https://github.com/swelcher/vol2log
https://github.com/swelcher/vol2log
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/swelcher/vol2log
- Owner: swelcher
- License: mit
- Created: 2018-04-13T02:58:37.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2019-09-24T21:36:37.000Z (over 6 years ago)
- Last Synced: 2024-05-18T12:34:46.972Z (about 2 years ago)
- Language: Python
- Size: 4.91 MB
- Stars: 8
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-forensics - **8**星
README
# vol2log
## Summary
This utility built upon Python 3.6 is to assist with shipping a Volatility JSON file into Graylog with the appropriate formatting easily. I was unaware of a way to easily ship the JSON file from Volatility's unified-output plugin so I created a small utility which will format, add additional needed fields to the post, and send a post request to a specified Graylog instance.
----------------------------------------------------------------------------------------------------------------------------------------
## Usage
python vol2log.py -host 192.168.119.133 -port 12201 -file "C:\Python\Data\Volatility JSON Files\netscan.json" -plugin netscan -volhost infectedhost
----------------------------------------------------------------------------------------------------------------------------------------
## Required Switches
-host \
-port \
-plugin \
-volhost \
-file \
----------------------------------------------------------------------------------------------------------------------------------------
## Future Features
-Require naming convention of file name of host.plugin.json to auto-populate plugin and make volHost and plugin optional switches.
-Be able to handle large quantities of JSON files.
-Create a list of known issues with certain plugins as not all plugins produce data that is usable in this format.
i.e malfind's output