StdOut and StdError for custom tools

[FabiFaust]

I am currently working on several custom tools to embed in the ORC binary. I would like to send certain status updates not only to the log but also to the console, to allow the user to react and estimate the current progress.

The problem is that when I specify log files for StdOut, StdError or StdOutError in the config files, the console output seems to be siphoned away and only appear in the log files.

Is there a configuration that I might have missed that allows me to have Stdout and StdError output be visible in the console and show up in the logs?

[jeanga]

I'm afraid this is not currently possible. We never had a use case for this as we use dfir-orc to encapsulate the underlying tools (and their issues). Our typical use case does not involve any user interaction. What kind of user interaction do you want to enable?

[FabiFaust]

I basically want to write to StdOut in my custom tool to give the user status updates regarding the current progress. Currently StdOut output appears in the logs but not in the console.

[jeanga]

Thank you for clarifying your use case. That would make sense in interactive execution of dfir-orc with, for instance, a long running execution of a subprocess. We are currently locked in a complete rewrite of the entire logging code of dfir-orc. Once this is complete, we'll discuss how we could/should implement this kind of interaction with the user. No promises though that this will ever be possible. Anyways, thanks again for your interest in the tool.

[FabiFaust]

That would make sense in interactive execution of dfir-orc with, for instance, a long running execution of a subprocess.

That was the thought process behind it yes.

No promises though that this will ever be possible.

So there is no possible workaround for this? StdError output does appear in the console I believe if there is no log specified. If there is a possible way to have the same behavior for StdOut, maybe even with a log, that would be great.

I wouldn't mind making a small modification to the ORC code for my custom project alone to achieve this, but finding the relevant code section might take a while.

I personally think it is important for the user to know which part of the process is currently running to potentially stop the execution and restart with different parameters. For example if there is a virus on the system that might threaten to cause further damage or if the hardware drive is older and close to failing, it might be important to have as much information as possible to react, if it takes longer than expected.

In any case, thanks for the quick replies.

[jeanga]

We'll review this request when the logging code is overhauled. Also, as more than one execution can take place at the same time, there is a real risk that the console output becomes really messy... If you want to implement it, I see no reason why we wouldn't welcome a pr with this feature. However, I would strongly recommend that you wait for the logging code to be published as there would be a lot of merges to do at that point.

[FabiFaust]

Okay, thanks for the reply.