// Run is used within the beats interface to execute the winlogbeat.
func (eb *Winlogbeat) Run(b *beat.Beat) error {
persistedState := eb.checkpoint.States()
// Initialize metrics.
publishedEvents.Add("total", 0)
publishedEvents.Add("failures", 0)
ignoredEvents.Add("total", 0)
// TODO: If no event_logs are specified in the configuration, use the
// Windows registry to discover the available event logs.
eb.eventLogs = make([]log, 0, len(eb.config.Winlogbeat.EventLogs))
for _, eventLogConfig := range eb.config.Winlogbeat.EventLogs {
debugf("Initializing EventLog[%s]", eventLogConfig.Name)
eventLog, err := eventlog.New(eventlog.Config{
Name: eventLogConfig.Name,
API: eventLogConfig.API,
EventMetadata: eventLogConfig.EventMetadata,
})
if err != nil {
return fmt.Errorf("Failed to create new event log for %s. %v",
eventLogConfig.Name, err)
}
// Initialize per event log metrics.
publishedEvents.Add(eventLogConfig.Name, 0)
ignoredEvents.Add(eventLogConfig.Name, 0)
eb.eventLogs = append(eb.eventLogs, log{
EventLogConfig: eventLogConfig,
eventLog: eventLog,
})
}
var wg sync.WaitGroup
for _, log := range eb.eventLogs {
state, _ := persistedState[log.Name]
ignoreOlder, _ := config.IgnoreOlderDuration(log.IgnoreOlder)
// Start a goroutine for each event log.
wg.Add(1)
go eb.processEventLog(&wg, log.eventLog, state, ignoreOlder)
}
wg.Wait()
eb.checkpoint.Shutdown()
return nil
}
func (eb *Winlogbeat) init(b *beat.Beat) error {
config := &eb.config.Winlogbeat
// Create the event logs. This will validate the event log specific
// configuration.
eb.eventLogs = make([]eventlog.EventLog, 0, len(config.EventLogs))
for _, config := range config.EventLogs {
eventLog, err := eventlog.New(config)
if err != nil {
return fmt.Errorf("Failed to create new event log. %v", err)
}
debugf("Initialized EventLog[%s]", eventLog.Name())
eb.eventLogs = append(eb.eventLogs, eventLog)
}
return nil
}
// Setup uses the loaded config and creates necessary markers and environment
// settings to allow the beat to be used.
func (eb *Winlogbeat) Setup(b *beat.Beat) error {
eb.beat = b
eb.client = b.Publisher.Connect()
eb.done = make(chan struct{})
var err error
eb.checkpoint, err = checkpoint.NewCheckpoint(
eb.config.Winlogbeat.RegistryFile, 10, 5*time.Second)
if err != nil {
return err
}
if eb.config.Winlogbeat.Metrics.BindAddress != "" {
bindAddress := eb.config.Winlogbeat.Metrics.BindAddress
sock, err := net.Listen("tcp", bindAddress)
if err != nil {
return err
}
go func() {
logp.Info("Metrics hosted at http://%s/debug/vars", bindAddress)
err := http.Serve(sock, nil)
if err != nil {
logp.Warn("Unable to launch HTTP service for metrics. %v", err)
}
}()
}
// Create the event logs. This will validate the event log specific
// configuration.
eb.eventLogs = make([]eventlog.EventLog, 0, len(eb.config.Winlogbeat.EventLogs))
for _, config := range eb.config.Winlogbeat.EventLogs {
eventLog, err := eventlog.New(config)
if err != nil {
return fmt.Errorf("Failed to create new event log. %v", err)
}
debugf("Initialized EventLog[%s]", eventLog.Name())
eb.eventLogs = append(eb.eventLogs, eventLog)
}
return nil
}