evtbookmark

package
v0.73.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Rendered for windows/amd64

Overview

Package evtbookmark provides helpers for working with Windows Event Log Bookmarks

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoMatchingEvents indicates no events matching the query were found
	ErrNoMatchingEvents = errors.New("no matching events found")
)

Functions

This section is empty.

Types

type Bookmark 

type Bookmark interface {
	Handle() evtapi.EventBookmarkHandle
	Update(evtapi.EventRecordHandle) error
	Render() (string, error)
	Close()
}

Bookmark is an interface for handling Windows Event Log Bookmarks https://learn.microsoft.com/en-us/windows/win32/wes/bookmarking-events

func FromLatestEvent added in v0.70.0 

func FromLatestEvent(api evtapi.API, channelPath, query string) (Bookmark, error)

FromLatestEvent creates a bookmark pointing to the most recent event matching the channel/query. This prevents the amnesia bug where events between startup and first pull are lost when starting from "now". Returns ErrNoMatchingEvents if no events matching the query exist in the log.

The Windows Event Log API (EvtQuery) automatically handles both single-channel queries and multi-channel XML QueryList queries, so no special handling is needed.

func New 

func New(options ...Option) (Bookmark, error)

New constructs a new Bookmark. Call Close() when done to release resources.

type Config added in v0.73.0 

type Config struct {
	API               evtapi.API
	Saver             Saver
	BookmarkFrequency int // 0 = save every event, >0 = save every N events
}

Config contains configuration for creating a BookmarkManager.

type Manager added in v0.73.0 

type Manager interface {
	// UpdateAndSave updates the bookmark with an event and saves according to
	// the configured frequency. Use this for normal event processing.
	UpdateAndSave(eventHandle evtapi.EventRecordHandle) error

	// Save immediately saves the current bookmark, ignoring frequency.
	// Use this for periodic checkpoints and before shutdown.
	Save() error

	// Close cleans up resources including closing the bookmark handle.
	Close()
}

Manager handles bookmark persistence with frequency-based saving.

Usage pattern:

  1. Create manager with NewManager()
  2. Call UpdateAndSave() as events are processed (respects frequency)
  3. Call Save() periodically or on shutdown (always saves)
  4. Call Close() to clean up resources

func NewManager added in v0.73.0 

func NewManager(config Config) Manager

NewManager creates a new BookmarkManager with the given configuration.

type Option 

type Option func(*bookmark) error

Option type for option pattern for New bookmark constructor

func FromFile 

func FromFile(bookmarkPath string) Option

FromFile loads a rendered bookmark from a file path

func FromXML 

func FromXML(bookmarkXML string) Option

FromXML loads a rendered bookmark

func WithWindowsEventLogAPI 

func WithWindowsEventLogAPI(api evtapi.API) Option

WithWindowsEventLogAPI sets the API implementation used by the bookmark

type Saver added in v0.73.0 

type Saver interface {
	Save(bookmarkXML string) error
	Load() (string, error)
}

Saver interface abstracts bookmark persistence mechanisms. Different implementations can save to persistent cache, auditor registry, etc.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.