sys

package
v5.1.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package sys provides common data structures and utilties functions that are used by the subpackages for interfacing with the system level APIs to collect event log records from Windows.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RemoveWindowsLineEndings 

func RemoveWindowsLineEndings(s string) string

RemoveWindowsLineEndings replaces carriage return line feed (CRLF) with line feed (LF) and trims any newline character that may exist at the end of the string.

func UTF16BytesToString 

func UTF16BytesToString(b []byte) (string, int, error)

UTF16BytesToString returns the Unicode code point sequence represented by the UTF-16 buffer b.

Types

type Correlation 

type Correlation struct {
	ActivityID        string `xml:"ActivityID,attr"`
	RelatedActivityID string `xml:"RelatedActivityID,attr"`
}

Correlation contains activity identifiers that consumers can use to group related events together.

type Event 

type Event struct {
	// System
	Provider        Provider        `xml:"System>Provider"`
	EventIdentifier EventIdentifier `xml:"System>EventID"`
	Version         uint8           `xml:"System>Version"`
	LevelRaw        uint8           `xml:"System>Level"`
	TaskRaw         uint16          `xml:"System>Task"`
	OpcodeRaw       uint8           `xml:"System>Opcode"`
	TimeCreated     TimeCreated     `xml:"System>TimeCreated"`
	RecordID        uint64          `xml:"System>EventRecordID"`
	Correlation     Correlation     `xml:"System>Correlation"`
	Execution       Execution       `xml:"System>Execution"`
	Channel         string          `xml:"System>Channel"`
	Computer        string          `xml:"System>Computer"`
	User            SID             `xml:"System>Security"`

	EventData EventData `xml:"EventData"`
	UserData  UserData  `xml:"UserData"`

	// RenderingInfo
	Message  string   `xml:"RenderingInfo>Message"`
	Level    string   `xml:"RenderingInfo>Level"`
	Task     string   `xml:"RenderingInfo>Task"`
	Opcode   string   `xml:"RenderingInfo>Opcode"`
	Keywords []string `xml:"RenderingInfo>Keywords>Keyword"`

	// ProcessingErrorData
	RenderErrorCode         uint32 `xml:"ProcessingErrorData>ErrorCode"`
	RenderErrorDataItemName string `xml:"ProcessingErrorData>DataItemName"`
	RenderErr               string
}

Event holds the data from a log record.

func UnmarshalEventXML 

func UnmarshalEventXML(rawXML []byte) (Event, error)

UnmarshalEventXML unmarshals the given XML into a new Event.

type EventData 

type EventData struct {
	Pairs []KeyValue `xml:",any"`
}

EventData contains the event data. The EventData section is used if the message provider template does not contain a UserData section.

type EventIdentifier 

type EventIdentifier struct {
	Qualifiers uint16 `xml:"Qualifiers,attr"`
	ID         uint32 `xml:",chardata"`
}

EventIdentifier is the identifer that the provider uses to identify a specific event type.

type Execution 

type Execution struct {
	ProcessID uint32 `xml:"ProcessID,attr"`
	ThreadID  uint32 `xml:"ThreadID,attr"`

	// Only available for events logged to an event tracing log file (.etl file).
	ProcessorID   uint32 `xml:"ProcessorID,attr"`
	SessionID     uint32 `xml:"SessionID,attr"`
	KernelTime    uint32 `xml:"KernelTime,attr"`
	UserTime      uint32 `xml:"UserTime,attr"`
	ProcessorTime uint32 `xml:"ProcessorTime,attr"`
}

Execution contains information about the process and thread that logged the event.

type FileHandle 

type FileHandle struct {
	File   string  // Fully-qualified path to the event message file.
	Handle uintptr // Handle to the loaded event message file.
	Err    error   // Error that occurred while loading Handle.
}

FileHandle contains the handle to a single Windows message file.

type InsufficientBufferError 

type InsufficientBufferError struct {
	Cause        error
	RequiredSize int // Size of the buffer that is required.
}

InsufficientBufferError indicates the buffer passed to a system call is too small.

func (InsufficientBufferError) Error 

func (e InsufficientBufferError) Error() string

Error returns the cause of the insufficient buffer error.

type KeyValue 

type KeyValue struct {
	Key   string
	Value string
}

KeyValue is a key value pair of strings.

func (*KeyValue) UnmarshalXML 

func (kv *KeyValue) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an arbitrary XML element into a KeyValue. The key becomes the name of the element or value of the Name attribute if it exists. The value is the character data contained within the element.

type MessageFiles 

type MessageFiles struct {
	SourceName string
	Err        error
	Handles    []FileHandle
}

MessageFiles contains handles to event message files associated with an event log source.

type Provider 

type Provider struct {
	Name            string `xml:"Name,attr"`
	GUID            string `xml:"Guid,attr"`
	EventSourceName string `xml:"EventSourceName,attr"`
}

Provider identifies the provider that logged the event. The Name and GUID attributes are included if the provider used an instrumentation manifest to define its events; otherwise, the EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event.

type SID 

type SID struct {
	Identifier string `xml:"UserID,attr"`
	Name       string
	Domain     string
	Type       SIDType
}

SID represents the Windows Security Identifier for an account.

func (SID) String 

func (a SID) String() string

String returns string representation of SID.

type SIDType 

type SIDType uint32

SIDType identifies the type of a security identifier (SID). 

const (
	// Do not reorder.
	SidTypeUser SIDType = 1 + iota
	SidTypeGroup
	SidTypeDomain
	SidTypeAlias
	SidTypeWellKnownGroup
	SidTypeDeletedAccount
	SidTypeInvalid
	SidTypeUnknown
	SidTypeComputer
	SidTypeLabel
)

SIDType values.

func (SIDType) String 

func (st SIDType) String() string

String returns string representation of SIDType.

type TimeCreated 

type TimeCreated struct {
	SystemTime time.Time
}

TimeCreated contains the system time of when the event was logged.

func (*TimeCreated) UnmarshalXML 

func (t *TimeCreated) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals an XML dataTime string.

type UserData 

type UserData struct {
	Name  xml.Name
	Pairs []KeyValue
}

UserData contains the event data.

func (*UserData) UnmarshalXML 

func (u *UserData) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

UnmarshalXML unmarshals UserData XML.

Source Files

  • doc.go
  • errors.go
  • event.go
  • msgfile.go
  • sid.go
  • strings.go

Directories

Path Synopsis
Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system.
 Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system.
Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.
 Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.