Documentation ¶
Index ¶
Constants ¶
View Source
const ( EvtVarTypeNull = iota EvtVarTypeString EvtVarTypeAnsiString EvtVarTypeSByte EvtVarTypeByte EvtVarTypeInt16 EvtVarTypeUInt16 EvtVarTypeInt32 EvtVarTypeUInt32 EvtVarTypeInt64 EvtVarTypeUInt64 EvtVarTypeSingle EvtVarTypeDouble EvtVarTypeBoolean EvtVarTypeBinary EvtVarTypeGuid EvtVarTypeSizeT EvtVarTypeFileTime EvtVarTypeSysTime EvtVarTypeSid EvtVarTypeHexInt32 EvtVarTypeHexInt64 EvtVarTypeEvtHandle EvtVarTypeEvtXml )
Variables ¶
This section is empty.
Functions ¶
func UTF16ToString ¶
Types ¶
type BookmarkHandle ¶
type BookmarkHandle uint64
type EventHandle ¶
type EventHandle uint64
type EvtVariant ¶
type EvtVariant []byte
func NewEvtVariant ¶
func NewEvtVariant(buffer []byte) EvtVariant
Given a byte array from EvtRender, make an EvtVariant.
EvtVariant wraps an array of variables.
func (EvtVariant) FileTime ¶
func (e EvtVariant) FileTime(index uint32) (time.Time, error)
Return the FileTime at `index`, converted to Time.time. If the
variable isn't a FileTime an error is returned
func (EvtVariant) Int ¶
func (e EvtVariant) Int(index uint32) (int64, error)
Return the integer value at `index`. If the variable
isn't a SByte, Int16, Int32 or Int64 an error is returned.
func (EvtVariant) IsNull ¶
func (e EvtVariant) IsNull(index uint32) bool
Return whether the variable was actually set, or whether it
has null type
type ListenerHandle ¶
type ListenerHandle uint64
type LogEventCallback ¶
type LogEventCallback interface { PublishError(error) PublishEvent(EventHandle, string) }
type LogEventCallbackWrapper ¶
type LogEventCallbackWrapper struct {
// contains filtered or unexported fields
}
type PublisherHandle ¶
type PublisherHandle uint64
type SysRenderContext ¶
type SysRenderContext uint64
type WinLogEvent ¶
type WinLogEvent struct { //XML Xml string XmlErr error // From EvtRender ProviderName string EventId uint64 Qualifiers uint64 Level uint64 Task uint64 Opcode uint64 Created time.Time RecordId uint64 ProcessId uint64 ThreadId uint64 Channel string ComputerName string Version uint64 RenderedFieldsErr error // From EvtFormatMessage Msg string LevelText string TaskText string OpcodeText string Keywords string ChannelText string ProviderText string IdText string PublisherHandleErr error // Serialied XML bookmark to // restart at this event Bookmark string // Subscribed channel from which the event was retrieved, // which may be different than the event's channel SubscribedChannel string }
Stores the common fields from a log event
type WinLogWatcher ¶
type WinLogWatcher struct { // Optionally render localized fields. EvtFormatMessage() is slow, so // skipping these fields provides a big speedup. RenderKeywords bool RenderMessage bool RenderLevel bool RenderTask bool RenderProvider bool RenderOpcode bool RenderChannel bool RenderId bool // contains filtered or unexported fields }
Watches one or more event log channels and publishes events and errors to Go channels
Click to show internal directories.
Click to hide internal directories.