Skip to content

Go library for subscribing to Windows Event Log

License

Notifications You must be signed in to change notification settings

huntresslabs/gowinlog

 
 

Repository files navigation

gowinlog

Go Build CodeQL

Go library for subscribing to the Windows Event Log.

Godocs

PkgGoDev

Installation

just go get the thing

Features

  • Includes wrapper for wevtapi.dll, and a high level API
  • Supports bookmarks for resuming consumption
  • Filter events using XPath expressions

Usage

package main

import (
	"fmt"
	"time"

	winlog "github.com/ofcoursedude/gowinlog"
)

func main() {
	fmt.Println("Starting...")
	watcher, err := winlog.NewWinLogWatcher()
	if err != nil {
		fmt.Printf("Couldn't create watcher: %v\n", err)
		return
	}
	// Recieve any future messages on the Application channel
	// "*" doesn't filter by any fields of the event
	watcher.SubscribeFromNow("Application", "*")
	for {
		select {
		case evt := <-watcher.Event():
			// Print the event struct
			// fmt.Printf("\nEvent: %v\n", evt)
			// or print basic output
			fmt.Printf("\n%s: %s: %s\n", evt.LevelText, evt.ProviderName, evt.Msg)
		case err := <-watcher.Error():
			fmt.Printf("\nError: %v\n\n", err)
		default:
			// If no event is waiting, need to wait or do something else, otherwise
			// the the app fails on deadlock.
			<-time.After(1 * time.Millisecond)
		}
	}
}

Low-level API

winevt.go provides wrappers around the relevant functions in wevtapi.dll.

About

Go library for subscribing to Windows Event Log

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%