Documentation
¶
Index ¶
- Constants
- func EvtClose(Object EVT_HANDLE) error
- func EvtRenderXML(Context EVT_HANDLE) ([]byte, error)
- func GetAllEventsFromChannel(channel string, flag int, signal chan bool) (c chan *XMLEvent)
- func GotSignal(signals chan bool) (signal bool, gotsig bool)
- func TestCallback(Action EVT_SUBSCRIBE_NOTIFY_ACTION, UserContext win32.PVOID, Event EVT_HANDLE) uintptr
- type Data
- type EVT_HANDLE
- func EvtNext(ResultSet EVT_HANDLE, Timeout win32.DWORD) ([]EVT_HANDLE, error)
- func EvtPullSubscribe(Session EVT_HANDLE, SignalEvent win32.HANDLE, ChannelPath string, Query string, ...) (EVT_HANDLE, error)
- func EvtSubscribe(Session EVT_HANDLE, SignalEvent win32.HANDLE, ChannelPath string, Query string, ...) (EVT_HANDLE, error)
- type EVT_SUBSCRIBE_CALLBACK
- type EVT_SUBSCRIBE_NOTIFY_ACTION
- type JSONEvent
- type XMLEvent
- type XMLMap
Constants ¶
View Source
const ( // EVT_SUBSCRIBE_NOTIFY_ACTION enum: https://msdn.microsoft.com/en-us/library/windows/desktop/aa385596(v=vs.85).aspx //typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION { EvtSubscribeActionError = 0 EvtSubscribeActionDeliver = 1 // EVT_RENDER_FLAGS enum: https://msdn.microsoft.com/en-us/library/windows/desktop/aa385563(v=vs.85).aspx //typedef enum _EVT_RENDER_FLAGS { EvtRenderEventValues = 0 EvtRenderEventXml = 1 EvtRenderBookmark = 2 // EVT_SUBSCRIBE_FLAGS enum: https://msdn.microsoft.com/en-us/library/windows/desktop/aa385588(v=vs.85).aspx //typedef enum _EVT_SUBSCRIBE_FLAGS { EvtSubscribeToFutureEvents = 1 EvtSubscribeStartAtOldestRecord = 2 EvtSubscribeStartAfterBookmark = 3 EvtSubscribeOriginMask = 0x3 EvtSubscribeTolerateQueryErrors = 0x1000 EvtSubscribeStrict = 0x10000 )
Variables ¶
This section is empty.
Functions ¶
func EvtClose ¶
func EvtClose(Object EVT_HANDLE) error
EvtClose wrapper https://msdn.microsoft.com/en-us/library/windows/desktop/aa385344(v=vs.85).aspx
func EvtRenderXML ¶
func EvtRenderXML(Context EVT_HANDLE) ([]byte, error)
func GetAllEventsFromChannel ¶
GetAllEventsFromChannel returns a Go channel containing XMLEvents retrieved from the given Windows Event Channel given in parameter flag has to be a value from enum EVT_SUBSCRIBE_FLAGS (c.f. headers.go) signal is used to stop the collection process Translated from source: https://msdn.microsoft.com/en-us/library/windows/desktop/aa385771(v=vs.85).aspx
func TestCallback ¶
func TestCallback(Action EVT_SUBSCRIBE_NOTIFY_ACTION, UserContext win32.PVOID, Event EVT_HANDLE) uintptr
Types ¶
type EVT_HANDLE ¶
func EvtNext ¶
func EvtNext(ResultSet EVT_HANDLE, Timeout win32.DWORD) ([]EVT_HANDLE, error)
func EvtPullSubscribe ¶
func EvtPullSubscribe( Session EVT_HANDLE, SignalEvent win32.HANDLE, ChannelPath string, Query string, Bookmark EVT_HANDLE, context win32.PVOID, Flags win32.DWORD) (EVT_HANDLE, error)
func EvtSubscribe ¶
func EvtSubscribe( Session EVT_HANDLE, SignalEvent win32.HANDLE, ChannelPath string, Query string, Bookmark EVT_HANDLE, context win32.PVOID, Callback EVT_SUBSCRIBE_CALLBACK, Flags win32.DWORD) (EVT_HANDLE, error)
type EVT_SUBSCRIBE_CALLBACK ¶
type EVT_SUBSCRIBE_CALLBACK func(Action EVT_SUBSCRIBE_NOTIFY_ACTION, UserContext win32.PVOID, Event EVT_HANDLE) uintptr
type EVT_SUBSCRIBE_NOTIFY_ACTION ¶
type EVT_SUBSCRIBE_NOTIFY_ACTION int
Should be an enum _EVT_SUBSCRIBE_NOTIFY_ACTION
type JSONEvent ¶
type JSONEvent struct {
Event struct {
EventData map[string]string `xml:"EventData"`
UserData map[string]interface{}
System struct {
Provider struct {
Name string `xml:"Name,attr"`
Guid string `xml:"Guid,attr"`
} `xml:"Provider"`
EventID string `xml:"EventID"`
Version string `xml:"Version"`
Level string `xml:"Level"`
Task string `xml:"Task"`
Opcode string `xml:"Opcode"`
Keywords string `xml:"Keywords"`
TimeCreated struct {
SystemTime string `xml:"SystemTime,attr"`
} `xml:"TimeCreated"`
EventRecordID string `xml:"EventRecordID"`
Correlation struct {
} `xml:"Correlation"`
Execution struct {
ProcessID string `xml:"ProcessID,attr"`
ThreadID string `xml:"ThreadID,attr"`
} `xml:"Execution"`
Channel string `xml:"Channel"`
Computer string `xml:"Computer"`
Security struct {
UserID string `xml:"UserID,attr"`
} `xml:"Security"`
} `xml:"System"`
}
}
func NewJSONEvent ¶
func NewJSONEvent() (je JSONEvent)
type XMLEvent ¶
type XMLEvent struct {
// seems to always have the same format
// if not consider using XMLMap
EventData struct {
Data []Data
} `xml:"EventData,omitempty"`
// Using XMLMap type because we don't know what is inside (a priori)
UserData XMLMap
System struct {
Provider struct {
Name string `xml:"Name,attr"`
Guid string `xml:"Guid,attr"`
} `xml:"Provider"`
EventID string `xml:"EventID"`
Version string `xml:"Version"`
Level string `xml:"Level"`
Task string `xml:"Task"`
Opcode string `xml:"Opcode"`
Keywords string `xml:"Keywords"`
TimeCreated struct {
SystemTime string `xml:"SystemTime,attr"`
} `xml:"TimeCreated"`
EventRecordID string `xml:"EventRecordID"`
Correlation struct {
} `xml:"Correlation"`
Execution struct {
ProcessID string `xml:"ProcessID,attr"`
ThreadID string `xml:"ThreadID,attr"`
} `xml:"Execution"`
Channel string `xml:"Channel"`
Computer string `xml:"Computer"`
Security struct {
UserID string `xml:"UserID,attr"`
} `xml:"Security"`
} `xml:"System"`
}
func (*XMLEvent) ToJSONEvent ¶
type XMLMap ¶
type XMLMap map[string]interface{}
func (*XMLMap) UnmarshalXML ¶
UnmarshalXML unmarshals the XML into a map of string to strings, creating a key in the map for each tag and setting it's value to the tags contents.
The fact this function is on the pointer of Map is important, so that if m is nil it can be initialized, which is often the case if m is nested in another xml structurel. This is also why the first thing done on the first line is initialize it.
Source Files
Click to show internal directories.
Click to hide internal directories.