README
¶
gowinlog
Go library for subscribing to the Windows Event Log.
Godocs
godoc is not proper, look at the example
Installation
just go get the thing
Features
- Includes wrapper for wevtapi.dll, and a high level API
- Supports bookmarks for resuming consumption
- Filter events using XPath expressions
Usage
package main
import (
"fmt"
"github.com/alanctgardner/gowinlog"
)
func main() {
watcher, err := winlog.NewWinLogWatcher()
if err != nil {
fmt.Printf("Couldn't create watcher: %v\n", err)
return
}
// Recieve any future messages on the Application channel
// "*" doesn't filter by any fields of the event
watcher.SubscribeFromNow("Application", "*")
for {
select {
case evt := <- watcher.Event():
// Print the event struct
fmt.Printf("Event: %v\n", evt)
case err := <- watcher.Error():
fmt.Printf("Error: %v\n\n", err)
}
}
}
Low-level API
winevt.go provides wrappers around the relevant functions in wevtapi.dll.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( EvtVarTypeNull = iota EvtVarTypeString EvtVarTypeAnsiString EvtVarTypeSByte EvtVarTypeByte EvtVarTypeInt16 EvtVarTypeUInt16 EvtVarTypeInt32 EvtVarTypeUInt32 EvtVarTypeInt64 EvtVarTypeUInt64 EvtVarTypeSingle EvtVarTypeDouble EvtVarTypeBoolean EvtVarTypeBinary EvtVarTypeGuid EvtVarTypeSizeT EvtVarTypeFileTime EvtVarTypeSysTime EvtVarTypeSid EvtVarTypeHexInt32 EvtVarTypeHexInt64 EvtVarTypeEvtHandle EvtVarTypeEvtXml )
Variables ¶
This section is empty.
Functions ¶
func UTF16ToString ¶
Types ¶
type BookmarkHandle ¶
type BookmarkHandle uint64
type EventHandle ¶
type EventHandle uint64
type EvtVariant ¶
type EvtVariant []byte
func NewEvtVariant ¶
func NewEvtVariant(buffer []byte) EvtVariant
Given a byte array from EvtRender, make an EvtVariant.
EvtVariant wraps an array of variables.
func (EvtVariant) FileTime ¶
func (e EvtVariant) FileTime(index uint32) (time.Time, error)
Return the FileTime at `index`, converted to Time.time. If the
variable isn't a FileTime an error is returned
func (EvtVariant) Int ¶
func (e EvtVariant) Int(index uint32) (int64, error)
Return the integer value at `index`. If the variable
isn't a SByte, Int16, Int32 or Int64 an error is returned.
func (EvtVariant) IsNull ¶
func (e EvtVariant) IsNull(index uint32) bool
Return whether the variable was actually set, or whether it
has null type
type ListenerHandle ¶
type ListenerHandle uint64
type LogEventCallback ¶
type LogEventCallback interface {
PublishError(error)
PublishEvent(EventHandle, string)
}
type LogEventCallbackWrapper ¶
type LogEventCallbackWrapper struct {
// contains filtered or unexported fields
}
type PublisherHandle ¶
type PublisherHandle uint64
type SysRenderContext ¶
type SysRenderContext uint64
type WinLogEvent ¶
type WinLogEvent struct {
//XML
Xml string
XmlErr error
// From EvtRender
ProviderName string
EventId uint64
Qualifiers uint64
Level uint64
Task uint64
Opcode uint64
Created time.Time
RecordId uint64
ProcessId uint64
ThreadId uint64
Channel string
ComputerName string
Version uint64
RenderedFieldsErr error
// From EvtFormatMessage
Msg string
LevelText string
TaskText string
OpcodeText string
Keywords string
ChannelText string
ProviderText string
IdText string
PublisherHandleErr error
// Serialied XML bookmark to
// restart at this event
Bookmark string
// Subscribed channel from which the event was retrieved,
// which may be different than the event's channel
SubscribedChannel string
}
Stores the common fields from a log event
type WinLogWatcher ¶
type WinLogWatcher struct {
// Optionally render localized fields. EvtFormatMessage() is slow, so
// skipping these fields provides a big speedup.
RenderKeywords bool
RenderMessage bool
RenderLevel bool
RenderTask bool
RenderProvider bool
RenderOpcode bool
RenderChannel bool
RenderId bool
// contains filtered or unexported fields
}
Watches one or more event log channels and publishes events and errors to Go channels
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.