Skip to content

How to write an output module

Daniel White edited this page Nov 28, 2018 · 3 revisions

Deprecation warning

:warning: The Plaso Github wiki is now deprecated

:warning: Content was migrated to ReadTheDocs

:warning: The information below is likely to be out of date.

:warning: To update the current documentation, send a pull request for change to a file in the docs subdirectory of the Plaso source tree.

Create file and class

  • Plugin file in plaso/output/
    • Create an empty subclass of plaso.output.interface.OutputModule
    • Register it with the output module manager by calling OutputManager.RegisterOutput
  • Test file in tests/output/
    • Create an empty subclass of tests.output.test_lib.OutputModuleTestCase

Write minimal tests

  • Write a test that loads your output module.
  • It will fail initially, but running the test while you're developing your plugin gives you a quick way to see if your code is doing what you expect.

Develop plugin

  • Implement your subclass of plaso.output.interface.OutputModule
  • You'll need to define/overwrite:
    • NAME
    • DESCRIPTION
    • WriteEventBody
  • You may also want to override:
    • Open()
    • Close()
    • GetMissingArguments()
    • WriteHeader()
    • WriteEventStart()
    • WriteEventEnd()
    • WriteEventMACBGroup()
    • WriteFooter()

Expand tests

  • Add additional tests that test your plugin

Register classes

  • Edit plaso/output/__init__.py to import your plugin in the correct alphabetical order.

Code review/submit

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.