IndexError: list index out of range in _GetNormalizedPath #4890
Labels
pending reporter input
Issue is pending input from the reporter
Comments
joachimmetz
changed the title
|
Interesting could you print/provide the path it is throwing the exception for? Also see https://plaso.readthedocs.io/en/latest/sources/Troubleshooting.html single process debug mode might help here to obtain it |
joachimmetz
added
the
pending reporter input
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I upgraded plaso version to 20230308, I cannot parse an old windows citrix server disk image anymore (I'm not sure of the previous plaso version. about 6 month old):
2024-06-24 19:44:49,957 [INFO] (MainProcess) PID:7288 <artifact_definitions> Determined artifact definitions path: /usr/share/artifacts
Checking availability and versions of dependencies.
[OPTIONAL] unable to determine version information for: flor
[OK]
Source path : /mnt/hgfs/D/SystemC.001
Source type : storage media image
Processing time : 00:00:00
Processing started.
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 33, in
sys.exit(load_entry_point('plaso==20240308', 'console_scripts', 'log2timeline')())
File "/usr/lib/python3/dist-packages/plaso/scripts/log2timeline.py", line 81, in Main
tool.ExtractEventsFromSources()
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 754, in ExtractEventsFromSources
processing_status = self._ProcessSource(session, storage_writer)
File "/usr/lib/python3/dist-packages/plaso/cli/extraction_tool.py", line 446, in _ProcessSource
system_configurations = extraction_engine.PreprocessSource(
File "/usr/lib/python3/dist-packages/plaso/engine/engine.py", line 345, in PreprocessSource
preprocess_manager.PreprocessPluginsManager.RunPlugins(
File "/usr/lib/python3/dist-packages/plaso/preprocessors/manager.py", line 351, in RunPlugins
cls.CollectFromWindowsRegistry(artifacts_registry, mediator, searcher)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/manager.py", line 224, in CollectFromWindowsRegistry
preprocess_plugin.Collect(mediator, artifact_definition, searcher)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/interface.py", line 264, in Collect
self._ParseKey(mediator, registry_key, value_name)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/windows.py", line 487, in _ParseKey
mediator.AddWindowsEventLogProvider(windows_event_log_provider)
File "/usr/lib/python3/dist-packages/plaso/preprocessors/mediator.py", line 149, in AddWindowsEventLogProvider
self._windows_eventlog_providers_helper.NormalizeMessageFiles(
File "/usr/lib/python3/dist-packages/plaso/helpers/windows/eventlog_providers.py", line 102, in NormalizeMessageFiles
event_log_provider.event_message_files = [
File "/usr/lib/python3/dist-packages/plaso/helpers/windows/eventlog_providers.py", line 103, in
self._GetNormalizedPath(path)
File "/usr/lib/python3/dist-packages/plaso/helpers/windows/eventlog_providers.py", line 46, in _GetNormalizedPath
elif not path_segments_lower[0] and path_segments_lower[1] in (
IndexError: list index out of range
The version of Plaso :
20240308
The operating system running plaso
Ubuntu 22.04 in vmplayer
command line and arguments:
log2timeline.py --vss-stores all -z Europe/Paris --partitions all --parsers "windefender_history,win7_slow,sqlite/windows_timeline" --storage-file testcitrix.plaso /mnt/hgfs/D/SystemC.001
The text was updated successfully, but these errors were encountered: