common

package
v0.0.0-...-ec16f60 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Copyright 2018 StreamSets Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copied from https://github.com/streamsets/windataextractor/tree/master/dev/src/lib/win/eventlog

Index

Constants

View Source 
const (
	EvtSubscribeToFutureEvents = EvtSubscribeFlag(iota + 1)
	EvtSubscribeStartAtOldestRecord
	EvtSubscribeStartAfterBookmark
)
View Source 
const (
	EvtRenderEventValues = EvtRenderFlag(iota)
	EvtRenderEventXml
	EvtRenderBookmark
)
View Source 
const (
	EvtSubscribeActionError = EvtSubscribeNotifyAction(iota)
	EvtSubscribeActionDeliver
)
View Source 
const (
	ErrorInvalidHandle = syscall.Errno(6)

	ErrorInsufficientBuffer = syscall.Errno(0x7A)

	ErrorNoMoreItems = syscall.Errno(259) //(0x103)

	ErrorInvalidQuery        = syscall.Errno(15001)
	ErrorEvtQueryResultStale = syscall.Errno(15011)
	ErrorEvtChannelNotFound  = syscall.Errno(15007)
)

https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499- https://docs.microsoft.com/en-us/windows/desktop/wes/windows-event-log-error-constants

View Source 
const (
	EvtFormatMessageEvent = EvtFormatMessageFlag(iota + 1)
	EvtFormatMessageLevel
	EvtFormatMessageTask
	EvtFormatMessageOpcode
	EvtFormatMessageKeyword
	EvtFormatMessageChannel
	EvtFormatMessageProvider
	EvtFormatMessageId
	EvtFormatMessageXml
)
View Source 
const (
	EvtRenderContextValues = EvtRenderContextFlag(iota)
	EvtRenderContextSystem
	EvtRenderContextUser
)
View Source 
const (
	EvtSystemProviderName = EvtSystemPropertyId(iota)
	EvtSystemProviderGuid
	EvtSystemEventID
	EvtSystemQualifiers
	EvtSystemLevel
	EvtSystemTask
	EvtSystemOpcode
	EvtSystemKeywords
	EvtSystemTimeCreated
	EvtSystemEventRecordId
	EvtSystemActivityID
	EvtSystemRelatedActivityID
	EvtSystemProcessID
	EvtSystemThreadID
	EvtSystemChannel
	EvtSystemComputer
	EvtSystemUserID
	EvtSystemVersion
	EvtSystemPropertyIdEND
)
View Source 
const (
	EvtVarTypeNull = EvtVariantType(iota)
	EvtVarTypeString
	EvtVarTypeAnsiString
	EvtVarTypeSByte
	EvtVarTypeByte
	EvtVarTypeInt16
	EvtVarTypeUInt16
	EvtVarTypeInt32
	EvtVarTypeUInt32
	EvtVarTypeInt64
	EvtVarTypeUInt64
	EvtVarTypeSingle
	EvtVarTypeDouble
	EvtVarTypeBoolean
	EvtVarTypeBinary
	EvtVarTypeGuid
	EvtVarTypeSizeT
	EvtVarTypeFileTime
	EvtVarTypeSysTime
	EvtVarTypeSid
	EvtVarTypeHexInt32
	EvtVarTypeHexInt64
	EvtVarTypeEvtHandle = EvtVariantType(32)
	EvtVarTypeEvtXml    = EvtVariantType(35)
)
View Source 
const (
	WaitObject0   = WaitReturnValue(0x00000000)
	WaitAbandoned = WaitReturnValue(0x00000080)
	WaitTimeout   = WaitReturnValue(0x00000102)
	WaitFailed    = WaitReturnValue(0xFFFFFFFF)
)

Variables

View Source 
var (
	SystemPropertyIds = []string{
		"Provider Name",
		"Provider Guid",
		"Event Id",
		"Qualifiers",
		"Level",
		"Task",
		"Opcode",
		"Keywords",
		"TimeCreated",
		"EventRecordId",
		"ActivityId",
		"RelatedActivityId",
		"ProcessId",
		"ThreadId",
		"Channel",
		"Computer",
		"UserId",
		"Version",
	}
)

Functions

func EvtClose 

func EvtClose(handle uintptr)

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtclose

func EvtFormatMessage 

func EvtFormatMessage(
	publisherMetadataHandle PublisherMetadataHandle,
	eventHandle EventHandle,
	flags EvtFormatMessageFlag,
	bufferSize uint32,
	bufferPtr *byte,
	bufferUsed *uint32,
) error

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtformatmessage

func EvtNext 

func EvtNext(resultSet SubscriptionHandle, eventsSize uint32, events []EventHandle, returnedHandles *uint32) error

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtnext

func EvtRender 

func EvtRender(
	context EventRenderContextHandle,
	fragment EventHandle,
	flags EvtRenderFlag,
	bufferSize uint32,
	bufferPtr *byte,
	bufferUsedPtr *uint32,
	PropertyCountPtr *uint32,
) error

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtrender

func EvtUpdateBookmark 

func EvtUpdateBookmark(bookmarkHandle BookmarkHandle, eventHandle EventHandle) error

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtupdatebookmark

Types

type BookmarkHandle 

type BookmarkHandle uintptr

func EvtCreateBookmark 

func EvtCreateBookmark(bookmarkXML string) (BookmarkHandle, error)

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtcreatebookmark

func (BookmarkHandle) Close 

func (bh BookmarkHandle) Close()

type EventHandle 

type EventHandle uintptr

func (EventHandle) Close 

func (e EventHandle) Close()

type EventRenderContextHandle 

type EventRenderContextHandle uintptr

func EvtCreateRenderContext 

func EvtCreateRenderContext(flags EvtRenderContextFlag) (EventRenderContextHandle, error)

func (EventRenderContextHandle) Close 

func (erch EventRenderContextHandle) Close()

type EvtFormatMessageFlag 

type EvtFormatMessageFlag uint32

type EvtRenderContextFlag 

type EvtRenderContextFlag uint32
typedef enum _EVT_RENDER_CONTEXT_FLAGS {
 EvtRenderContextValues   = 0,
 EvtRenderContextSystem   = 1,
 EvtRenderContextUser     = 2
} EVT_RENDER_CONTEXT_FLAGS;

type EvtRenderFlag 

type EvtRenderFlag uint32

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/ne-winevt-_evt_render_flags 

typedef enum _EVT_RENDER_FLAGS {
 EvtRenderEventValues   = 0,
 EvtRenderEventXml      = 1,
 EvtRenderBookmark      = 2
} EVT_RENDER_FLAGS;

type EvtSubscribeCallback 

type EvtSubscribeCallback func(
	Action EvtSubscribeNotifyAction,
	UserContext unsafe.Pointer,
	Event EventHandle,
) syscall.Errno

https://msdn.microsoft.com/en-us/935a787c-fd71-492d-a803-80cb2c9019ea typedef DWORD ( WINAPI *EvtSubscribeCallback)( 

EvtSubscribeNotifyAction Action,
PVOID                       UserContext,
EventHandle                  Event

); PVOID pointer to any

type EvtSubscribeFlag 

type EvtSubscribeFlag uint32

type EvtSubscribeNotifyAction 

type EvtSubscribeNotifyAction uint32

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/ne-winevt-_evt_subscribe_notify_action 

typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION {
 EvtSubscribeActionError     = 0,
 EvtSubscribeActionDeliver   = 1
} EVT_SUBSCRIBE_NOTIFY_ACTION;

type EvtSystemPropertyId 

type EvtSystemPropertyId uint32

type EvtVariant 

type EvtVariant struct {
	// contains filtered or unexported fields
}

func (*EvtVariant) GetData 

func (evtVariant *EvtVariant) GetData() interface{}

type EvtVariantType 

type EvtVariantType uint32
typedef enum _EVT_VARIANT_TYPE {
 EvtVarTypeNull         = 0,
 EvtVarTypeString       = 1,
 EvtVarTypeAnsiString   = 2,
 EvtVarTypeSByte        = 3,
 EvtVarTypeByte         = 4,
 EvtVarTypeInt16        = 5,
 EvtVarTypeUInt16       = 6,
 EvtVarTypeInt32        = 7,
 EvtVarTypeUInt32       = 8,
 EvtVarTypeInt64        = 9,
 EvtVarTypeUInt64       = 10,
 EvtVarTypeSingle       = 11,
 EvtVarTypeDouble       = 12,
 EvtVarTypeBoolean      = 13,
 EvtVarTypeBinary       = 14,
 EvtVarTypeGuid         = 15,
 EvtVarTypeSizeT        = 16,
 EvtVarTypeFileTime     = 17,
 EvtVarTypeSysTime      = 18,
 EvtVarTypeSid          = 19,
 EvtVarTypeHexInt32     = 20,
 EvtVarTypeHexInt64     = 21,
 EvtVarTypeEvtHandle    = 32,
 EvtVarTypeEvtXml       = 35
} EVT_VARIANT_TYPE;

type PublisherMetadataHandle 

type PublisherMetadataHandle uintptr

func EvtOpenPublisherMetadata 

func EvtOpenPublisherMetadata(publisherId string) (PublisherMetadataHandle, error)

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtopenpublishermetadata

func (PublisherMetadataHandle) Close 

func (pmh PublisherMetadataHandle) Close()

type SubscriptionHandle 

type SubscriptionHandle uintptr

func EvtSubscribe 

func EvtSubscribe(
	signalEventHandle syswin.Handle,
	channelPath string,
	query string,
	bookmark BookmarkHandle,
	callback EvtSubscribeCallback,
	flags EvtSubscribeFlag,
) (SubscriptionHandle, error)

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtsubscribe

func (SubscriptionHandle) Close 

func (sh SubscriptionHandle) Close()

type WaitReturnValue 

type WaitReturnValue uint32

https://docs.microsoft.com/en-us/windows/desktop/api/synchapi/nf-synchapi-waitforsingleobject

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.