evtbookmark

package
v0.70.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2025 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package evtbookmark provides helpers for working with Windows Event Log Bookmarks

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Bookmark 

type Bookmark interface {
	Handle() evtapi.EventBookmarkHandle
	Update(evtapi.EventRecordHandle) error
	Render() (string, error)
	Close()
}

Bookmark is an interface for handling Windows Event Log Bookmarks https://learn.microsoft.com/en-us/windows/win32/wes/bookmarking-events

func FromLatestEvent added in v0.70.0 

func FromLatestEvent(api evtapi.API, channelPath, query string) (Bookmark, error)

FromLatestEvent creates a bookmark pointing to the most recent event matching the channel/query. This prevents the amnesia bug where events between startup and first pull are lost when starting from "now". Returns an empty bookmark if no events exist. An error is only returned if the underlying API calls fail unexpectedly.

The Windows Event Log API (EvtQuery) automatically handles both single-channel queries and multi-channel XML QueryList queries, so no special handling is needed.

func New 

func New(options ...Option) (Bookmark, error)

New constructs a new Bookmark. Call Close() when done to release resources.

type Option 

type Option func(*bookmark) error

Option type for option pattern for New bookmark constructor

func FromFile 

func FromFile(bookmarkPath string) Option

FromFile loads a rendered bookmark from a file path

func FromXML 

func FromXML(bookmarkXML string) Option

FromXML loads a rendered bookmark

func WithWindowsEventLogAPI 

func WithWindowsEventLogAPI(api evtapi.API) Option

WithWindowsEventLogAPI sets the API implementation used by the bookmark

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.