kolide · RebeccaMahany · Apr 4, 2024 · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024
diff --git a/cmd/launcher/main.go b/cmd/launcher/main.go
@@ -27,27 +27,28 @@ import (
 )
 
 func main() {
-	// create initial logger. As this is prior to options parsing,
-	// use the environment to determine verbosity.  It will be
-	// re-leveled during options parsing.
-	logger := logutil.NewServerLogger(env.Bool("LAUNCHER_DEBUG", false))
+	systemSlogger, logCloser, err := multislogger.SystemSlogger()
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "error creating system logger: %v\n", err)
+		os.Exit(1)
+	}
+	defer logCloser.Close()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 
-	level.Info(logger).Log(
-		"msg", "Launcher starting up",
+	systemSlogger.Log(ctx, slog.LevelInfo,
+		"launcher starting up",
 		"version", version.Version().Version,
 		"revision", version.Version().Revision,
 	)
 
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
+	// create initial logger. As this is prior to options parsing,
+	// use the environment to determine verbosity.  It will be
+	// re-leveled during options parsing.
+	logger := logutil.NewServerLogger(env.Bool("LAUNCHER_DEBUG", false))
 	ctx = ctxlog.NewContext(ctx, logger)
 
-	// set up system slogger to write to os logs
-	systemSlogger := multislogger.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{
-		Level: slog.LevelInfo,
-	}))
-
 	// If this is a development build directory, we want to skip the TUF lookups and just run
 	// the requested build. Don't care about errors here. This is developer experience shim
 	inBuildDir := false

diff --git a/pkg/log/multislogger/multislogger.go b/pkg/log/multislogger/multislogger.go
@@ -3,6 +3,7 @@ package multislogger
 import (
 	"context"
 	"log/slog"
+	"os"
 
 	"github.com/kolide/kit/ulid"
 	slogmulti "github.com/samber/slog-multi"
@@ -88,3 +89,9 @@ func ctxValuesMiddleWare(ctx context.Context, record slog.Record, next func(cont
 
 	return next(ctx, record)
 }
+
+func defaultSystemSlogger() *MultiSlogger {
+	return New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{
+		Level: slog.LevelInfo,
+	}))
+}
diff --git a/pkg/log/multislogger/syslogger_posix.go b/pkg/log/multislogger/syslogger_posix.go
@@ -0,0 +1,12 @@
+//go:build !windows
+// +build !windows
+
+package multislogger
+
+import (
+	"io"
+)
+
+func SystemSlogger() (*MultiSlogger, io.Closer, error) {
+	return defaultSystemSlogger(), io.NopCloser(nil), nil
+}
diff --git a/pkg/log/multislogger/syslogger_windows.go b/pkg/log/multislogger/syslogger_windows.go
@@ -0,0 +1,45 @@
+//go:build windows
+// +build windows
+
+package multislogger
+
+import (
+	"context"
+	"io"
+	"log/slog"
+
+	"github.com/kolide/launcher/pkg/log/eventlog"
+	"golang.org/x/sys/windows"
+)
+
+const serviceName = "launcher"
+
+func SystemSlogger() (*MultiSlogger, io.Closer, error) {
+	if !windows.GetCurrentProcessToken().IsElevated() {
+		syslogger := defaultSystemSlogger()
+
+		syslogger.Log(context.TODO(), slog.LevelDebug,
+			"launcher running on windows without elevated permissions, using default stderr instead of eventlog",
+		)
+
+		return syslogger, io.NopCloser(nil), nil
+	}
+
+	eventLogWriter, err := eventlog.NewWriter(serviceName)
+	if err != nil {
+		syslogger := defaultSystemSlogger()
+
+		syslogger.Log(context.TODO(), slog.LevelError,
+			"could not create eventlog writer, using default stderr instead of eventlog",
+			"err", err,
+		)
+
+		return syslogger, io.NopCloser(nil), nil
+	}
+
+	systemSlogger := New(slog.NewJSONHandler(eventLogWriter, &slog.HandlerOptions{
+		Level: slog.LevelInfo,
+	}))
+
+	return systemSlogger, eventLogWriter, nil
+}