winevt_c 0.1.1-x86-mingw32 → 0.2.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/example/eventlog.rb +11 -2
- data/example/tailing.rb +13 -2
- data/ext/winevt/winevt.c +6 -737
- data/ext/winevt/winevt_bookmark.c +100 -0
- data/ext/winevt/winevt_c.h +65 -0
- data/ext/winevt/winevt_channel.c +103 -0
- data/ext/winevt/winevt_query.c +245 -0
- data/ext/winevt/winevt_subscribe.c +220 -0
- data/ext/winevt/winevt_utils.c +236 -0
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/version.rb +1 -1
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11e02f59f87ac51ad5e3c7e2eb6c4318565e4d1d56d513a22123f9925a8f4bdb
|
|
4
|
+
data.tar.gz: c74e8d7399611c0c65aeea7c334645b32245b6efe6190fb5ecaac87f99796cbb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa17a5b1aa52d5eb547a852c33037a0aca1512c0f6a964e5d451ba01eaf08056cf24aca79d88b100e53388daeb94c22818299f66d76fd2019d120ce98e322393
|
|
7
|
+
data.tar.gz: 524022cb48449f1f902cf38632f1931c073826b2ac128a16f64af1f35dec39c7545a1114107ddcced7088401bd8655cbc2f19cc9524868482a83e07a5b766fcc
|
data/example/eventlog.rb
CHANGED
|
@@ -1,7 +1,16 @@
|
|
|
1
1
|
require 'winevt'
|
|
2
|
+
require 'rexml/document'
|
|
2
3
|
|
|
3
4
|
@query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
|
|
4
5
|
|
|
5
|
-
@query.each do |eventlog|
|
|
6
|
-
|
|
6
|
+
@query.each do |eventlog, message|
|
|
7
|
+
doc = REXML::Document.new(eventlog)
|
|
8
|
+
nodes = []
|
|
9
|
+
REXML::XPath.each(doc, "/Event/EventData/Data") do |node|
|
|
10
|
+
nodes << node.text
|
|
11
|
+
end
|
|
12
|
+
message = message.gsub(/(%\d+)/, '\1$s')
|
|
13
|
+
message = sprintf(message, *nodes)
|
|
14
|
+
|
|
15
|
+
puts ({eventlog: eventlog, data: message})
|
|
7
16
|
end
|
data/example/tailing.rb
CHANGED
|
@@ -1,11 +1,22 @@
|
|
|
1
1
|
require 'winevt'
|
|
2
|
+
require 'rexml/document'
|
|
2
3
|
|
|
3
4
|
@subscribe = Winevt::EventLog::Subscribe.new
|
|
4
5
|
@subscribe.tail = true
|
|
5
|
-
@subscribe.subscribe("
|
|
6
|
+
@subscribe.subscribe("Security", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
|
|
6
7
|
while (1) do
|
|
7
8
|
if @subscribe.next
|
|
8
|
-
|
|
9
|
+
eventlog = @subscribe.render
|
|
10
|
+
message = @subscribe.message
|
|
11
|
+
doc = REXML::Document.new(eventlog)
|
|
12
|
+
nodes = []
|
|
13
|
+
REXML::XPath.each(doc, "/Event/EventData/Data") do |node|
|
|
14
|
+
nodes << node.text
|
|
15
|
+
end
|
|
16
|
+
message = message.gsub(/(%\d+)/, '\1$s')
|
|
17
|
+
message = sprintf(message, *nodes)
|
|
18
|
+
|
|
19
|
+
puts ({eventlog: eventlog, data: message})
|
|
9
20
|
else
|
|
10
21
|
printf(".")
|
|
11
22
|
sleep(1)
|