windowsevent

package

v0.0.0-...-eb3d71d Latest Latest Go to latest Published: Nov 27, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Documentation ¶

Rendered for

Overview ¶

Package windowsevent contains utilities to transform Windows Event Log XML messages into structured messages for Datadog Logs.

Index ¶

func MapToMessage(m *Map, source *sources.LogSource, processRawMessage bool) (*message.Message, error)
type Map
- func NewMapXML(eventXML []byte) (*Map, error)
type Message

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MapToMessage ¶

func MapToMessage(m *Map, source *sources.LogSource, processRawMessage bool) (*message.Message, error)

MapToMessage packages a Map into either an unstructured message.Message or a structured one.

Types ¶

type Map ¶

type Map struct {
	mxj.Map
}

Map is a wrapper around mxj.Map that provides additional methods to manipulate the map as it is used in the context of Windows Event Log messages.

func NewMapXML ¶

func NewMapXML(eventXML []byte) (*Map, error)

NewMapXML converts Windows Event Log XML to a map and runs some transforms to normalize the data.

Transforms:

Event.EventData.Data: Convert to a map if values are named, else to a list
Event.EventData.Binary: Convert to a string if it is a utf-16 string
Event.System.EventID: Separate the EventID and Qualifier fields

func (*Map) GetMessage ¶

func (m *Map) GetMessage() string

GetMessage returns the message field from the map.

func (*Map) JSON ¶

func (m *Map) JSON() ([]byte, error)

JSON returns the map as a JSON byte array.

The function replaces any "#text" key with a "value" key.

func (*Map) SetLevel ¶

func (m *Map) SetLevel(level string) error

SetLevel sets the level field in the map. This field is a DD field not a Windows Event Log field.

func (*Map) SetMessage ¶

func (m *Map) SetMessage(message string) error

SetMessage sets the message field in the map. This field is a DD field not a Windows Event Log field. The message is truncated if it is bigger than 128kB to prevent it from being dropped.

func (*Map) SetOpcode ¶

func (m *Map) SetOpcode(opcode string) error

SetOpcode sets the opcode field in the map.

func (*Map) SetTask ¶

func (m *Map) SetTask(task string) error

SetTask sets the task field in the map.

type Message ¶

type Message struct {
	// contains filtered or unexported fields
}

Message implements StructedMessage interface for Windows Event Log messages.

func (*Message) GetContent ¶

func (m *Message) GetContent() []byte

GetContent returns the content part of the structured log.

func (*Message) Render ¶

func (m *Message) Render() ([]byte, error)

Render renders the structured log information into JSON, for further encoding before being sent to the intake.

func (*Message) SetContent ¶

func (m *Message) SetContent(content []byte)

SetContent sets the content part of the structured log.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL