 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
      Overview ¶
Package sys provides common data structures and utilties functions that are used by the subpackages for interfacing with the system level APIs to collect event log records from Windows.
Index ¶
- Variables
- func RemoveWindowsLineEndings(s string) string
- func UTF16BytesToString(b []byte) (string, int, error)
- func UTF16ToUTF8Bytes(in []byte, out io.Writer) error
- type ByteBuffer
- type Correlation
- type Event
- type EventData
- type EventIdentifier
- type Execution
- type FileHandle
- type InsufficientBufferError
- type KeyValue
- type MessageFiles
- type Provider
- type SID
- type SIDType
- type TimeCreated
- type UserData
Constants ¶
This section is empty.
Variables ¶
var ErrBufferTooSmall = errors.New("buffer too small")
    Functions ¶
func RemoveWindowsLineEndings ¶
RemoveWindowsLineEndings replaces carriage return line feed (CRLF) with line feed (LF) and trims any newline character that may exist at the end of the string.
func UTF16BytesToString ¶
UTF16BytesToString returns a string that is decoded from the UTF-16 bytes. The byte slice must be of even length otherwise an error will be returned. The integer returned is the offset to the start of the next string with buffer if it exists, otherwise -1 is returned.
Types ¶
type ByteBuffer ¶
type ByteBuffer struct {
	// contains filtered or unexported fields
}
    ByteBuffer is an expandable buffer backed by a byte slice.
func NewByteBuffer ¶
func NewByteBuffer(initialSize int) *ByteBuffer
NewByteBuffer creates a new ByteBuffer with an initial capacity of initialSize.
func (*ByteBuffer) Bytes ¶
func (b *ByteBuffer) Bytes() []byte
Bytes returns a slice of length b.Len() holding the bytes that have been written to the buffer.
func (*ByteBuffer) Len ¶
func (b *ByteBuffer) Len() int
Len returns the number of bytes that have been written to the buffer.
func (*ByteBuffer) Reset ¶
func (b *ByteBuffer) Reset()
Reset resets the buffer to be empty. It retains the same underlying storage.
type Correlation ¶
type Correlation struct {
	ActivityID        string `xml:"ActivityID,attr"`
	RelatedActivityID string `xml:"RelatedActivityID,attr"`
}
    Correlation contains activity identifiers that consumers can use to group related events together.
type Event ¶
type Event struct {
	// System
	Provider        Provider        `xml:"System>Provider"`
	EventIdentifier EventIdentifier `xml:"System>EventID"`
	Version         uint8           `xml:"System>Version"`
	LevelRaw        uint8           `xml:"System>Level"`
	TaskRaw         uint16          `xml:"System>Task"`
	OpcodeRaw       uint8           `xml:"System>Opcode"`
	TimeCreated     TimeCreated     `xml:"System>TimeCreated"`
	RecordID        uint64          `xml:"System>EventRecordID"`
	Correlation     Correlation     `xml:"System>Correlation"`
	Execution       Execution       `xml:"System>Execution"`
	Channel         string          `xml:"System>Channel"`
	Computer        string          `xml:"System>Computer"`
	User            SID             `xml:"System>Security"`
	EventData EventData `xml:"EventData"`
	UserData  UserData  `xml:"UserData"`
	// RenderingInfo
	Message  string   `xml:"RenderingInfo>Message"`
	Level    string   `xml:"RenderingInfo>Level"`
	Task     string   `xml:"RenderingInfo>Task"`
	Opcode   string   `xml:"RenderingInfo>Opcode"`
	Keywords []string `xml:"RenderingInfo>Keywords>Keyword"`
	// ProcessingErrorData
	RenderErrorCode         uint32 `xml:"ProcessingErrorData>ErrorCode"`
	RenderErrorDataItemName string `xml:"ProcessingErrorData>DataItemName"`
	RenderErr               string
}
    Event holds the data from a log record.
func UnmarshalEventXML ¶
UnmarshalEventXML unmarshals the given XML into a new Event.
type EventData ¶
type EventData struct {
	Pairs []KeyValue `xml:",any"`
}
    EventData contains the event data. The EventData section is used if the message provider template does not contain a UserData section.
type EventIdentifier ¶
type EventIdentifier struct {
	Qualifiers uint16 `xml:"Qualifiers,attr"`
	ID         uint32 `xml:",chardata"`
}
    EventIdentifier is the identifer that the provider uses to identify a specific event type.
type Execution ¶
type Execution struct {
	ProcessID uint32 `xml:"ProcessID,attr"`
	ThreadID  uint32 `xml:"ThreadID,attr"`
	// Only available for events logged to an event tracing log file (.etl file).
	ProcessorID   uint32 `xml:"ProcessorID,attr"`
	SessionID     uint32 `xml:"SessionID,attr"`
	KernelTime    uint32 `xml:"KernelTime,attr"`
	UserTime      uint32 `xml:"UserTime,attr"`
	ProcessorTime uint32 `xml:"ProcessorTime,attr"`
}
    Execution contains information about the process and thread that logged the event.
type FileHandle ¶
type FileHandle struct {
	File   string  // Fully-qualified path to the event message file.
	Handle uintptr // Handle to the loaded event message file.
	Err    error   // Error that occurred while loading Handle.
}
    FileHandle contains the handle to a single Windows message file.
type InsufficientBufferError ¶
type InsufficientBufferError struct {
	Cause        error
	RequiredSize int // Size of the buffer that is required.
}
    InsufficientBufferError indicates the buffer passed to a system call is too small.
func (InsufficientBufferError) Error ¶
func (e InsufficientBufferError) Error() string
Error returns the cause of the insufficient buffer error.
type KeyValue ¶
KeyValue is a key value pair of strings.
func (*KeyValue) UnmarshalXML ¶
UnmarshalXML unmarshals an arbitrary XML element into a KeyValue. The key becomes the name of the element or value of the Name attribute if it exists. The value is the character data contained within the element.
type MessageFiles ¶
type MessageFiles struct {
	SourceName string
	Err        error
	Handles    []FileHandle
}
    MessageFiles contains handles to event message files associated with an event log source.
type Provider ¶
type Provider struct {
	Name            string `xml:"Name,attr"`
	GUID            string `xml:"Guid,attr"`
	EventSourceName string `xml:"EventSourceName,attr"`
}
    Provider identifies the provider that logged the event. The Name and GUID attributes are included if the provider used an instrumentation manifest to define its events; otherwise, the EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event.
type SIDType ¶
type SIDType uint32
SIDType identifies the type of a security identifier (SID).
type TimeCreated ¶
TimeCreated contains the system time of when the event was logged.
func (*TimeCreated) UnmarshalXML ¶
func (t *TimeCreated) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
UnmarshalXML unmarshals an XML dataTime string.
       Directories
      ¶
      Directories
      ¶
    
    | Path | Synopsis | 
|---|---|
| Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system. | Package eventlogging provides access to the Event Logging API that was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system. | 
| Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. | Package wineventlog provides access to the Windows Event Log API used in all versions of Windows since Vista (i.e. |