README
¶
This is a slightly tweaked version of the the Elastic winevent package which can interact with the windows Event subsystem.
The code is licensed under Apache 2.0
See https://github.com/elastic/beats/tree/master/winlogbeat/sys for the base code.
We have cleaned up some go vet issues and reworked some of the XML rendering code to be faster under the nominal case.
Documentation
¶
Rendered for windows/amd64
Index ¶
- Variables
- func ChannelAvailable(c string) (bool, error)
- func ProgramDataFilename(name string) (r string, err error)
- func SeekFileToBookmark(hnd, bookmark wineventlog.EvtHandle) (err error)
- func ServiceFilename(name string) (string, error)
- type BookmarkHandler
- type CfgType
- func (c *CfgType) BookmarkPath() string
- func (c *CfgType) CacheSize() int
- func (c *CfgType) EnableCache() bool
- func (c *CfgType) IgnoreTimestamps() bool
- func (c *CfgType) LocalFileCachePath() string
- func (c *CfgType) LogLevel() string
- func (c *CfgType) Secret() string
- func (c *CfgType) Streams() ([]EventStreamParams, error)
- func (c *CfgType) Tags() ([]string, error)
- func (c *CfgType) Targets() ([]string, error)
- func (c *CfgType) Timeout() time.Duration
- func (c *CfgType) VerifyRemote() bool
- type EventStreamConfig
- type EventStreamHandle
- func (e *EventStreamHandle) Close() (err error)
- func (e *EventStreamHandle) Last() (l uint64)
- func (e *EventStreamHandle) Name() (s string)
- func (e *EventStreamHandle) Read() (ents []RenderedEvent, fullRead bool, warn, err error)
- func (e *EventStreamHandle) Reset() (err error)
- func (e *EventStreamHandle) SetLast(v uint64)
- func (e *EventStreamHandle) SinceLastRead() (d time.Duration)
- type EventStreamParams
- type RenderedEvent
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrMalformedBookmarkFile = errors.New("malformed bookmark file") ErrNotOpen = errors.New("not open") )
View Source
var ( ErrInvalidName = errors.New("Event channel name is invalid") ErrInvalidReachbackDuration = errors.New("Invalid event reachback duration") ErrInvalidLevel = errors.New("Invalid level") ErrInvalidEventIds = errors.New("Invalid Event IDs, must be of the form 100 or -100 or 100-200") )
Functions ¶
func ChannelAvailable ¶
func ProgramDataFilename ¶
func SeekFileToBookmark ¶ added in v3.8.14
func SeekFileToBookmark(hnd, bookmark wineventlog.EvtHandle) (err error)
func ServiceFilename ¶
Types ¶
type BookmarkHandler ¶
type BookmarkHandler struct {
// contains filtered or unexported fields
}
func NewBookmark ¶
func NewBookmark(path string) (*BookmarkHandler, error)
func (*BookmarkHandler) Close ¶
func (b *BookmarkHandler) Close() error
func (*BookmarkHandler) Open ¶
func (b *BookmarkHandler) Open() bool
func (*BookmarkHandler) Sync ¶
func (b *BookmarkHandler) Sync() error
type CfgType ¶
type CfgType struct {
Global struct {
config.IngestConfig
Bookmark_Location string
Ignore_Timestamps bool
}
EventChannel map[string]*EventStreamConfig
Preprocessor processors.ProcessorConfig
}
func (*CfgType) BookmarkPath ¶
func (*CfgType) EnableCache ¶
func (*CfgType) IgnoreTimestamps ¶
func (*CfgType) LocalFileCachePath ¶
func (*CfgType) Streams ¶
func (c *CfgType) Streams() ([]EventStreamParams, error)
func (*CfgType) VerifyRemote ¶
type EventStreamConfig ¶
type EventStreamConfig struct {
Tag_Name string //which tag are we applying to this event channel
Channel string //Names like: System, Application, Security...
Max_Reachback string //duration like: 72 hours, or 6 weeks, etc..
Level []string //levels include: verbose,information,warning,error,critical
Provider []string //list of providers to filter on
EventID []string //list of eventID filters: 1000-2000 or -1000
Request_Size int //number of entries to request per cycle
Request_Buffer int //number request buffer
Preprocessor []string
}
func (*EventStreamConfig) Validate ¶
func (ec *EventStreamConfig) Validate() error
type EventStreamHandle ¶
type EventStreamHandle struct {
// contains filtered or unexported fields
}
func NewStream ¶
func NewStream(param EventStreamParams, last uint64) (e *EventStreamHandle, err error)
func (*EventStreamHandle) Close ¶
func (e *EventStreamHandle) Close() (err error)
func (*EventStreamHandle) Last ¶
func (e *EventStreamHandle) Last() (l uint64)
func (*EventStreamHandle) Name ¶
func (e *EventStreamHandle) Name() (s string)
func (*EventStreamHandle) Read ¶
func (e *EventStreamHandle) Read() (ents []RenderedEvent, fullRead bool, warn, err error)
func (*EventStreamHandle) Reset ¶
func (e *EventStreamHandle) Reset() (err error)
func (*EventStreamHandle) SetLast ¶
func (e *EventStreamHandle) SetLast(v uint64)
func (*EventStreamHandle) SinceLastRead ¶
func (e *EventStreamHandle) SinceLastRead() (d time.Duration)
type EventStreamParams ¶
type EventStreamParams struct {
Name string
TagName string
Channel string
Levels string
EventIDs string
Providers []string
ReachBack time.Duration
Preprocessor []string
BuffSize int
ReqSize int
}
func (*EventStreamParams) IsFiltering ¶
func (esp *EventStreamParams) IsFiltering() bool
type RenderedEvent ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. |
Click to show internal directories.
Click to hide internal directories.