The highest tagged major version is v3.

winevent

package module

v3.2.2+incompatible Latest Latest Go to latest Published: Nov 20, 2017 License: BSD-2-Clause Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravwell/winevent

Documentation ¶

Index ¶

Variables
func ChannelAvailable(c string) (bool, error)
func ServiceFilename(name string) (string, error)
type BookmarkHandler
- func NewBookmark(path string) (*BookmarkHandler, error)
type CfgType
- func GetConfig(path string) (*CfgType, error)
type EventStreamConfig
- func (ec *EventStreamConfig) Validate() error
type EventStreamHandle
- func NewStream(param EventStreamParams, last uint64) (*EventStreamHandle, error)
type EventStreamParams

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidName              = errors.New("Event channel name is invalid")
	ErrInvalidReachbackDuration = errors.New("Invalid event reachback duration")
	ErrInvalidLevel             = errors.New("Invalid level")
	ErrInvalidEventIds          = errors.New("Invalid Event IDs, must be of the form 100 or -100 or 100-200")
)

View Source

var (
	ErrMalformedBookmarkFile = errors.New("Malformed bookmark file")
)

Functions ¶

func ChannelAvailable ¶

func ChannelAvailable(c string) (bool, error)

func ServiceFilename ¶

func ServiceFilename(name string) (string, error)

Types ¶

type BookmarkHandler ¶

type BookmarkHandler struct {
	// contains filtered or unexported fields
}

func NewBookmark ¶

func NewBookmark(path string) (*BookmarkHandler, error)

func (*BookmarkHandler) Close ¶

func (b *BookmarkHandler) Close() error

func (*BookmarkHandler) Get ¶

func (b *BookmarkHandler) Get(name string) (uint64, error)

func (*BookmarkHandler) Open ¶

func (b *BookmarkHandler) Open() bool

func (*BookmarkHandler) Sync ¶

func (b *BookmarkHandler) Sync() error

func (*BookmarkHandler) Update ¶

func (b *BookmarkHandler) Update(name string, val uint64) error

type CfgType ¶

type CfgType struct {
	Global struct {
		Ingest_Secret              string
		Connection_Timeout         string
		Verify_Remote_Certificates bool
		Cleartext_Backend_Target   []string
		Encrypted_Backend_Target   []string
		Bookmark_Location          string
		Ignore_Timestamps          bool
		Ingest_Cache_Path          string
		Log_Level                  string
	}
	EventChannel map[string]*EventStreamConfig
}

func GetConfig ¶

func GetConfig(path string) (*CfgType, error)

func (*CfgType) BookmarkPath ¶

func (c *CfgType) BookmarkPath() string

func (*CfgType) EnableCache ¶

func (c *CfgType) EnableCache() bool

func (*CfgType) IgnoreTimestamps ¶

func (c *CfgType) IgnoreTimestamps() bool

func (*CfgType) LocalFileCachePath ¶

func (c *CfgType) LocalFileCachePath() string

func (*CfgType) LogLevel ¶

func (c *CfgType) LogLevel() string

func (*CfgType) Secret ¶

func (c *CfgType) Secret() string

func (*CfgType) Streams ¶

func (c *CfgType) Streams() ([]EventStreamParams, error)

func (*CfgType) Tags ¶

func (c *CfgType) Tags() ([]string, error)

func (*CfgType) Targets ¶

func (c *CfgType) Targets() ([]string, error)

func (*CfgType) Timeout ¶

func (c *CfgType) Timeout() time.Duration

func (*CfgType) VerifyRemote ¶

func (c *CfgType) VerifyRemote() bool

type EventStreamConfig ¶

type EventStreamConfig struct {
	Tag_Name      string   //which tag are we applying to this event channel
	Channel       string   //Names like: System, Application, Security...
	Max_Reachback string   //duration like: 72 hours, or 6 weeks, etc..
	Level         []string //levels include: verbose,information,warning,error,critical
	Provider      []string //list of providers to filter on
	EventID       []string //list of eventID filters: 1000-2000 or -1000
}

func (*EventStreamConfig) Validate ¶

func (ec *EventStreamConfig) Validate() error

type EventStreamHandle ¶

type EventStreamHandle struct {
	// contains filtered or unexported fields
}

func NewStream ¶

func NewStream(param EventStreamParams, last uint64) (*EventStreamHandle, error)

func (*EventStreamHandle) Close ¶

func (e *EventStreamHandle) Close() error

func (*EventStreamHandle) Last ¶

func (e *EventStreamHandle) Last() uint64

func (*EventStreamHandle) Name ¶

func (e *EventStreamHandle) Name() string

func (*EventStreamHandle) Read ¶

func (e *EventStreamHandle) Read() ([]([]byte), error)

func (*EventStreamHandle) SetLast ¶

func (e *EventStreamHandle) SetLast(v uint64)

type EventStreamParams ¶

type EventStreamParams struct {
	Name      string
	TagName   string
	Channel   string
	Levels    string
	EventIDs  string
	Providers []string
	ReachBack time.Duration
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
wineventlog Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.	Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL