fixed output evtx file path in event statistics #192 (#193)

2021-11-14 17:49:46 +09:00
parent 480f2d26c0
commit fb66b987ea
2 changed files with 7 additions and 2 deletions
--- a/src/timeline/statistics.rs
+++ b/src/timeline/statistics.rs
@@ -4,6 +4,7 @@ use std::collections::HashMap;
 #[derive(Debug)]
 pub struct EventStatistics {
    pub total: usize,
+    pub filepath: String,
    pub start_time: String,
    pub end_time: String,
    pub stats_list: HashMap<String, usize>,
@@ -14,12 +15,14 @@ pub struct EventStatistics {
 impl EventStatistics {
    pub fn new(
        total: usize,
+        filepath: String,
        start_time: String,
        end_time: String,
        stats_list: HashMap<String, usize>,
    ) -> EventStatistics {
        return EventStatistics {
            total,
+            filepath,
            start_time,
            end_time,
            stats_list,
@@ -50,7 +53,7 @@ impl EventStatistics {
        if records.len() == 0 {
            return;
        }
-
+        self.filepath = records[0].evtx_filepath.as_str().to_owned();
        // sortしなくてもイベントログのTimeframeを取得できるように修正しました。
        // sortしないことにより計算量が改善されています。
        // もうちょっと感じに書けるといえば書けます。
--- a/src/timeline/timeline.rs
+++ b/src/timeline/timeline.rs
@@ -11,11 +11,12 @@ pub struct Timeline {
 impl Timeline {
    pub fn new() -> Timeline {
        let totalcnt = 0;
+        let filepath = "".to_owned();
        let starttm = "".to_string();
        let endtm = "".to_string();
        let statslst = HashMap::new();

-        let statistic = EventStatistics::new(totalcnt, starttm, endtm, statslst);
+        let statistic = EventStatistics::new(totalcnt, filepath, starttm, endtm, statslst);
        return Timeline { stats: statistic };
    }

@@ -36,6 +37,7 @@ impl Timeline {
        //println!("map -> {:#?}", evtstat_map);
        let mut sammsges: Vec<String> = Vec::new();
        sammsges.push("---------------------------------------".to_string());
+        sammsges.push(format!("Evtx_File_Path:{}", self.stats.filepath));
        sammsges.push(format!("Total_counts : {}\n", self.stats.total));
        sammsges.push(format!("firstevent_time: {}", self.stats.start_time));
        sammsges.push(format!("lastevent_time: {}\n", self.stats.end_time));