Documentation
¶
Overview ¶
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system.
It can be used on new versions of Windows (i.e. Windows Vista, Windows 7, Windows Server 2008, Windows Server 2012), but the preferred API for those systems is the Windows Event Log API. See the wineventlog package.
Index ¶
- Constants
- func ClearEventLog(handle Handle, backupFileName string) error
- func CloseEventLog(handle Handle) error
- func EventLogs() ([]string, error)
- func FreeLibrary(handle uintptr) error
- func GetNumberOfEventLogRecords(handle Handle) (uint32, error)
- func GetOldestEventLogRecord(handle Handle) (uint32, error)
- func IsAvailable() (bool, error)
- func ReadEventLog(handle Handle, flags EventLogReadFlag, recordID uint32, buffer []byte) (int, error)
- func RemoveWindowsLineEndings(s string) string
- func UTF16BytesToString(b []byte) (string, int, error)
- type Event
- type EventLogReadFlag
- type EventType
- type FileHandle
- type Handle
- type InsufficientBufferError
- type MessageFiles
- type SID
- type SIDType
Constants ¶
const ( // MaxEventBufferSize is the maximum buffer size supported by ReadEventLog. MaxEventBufferSize = 0x7ffff // MaxFormatMessageBufferSize is the maximum buffer size supported by FormatMessage. MaxFormatMessageBufferSize = 1 << 16 )
const ( ERROR_MR_MID_NOT_FOUND syscall.Errno = 317 ERROR_EVENTLOG_FILE_CORRUPT syscall.Errno = 1500 ERROR_EVENTLOG_FILE_CHANGED syscall.Errno = 1503 )
Event Log Error Codes https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
const ( DONT_RESOLVE_DLL_REFERENCES uint32 = 0x0001 LOAD_LIBRARY_AS_DATAFILE uint32 = 0x0002 LOAD_WITH_ALTERED_SEARCH_PATH uint32 = 0x0008 LOAD_IGNORE_CODE_AUTHZ_LEVEL uint32 = 0x0010 LOAD_LIBRARY_AS_IMAGE_RESOURCE uint32 = 0x0020 LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE uint32 = 0x0040 LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR uint32 = 0x0100 LOAD_LIBRARY_SEARCH_APPLICATION_DIR uint32 = 0x0200 LOAD_LIBRARY_SEARCH_USER_DIRS uint32 = 0x0400 LOAD_LIBRARY_SEARCH_SYSTEM32 uint32 = 0x0800 LOAD_LIBRARY_SEARCH_DEFAULT_DIRS uint32 = 0x1000 )
Flags to use with LoadLibraryEx. https://msdn.microsoft.com/en-us/library/windows/desktop/ms684179(v=vs.85).aspx
const ( // Do not reorder. EVENTLOG_SUCCESS EventType = 0 EVENTLOG_ERROR_TYPE = 1 << (iota - 1) EVENTLOG_WARNING_TYPE EVENTLOG_INFORMATION_TYPE EVENTLOG_AUDIT_SUCCESS EVENTLOG_AUDIT_FAILURE )
EventType values.
Variables ¶
This section is empty.
Functions ¶
func ClearEventLog ¶
func CloseEventLog ¶
func FreeLibrary ¶
FreeLibrary frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count. When the reference count reaches zero, the module is unloaded from the address space of the calling process and the handle is no longer valid.
func GetOldestEventLogRecord ¶
func IsAvailable ¶
IsAvailable returns true if the Event Logging API is supported by this operating system. If not supported then false is returned with the accompanying error.
func ReadEventLog ¶
func RemoveWindowsLineEndings ¶
RemoveWindowsLineEndings replaces CRLF with LF and trims any newline character that may exist at the end of the string.
Types ¶
type Event ¶
type Event struct {
RecordID uint32 `json:",omitempty"`
TimeGenerated *time.Time `json:",omitempty"`
TimeWritten *time.Time `json:",omitempty"`
EventID uint32 `json:",omitempty"`
Level string `json:",omitempty"`
SourceName string `json:",omitempty"`
Computer string `json:",omitempty"`
UserSID *SID `json:",omitempty"`
UserSIDErr error
// Strings that must be resolved by DLL lookups.
Message string `json:",omitempty"`
Category string `json:",omitempty"`
MessageInserts []string // Strings inserted into a message template to
// create Message.
MessageErr error // Possible error that occurred while formatting Message.
}
func RenderEvents ¶
type EventLogReadFlag ¶
type EventLogReadFlag uint32
EventLogReadFlag indicates how to read the log file.
const ( EVENTLOG_SEQUENTIAL_READ EventLogReadFlag = 1 << iota EVENTLOG_SEEK_READ EVENTLOG_FORWARDS_READ EVENTLOG_BACKWARDS_READ )
EventLogReadFlag values. https://msdn.microsoft.com/en-us/library/windows/desktop/aa363674(v=vs.85).aspx
type EventType ¶
type EventType uint16
EventType identifies the five types of events that can be logged by applications.
type FileHandle ¶
type FileHandle struct {
File string // Fully-qualified path to the event message file.
Handle uintptr // Handle to the loaded event message file.
Err error // Error that occurred while loading Handle.
}
FileHandle contains the handle to a single Windows message file.
type InsufficientBufferError ¶
type InsufficientBufferError struct {
Cause error
RequiredSize int // Size of the buffer that is required.
}
InsufficientBufferError indicates the buffer passed to a system call is too small.
func (InsufficientBufferError) Error ¶
func (e InsufficientBufferError) Error() string
type MessageFiles ¶
type MessageFiles struct {
SourceName string
Err error
Handles []FileHandle
}
MessageFiles contains handles to event message files associated with an event log source.
func QueryEventMessageFiles ¶
func QueryEventMessageFiles(providerName, sourceName string) MessageFiles
QueryEventMessageFiles queries the registry to get the value of the EventMessageFile key that points to a DLL or EXE containing parameterized event log messages. If found, it loads the libraries as a datafiles and returns a slice of Handles to the libraries. Those handles must be closed by the caller.
type SIDType ¶
type SIDType uint32
SIDType identifies the type of a security identifier (SID).
Source Files