wineventlog

package

v3.8.30 Latest Latest Go to latest Published: Apr 3, 2024 License: BSD-2-Clause, Apache-2.0, Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravwell/gravwell

Links

Open Source Insights

README ¶

This code started its life as a direct lift of the code at https://github.com/elastic/beats/tree/master/winlogbeat/sys/wineventlog
which is governed by the Apache2.0 license.  We had to lift the code due to the vendoring that the elastic respository enforces.

But now it's so heavily modified it's basically its own beast, but still governed under the Apache2.0 license.

Abandon hope all ye who enter here, the Windows eventlog system is a patchwork of hellfire, brimestone, UTF-16, and XML.

Documentation ¶

Rendered for

Overview ¶

Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. Windows 7+ and Windows Server 2008+). This is distinct from the Event Logging API that was used in Windows XP, Windows Server 2003, and Windows 2000.

Index ¶

func UTF16LEBufferToUTF8Bytes(v []byte) (r []byte, err error)
func UTF16LEBufferToUTF8Writer(v []byte, out io.Writer) (err error)
func UTF16LEToUTF8(v []byte) (s string, err error)
func UTF16LEToUTF8Bytes(v []uint16) (r []byte)
type Query
- func (q Query) Build() (ret string, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func UTF16LEBufferToUTF8Bytes ¶ added in v3.8.17

func UTF16LEBufferToUTF8Bytes(v []byte) (r []byte, err error)

UTF16LEBufferToUTF8Bytes takes UTF-16 in little endian encoding without a BOM and spits it back out as UTF8. Basically take the insanity of Windows native strings and turn it back into nice clean UTF-8, just like the way mom used to make it.

func UTF16LEBufferToUTF8Writer ¶ added in v3.8.17

func UTF16LEBufferToUTF8Writer(v []byte, out io.Writer) (err error)

func UTF16LEToUTF8 ¶ added in v3.8.17

func UTF16LEToUTF8(v []byte) (s string, err error)

UTF16LEToUTF8 wraps UTF16LEToUTF8Bytes to return a string

func UTF16LEToUTF8Bytes ¶ added in v3.8.17

func UTF16LEToUTF8Bytes(v []uint16) (r []byte)

Types ¶

type Query ¶

type Query struct {
	// Name of the channel or the path to the log file that contains the events
	// to query.
	Log string

	IgnoreOlder time.Duration // Ignore records older than this time period.

	// Whitelist and blacklist of event IDs. The value is a comma-separated
	// list. The accepted values are single event IDs to include (e.g. 4634), a
	// range of event IDs to include (e.g. 4400-4500), and single event IDs to
	// exclude (e.g. -4410).
	EventID string

	// Level or levels to include. The value is a comma-separated list of levels
	// to include. The accepted levels are verbose (5), information (4),
	// warning (3), error (2), and critical (1).
	Level string

	// Providers (sources) to include records from.
	Provider []string
}

Query that identifies the source of the events and one or more selectors or suppressors.

func (Query) Build ¶

func (q Query) Build() (ret string, err error)

Build builds a query from the given parameters. The query is returned as a XML string and can be used with Subscribe function.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL