func (l *winEventLog) Open(recordNumber uint64) error {
bookmark, err := sys.CreateBookmark(l.channelName, recordNumber)
if err != nil {
return err
}
defer sys.Close(bookmark)
// Using a pull subscription to receive events. See:
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa385771(v=vs.85).aspx#pull
signalEvent, err := windows.CreateEvent(nil, 0, 0, nil)
if err != nil {
return nil
}
subscriptionHandle, err := sys.Subscribe(
0, // null session (used for connecting to remote event logs)
signalEvent,
l.channelName,
"", // Query - nil means all events
bookmark, // Bookmark - for resuming from a specific event
sys.EvtSubscribeStartAfterBookmark)
if err != nil {
return err
}
l.subscription = subscriptionHandle
return nil
}
func (l *winEventLog) Open(recordNumber uint64) error {
bookmark, err := win.CreateBookmark(l.channelName, recordNumber)
if err != nil {
return err
}
defer win.Close(bookmark)
// Using a pull subscription to receive events. See:
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa385771(v=vs.85).aspx#pull
signalEvent, err := windows.CreateEvent(nil, 0, 0, nil)
if err != nil {
return nil
}
debugf("%s using subscription query=%s", l.logPrefix, l.query)
subscriptionHandle, err := win.Subscribe(
0, // Session - nil for localhost
signalEvent,
"", // Channel - empty b/c channel is in the query
l.query, // Query - nil means all events
bookmark, // Bookmark - for resuming from a specific event
win.EvtSubscribeStartAfterBookmark)
if err != nil {
return err
}
l.subscription = subscriptionHandle
return nil
}