// Run is used within the beats interface to execute the winlogbeat. func (eb *Winlogbeat) Run(b *beat.Beat) error { persistedState := eb.checkpoint.States() // Initialize metrics. publishedEvents.Add("total", 0) publishedEvents.Add("failures", 0) ignoredEvents.Add("total", 0) // TODO: If no event_logs are specified in the configuration, use the // Windows registry to discover the available event logs. eb.eventLogs = make([]log, 0, len(eb.config.Winlogbeat.EventLogs)) for _, eventLogConfig := range eb.config.Winlogbeat.EventLogs { debugf("Initializing EventLog[%s]", eventLogConfig.Name) eventLog, err := eventlog.New(eventlog.Config{ Name: eventLogConfig.Name, API: eventLogConfig.API, EventMetadata: eventLogConfig.EventMetadata, }) if err != nil { return fmt.Errorf("Failed to create new event log for %s. %v", eventLogConfig.Name, err) } // Initialize per event log metrics. publishedEvents.Add(eventLogConfig.Name, 0) ignoredEvents.Add(eventLogConfig.Name, 0) eb.eventLogs = append(eb.eventLogs, log{ EventLogConfig: eventLogConfig, eventLog: eventLog, }) } var wg sync.WaitGroup for _, log := range eb.eventLogs { state, _ := persistedState[log.Name] ignoreOlder, _ := config.IgnoreOlderDuration(log.IgnoreOlder) // Start a goroutine for each event log. wg.Add(1) go eb.processEventLog(&wg, log.eventLog, state, ignoreOlder) } wg.Wait() eb.checkpoint.Shutdown() return nil }
func (eb *Winlogbeat) init(b *beat.Beat) error { config := &eb.config.Winlogbeat // Create the event logs. This will validate the event log specific // configuration. eb.eventLogs = make([]eventlog.EventLog, 0, len(config.EventLogs)) for _, config := range config.EventLogs { eventLog, err := eventlog.New(config) if err != nil { return fmt.Errorf("Failed to create new event log. %v", err) } debugf("Initialized EventLog[%s]", eventLog.Name()) eb.eventLogs = append(eb.eventLogs, eventLog) } return nil }
// Setup uses the loaded config and creates necessary markers and environment // settings to allow the beat to be used. func (eb *Winlogbeat) Setup(b *beat.Beat) error { eb.beat = b eb.client = b.Publisher.Connect() eb.done = make(chan struct{}) var err error eb.checkpoint, err = checkpoint.NewCheckpoint( eb.config.Winlogbeat.RegistryFile, 10, 5*time.Second) if err != nil { return err } if eb.config.Winlogbeat.Metrics.BindAddress != "" { bindAddress := eb.config.Winlogbeat.Metrics.BindAddress sock, err := net.Listen("tcp", bindAddress) if err != nil { return err } go func() { logp.Info("Metrics hosted at http://%s/debug/vars", bindAddress) err := http.Serve(sock, nil) if err != nil { logp.Warn("Unable to launch HTTP service for metrics. %v", err) } }() } // Create the event logs. This will validate the event log specific // configuration. eb.eventLogs = make([]eventlog.EventLog, 0, len(eb.config.Winlogbeat.EventLogs)) for _, config := range eb.config.Winlogbeat.EventLogs { eventLog, err := eventlog.New(config) if err != nil { return fmt.Errorf("Failed to create new event log. %v", err) } debugf("Initialized EventLog[%s]", eventLog.Name()) eb.eventLogs = append(eb.eventLogs, eventLog) } return nil }