Merge pull request #36 from conitrade/hotfix/sysmon-parsing

isolate individual line parsing errors
wagga40 · Sep 1, 2022 · 403ce24 · 403ce24
2 parents 41369d0 + 89eb123
commit 403ce24
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/zircolite.py b/zircolite.py
@@ -1071,7 +1071,14 @@ def cleanTag(tag, ns):
         if not "Event" in xmlLine:
             return None
         xmlLine = "<Event>" + xmlLine.split("<Event>")[1]
-        root = etree.fromstring(xmlLine)
+
+        try:
+            # isolate invidvidual line parsing errors
+            root = etree.fromstring(xmlLine)
+        except Exception as ex:
+            self.logger.debug(f"unable to parse line \"{xmlLine}\": {ex}")
+            return None
+
         ns = "http://schemas.microsoft.com/win/2004/08/events/event"
         child = {"#attributes": {"xmlns": ns}}
         for appt in root.getchildren():