github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/clients/pkg/promtail/targets/windows/win_eventlog/event.go (about) 1 // The MIT License (MIT) 2 3 // Copyright (c) 2015-2020 InfluxData Inc. 4 5 // Permission is hereby granted, free of charge, to any person obtaining a copy 6 // of this software and associated documentation files (the "Software"), to deal 7 // in the Software without restriction, including without limitation the rights 8 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 // copies of the Software, and to permit persons to whom the Software is 10 // furnished to do so, subject to the following conditions: 11 12 // The above copyright notice and this permission notice shall be included in all 13 // copies or substantial portions of the Software. 14 15 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 // SOFTWARE. 22 23 //go:build windows 24 // +build windows 25 26 //revive:disable-next-line:var-naming 27 // Package win_eventlog Input plugin to collect Windows Event Log messages 28 package win_eventlog 29 30 // Event is the event entry representation 31 // Only the most common elements are processed, human-readable data is rendered in Message 32 // More info on schema, if there will be need to add more: 33 // https://docs.microsoft.com/en-us/windows/win32/wes/eventschema-elements 34 type Event struct { 35 Source Provider `xml:"System>Provider"` 36 EventID int `xml:"System>EventID"` 37 Version int `xml:"System>Version"` 38 Level int `xml:"System>Level"` 39 Task int `xml:"System>Task"` 40 Opcode int `xml:"System>Opcode"` 41 Keywords string `xml:"System>Keywords"` 42 TimeCreated TimeCreated `xml:"System>TimeCreated"` 43 EventRecordID int `xml:"System>EventRecordID"` 44 Correlation Correlation `xml:"System>Correlation"` 45 Execution Execution `xml:"System>Execution"` 46 Channel string `xml:"System>Channel"` 47 Computer string `xml:"System>Computer"` 48 Security Security `xml:"System>Security"` 49 UserData UserData `xml:"UserData"` 50 EventData EventData `xml:"EventData"` 51 Message string 52 LevelText string 53 TaskText string 54 OpcodeText string 55 } 56 57 // UserData Application-provided XML data 58 type UserData struct { 59 InnerXML []byte `xml:",innerxml"` 60 } 61 62 // EventData Application-provided XML data 63 type EventData struct { 64 InnerXML []byte `xml:",innerxml"` 65 } 66 67 // Provider is the Event provider information 68 type Provider struct { 69 Name string `xml:"Name,attr"` 70 } 71 72 // Correlation is used for the event grouping 73 type Correlation struct { 74 ActivityID string `xml:"ActivityID,attr"` 75 RelatedActivityID string `xml:"RelatedActivityID,attr"` 76 } 77 78 // Execution Info for Event 79 type Execution struct { 80 ProcessID uint32 `xml:"ProcessID,attr"` 81 ThreadID uint32 `xml:"ThreadID,attr"` 82 ProcessName string 83 } 84 85 // Security Data for Event 86 type Security struct { 87 UserID string `xml:"UserID,attr"` 88 } 89 90 // TimeCreated field for Event 91 type TimeCreated struct { 92 SystemTime string `xml:"SystemTime,attr"` 93 }