Beispiel #1
0
func (eb *Winlogbeat) Run(b *beat.Beat) error {
	persistedState := eb.checkpoint.States()

	// Initialize metrics.
	publishedEvents.Add("total", 0)
	publishedEvents.Add("failures", 0)
	ignoredEvents.Add("total", 0)

	var wg sync.WaitGroup

	// TODO: If no event_logs are specified in the configuration, use the
	// Windows registry to discover the available event logs.
	for _, eventLogConfig := range eb.config.Winlogbeat.EventLogs {
		debugf("Initializing EventLog[%s]", eventLogConfig.Name)

		eventLogAPI := eventlog.NewEventLoggingAPI(eventLogConfig.Name)
		eb.eventLogs = append(eb.eventLogs, eventLogAPI)
		state, _ := persistedState[eventLogConfig.Name]
		ignoreOlder, _ := config.IgnoreOlderDuration(eventLogConfig.IgnoreOlder)

		// Initialize per event log metrics.
		publishedEvents.Add(eventLogConfig.Name, 0)
		ignoredEvents.Add(eventLogConfig.Name, 0)

		// Start a goroutine for each event log.
		wg.Add(1)
		go eb.processEventLog(&wg, eventLogAPI, state, ignoreOlder)
	}

	wg.Wait()
	eb.checkpoint.Shutdown()
	return nil
}
Beispiel #2
0
// Run is used within the beats interface to execute the winlogbeat.
func (eb *Winlogbeat) Run(b *beat.Beat) error {
	persistedState := eb.checkpoint.States()

	// Initialize metrics.
	publishedEvents.Add("total", 0)
	publishedEvents.Add("failures", 0)
	ignoredEvents.Add("total", 0)

	// TODO: If no event_logs are specified in the configuration, use the
	// Windows registry to discover the available event logs.
	eb.eventLogs = make([]log, 0, len(eb.config.Winlogbeat.EventLogs))
	for _, eventLogConfig := range eb.config.Winlogbeat.EventLogs {
		debugf("Initializing EventLog[%s]", eventLogConfig.Name)

		eventLog, err := eventlog.New(eventlog.Config{
			Name:          eventLogConfig.Name,
			API:           eventLogConfig.API,
			EventMetadata: eventLogConfig.EventMetadata,
		})
		if err != nil {
			return fmt.Errorf("Failed to create new event log for %s. %v",
				eventLogConfig.Name, err)
		}

		// Initialize per event log metrics.
		publishedEvents.Add(eventLogConfig.Name, 0)
		ignoredEvents.Add(eventLogConfig.Name, 0)

		eb.eventLogs = append(eb.eventLogs, log{
			EventLogConfig: eventLogConfig,
			eventLog:       eventLog,
		})
	}

	var wg sync.WaitGroup
	for _, log := range eb.eventLogs {
		state, _ := persistedState[log.Name]
		ignoreOlder, _ := config.IgnoreOlderDuration(log.IgnoreOlder)

		// Start a goroutine for each event log.
		wg.Add(1)
		go eb.processEventLog(&wg, log.eventLog, state, ignoreOlder)
	}

	wg.Wait()
	eb.checkpoint.Shutdown()
	return nil
}