Documentation ¶
Overview ¶
Copyright 2018 StreamSets Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Copied from https://github.com/streamsets/windataextractor/tree/master/dev/src/lib/win/eventlog
Index ¶
- Constants
- Variables
- func EvtClose(handle uintptr)
- func EvtFormatMessage(publisherMetadataHandle PublisherMetadataHandle, eventHandle EventHandle, ...) error
- func EvtNext(resultSet SubscriptionHandle, eventsSize uint32, events []EventHandle, ...) error
- func EvtRender(context EventRenderContextHandle, fragment EventHandle, flags EvtRenderFlag, ...) error
- func EvtUpdateBookmark(bookmarkHandle BookmarkHandle, eventHandle EventHandle) error
- type BookmarkHandle
- type EventHandle
- type EventRenderContextHandle
- type EvtFormatMessageFlag
- type EvtRenderContextFlag
- type EvtRenderFlag
- type EvtSubscribeCallback
- type EvtSubscribeFlag
- type EvtSubscribeNotifyAction
- type EvtSystemPropertyId
- type EvtVariant
- type EvtVariantType
- type PublisherMetadataHandle
- type SubscriptionHandle
- type WaitReturnValue
Constants ¶
const ( EvtSubscribeToFutureEvents = EvtSubscribeFlag(iota + 1) EvtSubscribeStartAtOldestRecord EvtSubscribeStartAfterBookmark )
const ( EvtRenderEventValues = EvtRenderFlag(iota) EvtRenderEventXml EvtRenderBookmark )
const ( EvtSubscribeActionError = EvtSubscribeNotifyAction(iota) EvtSubscribeActionDeliver )
const ( ErrorInvalidHandle = syscall.Errno(6) ErrorInsufficientBuffer = syscall.Errno(0x7A) ErrorNoMoreItems = syscall.Errno(259) //(0x103) ErrorInvalidQuery = syscall.Errno(15001) ErrorEvtQueryResultStale = syscall.Errno(15011) ErrorEvtChannelNotFound = syscall.Errno(15007) )
https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499- https://docs.microsoft.com/en-us/windows/desktop/wes/windows-event-log-error-constants
const ( EvtFormatMessageEvent = EvtFormatMessageFlag(iota + 1) EvtFormatMessageLevel EvtFormatMessageTask EvtFormatMessageOpcode EvtFormatMessageKeyword EvtFormatMessageChannel EvtFormatMessageProvider EvtFormatMessageId EvtFormatMessageXml )
const ( EvtRenderContextValues = EvtRenderContextFlag(iota) EvtRenderContextSystem EvtRenderContextUser )
const ( EvtSystemProviderName = EvtSystemPropertyId(iota) EvtSystemProviderGuid EvtSystemEventID EvtSystemQualifiers EvtSystemLevel EvtSystemTask EvtSystemOpcode EvtSystemKeywords EvtSystemTimeCreated EvtSystemEventRecordId EvtSystemActivityID EvtSystemRelatedActivityID EvtSystemProcessID EvtSystemThreadID EvtSystemChannel EvtSystemComputer EvtSystemUserID EvtSystemVersion EvtSystemPropertyIdEND )
const ( EvtVarTypeNull = EvtVariantType(iota) EvtVarTypeString EvtVarTypeAnsiString EvtVarTypeSByte EvtVarTypeByte EvtVarTypeInt16 EvtVarTypeUInt16 EvtVarTypeInt32 EvtVarTypeUInt32 EvtVarTypeInt64 EvtVarTypeUInt64 EvtVarTypeSingle EvtVarTypeDouble EvtVarTypeBoolean EvtVarTypeBinary EvtVarTypeGuid EvtVarTypeSizeT EvtVarTypeFileTime EvtVarTypeSysTime EvtVarTypeSid EvtVarTypeHexInt32 EvtVarTypeHexInt64 EvtVarTypeEvtHandle = EvtVariantType(32) EvtVarTypeEvtXml = EvtVariantType(35) )
const ( WaitObject0 = WaitReturnValue(0x00000000) WaitAbandoned = WaitReturnValue(0x00000080) WaitTimeout = WaitReturnValue(0x00000102) WaitFailed = WaitReturnValue(0xFFFFFFFF) )
Variables ¶
var (
SystemPropertyIds = []string{
"Provider Name",
"Provider Guid",
"Event Id",
"Qualifiers",
"Level",
"Task",
"Opcode",
"Keywords",
"TimeCreated",
"EventRecordId",
"ActivityId",
"RelatedActivityId",
"ProcessId",
"ThreadId",
"Channel",
"Computer",
"UserId",
"Version",
}
)
Functions ¶
func EvtClose ¶
func EvtClose(handle uintptr)
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtclose
func EvtFormatMessage ¶
func EvtFormatMessage( publisherMetadataHandle PublisherMetadataHandle, eventHandle EventHandle, flags EvtFormatMessageFlag, bufferSize uint32, bufferPtr *byte, bufferUsed *uint32, ) error
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtformatmessage
func EvtNext ¶
func EvtNext(resultSet SubscriptionHandle, eventsSize uint32, events []EventHandle, returnedHandles *uint32) error
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtnext
func EvtRender ¶
func EvtRender( context EventRenderContextHandle, fragment EventHandle, flags EvtRenderFlag, bufferSize uint32, bufferPtr *byte, bufferUsedPtr *uint32, PropertyCountPtr *uint32, ) error
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtrender
func EvtUpdateBookmark ¶
func EvtUpdateBookmark(bookmarkHandle BookmarkHandle, eventHandle EventHandle) error
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtupdatebookmark
Types ¶
type BookmarkHandle ¶
type BookmarkHandle uintptr
func EvtCreateBookmark ¶
func EvtCreateBookmark(bookmarkXML string) (BookmarkHandle, error)
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtcreatebookmark
func (BookmarkHandle) Close ¶
func (bh BookmarkHandle) Close()
type EventRenderContextHandle ¶
type EventRenderContextHandle uintptr
func EvtCreateRenderContext ¶
func EvtCreateRenderContext(flags EvtRenderContextFlag) (EventRenderContextHandle, error)
func (EventRenderContextHandle) Close ¶
func (erch EventRenderContextHandle) Close()
type EvtFormatMessageFlag ¶
type EvtFormatMessageFlag uint32
type EvtRenderContextFlag ¶
type EvtRenderContextFlag uint32
typedef enum _EVT_RENDER_CONTEXT_FLAGS { EvtRenderContextValues = 0, EvtRenderContextSystem = 1, EvtRenderContextUser = 2 } EVT_RENDER_CONTEXT_FLAGS;
type EvtRenderFlag ¶
type EvtRenderFlag uint32
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/ne-winevt-_evt_render_flags
typedef enum _EVT_RENDER_FLAGS { EvtRenderEventValues = 0, EvtRenderEventXml = 1, EvtRenderBookmark = 2 } EVT_RENDER_FLAGS;
type EvtSubscribeCallback ¶
type EvtSubscribeCallback func( Action EvtSubscribeNotifyAction, UserContext unsafe.Pointer, Event EventHandle, ) syscall.Errno
https://msdn.microsoft.com/en-us/935a787c-fd71-492d-a803-80cb2c9019ea typedef DWORD ( WINAPI *EvtSubscribeCallback)(
EvtSubscribeNotifyAction Action, PVOID UserContext, EventHandle Event
); PVOID pointer to any
type EvtSubscribeFlag ¶
type EvtSubscribeFlag uint32
type EvtSubscribeNotifyAction ¶
type EvtSubscribeNotifyAction uint32
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/ne-winevt-_evt_subscribe_notify_action
typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION { EvtSubscribeActionError = 0, EvtSubscribeActionDeliver = 1 } EVT_SUBSCRIBE_NOTIFY_ACTION;
type EvtSystemPropertyId ¶
type EvtSystemPropertyId uint32
type EvtVariant ¶
type EvtVariant struct {
// contains filtered or unexported fields
}
func (*EvtVariant) GetData ¶
func (evtVariant *EvtVariant) GetData() interface{}
type EvtVariantType ¶
type EvtVariantType uint32
typedef enum _EVT_VARIANT_TYPE { EvtVarTypeNull = 0, EvtVarTypeString = 1, EvtVarTypeAnsiString = 2, EvtVarTypeSByte = 3, EvtVarTypeByte = 4, EvtVarTypeInt16 = 5, EvtVarTypeUInt16 = 6, EvtVarTypeInt32 = 7, EvtVarTypeUInt32 = 8, EvtVarTypeInt64 = 9, EvtVarTypeUInt64 = 10, EvtVarTypeSingle = 11, EvtVarTypeDouble = 12, EvtVarTypeBoolean = 13, EvtVarTypeBinary = 14, EvtVarTypeGuid = 15, EvtVarTypeSizeT = 16, EvtVarTypeFileTime = 17, EvtVarTypeSysTime = 18, EvtVarTypeSid = 19, EvtVarTypeHexInt32 = 20, EvtVarTypeHexInt64 = 21, EvtVarTypeEvtHandle = 32, EvtVarTypeEvtXml = 35 } EVT_VARIANT_TYPE;
type PublisherMetadataHandle ¶
type PublisherMetadataHandle uintptr
func EvtOpenPublisherMetadata ¶
func EvtOpenPublisherMetadata(publisherId string) (PublisherMetadataHandle, error)
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtopenpublishermetadata
func (PublisherMetadataHandle) Close ¶
func (pmh PublisherMetadataHandle) Close()
type SubscriptionHandle ¶
type SubscriptionHandle uintptr
func EvtSubscribe ¶
func EvtSubscribe( signalEventHandle syswin.Handle, channelPath string, query string, bookmark BookmarkHandle, callback EvtSubscribeCallback, flags EvtSubscribeFlag, ) (SubscriptionHandle, error)
https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nf-winevt-evtsubscribe
func (SubscriptionHandle) Close ¶
func (sh SubscriptionHandle) Close()
type WaitReturnValue ¶
type WaitReturnValue uint32
https://docs.microsoft.com/en-us/windows/desktop/api/synchapi/nf-synchapi-waitforsingleobject