github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/operator/builtin/input/windows/publisher.go

github.com/observiq/carbon@v0.9.11-0.20200820160507-1b872e368a5e/operator/builtin/input/windows/publisher.go (about)

     1  // +build windows
     2  
     3  package windows
     4  
     5  import (
     6  	"fmt"
     7  	"syscall"
     8  )
     9  
    10  // Publisher is a windows event metadata publisher.
    11  type Publisher struct {
    12  	handle uintptr
    13  }
    14  
    15  // Open will open the publisher handle using the supplied provider.
    16  func (p *Publisher) Open(provider string) error {
    17  	if p.handle != 0 {
    18  		return fmt.Errorf("publisher handle is already open")
    19  	}
    20  
    21  	utf16, err := syscall.UTF16PtrFromString(provider)
    22  	if err != nil {
    23  		return fmt.Errorf("failed to convert provider to utf16: %s", err)
    24  	}
    25  
    26  	handle, err := evtOpenPublisherMetadata(0, utf16, nil, 0, 0)
    27  	if err != nil {
    28  		return fmt.Errorf("failed to open publisher handle: %s", err)
    29  	}
    30  
    31  	p.handle = handle
    32  	return nil
    33  }
    34  
    35  // Close will close the publisher handle.
    36  func (p *Publisher) Close() error {
    37  	if p.handle == 0 {
    38  		return nil
    39  	}
    40  
    41  	if err := evtClose(p.handle); err != nil {
    42  		return fmt.Errorf("failed to close publisher: %s", err)
    43  	}
    44  
    45  	p.handle = 0
    46  	return nil
    47  }
    48  
    49  // NewPublisher will create a new publisher with an empty handle.
    50  func NewPublisher() Publisher {
    51  	return Publisher{
    52  		handle: 0,
    53  	}
    54  }