Documentation ¶
Overview ¶
Package winevtapi implements the evtapi.API interface with the Windows Event Log API
Index ¶
- Constants
- type API
- func (api *API) DeregisterEventSource(EventLog evtapi.EventSourceHandle) error
- func (api *API) EvtClearLog(ChannelPath string) error
- func (api *API) EvtClose(h windows.Handle)
- func (api *API) EvtCreateBookmark(BookmarkXML string) (evtapi.EventBookmarkHandle, error)
- func (api *API) EvtCreateRenderContext(ValuePaths []string, Flags uint) (evtapi.EventRenderContextHandle, error)
- func (api *API) EvtFormatMessage(PublisherMetadata evtapi.EventPublisherMetadataHandle, ...) (string, error)
- func (api *API) EvtNext(Session evtapi.EventResultSetHandle, EventsArray []evtapi.EventRecordHandle, ...) ([]evtapi.EventRecordHandle, error)
- func (api *API) EvtOpenPublisherMetadata(PublisherID string, LogFilePath string) (evtapi.EventPublisherMetadataHandle, error)
- func (api *API) EvtOpenSession(Server string, User string, Domain string, Password string, Flags uint) (evtapi.EventSessionHandle, error)
- func (api *API) EvtRenderBookmark(Fragment evtapi.EventBookmarkHandle) ([]uint16, error)
- func (api *API) EvtRenderEventValues(Context evtapi.EventRenderContextHandle, Fragment evtapi.EventRecordHandle) (evtapi.EvtVariantValues, error)
- func (api *API) EvtRenderEventXml(Fragment evtapi.EventRecordHandle) ([]uint16, error)
- func (api *API) EvtSubscribe(Session evtapi.EventSessionHandle, SignalEvent evtapi.WaitEventHandle, ...) (evtapi.EventResultSetHandle, error)
- func (api *API) EvtUpdateBookmark(Bookmark evtapi.EventBookmarkHandle, Event evtapi.EventRecordHandle) error
- func (api *API) RegisterEventSource(SourceName string) (evtapi.EventSourceHandle, error)
- func (api *API) ReportEvent(EventLog evtapi.EventSourceHandle, Type uint, Category uint, EventID uint, ...) error
- type EVT_RPC_LOGIN
Constants ¶
const (
EvtRpcLogin = 1
)
EVT_LOGIN_CLASS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_login_class
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type API ¶
type API struct{}
API implements Golang wrappers for Windows Event Log API methods https://learn.microsoft.com/en-us/windows/win32/wes/windows-event-log-functions
func (*API) DeregisterEventSource ¶
func (api *API) DeregisterEventSource(EventLog evtapi.EventSourceHandle) error
DeregisterEventSource wrapper https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-deregistereventsource
func (*API) EvtClearLog ¶
EvtClearLog wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtclearlog
func (*API) EvtClose ¶
EvtClose wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtclose
func (*API) EvtCreateBookmark ¶
func (api *API) EvtCreateBookmark(BookmarkXML string) (evtapi.EventBookmarkHandle, error)
EvtCreateBookmark wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtcreatebookmark
func (*API) EvtCreateRenderContext ¶
func (api *API) EvtCreateRenderContext(ValuePaths []string, Flags uint) (evtapi.EventRenderContextHandle, error)
EvtCreateRenderContext wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtcreaterendercontext
func (*API) EvtFormatMessage ¶
func (api *API) EvtFormatMessage( PublisherMetadata evtapi.EventPublisherMetadataHandle, Event evtapi.EventRecordHandle, MessageID uint, _ evtapi.EvtVariantValues, Flags uint) (string, error)
EvtFormatMessage wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtformatmessage
func (*API) EvtNext ¶
func (api *API) EvtNext( Session evtapi.EventResultSetHandle, EventsArray []evtapi.EventRecordHandle, EventsSize uint, Timeout uint) ([]evtapi.EventRecordHandle, error)
EvtNext wrapper. Must pass on every handle returned to EvtClose when finished using the handle. https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtnext
func (*API) EvtOpenPublisherMetadata ¶
func (api *API) EvtOpenPublisherMetadata( PublisherID string, LogFilePath string) (evtapi.EventPublisherMetadataHandle, error)
EvtOpenPublisherMetadata wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenpublishermetadata
func (*API) EvtOpenSession ¶
func (api *API) EvtOpenSession( Server string, User string, Domain string, Password string, Flags uint, ) (evtapi.EventSessionHandle, error)
EvtOpenSession wrapper
NOTE: The connection is not made and the creds are not validated at the time of this call. Those operations occur when the session is first used (e.g. EvtSubscribe)
https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopensession
func (*API) EvtRenderBookmark ¶
func (api *API) EvtRenderBookmark(Fragment evtapi.EventBookmarkHandle) ([]uint16, error)
EvtRenderBookmark wraps EvtRender with EvtRenderBookmark https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtrender
func (*API) EvtRenderEventValues ¶
func (api *API) EvtRenderEventValues(Context evtapi.EventRenderContextHandle, Fragment evtapi.EventRecordHandle) (evtapi.EvtVariantValues, error)
EvtRenderEventValues renders EvtRenderEventValues https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtrender
func (*API) EvtRenderEventXml ¶
func (api *API) EvtRenderEventXml(Fragment evtapi.EventRecordHandle) ([]uint16, error)
EvtRenderEventXml wraps EvtRender with EvtRenderEventXml https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtrender
func (*API) EvtSubscribe ¶
func (api *API) EvtSubscribe( Session evtapi.EventSessionHandle, SignalEvent evtapi.WaitEventHandle, ChannelPath string, Query string, Bookmark evtapi.EventBookmarkHandle, Flags uint) (evtapi.EventResultSetHandle, error)
EvtSubscribe wrapper. Must pass the returned handle to EvtClose when finished using the handle. https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtsubscribe
func (*API) EvtUpdateBookmark ¶
func (api *API) EvtUpdateBookmark(Bookmark evtapi.EventBookmarkHandle, Event evtapi.EventRecordHandle) error
EvtUpdateBookmark wrapper https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtupdatebookmark
func (*API) RegisterEventSource ¶
func (api *API) RegisterEventSource(SourceName string) (evtapi.EventSourceHandle, error)
RegisterEventSource wrapper https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-registereventsourcew
func (*API) ReportEvent ¶
func (api *API) ReportEvent( EventLog evtapi.EventSourceHandle, Type uint, Category uint, EventID uint, UserSID *windows.SID, Strings []string, RawData []uint8) error
ReportEvent wrapper https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-reporteventw
type EVT_RPC_LOGIN ¶
type EVT_RPC_LOGIN struct { Server *uint16 User *uint16 Domain *uint16 Password *uint16 Flags uint }
EVT_RPC_LOGIN is a C struct used when calling EvtOpenSession https://learn.microsoft.com/en-us/windows/win32/api/winevt/ns-winevt-evt_rpc_login