input_wineventlog

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type WinEventLog

type WinEventLog struct {
	// The name of the event log to monitor.
	// Channel names can also be specifid if running on Windows Vista or newer.
	// By default, the value of Name is Application.
	Name string
	// If this option is specified, plugin filters events that are older than the
	// specified amount of time (in second).
	// This option is useful when you are beginning to monitor an event log that contains
	// older records that you would like to ignore. This field is optional.
	// 0 by default, which means collecting all available logs.
	IgnoreOlder uint
	// A whitelist and blacklist of event IDs.
	// The value is a comma-separated list. The accepted values are single event IDs
	// to include (e.g. 4624), a range of event IDs to include (e.g. 4700-4800), and
	// single event IDs to exclude (e.g. -4735).
	// This option is only available on operating systems supporting the Windows Event
	// Log API (Microsoft Windows Vista and newer).
	// Empty by default, do not filter by event IDs.
	EventID string
	// A list of event levels to include. The value is a comma-separated list of levels.
	// This option is only available on operating systems supporting the Windows Event Log
	// API (Microsoft Windows Vista and newer).
	// Empty by default, which is equivalent to "info,warning,error,critical".
	Level string
	// A list of providers (source names) to include.
	// This option is only available on operating systems supporting the Windows Event Log
	// API (Microsoft Windows Vista and newer).
	// Nil by default, do not filter by provider name.
	Provider []string
	// Ignore zero value, for example, "" for string type, 0 for integer type.
	// False by default.
	IgnoreZeroValue bool
	// Interval (seconds) to wait if Read returns empty. 1 by Default
	WaitInterval uint
	// contains filtered or unexported fields
}

WinEventLog represents the plugin to collect Windows event logs.

func (*WinEventLog) Collect

func (w *WinEventLog) Collect(collector pipeline.Collector) error

Collect ...

func (*WinEventLog) Description

func (w *WinEventLog) Description() string

Description ...

func (*WinEventLog) Init

func (w *WinEventLog) Init(context pipeline.Context) (int, error)

Init ...

func (*WinEventLog) Start

func (w *WinEventLog) Start(collector pipeline.Collector) error

Start ...

func (*WinEventLog) Stop

func (w *WinEventLog) Stop() error

Stop ...

Directories

Path Synopsis
common
Thank elastic for these codes.
Thank elastic for these codes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL