Source code for plaso.formatters.docker
# -*- coding: utf-8 -*-
"""The Docker event formatter."""
from __future__ import unicode_literals
from plaso.formatters import interface
from plaso.formatters import manager
[docs]class DockerBaseEventFormatter(interface.ConditionalEventFormatter):
"""Class that contains common Docker event formatter functionality."""
DATA_TYPE = 'docker:json'
FORMAT_STRING_SHORT_PIECES = [
'{id}']
SOURCE_SHORT = 'DOCKER'
[docs]class DockerContainerLogEventFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Docker container log event"""
DATA_TYPE = 'docker:json:container:log'
FORMAT_STRING_SEPARATOR = ', '
FORMAT_STRING_PIECES = (
'Text: {log_line}',
'Container ID: {container_id}',
'Source: {log_source}',
)
SOURCE_LONG = 'Docker Container Logs'
SOURCE_SHORT = 'DOCKER'
[docs]class DockerLayerEventFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Docker layer event."""
DATA_TYPE = 'docker:json:layer'
FORMAT_STRING_SEPARATOR = ', '
FORMAT_STRING_PIECES = (
'Command: {command}',
'Layer ID: {layer_id}',
)
SOURCE_LONG = 'Docker Layer'
SOURCE_SHORT = 'DOCKER'
[docs]class DockerContainerEventFormatter(interface.ConditionalEventFormatter):
"""Formatter for a Docker event."""
DATA_TYPE = 'docker:json:container'
FORMAT_STRING_SEPARATOR = ', '
FORMAT_STRING_PIECES = [
'Action: {action}',
'Container Name: {container_name}',
'Container ID: {container_id}',
]
SOURCE_LONG = 'Docker Container'
SOURCE_SHORT = 'DOCKER'
manager.FormattersManager.RegisterFormatters([
DockerContainerEventFormatter,
DockerContainerLogEventFormatter,
DockerLayerEventFormatter,
])