windows

package
v0.97.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2024 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Buffer 

type Buffer struct {
	// contains filtered or unexported fields
}

Buffer is a buffer of utf-16 bytes.

func NewBuffer 

func NewBuffer() Buffer

NewBuffer creates a new buffer with the default buffer size

func (*Buffer) FirstByte 

func (b *Buffer) FirstByte() *byte

FirstByte will return a pointer to the first byte.

func (*Buffer) ReadBytes 

func (b *Buffer) ReadBytes(offset uint32) ([]byte, error)

ReadBytes will read UTF-8 bytes from the buffer, where offset is the number of bytes to be read

func (*Buffer) ReadString 

func (b *Buffer) ReadString(offset uint32) (string, error)

ReadString will read a UTF-8 string from the buffer.

func (*Buffer) ReadWideChars 

func (b *Buffer) ReadWideChars(offset uint32) ([]byte, error)

ReadWideChars will read UTF-8 bytes from the buffer, where offset is the number of wchars to read

func (*Buffer) SizeBytes 

func (b *Buffer) SizeBytes() uint32

SizeBytes will return the size of the buffer as number of bytes.

func (*Buffer) SizeWide 

func (b *Buffer) SizeWide() uint32

SizeWide returns the size of the buffer as number of wchars

func (*Buffer) UpdateSizeBytes 

func (b *Buffer) UpdateSizeBytes(size uint32)

UpdateSizeBytes will update the size of the buffer to fit size bytes.

func (*Buffer) UpdateSizeWide 

func (b *Buffer) UpdateSizeWide(size uint32)

UpdateSizeWide will update the size of the buffer to fit size wchars.

type Config added in v0.91.0 

type Config struct {
	helper.InputConfig `mapstructure:",squash"`
	Channel            string        `mapstructure:"channel"`
	MaxReads           int           `mapstructure:"max_reads,omitempty"`
	StartAt            string        `mapstructure:"start_at,omitempty"`
	PollInterval       time.Duration `mapstructure:"poll_interval,omitempty"`
	Raw                bool          `mapstructure:"raw,omitempty"`
	ExcludeProviders   []string      `mapstructure:"exclude_providers,omitempty"`
}

Config is the configuration of a windows event log operator.

func NewConfig added in v0.91.0 

func NewConfig() *Config

NewConfig will return an event log config with default values.

func NewConfigWithID added in v0.91.0 

func NewConfigWithID(operatorID string) *Config

NewConfig will return an event log config with default values.

type Data added in v0.89.0 

type Data struct {
	// https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-datafieldtype-complextype
	Name  string `xml:"Name,attr"`
	Value string `xml:",chardata"`
}

type EventData added in v0.89.0 

type EventData struct {
	// https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-eventdatatype-complextype
	// ComplexData is not supported.
	Name   string `xml:"Name,attr"`
	Data   []Data `xml:"Data"`
	Binary string `xml:"Binary"`
}

type EventID 

type EventID struct {
	Qualifiers uint16 `xml:"Qualifiers,attr"`
	ID         uint32 `xml:",chardata"`
}

EventID is the identifier of the event.

type EventRaw 

type EventRaw struct {
	TimeCreated   TimeCreated `xml:"System>TimeCreated"`
	RenderedLevel string      `xml:"RenderingInfo>Level"`
	Level         string      `xml:"System>Level"`
	Body          string      `xml:"-"`
}

EventRaw is the rendered xml of an event, however, its message is the original XML of the entire event.

type EventXML 

type EventXML struct {
	EventID          EventID     `xml:"System>EventID"`
	Provider         Provider    `xml:"System>Provider"`
	Computer         string      `xml:"System>Computer"`
	Channel          string      `xml:"System>Channel"`
	RecordID         uint64      `xml:"System>EventRecordID"`
	TimeCreated      TimeCreated `xml:"System>TimeCreated"`
	Message          string      `xml:"RenderingInfo>Message"`
	RenderedLevel    string      `xml:"RenderingInfo>Level"`
	Level            string      `xml:"System>Level"`
	RenderedTask     string      `xml:"RenderingInfo>Task"`
	Task             string      `xml:"System>Task"`
	RenderedOpcode   string      `xml:"RenderingInfo>Opcode"`
	Opcode           string      `xml:"System>Opcode"`
	RenderedKeywords []string    `xml:"RenderingInfo>Keywords>Keyword"`
	Keywords         []string    `xml:"System>Keywords"`
	Security         *Security   `xml:"System>Security"`
	Execution        *Execution  `xml:"System>Execution"`
	EventData        EventData   `xml:"EventData"`
}

EventXML is the rendered xml of an event.

type Execution added in v0.89.0 

type Execution struct {
	// ProcessID and ThreadID are required on execution info
	ProcessID uint `xml:"ProcessID,attr"`
	ThreadID  uint `xml:"ThreadID,attr"`
	// These remaining fields are all optional for execution info
	ProcessorID   *uint `xml:"ProcessorID,attr"`
	SessionID     *uint `xml:"SessionID,attr"`
	KernelTime    *uint `xml:"KernelTime,attr"`
	UserTime      *uint `xml:"UserTime,attr"`
	ProcessorTime *uint `xml:"ProcessorTime,attr"`
}

Execution contains info pertaining to the process that triggered the event.

type Provider 

type Provider struct {
	Name            string `xml:"Name,attr"`
	GUID            string `xml:"Guid,attr"`
	EventSourceName string `xml:"EventSourceName,attr"`
}

Provider is the provider of the event.

type Security added in v0.89.0 

type Security struct {
	UserID string `xml:"UserID,attr"`
}

Security contains info pertaining to the user triggering the event.

type TimeCreated 

type TimeCreated struct {
	SystemTime string `xml:"SystemTime,attr"`
}

TimeCreated is the creation time of the event.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.