help menu information.
sansforensics@ip-*************:/$ log2timeline.py -h
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 11, in
from plaso.cli import log2timeline_tool
File "/usr/lib/python3/dist-packages/plaso/cli/log2timeline_tool.py", line 14, in
from plaso.cli import extraction_tool
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 20, in
from plaso import parsers # pylint: disable=unused-import
File "/usr/lib/python3/dist-packages/plaso/parsers/init.py", line 63, in
from plaso.parsers import text_plugins
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/init.py", line 4, in
from plaso.parsers.text_plugins import android_logcat
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/android_logcat.py", line 78, in
class AndroidLogcatTextPlugin(
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/android_logcat.py", line 87, in AndroidLogcatTextPlugin
_INTEGER = pyparsing.Word(pyparsing.nums).set_parse_action(
AttributeError: '_WordRegex' object has no attribute 'set_parse_action'. Did you mean: 'setParseAction'?
To Reproduce:
Install AWS SIFT workstation, connect via SSH and attempt to run log2timeline -h
The version of Plaso you used:
sansforensics@ip-**********:/$ apt-cache showpkg plaso
Package: plaso
Versions:
20201007-2 (/var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_jam my_universe_binary-amd64_Packages)
Description Language:
File: /var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubunt u_dists_jammy_universe_binary-amd64_Packages
MD5: 58eb9a8e184b801f77c2f41f8364007f
Description Language: en
File: /var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubunt u_dists_jammy_universe_i18n_Translation-en
MD5: 58eb9a8e184b801f77c2f41f8364007f
Steps to reproduce the behavior including command line and arguments and output:
First I ran log2timeline.py --help that provided me the following output ...
Please provide the source data you used when you experienced the problem. For publicly available data please provide a URL or path of the source data.
N/A
For example: individual ChromeOS syslog file
N/A
The method you used to install Plaso:
Plaso is configured as part of the pre-packaged aws SIFT ami from the marketplace. I did not install it on this machine.
For example:
installed from [GiFT PPA][https://launchpad.net/~gift] stable track
installed from [GiFT COPR][https://copr.fedorainfracloud.org/coprs/g/gift/] stable track
installed from [l2tbinaries][https://github.com/log2timeline/l2tbinaries] main branch
built using [l2devtools][https://github.com/log2timeline/l2tdevtools]
other, namely ...
If multiple installation methods were used please indicate.
Expected behavior:
A clear and concise description of what you expected to happen.
I expected the python to (in this case) output the switches available. I have this installed on another completely separate Ubuntu desktop and manually installed the SIFT workstation and things are working as expected. I am just unable to replicate the same processing results when using the AWS SIFT ami installation.
Debug output/tracebacks:
You can run log2timeline tools with "-d" to generate debug output, and include anything relevant. Also see: [Producing debug logs][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html#producing-debug-logs]
Please DO NOT provide screenshots, they can be hard to read.
For more information see the [troubleshooting guide][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html]
Additional context
Any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Describe the problem:
My infrastructure team has recently installed a new SIFT workstation from an AMI directly out of the AWS marketplace. I was expecting to be able to use log2timeline.py right out of the box. However, I am being presented with a call stack error when attempting to run log2timeline.
Please provide a clear and detailed description of what the problem is.
I realize that the below is only attempting to run the python with no file or switches, but it does not matter what I attempt to run, even log2timeline.py -h will not execute to give me the help menu information.
sansforensics@ip-*************:/$ log2timeline.py -h
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 11, in
from plaso.cli import log2timeline_tool
File "/usr/lib/python3/dist-packages/plaso/cli/log2timeline_tool.py", line 14, in
from plaso.cli import extraction_tool
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 20, in
from plaso import parsers # pylint: disable=unused-import
File "/usr/lib/python3/dist-packages/plaso/parsers/init.py", line 63, in
from plaso.parsers import text_plugins
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/init.py", line 4, in
from plaso.parsers.text_plugins import android_logcat
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/android_logcat.py", line 78, in
class AndroidLogcatTextPlugin(
File "/usr/lib/python3/dist-packages/plaso/parsers/text_plugins/android_logcat.py", line 87, in AndroidLogcatTextPlugin
_INTEGER = pyparsing.Word(pyparsing.nums).set_parse_action(
AttributeError: '_WordRegex' object has no attribute 'set_parse_action'. Did you mean: 'setParseAction'?
To Reproduce:
Install AWS SIFT workstation, connect via SSH and attempt to run log2timeline -h
The version of Plaso you used:
sansforensics@ip-**********:/$ apt-cache showpkg plaso
Package: plaso
Versions:
20201007-2 (/var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_jam my_universe_binary-amd64_Packages)
Description Language:
File: /var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubunt u_dists_jammy_universe_binary-amd64_Packages
MD5: 58eb9a8e184b801f77c2f41f8364007f
Description Language: en
File: /var/lib/apt/lists/us-east-1.ec2.archive.ubuntu.com_ubunt u_dists_jammy_universe_i18n_Translation-en
MD5: 58eb9a8e184b801f77c2f41f8364007f
Reverse Depends:
python3-plaso,plaso 20190131-2~
python3-plaso,plaso 20190131-2~
forensics-all,plaso
Dependencies:
20201007-2 - python3-plaso (2 20201007-2)
Provides:
20201007-2 -
Reverse Provides:
For example: 20171231
The operating system you are running Plaso on (Not the operating system of the image/files you're trying to analyze):
For example: Ubuntu 22.04
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
Steps to reproduce the behavior including command line and arguments and output:
First I ran log2timeline.py --help that provided me the following output ...
Please provide the source data you used when you experienced the problem. For publicly available data please provide a URL or path of the source data.
N/A
For example: individual ChromeOS syslog file
N/A
The method you used to install Plaso:
Plaso is configured as part of the pre-packaged aws SIFT ami from the marketplace. I did not install it on this machine.
For example:
installed from [GiFT PPA][https://launchpad.net/~gift] stable track
installed from [GiFT COPR][https://copr.fedorainfracloud.org/coprs/g/gift/] stable track
installed from [l2tbinaries][https://github.com/log2timeline/l2tbinaries] main branch
built using [l2devtools][https://github.com/log2timeline/l2tdevtools]
other, namely ...
If multiple installation methods were used please indicate.
Expected behavior:
A clear and concise description of what you expected to happen.
I expected the python to (in this case) output the switches available. I have this installed on another completely separate Ubuntu desktop and manually installed the SIFT workstation and things are working as expected. I am just unable to replicate the same processing results when using the AWS SIFT ami installation.
Debug output/tracebacks:
You can run log2timeline tools with "-d" to generate debug output, and include anything relevant. Also see: [Producing debug logs][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html#producing-debug-logs]
Please DO NOT provide screenshots, they can be hard to read.
For more information see the [troubleshooting guide][https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html]
Additional context
Any other context about the problem here.
The text was updated successfully, but these errors were encountered: