winevt_c 0.1.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/example/eventlog.rb +11 -2
  3. data/example/tailing.rb +13 -2
  4. data/ext/winevt/winevt.c +6 -737
  5. data/ext/winevt/winevt_bookmark.c +100 -0
  6. data/ext/winevt/winevt_c.h +65 -0
  7. data/ext/winevt/winevt_channel.c +103 -0
  8. data/ext/winevt/winevt_query.c +245 -0
  9. data/ext/winevt/winevt_subscribe.c +220 -0
  10. data/ext/winevt/winevt_utils.c +236 -0
  11. data/lib/winevt/version.rb +3 -3
  12. metadata +8 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d2e44e576e569f125c6961bdf8f55e68c31deea1700fe19c5b6885060eabfd3e
4
- data.tar.gz: 794d697c6ab3b8747e7bd0e8b37a001c1889a8e4a87021cb50d5828ee53c7add
3
+ metadata.gz: 065eff4f692c925eba38647837fa8ebdb201fe9efcca9920f43c419b92d13742
4
+ data.tar.gz: 0a17a6aba45eb9e13c97cb1670518864c3bc4a7bd8b58c4abea8225ce76dee20
5
5
  SHA512:
6
- metadata.gz: 699187c2446d3f60b5853abb2174299127a4c96ba60fc0fee273023eec922111640d8ba3b54d2b3ca38a21e7f0daad92f56a533e8ab20279b58e004b32f2ca09
7
- data.tar.gz: a3b330defbc50aad97adb11f7f7ecce1123ff3e06e1415dc0019f0b4fec4135ab19e01895937356ca544dc631a192959abdd777f6318ffa24c4df3af718fbcb5
6
+ metadata.gz: ab903dcbb5f8b9af4aa750dabebb77aed9f1ba0cc6aad46e61dbd9fb10f5343082e1ea6fc53443858337b77d8b20774764335c0f23eb9bd9446aac0d78b9efe1
7
+ data.tar.gz: 0a03974794ad7811a6e0187efb1f43615f48072a681e985c08a8596218c1cb17566d2e844d0fc11b5cb293c86a32cdc4190ea66d22b5dc986f6377c7bdaccc1a
data/example/eventlog.rb CHANGED
@@ -1,7 +1,16 @@
1
1
  require 'winevt'
2
+ require 'rexml/document'
2
3
 
3
4
  @query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
4
5
 
5
- @query.each do |eventlog|
6
- puts eventlog
6
+ @query.each do |eventlog, message|
7
+ doc = REXML::Document.new(eventlog)
8
+ nodes = []
9
+ REXML::XPath.each(doc, "/Event/EventData/Data") do |node|
10
+ nodes << node.text
11
+ end
12
+ message = message.gsub(/(%\d+)/, '\1$s')
13
+ message = sprintf(message, *nodes)
14
+
15
+ puts ({eventlog: eventlog, data: message})
7
16
  end
data/example/tailing.rb CHANGED
@@ -1,11 +1,22 @@
1
1
  require 'winevt'
2
+ require 'rexml/document'
2
3
 
3
4
  @subscribe = Winevt::EventLog::Subscribe.new
4
5
  @subscribe.tail = true
5
- @subscribe.subscribe("Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
6
+ @subscribe.subscribe("Security", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
6
7
  while (1) do
7
8
  if @subscribe.next
8
- puts @subscribe.render
9
+ eventlog = @subscribe.render
10
+ message = @subscribe.message
11
+ doc = REXML::Document.new(eventlog)
12
+ nodes = []
13
+ REXML::XPath.each(doc, "/Event/EventData/Data") do |node|
14
+ nodes << node.text
15
+ end
16
+ message = message.gsub(/(%\d+)/, '\1$s')
17
+ message = sprintf(message, *nodes)
18
+
19
+ puts ({eventlog: eventlog, data: message})
9
20
  else
10
21
  printf(".")
11
22
  sleep(1)