540 enhancement print total evtx file size (#545)

* added ByteSize crate  #540

* displayed total evtx file size #540

* updated CHANGELOG #540

* cargo fmt

* added blank like, updated cargo

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>

CHANGELOG-Japanese.md

@@ -9,9 +9,11 @@
 
 **改善:**
 
+- ルールの`details`でeventkey_alias.txtやEvent.EventData内に存在しない情報を`n/a` (not available)と表記するようにした。(#528) (@hitenkoku)
 - ルールの`details`でeventkey_alias.txtやEvent.EventData内に存在しない情報を`n/a` (not available)と表記するようにした。 (#528) (@hitenkoku)
 - 読み込んだイベント数と検知しなかったイベント数を表示するようにした。 (#538) (@hitenkoku)
 - 新しいロゴ。 (@YamatoSecurity)
+- evtxファイルのファイルサイズの合計を出力するようにした。(#540) (@hitenkoku)
 
 **バグ修正:**
 

CHANGELOG.md

@@ -12,6 +12,7 @@
 - In the `details` line in a rule, when a placeholder points to a field that does not exist or there is an incorrect alias mapping, it will be outputted as `n/a` (not available). (#528) (@hitenkoku)
 - Display total event and data reduction count. (How many and what percent of events were ignored.) (#538) (@hitenkoku)
 - New logo. (@YamatoSecurity)
+- Display total evtx file size. (#540) (@hitenkoku)
 
 **Bug Fixes:**
 

Cargo.lock

@@ -197,10 +197,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
 
 [[package]]
-name = "camino"
-version = "1.0.8"
+name = "bytesize"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07fd178c5af4d59e83498ef15cf3f154e1a6f9d091270cb86283c65ef44e9ef0"
+checksum = "6c58ec36aac5066d5ca17df51b3e70279f5670a72102f5752cb7e7c856adfc70"
+
+[[package]]
+name = "camino"
+version = "1.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "869119e97797867fd90f5e22af7d0bd274bd4635ebb9eb68c04f3f513ae6c412"
 dependencies = [
  "serde",
 ]
@@ -325,6 +331,19 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "console"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a28b32d32ca44b70c3e4acd7db1babf555fa026e385fb95f18028f88848b3c31"
+dependencies = [
+ "encode_unicode",
+ "libc",
+ "once_cell",
+ "terminal_size",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "const_fn"
 version = "0.4.9"
@@ -520,7 +539,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9dd058f8b65922819fabb4a41e7d1964e56344042c26efbccd465202c23fa0c"
 dependencies = [
- "console",
+ "console 0.14.1",
  "lazy_static",
  "tempfile",
  "zeroize",
@@ -918,7 +937,8 @@ dependencies = [
 name = "hayabusa"
 version = "1.3.0-dev"
 dependencies = [
- "base64 0.10.1",
+ "base64 0.13.0",
+ "bytesize",
  "chrono",
  "clap 2.34.0",
  "csv",
@@ -1101,7 +1121,7 @@ version = "0.16.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2d207dc617c7a380ab07ff572a6e52fa202a2a8f355860ac9c38e23f8196be1b"
 dependencies = [
- "console",
+ "console 0.15.0",
  "lazy_static",
  "number_prefix",
  "regex",
@@ -1498,9 +1518,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.11.0"
+version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b10983b38c53aebdf33f542c6275b0f58a238129d00c4ae0e6fb59738d783ca"
+checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225"
 
 [[package]]
 name = "openssl"
@@ -1559,9 +1579,9 @@ dependencies = [
 
 [[package]]
 name = "os_str_bytes"
-version = "6.0.1"
+version = "6.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "029d8d0b2f198229de29dca79676f2738ff952edf3fde542eb8bf94d8c21b435"
+checksum = "21326818e99cfe6ce1e524c2a805c189a99b5ae555a35d19f9a284b427d86afa"
 
 [[package]]
 name = "parking_lot"
@@ -1896,9 +1916,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.5.5"
+version = "1.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"
+checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1913,9 +1933,9 @@ checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
 
 [[package]]
 name = "regex-syntax"
-version = "0.6.25"
+version = "0.6.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+checksum = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64"
 
 [[package]]
 name = "remove_dir_all"

Cargo.toml

@@ -35,6 +35,7 @@ termcolor="*"
 prettytable-rs = "0.8"
 krapslog="*"
 terminal_size = "*"
+bytesize="1.1"
 
 [target.'cfg(windows)'.dependencies]
 is_elevated = "0.1.2"

src/main.rs

@@ -1,3 +1,4 @@
+extern crate bytesize;
 extern crate downcast_rs;
 extern crate serde;
 extern crate serde_derive;
@@ -5,6 +6,7 @@ extern crate serde_derive;
 #[cfg(target_os = "windows")]
 extern crate static_vcruntime;
 
+use bytesize::ByteSize;
 use chrono::{DateTime, Datelike, Local, TimeZone};
 use evtx::{EvtxParser, ParserSettings};
 use git2::Repository;
@@ -438,6 +440,14 @@ impl App {
             .to_uppercase();
         println!("Analyzing event files: {:?}", evtx_files.len());
 
+        let mut total_file_size = ByteSize::b(0);
+        for file_path in &evtx_files {
+            let meta = fs::metadata(file_path).ok();
+            total_file_size += ByteSize::b(meta.unwrap().len());
+        }
+        println!("Total file size: {}", total_file_size.to_string_as(false));
+        println!();
+
         let rule_files = detection::Detection::parse_rule_files(
             level,
             configs::CONFIG.read().unwrap().args.value_of("rules"),