github.com/etecs-ru/go-sys-wineventlog@v0.0.0-20210227233244-4c3abb794018/windows/svc/eventlog/install.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // +build windows 6 7 package eventlog 8 9 import ( 10 "fmt" 11 12 "golang.org/x/sys/windows" 13 "golang.org/x/sys/windows/registry" 14 ) 15 16 const ( 17 // Log levels. 18 Success = windows.EVENTLOG_SUCCESS 19 Info = windows.EVENTLOG_INFORMATION_TYPE 20 Warning = windows.EVENTLOG_WARNING_TYPE 21 Error = windows.EVENTLOG_ERROR_TYPE 22 AuditSuccess = windows.EVENTLOG_AUDIT_SUCCESS 23 AuditFailure = windows.EVENTLOG_AUDIT_FAILURE 24 ) 25 26 // Application event log provider. 27 const Application = "Application" 28 29 const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog` 30 31 // Install modifies PC registry to allow logging with an event source src. 32 // It adds all required keys and values to the event log registry key. 33 // Install uses msgFile as the event message file. If useExpandKey is true, 34 // the event message file is installed as REG_EXPAND_SZ value, 35 // otherwise as REG_SZ. Use bitwise of log.Error, log.Warning and 36 // log.Info to specify events supported by the new event source. 37 func Install(provider, src, msgFile string, useExpandKey bool, eventsSupported uint32) (bool, error) { 38 eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.CREATE_SUB_KEY) 39 if err != nil { 40 return false, err 41 } 42 defer eventLogKey.Close() 43 44 pk, _, err := registry.CreateKey(eventLogKey, provider, registry.SET_VALUE) 45 if err != nil { 46 return false, err 47 } 48 defer pk.Close() 49 50 sk, alreadyExist, err := registry.CreateKey(pk, src, registry.SET_VALUE) 51 if err != nil { 52 return false, err 53 } 54 defer sk.Close() 55 if alreadyExist { 56 return true, nil 57 } 58 59 err = sk.SetDWordValue("CustomSource", 1) 60 if err != nil { 61 return false, err 62 } 63 if useExpandKey { 64 err = sk.SetExpandStringValue("EventMessageFile", msgFile) 65 } else { 66 err = sk.SetStringValue("EventMessageFile", msgFile) 67 } 68 if err != nil { 69 return false, err 70 } 71 err = sk.SetDWordValue("TypesSupported", eventsSupported) 72 if err != nil { 73 return false, err 74 } 75 return false, nil 76 } 77 78 // InstallAsEventCreate is the same as Install, but uses 79 // %SystemRoot%\System32\EventCreate.exe as the event message file. 80 func InstallAsEventCreate(provider, src string, eventsSupported uint32) (bool, error) { 81 alreadyExists, err := Install(provider, src, "%SystemRoot%\\System32\\EventCreate.exe", true, eventsSupported) 82 return alreadyExists, err 83 } 84 85 // Remove deletes all registry elements installed for an event logging source. 86 func RemoveSource(provider, src string) error { 87 providerKeyName := fmt.Sprintf("%s\\%s", eventLogKeyName, provider) 88 pk, err := registry.OpenKey(registry.LOCAL_MACHINE, providerKeyName, registry.SET_VALUE) 89 if err != nil { 90 return err 91 } 92 defer pk.Close() 93 return registry.DeleteKey(pk, src) 94 } 95 96 // Remove deletes all registry elements installed for an event logging provider. 97 // Only use this method if you have installed a custom provider. 98 func RemoveProvider(provider string) error { 99 // Protect against removing Application. 100 if provider == Application { 101 return fmt.Errorf("%s cannot be removed. Only custom providers can be removed", provider) 102 } 103 104 eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE) 105 if err != nil { 106 return err 107 } 108 defer eventLogKey.Close() 109 return registry.DeleteKey(eventLogKey, provider) 110 }