github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/operator/builtin/input/windows/bookmark.go

github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/operator/builtin/input/windows/bookmark.go (about)

     1  // +build windows
     2  
     3  package windows
     4  
     5  import (
     6  	"fmt"
     7  	"syscall"
     8  )
     9  
    10  // Bookmark is a windows event bookmark.
    11  type Bookmark struct {
    12  	handle uintptr
    13  }
    14  
    15  // Open will open the bookmark handle using the supplied xml.
    16  func (b *Bookmark) Open(offsetXML string) error {
    17  	if b.handle != 0 {
    18  		return fmt.Errorf("bookmark handle is already open")
    19  	}
    20  
    21  	utf16, err := syscall.UTF16PtrFromString(offsetXML)
    22  	if err != nil {
    23  		return fmt.Errorf("failed to convert bookmark xml to utf16: %s", err)
    24  	}
    25  
    26  	handle, err := evtCreateBookmark(utf16)
    27  	if err != nil {
    28  		return fmt.Errorf("failed to create bookmark handle from xml: %s", err)
    29  	}
    30  
    31  	b.handle = handle
    32  	return nil
    33  }
    34  
    35  // Update will update the bookmark using the supplied event.
    36  func (b *Bookmark) Update(event Event) error {
    37  	if b.handle == 0 {
    38  		handle, err := evtCreateBookmark(nil)
    39  		if err != nil {
    40  			return fmt.Errorf("syscall to `EvtCreateBookmark` failed: %s", err)
    41  		}
    42  		b.handle = handle
    43  	}
    44  
    45  	if err := evtUpdateBookmark(b.handle, event.handle); err != nil {
    46  		return fmt.Errorf("syscall to `EvtUpdateBookmark` failed: %s", err)
    47  	}
    48  
    49  	return nil
    50  }
    51  
    52  // Render will render the bookmark as xml.
    53  func (b *Bookmark) Render(buffer Buffer) (string, error) {
    54  	if b.handle == 0 {
    55  		return "", fmt.Errorf("bookmark handle is not open")
    56  	}
    57  
    58  	var bufferUsed, propertyCount uint32
    59  	err := evtRender(0, b.handle, EvtRenderBookmark, buffer.Size(), buffer.FirstByte(), &bufferUsed, &propertyCount)
    60  	if err == ErrorInsufficientBuffer {
    61  		buffer.UpdateSize(bufferUsed)
    62  		return b.Render(buffer)
    63  	}
    64  
    65  	if err != nil {
    66  		return "", fmt.Errorf("syscall to 'EvtRender' failed: %s", err)
    67  	}
    68  
    69  	return buffer.ReadString(bufferUsed)
    70  }
    71  
    72  // Close will close the bookmark handle.
    73  func (b *Bookmark) Close() error {
    74  	if b.handle == 0 {
    75  		return nil
    76  	}
    77  
    78  	if err := evtClose(b.handle); err != nil {
    79  		return fmt.Errorf("failed to close bookmark handle: %s", err)
    80  	}
    81  
    82  	b.handle = 0
    83  	return nil
    84  }
    85  
    86  // NewBookmark will create a new bookmark with an empty handle.
    87  func NewBookmark() Bookmark {
    88  	return Bookmark{
    89  		handle: 0,
    90  	}
    91  }