Documentation
¶
Overview ¶
Package sys provides common data structures and utilties functions that are used by the subpackages for interfacing with the system level APIs to collect event log records from Windows.
Index ¶
- func RemoveWindowsLineEndings(s string) string
- func UTF16BytesToString(b []byte) (string, int, error)
- type Correlation
- type Event
- type EventData
- type EventIdentifier
- type Execution
- type FileHandle
- type InsufficientBufferError
- type KeyValue
- type MessageFiles
- type Provider
- type SID
- type SIDType
- type TimeCreated
- type UserData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RemoveWindowsLineEndings ¶
RemoveWindowsLineEndings replaces carriage return line feed (CRLF) with line feed (LF) and trims any newline character that may exist at the end of the string.
Types ¶
type Correlation ¶
type Correlation struct {
ActivityID string `xml:"ActivityID,attr"`
RelatedActivityID string `xml:"RelatedActivityID,attr"`
}
Correlation contains activity identifiers that consumers can use to group related events together.
type Event ¶
type Event struct {
// System
Provider Provider `xml:"System>Provider"`
EventIdentifier EventIdentifier `xml:"System>EventID"`
Version uint8 `xml:"System>Version"`
LevelRaw uint8 `xml:"System>Level"`
TaskRaw uint16 `xml:"System>Task"`
OpcodeRaw uint8 `xml:"System>Opcode"`
TimeCreated TimeCreated `xml:"System>TimeCreated"`
RecordID uint64 `xml:"System>EventRecordID"`
Correlation Correlation `xml:"System>Correlation"`
Execution Execution `xml:"System>Execution"`
Channel string `xml:"System>Channel"`
Computer string `xml:"System>Computer"`
User SID `xml:"System>Security"`
EventData EventData `xml:"EventData"`
UserData UserData `xml:"UserData"`
// RenderingInfo
Message string `xml:"RenderingInfo>Message"`
Level string `xml:"RenderingInfo>Level"`
Task string `xml:"RenderingInfo>Task"`
Opcode string `xml:"RenderingInfo>Opcode"`
Keywords []string `xml:"RenderingInfo>Keywords>Keyword"`
// ProcessingErrorData
RenderErrorCode uint32 `xml:"ProcessingErrorData>ErrorCode"`
RenderErrorDataItemName string `xml:"ProcessingErrorData>DataItemName"`
RenderErr string
}
Event holds the data from a log record.
func UnmarshalEventXML ¶
UnmarshalEventXML unmarshals the given XML into a new Event.
type EventData ¶
type EventData struct {
Pairs []KeyValue `xml:",any"`
}
EventData contains the event data. The EventData section is used if the message provider template does not contain a UserData section.
type EventIdentifier ¶
type EventIdentifier struct {
Qualifiers uint16 `xml:"Qualifiers,attr"`
ID uint32 `xml:",chardata"`
}
EventIdentifier is the identifer that the provider uses to identify a specific event type.
type Execution ¶
type Execution struct {
ProcessID uint32 `xml:"ProcessID,attr"`
ThreadID uint32 `xml:"ThreadID,attr"`
// Only available for events logged to an event tracing log file (.etl file).
ProcessorID uint32 `xml:"ProcessorID,attr"`
SessionID uint32 `xml:"SessionID,attr"`
KernelTime uint32 `xml:"KernelTime,attr"`
UserTime uint32 `xml:"UserTime,attr"`
ProcessorTime uint32 `xml:"ProcessorTime,attr"`
}
Execution contains information about the process and thread that logged the event.
type FileHandle ¶
type FileHandle struct {
File string // Fully-qualified path to the event message file.
Handle uintptr // Handle to the loaded event message file.
Err error // Error that occurred while loading Handle.
}
FileHandle contains the handle to a single Windows message file.
type InsufficientBufferError ¶
type InsufficientBufferError struct {
Cause error
RequiredSize int // Size of the buffer that is required.
}
InsufficientBufferError indicates the buffer passed to a system call is too small.
func (InsufficientBufferError) Error ¶
func (e InsufficientBufferError) Error() string
Error returns the cause of the insufficient buffer error.
type KeyValue ¶
KeyValue is a key value pair of strings.
func (*KeyValue) UnmarshalXML ¶
UnmarshalXML unmarshals an arbitrary XML element into a KeyValue. The key becomes the name of the element or value of the Name attribute if it exists. The value is the character data contained within the element.
type MessageFiles ¶
type MessageFiles struct {
SourceName string
Err error
Handles []FileHandle
}
MessageFiles contains handles to event message files associated with an event log source.
type Provider ¶
type Provider struct {
Name string `xml:"Name,attr"`
GUID string `xml:"Guid,attr"`
EventSourceName string `xml:"EventSourceName,attr"`
}
Provider identifies the provider that logged the event. The Name and GUID attributes are included if the provider used an instrumentation manifest to define its events; otherwise, the EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event.
type SIDType ¶
type SIDType uint32
SIDType identifies the type of a security identifier (SID).
type TimeCreated ¶
TimeCreated contains the system time of when the event was logged.
func (*TimeCreated) UnmarshalXML ¶
func (t *TimeCreated) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
UnmarshalXML unmarshals an XML dataTime string.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system.
|
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system. |
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. |