eve

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 16, 2025 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateBookmarkFromRecord 

func CreateBookmarkFromRecord(channelName string, recordNumber uint64) (winevelog.Bookmark, error)

CreateBookmarkFromRecord 从记录编号创建书签(保留核心逻辑,优化错误提示)

Types

type EVT_EXPORTLOG_FLAGS 

type EVT_EXPORTLOG_FLAGS uint32

EVT_EXPORTLOG_FLAGS 表示事件日志导出的标志类型 

const (
	// EvtExportLogChannelPath 表示导出通道路径
	EvtExportLogChannelPath EVT_EXPORTLOG_FLAGS = 0x1
	// EvtExportLogFilePath 表示导出文件路径
	EvtExportLogFilePath EVT_EXPORTLOG_FLAGS = 0x2
	// EvtExportLogTolerateQueryErrors 表示容忍查询错误
	EvtExportLogTolerateQueryErrors EVT_EXPORTLOG_FLAGS = 0x1000
	// EvtExportLogOverwrite 表示覆盖已有文件
	EvtExportLogOverwrite EVT_EXPORTLOG_FLAGS = 0x2000
)

type EventLog 

type EventLog interface {
	Open(recordNumber uint64) error // 打开日志,从指定记录后读取
	Read() ([]Record, error)        // 读取事件记录
	Close() error                   // 关闭日志资源
}

EventLog 定义Windows事件日志操作接口(保持原接口设计)

type Msg 

type Msg struct {
	Msg              string `json:"msg"`
	Time             string `json:"time"`
	EventID          uint32 `json:"event_id"`
	ProviderName     string `json:"provider_name"`
	LevelDisplayName string `json:"level_display_name"`
}

func (Msg) Format 

func (s Msg) Format(records []Record, f func(r Record) bool) []Msg

type Record 

type Record struct {
	winevent.Event
	API string // 用于读取记录的事件日志API类型
	XML string // 事件的XML表示形式
}

Record 封装事件日志记录及其元数据(补全字段赋值)

func GetEvents 

func GetEvents(target, eventID string) []Record

getEvents 读取指定事件ID的日志(精简冗余代码)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.