1// The MIT License (MIT)
2
3// Copyright (c) 2015-2020 InfluxData Inc.
4
5// Permission is hereby granted, free of charge, to any person obtaining a copy
6// of this software and associated documentation files (the "Software"), to deal
7// in the Software without restriction, including without limitation the rights
8// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9// copies of the Software, and to permit persons to whom the Software is
10// furnished to do so, subject to the following conditions:
11
12// The above copyright notice and this permission notice shall be included in all
13// copies or substantial portions of the Software.
14
15// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21// SOFTWARE.
22
23//go:build windows
24// +build windows
25
26//revive:disable-next-line:var-naming
27// Package win_eventlog Input plugin to collect Windows Event Log messages
28package win_eventlog
29
30// Event is the event entry representation
31// Only the most common elements are processed, human-readable data is rendered in Message
32// More info on schema, if there will be need to add more:
33// https://docs.microsoft.com/en-us/windows/win32/wes/eventschema-elements
34type Event struct {
35	Source        Provider    `xml:"System>Provider"`
36	EventID       int         `xml:"System>EventID"`
37	Version       int         `xml:"System>Version"`
38	Level         int         `xml:"System>Level"`
39	Task          int         `xml:"System>Task"`
40	Opcode        int         `xml:"System>Opcode"`
41	Keywords      string      `xml:"System>Keywords"`
42	TimeCreated   TimeCreated `xml:"System>TimeCreated"`
43	EventRecordID int         `xml:"System>EventRecordID"`
44	Correlation   Correlation `xml:"System>Correlation"`
45	Execution     Execution   `xml:"System>Execution"`
46	Channel       string      `xml:"System>Channel"`
47	Computer      string      `xml:"System>Computer"`
48	Security      Security    `xml:"System>Security"`
49	UserData      UserData    `xml:"UserData"`
50	EventData     EventData   `xml:"EventData"`
51	Message       string
52	LevelText     string
53	TaskText      string
54	OpcodeText    string
55}
56
57// UserData Application-provided XML data
58type UserData struct {
59	InnerXML []byte `xml:",innerxml"`
60}
61
62// EventData Application-provided XML data
63type EventData struct {
64	InnerXML []byte `xml:",innerxml"`
65}
66
67// Provider is the Event provider information
68type Provider struct {
69	Name string `xml:"Name,attr"`
70}
71
72// Correlation is used for the event grouping
73type Correlation struct {
74	ActivityID        string `xml:"ActivityID,attr"`
75	RelatedActivityID string `xml:"RelatedActivityID,attr"`
76}
77
78// Execution Info for Event
79type Execution struct {
80	ProcessID   uint32 `xml:"ProcessID,attr"`
81	ThreadID    uint32 `xml:"ThreadID,attr"`
82	ProcessName string
83}
84
85// Security Data for Event
86type Security struct {
87	UserID string `xml:"UserID,attr"`
88}
89
90// TimeCreated field for Event
91type TimeCreated struct {
92	SystemTime string `xml:"SystemTime,attr"`
93}
94