Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
relaxzzz2021-09-19 12:52:05
linux
relaxzzz, 2021-09-19 12:52:05

How to resolve pytz.exceptions.AmbiguousTimeError error?

The task is to build a timeline of all system events (windows 10) using PLASO
A copy of the disk in dd format has been made.
The collection of logs from the .dd file by the log2timeline.py utility has been completed, the output is the test.plaso file.
When processing the test.plaso file with the psort.py utility (converting to the test.csv file), an error occurs:

$sudo psort.py --output-time-zone Europe/Moscow -o l2tcsv -w test.csv test.plaso

Traceback (most recent call last):
File "/usr/bin/psort.py", line 99, in
if not Main():
File "/usr/bin/psort.py", line 76, in Main
tool.ProcessStorage()
File "/usr/lib/python3/dist-packages/plaso/cli/psort_tool.py", line 593, in ProcessStorage
analysis_engine.ExportEvents(
File "/usr/lib/python3/dist-packages/plaso/multi_processing/psort.py", line 1042, in ExportEvents
self._ExportEvents(
File "/usr/lib/python3/dist-packages/plaso/multi_processing/psort. py", line 588, in _ExportEvents
self._ExportEvent(
File "/usr/lib/python3/dist-packages/plaso/multi_processing/psort.py", line 482, in _ExportEvent
self._FlushExportBuffer(
File "/usr/lib/ python3/dist-packages/plaso/multi_processing/psort.py", line 640, in _FlushExportBuffer
output_module.WriteEventMACBGroup(macb_group)
File "/usr/lib/python3/dist-packages/plaso/output/l2t_csv.py", line 237 , in WriteEventMACBGroup
output_text = self._event_formatting_helper.GetFormattedEventMACBGroup(
File "/usr/lib/python3/dist-packages/plaso/output/l2t_csv.py", line 48, in GetFormattedEventMACBGroup
field_value = self._field_formatting_helper.GetFormattedField(
File "/usr/lib/python3/dist-packages/plaso/ output/formatting_helper.py", line 403, in GetFormattedField
output_value = callback_function(event, event_data, event_data_stream)
File "/usr/lib/python3/dist-packages/plaso/output/formatting_helper.py", line 315, in _FormatTimeZone
return self._output_mediator.timezone.tzname(datetime_object)
File "/usr/lib/python3/dist-packages/pytz/tzinfo.py", line 499, in tzname
dt = self.localize(dt, is_dst)
File "/usr/ lib/python3/dist-packages/pytz/tzinfo.py", line 363, in localize
raise AmbiguousTimeError(dt)
pytz.exceptions.AmbiguousTimeError: 1996-10-27 02:41:18

I understand that there is an event in the logs with a non-existent time 1996-10-27 02:41:18 for the Europe/Moscow time zone ( daylight savings time) and psort.py cannot handle it. How to fix this error? And where does the event with such a time in 1996 come from in the logs? Need help.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
K
Krivetka812018-04-03 14:05:08
Why doesn't composer see mbstring? 3Reply
A
Akigami2018-04-03 19:43:23
On Linux systems, does the cache of browsers, etc., clean itself before shutting down? 3Reply
V
vlarkanov2018-04-04 10:12:31
Zabbix 3.2 why doesn't the trigger fire? 1Reply
A
Alexey2012-06-11 16:42:04
Max_pid limit when creating a fork? 1Reply
D
Denis2012-06-13 10:06:18
Two 3G modems in linux - how to set it up? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question