From 7279f02ca4ab69efe352fc1620132ea445ff947d Mon Sep 17 00:00:00 2001
From: Armen Tashjian <armtash@yelp.com>
Date: Mon, 30 Apr 2018 16:36:15 -0700
Subject: [PATCH] add atime to returned file data

---
 README.md                    | 1 +
 osxcollector/osxcollector.py | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index ed8e079..bbbc803 100644
--- a/README.md
+++ b/README.md
@@ -148,6 +148,7 @@ Each line of the JSON file records 1 _piece of information_.  There are some com
 
 ##### File Records
 For records representing files there are a bunch of useful keys:
+* `atime`: The file accessed time.
 * `ctime`: The file creation time.
 * `mtime`: The file modified time.
 * `file_path`: The absolute path to the file.
diff --git a/osxcollector/osxcollector.py b/osxcollector/osxcollector.py
index a704fbc..72320dc 100644
--- a/osxcollector/osxcollector.py
+++ b/osxcollector/osxcollector.py
@@ -292,12 +292,14 @@ def _get_file_info(file_path, log_xattr=False):
         dict with key ['md5', 'sha1', 'sha2', file_path', 'mtime', 'ctime']
     """
     md5_hash, sha1_hash, sha2_hash = '', '', ''
+    atime = ''
     mtime = ''
     ctime = ''
     extra_data_check = ''
     extra_data_found = False
 
     if os.path.isfile(file_path):
+        atime = _datetime_to_string(datetime.fromtimestamp(os.path.getatime(file_path)))
         mtime = _datetime_to_string(datetime.fromtimestamp(os.path.getmtime(file_path)))
         ctime = _datetime_to_string(datetime.fromtimestamp(os.path.getctime(file_path)))
         md5_hash, sha1_hash, sha2_hash = _hash_file(file_path)
@@ -322,6 +324,7 @@ def _get_file_info(file_path, log_xattr=False):
             'sha1': sha1_hash,
             'sha2': sha2_hash,
             'file_path': file_path,
+            'atime': atime,
             'mtime': mtime,
             'ctime': ctime,
             'signature_chain': signature_chain,