windows

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// EvtSubscribeToFutureEvents is a flag that will subscribe to only future events.
	EvtSubscribeToFutureEvents uint32 = 1
	// EvtSubscribeStartAtOldestRecord is a flag that will subscribe to all existing and future events.
	EvtSubscribeStartAtOldestRecord uint32 = 2
	// EvtSubscribeStartAfterBookmark is a flag that will subscribe to all events that begin after a bookmark.
	EvtSubscribeStartAfterBookmark uint32 = 3
)
View Source 
const (
	// ErrorSuccess is an error code that indicates the operation completed successfully.
	ErrorSuccess syscall.Errno = 0
	// ErrorNotSupported is an error code that indicates the operation is not supported.
	ErrorNotSupported syscall.Errno = 50
	// ErrorInsufficientBuffer is an error code that indicates the data area passed to a system call is too small
	ErrorInsufficientBuffer syscall.Errno = 122
	// ErrorNoMoreItems is an error code that indicates no more items are available.
	ErrorNoMoreItems syscall.Errno = 259
	// ErrorInvalidOperation is an error code that indicates the operation identifier is not valid
	ErrorInvalidOperation syscall.Errno = 4317
)
View Source 
const (
	// EvtRenderEventXML is a flag to render an event as an XML string
	EvtRenderEventXML uint32 = 1
	// EvtRenderBookmark is a flag to render a bookmark as an XML string
	EvtRenderBookmark uint32 = 2
)
View Source 
const (
	// EvtFormatMessageXML is flag that formats a message as an XML string that contains all event details and message strings.
	EvtFormatMessageXML uint32 = 9
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Bookmark 

type Bookmark struct {
	// contains filtered or unexported fields
}

Bookmark is a windows event bookmark.

func NewBookmark 

func NewBookmark() Bookmark

NewBookmark will create a new bookmark with an empty handle.

func (*Bookmark) Close 

func (b *Bookmark) Close() error

Close will close the bookmark handle.

func (*Bookmark) Open 

func (b *Bookmark) Open(offsetXML string) error

Open will open the bookmark handle using the supplied xml.

func (*Bookmark) Render 

func (b *Bookmark) Render(buffer Buffer) (string, error)

Render will render the bookmark as xml.

func (*Bookmark) Update 

func (b *Bookmark) Update(event Event) error

Update will update the bookmark using the supplied event.

type Buffer 

type Buffer struct {
	// contains filtered or unexported fields
}

Buffer is a buffer of utf-16 bytes.

func NewBuffer 

func NewBuffer() Buffer

NewBuffer creates a new buffer with the default buffer size

func (*Buffer) FirstByte 

func (b *Buffer) FirstByte() *byte

FirstByte will return a pointer to the first byte.

func (*Buffer) ReadBytes 

func (b *Buffer) ReadBytes(offset uint32) ([]byte, error)

ReadBytes will read UTF-8 bytes from the buffer, where offset is the number of bytes to be read

func (*Buffer) ReadString 

func (b *Buffer) ReadString(offset uint32) (string, error)

ReadString will read a UTF-8 string from the buffer.

func (*Buffer) ReadWideChars added in v0.22.0 

func (b *Buffer) ReadWideChars(offset uint32) ([]byte, error)

ReadWideChars will read UTF-8 bytes from the buffer, where offset is the number of wchars to read

func (*Buffer) SizeBytes added in v0.22.0 

func (b *Buffer) SizeBytes() uint32

SizeBytes will return the size of the buffer as number of bytes.

func (*Buffer) SizeWide added in v0.22.0 

func (b *Buffer) SizeWide() uint32

SizeWide returns the size of the buffer as number of wchars

func (*Buffer) UpdateSizeBytes added in v0.22.0 

func (b *Buffer) UpdateSizeBytes(size uint32)

UpdateSizeBytes will update the size of the buffer to fit size bytes.

func (*Buffer) UpdateSizeWide added in v0.22.0 

func (b *Buffer) UpdateSizeWide(size uint32)

UpdateSizeWide will update the size of the buffer to fit size wchars.

type Event 

type Event struct {
	// contains filtered or unexported fields
}

Event is an event stored in windows event log.

func NewEvent 

func NewEvent(handle uintptr) Event

NewEvent will create a new event from an event handle.

func (*Event) Close 

func (e *Event) Close() error

Close will close the event handle.

func (*Event) RenderFormatted 

func (e *Event) RenderFormatted(buffer Buffer, publisher Publisher) (EventXML, error)

RenderFormatted will render the event as EventXML with formatted info.

func (*Event) RenderSimple 

func (e *Event) RenderSimple(buffer Buffer) (EventXML, error)

RenderSimple will render the event as EventXML without formatted info.

type EventID 

type EventID struct {
	Qualifiers uint16 `xml:"Qualifiers,attr"`
	ID         uint32 `xml:",chardata"`
}

EventID is the identifier of the event.

type EventLogConfig 

type EventLogConfig struct {
	helper.InputConfig `mapstructure:",squash" yaml:",inline"`
	Channel            string          `mapstructure:"channel" json:"channel" yaml:"channel"`
	MaxReads           int             `mapstructure:"max_reads,omitempty" json:"max_reads,omitempty" yaml:"max_reads,omitempty"`
	StartAt            string          `mapstructure:"start_at,omitempty" json:"start_at,omitempty" yaml:"start_at,omitempty"`
	PollInterval       helper.Duration `mapstructure:"poll_interval,omitempty" json:"poll_interval,omitempty" yaml:"poll_interval,omitempty"`
}

EventLogConfig is the configuration of a windows event log operator.

func NewDefaultConfig 

func NewDefaultConfig() *EventLogConfig

NewDefaultConfig will return an event log config with default values.

func (*EventLogConfig) Build 

func (c *EventLogConfig) Build(context operator.BuildContext) ([]operator.Operator, error)

Build will build a windows event log operator.

type EventLogInput 

type EventLogInput struct {
	helper.InputOperator
	// contains filtered or unexported fields
}

EventLogInput is an operator that creates entries using the windows event log api.

func (*EventLogInput) Start 

func (e *EventLogInput) Start(persister operator.Persister) error

Start will start reading events from a subscription.

func (*EventLogInput) Stop 

func (e *EventLogInput) Stop() error

Stop will stop reading events from a subscription.

type EventXML 

type EventXML struct {
	EventID     EventID     `xml:"System>EventID"`
	Provider    Provider    `xml:"System>Provider"`
	Computer    string      `xml:"System>Computer"`
	Channel     string      `xml:"System>Channel"`
	RecordID    uint64      `xml:"System>EventRecordID"`
	TimeCreated TimeCreated `xml:"System>TimeCreated"`
	Message     string      `xml:"RenderingInfo>Message"`
	Level       string      `xml:"RenderingInfo>Level"`
	Task        string      `xml:"RenderingInfo>Task"`
	Opcode      string      `xml:"RenderingInfo>Opcode"`
	Keywords    []string    `xml:"RenderingInfo>Keywords>Keyword"`
}

EventXML is the rendered xml of an event.

type Provider 

type Provider struct {
	Name            string `xml:"Name,attr"`
	GUID            string `xml:"Guid,attr"`
	EventSourceName string `xml:"EventSourceName,attr"`
}

Provider is the provider of the event.

type Publisher 

type Publisher struct {
	// contains filtered or unexported fields
}

Publisher is a windows event metadata publisher.

func NewPublisher 

func NewPublisher() Publisher

NewPublisher will create a new publisher with an empty handle.

func (*Publisher) Close 

func (p *Publisher) Close() error

Close will close the publisher handle.

func (*Publisher) Open 

func (p *Publisher) Open(provider string) error

Open will open the publisher handle using the supplied provider.

type Subscription 

type Subscription struct {
	// contains filtered or unexported fields
}

Subscription is a subscription to a windows eventlog channel.

func NewSubscription 

func NewSubscription() Subscription

NewSubscription will create a new subscription with an empty handle.

func (*Subscription) Close 

func (s *Subscription) Close() error

Close will close the subscription.

func (*Subscription) Open 

func (s *Subscription) Open(channel string, startAt string, bookmark Bookmark) error

Open will open the subscription handle.

func (*Subscription) Read 

func (s *Subscription) Read(maxReads int) ([]Event, error)

Read will read events from the subscription.

type SyscallProc 

type SyscallProc interface {
	Call(...uintptr) (uintptr, uintptr, error)
}

SyscallProc is a syscall procedure.

type TimeCreated 

type TimeCreated struct {
	SystemTime string `xml:"SystemTime,attr"`
}

TimeCreated is the creation time of the event.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.