evtapi

package
v0.62.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2025 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package evtapi defines the interface and common types for interacting with the Windows Event Log API from Golang

Index

Constants

View Source
const (
	EvtSubscribeToFutureEvents      = 1
	EvtSubscribeStartAtOldestRecord = 2
	EvtSubscribeStartAfterBookmark  = 3
	EvtSubscribeOriginMask          = 3
	EvtSubscribeTolerateQueryErrors = 0x1000
	EvtSubscribeStrict              = 0x10000
)

EVT_SUBSCRIBE_FLAGS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_subscribe_flags

View Source
const (
	EvtRenderContextValues = iota
	EvtRenderContextSystem
	EvtRenderContextUser
)

EVT_RENDER_CONTEXT_FLAGS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_render_context_flags

View Source
const (
	EvtRenderEventValues = iota
	EvtRenderEventXml
	EvtRenderBookmark
)

EVT_RENDER_FLAGS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_render_flags

View Source
const (
	EvtVarTypeNull       = 0
	EvtVarTypeString     = 1
	EvtVarTypeAnsiString = 2
	EvtVarTypeSByte      = 3
	EvtVarTypeByte       = 4
	EvtVarTypeInt16      = 5
	EvtVarTypeUInt16     = 6
	EvtVarTypeInt32      = 7
	EvtVarTypeUInt32     = 8
	EvtVarTypeInt64      = 9
	EvtVarTypeUInt64     = 10
	EvtVarTypeSingle     = 11
	EvtVarTypeDouble     = 12
	EvtVarTypeBoolean    = 13
	EvtVarTypeBinary     = 14
	EvtVarTypeGuid       = 15
	EvtVarTypeSizeT      = 16
	EvtVarTypeFileTime   = 17
	EvtVarTypeSysTime    = 18
	EvtVarTypeSid        = 19
	EvtVarTypeHexInt32   = 20
	EvtVarTypeHexInt64   = 21
	EvtVarTypeEvtHandle  = 32
	EvtVarTypeEvtXml     = 35
)

EVT_VARIANT_TYPE https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_variant_type

View Source
const (
	EvtSystemProviderName = iota
	EvtSystemProviderGuid
	EvtSystemEventID
	EvtSystemQualifiers
	EvtSystemLevel
	EvtSystemTask
	EvtSystemOpcode
	EvtSystemKeywords
	EvtSystemTimeCreated
	EvtSystemEventRecordId
	EvtSystemActivityID
	EvtSystemRelatedActivityID
	EvtSystemProcessID
	EvtSystemThreadID
	EvtSystemChannel
	EvtSystemComputer
	EvtSystemUserID
	EvtSystemVersion
	EvtSystemPropertyIdEND
)

EVT_SYSTEM_PROPERTY_ID https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_system_property_id

View Source
const (
	EvtFormatMessageEvent = iota + 1
	EvtFormatMessageLevel
	EvtFormatMessageTask
	EvtFormatMessageOpcode
	EvtFormatMessageKeyword
	EvtFormatMessageChannel
	EvtFormatMessageProvider
	EvtFormatMessageId
	EvtFormatMessageXml
)

EVT_FORMAT_MESSAGE_FLAGS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_format_message_flags

View Source
const (
	EvtRpcLoginAuthDefault = iota
	EvtRpcLoginAuthNegotiate
	EvtRpcLoginAuthKerberos
	EvtRpcLoginAuthNTLM
)

EVT_RPC_LOGIN_FLAGS https://learn.microsoft.com/en-us/windows/win32/api/winevt/ne-winevt-evt_rpc_login_flags

Variables

This section is empty.

Functions

func EvtCloseBookmark

func EvtCloseBookmark(api API, h EventBookmarkHandle)

EvtCloseBookmark closes EventBookmarkHandle

func EvtClosePublisherMetadata

func EvtClosePublisherMetadata(api API, h EventPublisherMetadataHandle)

EvtClosePublisherMetadata closes EventPublisherMetadataHandle

func EvtCloseRecord

func EvtCloseRecord(api API, h EventRecordHandle)

EvtCloseRecord closes EventRecordHandle

func EvtCloseRenderContext

func EvtCloseRenderContext(api API, h EventRenderContextHandle)

EvtCloseRenderContext closes EventRenderContextHandle

func EvtCloseResultSet

func EvtCloseResultSet(api API, h EventResultSetHandle)

EvtCloseResultSet closes EventResultSetHandle

func EvtCloseSession

func EvtCloseSession(api API, h EventSessionHandle)

EvtCloseSession closes EventSessionHandle

Types

type API

type API interface {
	EvtSubscribe(
		Session EventSessionHandle,
		SignalEvent WaitEventHandle,
		ChannelPath string,
		Query string,
		Bookmark EventBookmarkHandle,
		Flags uint) (EventResultSetHandle, error)

	EvtNext(
		Session EventResultSetHandle,
		EventsArray []EventRecordHandle,
		EventsSize uint,
		Timeout uint) ([]EventRecordHandle, error)

	EvtClose(h windows.Handle)

	EvtRenderEventXml(Fragment EventRecordHandle) ([]uint16, error)

	EvtRenderBookmark(Fragment EventBookmarkHandle) ([]uint16, error)

	EvtCreateRenderContext(ValuePaths []string, Flags uint) (EventRenderContextHandle, error)

	// Note: Must call .Close() on the return value when done using it
	EvtRenderEventValues(Context EventRenderContextHandle, Fragment EventRecordHandle) (EvtVariantValues, error)

	EvtCreateBookmark(BookmarkXML string) (EventBookmarkHandle, error)

	EvtUpdateBookmark(Bookmark EventBookmarkHandle, Event EventRecordHandle) error

	EvtOpenPublisherMetadata(
		PublisherID string,
		LogFilePath string) (EventPublisherMetadataHandle, error)

	EvtFormatMessage(
		PublisherMetadata EventPublisherMetadataHandle,
		Event EventRecordHandle,
		MessageID uint,
		Values EvtVariantValues,
		Flags uint) (string, error)

	EvtOpenSession(
		Server string,
		User string,
		Domain string,
		Password string,
		Flags uint,
	) (EventSessionHandle, error)

	// Windows Event Logging methods
	RegisterEventSource(SourceName string) (EventSourceHandle, error)

	DeregisterEventSource(EventLog EventSourceHandle) error

	EvtClearLog(ChannelPath string) error

	ReportEvent(
		EventLog EventSourceHandle,
		Type uint,
		Category uint,
		EventID uint,
		UserSID *windows.SID,
		Strings []string,
		RawData []uint8) error
}

API is an interface for Windows Event Log API methods https://learn.microsoft.com/en-us/windows/win32/wes/windows-event-log-functions

type EventBookmarkHandle

type EventBookmarkHandle windows.Handle

EventBookmarkHandle is a typed windows.Handle returned from EvtCreateBookmark

type EventPublisherMetadataHandle

type EventPublisherMetadataHandle windows.Handle

EventPublisherMetadataHandle is a typed windows.Handle returned from EvtOpenPublisherMetadata

type EventRecord

type EventRecord struct {
	EventRecordHandle EventRecordHandle
}

EventRecord is a light wrapper around EventRecordHandle for now. In the future it may contain other fields to assist in event rendering.

type EventRecordHandle

type EventRecordHandle windows.Handle

EventRecordHandle is a typed windows.Handle returned from EvtNext

type EventRenderContextHandle

type EventRenderContextHandle windows.Handle

EventRenderContextHandle is a typed windows.Handle returned from EvtCreateRenderContext

type EventResultSetHandle

type EventResultSetHandle windows.Handle

EventResultSetHandle is a typed windows.Handle returned from EvtQuery and EvtSubscribe

type EventSessionHandle

type EventSessionHandle windows.Handle

EventSessionHandle is a typed windows.Handle returned from EvtOpenSession

type EventSourceHandle

type EventSourceHandle windows.Handle

EventSourceHandle is a typed windows.Handle returned from RegisterEventSource

type EvtVariantValues

type EvtVariantValues interface {
	// Each type method accepts an index argument that determines which element in the
	// array to return.
	String(uint) (string, error)

	UInt(uint) (uint64, error)

	// Returns unix timestamp in seconds
	Time(uint) (int64, error)

	// Returns a SID
	SID(uint) (*windows.SID, error)

	// Returns the EVT_VARIANT_TYPE of the element at index
	Type(uint) (uint, error)

	// Buffer to raw EVT_VARIANT buffer
	Buffer() unsafe.Pointer

	// The number of values
	Count() uint

	// Free resources
	Close()
}

EvtVariantValues is returned from EvtRenderEventValues https://learn.microsoft.com/en-us/windows/win32/api/winevt/ns-winevt-evt_variant

type WaitEventHandle

type WaitEventHandle windows.Handle

WaitEventHandle is a typed windows.Handle returned from CreateEvent

Directories

Path Synopsis
Package fakeevtapi is a fake implementation of the Windows Event Log API intended to be used in tests.
Package fakeevtapi is a fake implementation of the Windows Event Log API intended to be used in tests.
Package winevtapi implements the evtapi.API interface with the Windows Event Log API
Package winevtapi implements the evtapi.API interface with the Windows Event Log API

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL