feat: add channel filter to logon-summary

[fukusuket]

What Changed

• Closed Investigate if logon-summary command can be faster with channel filter #1544

Evidence

Integration-Test

https://github.com/Yamato-Security/hayabusa/actions/runs/12831409129

I would appreciate it if you could check it out when you have time🙏

[fukusuket]

I have confirmed that it is faster as follows :)

• This PR: Elapsed time: 00:00:04.831
• main: Elapsed time: 00:00:59.615

fukusuke@fukusukenoMacBook-Air hayabusa-3.0.1-mac-aarch64 % ./hayabusa logon-summary -d ../all-evtx -o new --debug -C -q
Generating Logon Summary

Start time: 2025/01/17 23:55
Total event log files: 2,239
Total file size: 8.8 GB

Currently scanning for the logon summary. Please wait.

[00:00:02] 14 / 14   [========================================] 100%

Scanning finished.


Total Event Records:  365,790

First Timestamp:  2009-07-14 13:56:45.901 +09:00
Last Timestamp:  2023-11-06 15:25:52.440 +09:00

Successful logon results: new-successful.csv (10.8 KB)

Failed logon results: new-failed.csv (356 B)


Elapsed time: 00:00:04.831

Errors were generated. Please check ./logs/errorlog-20250117_235535.log for details.

Analysis Processing Time: 00:00:04.831
Output Processing Time: 00:00:00.000

fukusuke@fukusukenoMacBook-Air hayabusa-3.0.1-mac-aarch64 % ./hayabusa-old logon-summary -d ../all-evtx -o old --debug -C -q
Generating Logon Summary

Start time: 2025/01/17 23:55
Total event log files: 2,239
Total file size: 8.8 GB

Currently scanning for the logon summary. Please wait.

[00:00:59] 2,239 / 2,239   [========================================] 100%

Scanning finished.


Total Event Records:  6,611,184

First Timestamp:  2009-07-14 13:56:45.074 +09:00
Last Timestamp:  2023-11-06 15:25:53.238 +09:00

Successful logon results: old-successful.csv (10.8 KB)

Failed logon results: old-failed.csv (356 B)


Elapsed time: 00:00:59.615

Errors were generated. Please check ./logs/errorlog-20250117_235644.log for details.

Analysis Processing Time: 00:00:59.614
Output Processing Time: 00:00:00.001

also result file size is same.

fukusuke@fukusukenoMacBook-Air hayabusa-3.0.1-mac-aarch64 % ls -la
total 67160
drwx------@ 15 fukusuke  staff       480  1 17 23:56 .
drwxr-xr-x  15 fukusuke  staff       480 12 31 18:24 ..
-rw-r--r--@  1 fukusuke  staff      6148  1 11 08:39 .DS_Store
drwxr-xr-x@  9 fukusuke  staff       288 12 31 15:59 config
-rwxr-xr-x@  1 fukusuke  staff  11479328  1 17 23:53 hayabusa
-rwxr-xr-x@  1 fukusuke  staff  11379768 12 31 15:59 hayabusa-3.0.1-mac-aarch64
-rwxr-xr-x@  1 fukusuke  staff  11479296  1 17 22:09 hayabusa-old
drwxr-xr-x@ 11 fukusuke  staff       352  1 17 23:56 logs
-rw-r--r--@  1 fukusuke  staff         0  1 17 23:55 new
-rw-r--r--@  1 fukusuke  staff       356  1 17 23:55 new-failed.csv
-rw-r--r--@  1 fukusuke  staff     10822  1 17 23:55 new-successful.csv
-rw-r--r--@  1 fukusuke  staff         0  1 17 23:55 old
-rw-r--r--@  1 fukusuke  staff       356  1 17 23:56 old-failed.csv
-rw-r--r--@  1 fukusuke  staff     10822  1 17 23:56 old-successful.csv
drwxr-xr-x@ 16 fukusuke  staff       512  1 11 08:39 rules

[YamatoSecurity]

LGTM! Thanks so much!