Beispiel #1
0
// Run is used within the beats interface to execute the winlogbeat.
func (eb *Winlogbeat) Run(b *beat.Beat) error {
	persistedState := eb.checkpoint.States()

	// Initialize metrics.
	publishedEvents.Add("total", 0)
	publishedEvents.Add("failures", 0)
	ignoredEvents.Add("total", 0)

	// TODO: If no event_logs are specified in the configuration, use the
	// Windows registry to discover the available event logs.
	eb.eventLogs = make([]log, 0, len(eb.config.Winlogbeat.EventLogs))
	for _, eventLogConfig := range eb.config.Winlogbeat.EventLogs {
		debugf("Initializing EventLog[%s]", eventLogConfig.Name)

		eventLog, err := eventlog.New(eventlog.Config{
			Name:          eventLogConfig.Name,
			API:           eventLogConfig.API,
			EventMetadata: eventLogConfig.EventMetadata,
		})
		if err != nil {
			return fmt.Errorf("Failed to create new event log for %s. %v",
				eventLogConfig.Name, err)
		}

		// Initialize per event log metrics.
		publishedEvents.Add(eventLogConfig.Name, 0)
		ignoredEvents.Add(eventLogConfig.Name, 0)

		eb.eventLogs = append(eb.eventLogs, log{
			EventLogConfig: eventLogConfig,
			eventLog:       eventLog,
		})
	}

	var wg sync.WaitGroup
	for _, log := range eb.eventLogs {
		state, _ := persistedState[log.Name]
		ignoreOlder, _ := config.IgnoreOlderDuration(log.IgnoreOlder)

		// Start a goroutine for each event log.
		wg.Add(1)
		go eb.processEventLog(&wg, log.eventLog, state, ignoreOlder)
	}

	wg.Wait()
	eb.checkpoint.Shutdown()
	return nil
}
Beispiel #2
0
func (eb *Winlogbeat) init(b *beat.Beat) error {
	config := &eb.config.Winlogbeat

	// Create the event logs. This will validate the event log specific
	// configuration.
	eb.eventLogs = make([]eventlog.EventLog, 0, len(config.EventLogs))
	for _, config := range config.EventLogs {
		eventLog, err := eventlog.New(config)
		if err != nil {
			return fmt.Errorf("Failed to create new event log. %v", err)
		}
		debugf("Initialized EventLog[%s]", eventLog.Name())

		eb.eventLogs = append(eb.eventLogs, eventLog)
	}

	return nil
}
Beispiel #3
0
// Setup uses the loaded config and creates necessary markers and environment
// settings to allow the beat to be used.
func (eb *Winlogbeat) Setup(b *beat.Beat) error {
	eb.beat = b
	eb.client = b.Publisher.Connect()
	eb.done = make(chan struct{})

	var err error
	eb.checkpoint, err = checkpoint.NewCheckpoint(
		eb.config.Winlogbeat.RegistryFile, 10, 5*time.Second)
	if err != nil {
		return err
	}

	if eb.config.Winlogbeat.Metrics.BindAddress != "" {
		bindAddress := eb.config.Winlogbeat.Metrics.BindAddress
		sock, err := net.Listen("tcp", bindAddress)
		if err != nil {
			return err
		}
		go func() {
			logp.Info("Metrics hosted at http://%s/debug/vars", bindAddress)
			err := http.Serve(sock, nil)
			if err != nil {
				logp.Warn("Unable to launch HTTP service for metrics. %v", err)
			}
		}()
	}

	// Create the event logs. This will validate the event log specific
	// configuration.
	eb.eventLogs = make([]eventlog.EventLog, 0, len(eb.config.Winlogbeat.EventLogs))
	for _, config := range eb.config.Winlogbeat.EventLogs {
		eventLog, err := eventlog.New(config)
		if err != nil {
			return fmt.Errorf("Failed to create new event log. %v", err)
		}
		debugf("Initialized EventLog[%s]", eventLog.Name())

		eb.eventLogs = append(eb.eventLogs, eventLog)
	}

	return nil
}