plaso.storage.redis package

Submodules

plaso.storage.redis.reader module

Redis-based storage reader.

class plaso.storage.redis.reader.RedisStorageReader(session_identifier, task_identifier, redis_client=None)[source]

Bases: StorageReader

Redis-based storage reader.

__init__(session_identifier, task_identifier, redis_client=None)[source]

Initializes a storage reader.

Parameters:

  • session_identifier (str) – session identifier.

  • task_identifier (str) – task identifier.

  • redis_client (Optional[Redis]) – Redis client to query. If specified, no new client will be created. If no client is specified a new client will be opened connected to the Redis instance specified by ‘url’.

plaso.storage.redis.redis_store module

Redis-based attribute container store.

Only supports task storage at the moment.

class plaso.storage.redis.redis_store.BaseRedisAttributeContainerStore(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainerStoreWithReadCache

Redis-based attribute container store.

Attribute containers are stored as Redis hashes. All keys are prefixed with the session identifier to avoid collisions. Event identifiers are also stored in an index to enable sorting.

format_version

storage format version.

Type:

int

serialization_format

serialization format.

Type:

str

Close()[source]

Closes the store.

Raises:

  • IOError – if the store is already closed.

  • OSError – if the store is already closed.

DEFAULT_REDIS_URL = 'redis://127.0.0.1/0'
GetAttributeContainerByIdentifier(container_type, identifier)[source]

Retrieves a specific type of container with a specific identifier.

Parameters:

  • container_type (str) – container type.

  • identifier (AttributeContainerIdentifier) – attribute container identifier.

Returns:

attribute container or None if not available.

Return type:

AttributeContainer

GetAttributeContainerByIndex(container_type, index)[source]

Retrieves a specific attribute container.

Parameters:

  • container_type (str) – attribute container type.

  • index (int) – attribute container index.

Returns:

attribute container or None if not available.

Return type:

AttributeContainer

GetAttributeContainers(container_type, filter_expression=None)[source]

Retrieves a specific type of attribute containers.

Parameters:

  • container_type (str) – attribute container type.

  • filter_expression (Optional[str]) – expression to filter the resulting attribute containers by.

Yields:

AttributeContainer – attribute container.

GetNumberOfAttributeContainers(container_type)[source]

Retrieves the number of a specific type of attribute containers.

Parameters:

container_type (str) – attribute container type.

Returns:

the number of containers of a specified type.

Return type:

int

HasAttributeContainers(container_type)[source]

Determines if a store contains a specific type of attribute container.

Parameters:

container_type (str) – attribute container type.

Returns:

True if the store contains the specified type of attribute

containers.

Return type:

bool

Open(redis_client=None, session_identifier=None, task_identifier=None, url=None, **unused_kwargs)[source]

Opens the store.

Parameters:

  • redis_client (Optional[Redis]) – Redis client to query. If specified, no new client will be created. If no client is specified a new client will be opened connected to the Redis instance specified by ‘url’.

  • session_identifier (Optional[str]) – identifier of the session.

  • task_identifier (Optional[str]) – unique identifier of the task the store will store containers for. If not specified, an identifier will be generated.

  • url (Optional[str]) – URL for a Redis database. If not specified, the DEFAULT_REDIS_URL will be used.

Raises:

  • IOError – if the store is already connected to a Redis instance.

  • OSError – if the store is already connected to a Redis instance.

__init__()[source]

Initializes a Redis attribute container store.

class plaso.storage.redis.redis_store.RedisAttributeContainerStore(*args: Any, **kwargs: Any)[source]

Bases: BaseRedisAttributeContainerStore

Redis-based attribute container store.

Attribute containers are stored as Redis hashes. All keys are prefixed with the session identifier to avoid collisions. Event identifiers are also stored in an index to enable sorting.

GetAttributeContainerByIndex(container_type, index)[source]

Retrieves a specific attribute container.

Parameters:

  • container_type (str) – attribute container type.

  • index (int) – attribute container index.

Returns:

attribute container or None if not available.

Return type:

AttributeContainer

GetAttributeContainers(container_type, filter_expression=None)[source]

Retrieves a specific type of attribute containers.

Parameters:

  • container_type (str) – attribute container type.

  • filter_expression (Optional[str]) – expression to filter the resulting attribute containers by.

Yields:

AttributeContainer – attribute container.

GetSortedEvents(time_range=None)[source]

Retrieves the events in increasing chronological order.

Parameters:

time_range (Optional[TimeRange]) – This argument is not supported by the Redis store.

Yields:

EventObject – event.

Raises:

RuntimeError – if a time_range argument is specified.

SetSerializersProfiler(serializers_profiler)[source]

Sets the serializers profiler.

Parameters:

serializers_profiler (SerializersProfiler) – serializers profiler.

__init__()[source]

Initializes a Redis attribute container store.

plaso.storage.redis.writer module

Redis-based storage writer.

class plaso.storage.redis.writer.RedisStorageWriter(storage_type='session')[source]

Bases: StorageWriter

Redis-based storage writer.

GetFirstWrittenEventData()[source]

Retrieves the first event data that was written after open.

Using GetFirstWrittenEventData and GetNextWrittenEventData newly added event data can be retrieved in order of addition.

Returns:

None as there are no newly written event data.

Return type:

EventData

Raises:

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetFirstWrittenEventSource()[source]

Retrieves the first event source that was written after open.

Using GetFirstWrittenEventSource and GetNextWrittenEventSource newly added event sources can be retrieved in order of addition.

Returns:

None as there are no newly written event sources.

Return type:

EventSource

Raises:

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetNextWrittenEventData()[source]

Retrieves the next event data that was written after open.

Returns:

None as there are no newly written event data.

Return type:

EventData

Raises:

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

GetNextWrittenEventSource()[source]

Retrieves the next event source that was written after open.

Returns:

None as there are no newly written event sources.

Return type:

EventSource

Raises:

  • IOError – if the storage writer is closed.

  • OSError – if the storage writer is closed.

Open(redis_client=None, session_identifier=None, task_identifier=None, **unused_kwargs)[source]

Opens the storage writer.

Parameters:

  • redis_client (Optional[Redis]) – Redis client to query. If specified, no new client will be created. If no client is specified a new client will be opened connected to the Redis instance specified by ‘url’.

  • session_identifier (Optional[str]) – session identifier.

  • task_identifier (Optional[str]) – task identifier.

Raises:

  • IOError – if the storage writer is already opened.

  • OSError – if the storage writer is already opened.

Module contents