eventlog

Documentation

Overview

Package eventlog provides the means for reading event logs from Windows. Windows has two different APIs for reading event logs. This package automatically chooses the appropriate API to use based on what is available in the runtime operating system.

Index

• func Register(apiName string, priority int, producer producer, channels channels)
• type Config
• type EventLog
  • func New(config Config) (EventLog, error)
• type Record
  • func (r Record) String() string
  • func (r Record) ToMapStr() common.MapStr
• type User
  • func (u User) String() string

Functions

func Register

func Register(apiName string, priority int, producer producer, channels channels)

Register registers an EventLog API. Only the APIs that are available for the runtime OS should be registered. Each API must have a unique priority.

Types

type Config

type Config struct {
	Name          string // Name of the event log or channel.
	RemoteAddress string // Remote computer to connect to. Optional.

	API string // Name of the API to use. Optional.
}

Config is the configuration data used to instantiate a new EventLog.

type EventLog

type EventLog interface {
	// Open the event log. recordNumber is the last successfully read event log
	// record number. Read will resume from recordNumber + 1. To start reading
	// from the first event specify a recordNumber of 0.
	Open(recordNumber uint64) error

	// Read records from the event log.
	Read() ([]Record, error)

	// Close the event log. It should not be re-opened after closing.
	Close() error

	// Name returns the event log's name.
	Name() string
}

EventLog is an interface to a Windows Event Log.

func New

func New(config Config) (EventLog, error)

New creates and returns a new EventLog instance based on the given config and the registered EventLog producers.

type Record

type Record struct {
	API string // The event log API type used to read the record.

	EventLogName  string    // The name of the event log from which this record was read.
	SourceName    string    // The source of the event log record (the application or service that logged the record).
	ComputerName  string    // The name of the computer that generated the record.
	RecordNumber  uint64    // The record number of the event log record.
	EventID       uint32    // The event identifier. The value is specific to the source of the event.
	Level         string    // The level or severity of the event.
	Category      string    // The category for this event. The meaning of this value depends on the event source.
	TimeGenerated time.Time // The timestamp when the record was generated.
	User          *User     // The user that logged the record.

	Message        string   // The message from the event log.
	MessageInserts []string // The raw message data logged by an application.
	MessageErr     error    // The error that occurred while reading and formatting the message from the event log.
}

Record represents a single event from the log.

func (Record) String

func (r Record) String() string

String returns a string representation of Record.

func (Record) ToMapStr

func (r Record) ToMapStr() common.MapStr

ToMapStr returns a new MapStr containing the data from this Record.

type User

type User struct {
	Identifier string // Unique identifier used by Windows to ID the account.
	Name       string // User name
	Domain     string // Domain that the user is a member of
	Type       string // Type of account (e.g. User, Computer, Service)
}

User contains information about a Windows account.

func (User) String

func (u User) String() string

String returns a string representation of Record.