The highest tagged major version is
README
¶
This is a slightly tweaked version of the the Elastic winevent package which can interact with the windows Event subsystem.
The code is licensed under Apache 2.0
See https://github.com/elastic/beats/tree/master/winlogbeat/sys for the base code.
We have cleaned up some go vet issues and reworked some of the XML rendering code to be faster under the nominal case.
Documentation
¶
Rendered for windows/amd64
Index ¶
- Constants
- Variables
- func ChannelAvailable(c string) (bool, error)
- func ProgramDataFilename(name string) (r string, err error)
- func SeekFileToBookmark(hnd, bookmark wineventlog.EvtHandle) (err error)
- func ServiceFilename(name string) (string, error)
- type BookmarkHandler
- type EventStreamHandle
- func (e *EventStreamHandle) Close() (err error)
- func (e *EventStreamHandle) Last() (l uint64)
- func (e *EventStreamHandle) Name() (s string)
- func (e *EventStreamHandle) Read() (ents []RenderedEvent, fullRead bool, warn, err error)
- func (e *EventStreamHandle) Reset() (err error)
- func (e *EventStreamHandle) SetLast(v uint64)
- func (e *EventStreamHandle) SinceLastRead() (d time.Duration)
- type EventStreamParams
- type RenderedEvent
Constants ¶
View Source
const ( //this CANNOT be less than 2 //or you will fall into an infinite loop HAMMERING the kernel MinHandleRequest = 2 )
Variables ¶
View Source
var ( ErrMalformedBookmarkFile = errors.New("malformed bookmark file") ErrNotOpen = errors.New("not open") )
Functions ¶
func ChannelAvailable ¶
func ProgramDataFilename ¶
func SeekFileToBookmark ¶
func SeekFileToBookmark(hnd, bookmark wineventlog.EvtHandle) (err error)
func ServiceFilename ¶
Types ¶
type BookmarkHandler ¶
type BookmarkHandler struct {
// contains filtered or unexported fields
}
func NewBookmark ¶
func NewBookmark(path string) (*BookmarkHandler, error)
func (*BookmarkHandler) Close ¶
func (b *BookmarkHandler) Close() error
func (*BookmarkHandler) Open ¶
func (b *BookmarkHandler) Open() bool
func (*BookmarkHandler) Sync ¶
func (b *BookmarkHandler) Sync() error
type EventStreamHandle ¶
type EventStreamHandle struct {
// contains filtered or unexported fields
}
func NewStream ¶
func NewStream(param EventStreamParams, last uint64) (e *EventStreamHandle, err error)
func (*EventStreamHandle) Close ¶
func (e *EventStreamHandle) Close() (err error)
func (*EventStreamHandle) Last ¶
func (e *EventStreamHandle) Last() (l uint64)
func (*EventStreamHandle) Name ¶
func (e *EventStreamHandle) Name() (s string)
func (*EventStreamHandle) Read ¶
func (e *EventStreamHandle) Read() (ents []RenderedEvent, fullRead bool, warn, err error)
func (*EventStreamHandle) Reset ¶
func (e *EventStreamHandle) Reset() (err error)
func (*EventStreamHandle) SetLast ¶
func (e *EventStreamHandle) SetLast(v uint64)
func (*EventStreamHandle) SinceLastRead ¶
func (e *EventStreamHandle) SinceLastRead() (d time.Duration)
type EventStreamParams ¶
type EventStreamParams struct {
Name string
TagName string
Channel string
Levels string
EventIDs string
Providers []string
ReachBack time.Duration
Preprocessor []string
BuffSize int
ReqSize int
}
func (*EventStreamParams) IsFiltering ¶
func (esp *EventStreamParams) IsFiltering() bool
type RenderedEvent ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.
|
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. |
Click to show internal directories.
Click to hide internal directories.