github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/operator/builtin/input/windows/event.go (about)

     1  // +build windows
     2  
     3  package windows
     4  
     5  import (
     6  	"fmt"
     7  )
     8  
     9  // Event is an event stored in windows event log.
    10  type Event struct {
    11  	handle uintptr
    12  }
    13  
    14  // RenderSimple will render the event as EventXML without formatted info.
    15  func (e *Event) RenderSimple(buffer Buffer) (EventXML, error) {
    16  	if e.handle == 0 {
    17  		return EventXML{}, fmt.Errorf("event handle does not exist")
    18  	}
    19  
    20  	var bufferUsed, propertyCount uint32
    21  	err := evtRender(0, e.handle, EvtRenderEventXML, buffer.Size(), buffer.FirstByte(), &bufferUsed, &propertyCount)
    22  	if err == ErrorInsufficientBuffer {
    23  		buffer.UpdateSize(bufferUsed)
    24  		return e.RenderSimple(buffer)
    25  	}
    26  
    27  	if err != nil {
    28  		return EventXML{}, fmt.Errorf("syscall to 'EvtRender' failed: %s", err)
    29  	}
    30  
    31  	bytes, err := buffer.ReadBytes(bufferUsed)
    32  	if err != nil {
    33  		return EventXML{}, fmt.Errorf("failed to read bytes from buffer: %s", err)
    34  	}
    35  
    36  	return unmarshalEventXML(bytes)
    37  }
    38  
    39  // RenderFormatted will render the event as EventXML with formatted info.
    40  func (e *Event) RenderFormatted(buffer Buffer, publisher Publisher) (EventXML, error) {
    41  	if e.handle == 0 {
    42  		return EventXML{}, fmt.Errorf("event handle does not exist")
    43  	}
    44  
    45  	var bufferUsed uint32
    46  	err := evtFormatMessage(publisher.handle, e.handle, 0, 0, 0, EvtFormatMessageXML, buffer.Size(), buffer.FirstByte(), &bufferUsed)
    47  	if err == ErrorInsufficientBuffer {
    48  		buffer.UpdateSize(bufferUsed)
    49  		return e.RenderFormatted(buffer, publisher)
    50  	}
    51  
    52  	if err != nil {
    53  		return EventXML{}, fmt.Errorf("syscall to 'EvtFormatMessage' failed: %s", err)
    54  	}
    55  
    56  	bytes, err := buffer.ReadBytes(bufferUsed)
    57  	if err != nil {
    58  		return EventXML{}, fmt.Errorf("failed to read bytes from buffer: %s", err)
    59  	}
    60  
    61  	return unmarshalEventXML(bytes)
    62  }
    63  
    64  // Close will close the event handle.
    65  func (e *Event) Close() error {
    66  	if e.handle == 0 {
    67  		return nil
    68  	}
    69  
    70  	if err := evtClose(e.handle); err != nil {
    71  		return fmt.Errorf("failed to close event handle: %s", err)
    72  	}
    73  
    74  	e.handle = 0
    75  	return nil
    76  }
    77  
    78  // NewEvent will create a new event from an event handle.
    79  func NewEvent(handle uintptr) Event {
    80  	return Event{
    81  		handle: handle,
    82  	}
    83  }