windowsevent

package
v0.0.0-...-f4cfdf3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package windowsevent contains utilities to transform Windows Event Log XML messages into structured messages for Datadog Logs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MapToMessage

func MapToMessage(m *Map, source *sources.LogSource, processRawMessage bool) (*message.Message, error)

MapToMessage packages a Map into either an unstructured message.Message or a structured one.

Types

type Map

type Map struct {
	mxj.Map
}

Map is a wrapper around mxj.Map that provides additional methods to manipulate the map as it is used in the context of Windows Event Log messages.

func NewMapXML

func NewMapXML(eventXML []byte) (*Map, error)

NewMapXML converts Windows Event Log XML to a map and runs some transforms to normalize the data.

Transforms:

  • Event.EventData.Data: Convert to a map if values are named, else to a list
  • Event.EventData.Binary: Convert to a string if it is a utf-16 string
  • Event.System.EventID: Separate the EventID and Qualifier fields

func (*Map) GetMessage

func (m *Map) GetMessage() string

GetMessage returns the message field from the map.

func (*Map) JSON

func (m *Map) JSON() ([]byte, error)

JSON returns the map as a JSON byte array.

The function replaces any "#text" key with a "value" key.

func (*Map) SetLevel

func (m *Map) SetLevel(level string) error

SetLevel sets the level field in the map. This field is a DD field not a Windows Event Log field.

func (*Map) SetMessage

func (m *Map) SetMessage(message string) error

SetMessage sets the message field in the map. This field is a DD field not a Windows Event Log field. The message is truncated if it is bigger than 128kB to prevent it from being dropped.

func (*Map) SetOpcode

func (m *Map) SetOpcode(opcode string) error

SetOpcode sets the opcode field in the map.

func (*Map) SetTask

func (m *Map) SetTask(task string) error

SetTask sets the task field in the map.

type Message

type Message struct {
	// contains filtered or unexported fields
}

Message implements StructedMessage interface for Windows Event Log messages.

func (*Message) GetContent

func (m *Message) GetContent() []byte

GetContent returns the content part of the structured log.

func (*Message) Render

func (m *Message) Render() ([]byte, error)

Render renders the structured log information into JSON, for further encoding before being sent to the intake.

func (*Message) SetContent

func (m *Message) SetContent(content []byte)

SetContent sets the content part of the structured log.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL