winevt_c 0.7.2 → 0.7.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +1 -1
- data/example/eventlog.rb +2 -0
- data/example/rate_limit.rb +1 -1
- data/example/tailing.rb +3 -1
- data/ext/winevt/winevt_c.h +6 -1
- data/ext/winevt/winevt_query.c +46 -1
- data/ext/winevt/winevt_subscribe.c +48 -1
- data/ext/winevt/winevt_utils.cpp +17 -5
- data/lib/winevt/version.rb +1 -1
- data/winevt_c.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a95471f55e9dee6e48a8836c27e360dc8f8abc8d8687106805702502586acb2
|
|
4
|
+
data.tar.gz: c64666d6e09ce6e5fb4eb04f2cd951eeae8d656b9e20efc70375503ca253c453
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ea964c952d8dc9f2d05639309a7a04be8564e13f563b6fce60c6f6fbd70b35d91d28d9f1436e1e1baf88db5cf7d77e66f115d70ad6ea76c99afc5f6cf99044c3
|
|
7
|
+
data.tar.gz: c39eeeaa3cfdb4c90a526a5a2a2a7ebc5e217624b89f526b697ab65a07b02118f40b6e1fcd9ef533022d5312d43dee279b9bdca20aba93f5788fddf3fe7cfe8d
|
data/Rakefile
CHANGED
|
@@ -28,7 +28,7 @@ task 'gem:native' do
|
|
|
28
28
|
# See RUBY_CC_VERSION in https://github.com/rake-compiler/rake-compiler-dock/blob/master/Dockerfile.mri
|
|
29
29
|
RakeCompilerDock.sh <<-EOS
|
|
30
30
|
gem install bundler yard --no-doc && bundle
|
|
31
|
-
rake cross native gem RUBY_CC_VERSION=2.4.0:2.5.0:2.6.0
|
|
31
|
+
rake cross native gem RUBY_CC_VERSION=2.4.0:2.5.0:2.6.0:2.7.0
|
|
32
32
|
EOS
|
|
33
33
|
end
|
|
34
34
|
|
data/example/eventlog.rb
CHANGED
|
@@ -2,6 +2,8 @@ require 'winevt'
|
|
|
2
2
|
|
|
3
3
|
@query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
|
|
4
4
|
|
|
5
|
+
@query.render_as_xml = true
|
|
6
|
+
@query.preserve_qualifiers = true
|
|
5
7
|
@query.each do |eventlog, message, string_inserts|
|
|
6
8
|
puts ({eventlog: eventlog, data: message})
|
|
7
9
|
end
|
data/example/rate_limit.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'winevt'
|
|
2
2
|
|
|
3
3
|
@subscribe = Winevt::EventLog::Subscribe.new
|
|
4
|
-
@subscribe.
|
|
4
|
+
@subscribe.read_existing_events = true
|
|
5
5
|
@subscribe.rate_limit = 80
|
|
6
6
|
@subscribe.subscribe(
|
|
7
7
|
"Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
|
data/example/tailing.rb
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
require 'winevt'
|
|
2
2
|
|
|
3
3
|
@subscribe = Winevt::EventLog::Subscribe.new
|
|
4
|
-
@subscribe.
|
|
4
|
+
@subscribe.read_existing_events = true
|
|
5
|
+
@subscribe.preserve_qualifiers = true
|
|
6
|
+
@subscribe.render_as_xml = true
|
|
5
7
|
@subscribe.subscribe(
|
|
6
8
|
"Security", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
|
|
7
9
|
)
|
data/ext/winevt/winevt_c.h
CHANGED
|
@@ -27,11 +27,14 @@ extern "C" {
|
|
|
27
27
|
#endif /* __cplusplus */
|
|
28
28
|
|
|
29
29
|
VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
|
|
30
|
+
#if defined(__cplusplus)
|
|
31
|
+
[[ noreturn ]]
|
|
32
|
+
#endif /* __cplusplus */
|
|
30
33
|
void raise_system_error(VALUE error, DWORD errorCode);
|
|
31
34
|
VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
|
|
32
35
|
WCHAR* get_description(EVT_HANDLE handle);
|
|
33
36
|
VALUE get_values(EVT_HANDLE handle);
|
|
34
|
-
VALUE render_system_event(EVT_HANDLE handle);
|
|
37
|
+
VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
|
|
35
38
|
|
|
36
39
|
#ifdef __cplusplus
|
|
37
40
|
}
|
|
@@ -66,6 +69,7 @@ struct WinevtQuery
|
|
|
66
69
|
LONG offset;
|
|
67
70
|
LONG timeout;
|
|
68
71
|
BOOL renderAsXML;
|
|
72
|
+
BOOL preserveQualifiers;
|
|
69
73
|
};
|
|
70
74
|
|
|
71
75
|
#define SUBSCRIBE_ARRAY_SIZE 10
|
|
@@ -84,6 +88,7 @@ struct WinevtSubscribe
|
|
|
84
88
|
time_t lastTime;
|
|
85
89
|
DWORD currentRate;
|
|
86
90
|
BOOL renderAsXML;
|
|
91
|
+
BOOL preserveQualifiers;
|
|
87
92
|
};
|
|
88
93
|
|
|
89
94
|
void Init_winevt_query(VALUE rb_cEventLog);
|
data/ext/winevt/winevt_query.c
CHANGED
|
@@ -94,6 +94,7 @@ rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
|
|
|
94
94
|
winevtQuery->offset = 0L;
|
|
95
95
|
winevtQuery->timeout = 0L;
|
|
96
96
|
winevtQuery->renderAsXML = TRUE;
|
|
97
|
+
winevtQuery->preserveQualifiers = FALSE;
|
|
97
98
|
|
|
98
99
|
ALLOCV_END(wchannelBuf);
|
|
99
100
|
ALLOCV_END(wpathBuf);
|
|
@@ -212,7 +213,7 @@ rb_winevt_query_render(VALUE self, EVT_HANDLE event)
|
|
|
212
213
|
if (winevtQuery->renderAsXML) {
|
|
213
214
|
return render_to_rb_str(event, EvtRenderEventXml);
|
|
214
215
|
} else {
|
|
215
|
-
return render_system_event(event);
|
|
216
|
+
return render_system_event(event, winevtQuery->preserveQualifiers);
|
|
216
217
|
}
|
|
217
218
|
}
|
|
218
219
|
|
|
@@ -394,6 +395,42 @@ rb_winevt_query_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
|
|
|
394
395
|
return Qnil;
|
|
395
396
|
}
|
|
396
397
|
|
|
398
|
+
/*
|
|
399
|
+
* This method specifies whether preserving qualifiers key or not.
|
|
400
|
+
*
|
|
401
|
+
* @since 0.7.3
|
|
402
|
+
* @param rb_render_as_xml [Boolean]
|
|
403
|
+
*/
|
|
404
|
+
static VALUE
|
|
405
|
+
rb_winevt_query_set_preserve_qualifiers(VALUE self, VALUE rb_preserve_qualifiers)
|
|
406
|
+
{
|
|
407
|
+
struct WinevtQuery* winevtQuery;
|
|
408
|
+
|
|
409
|
+
TypedData_Get_Struct(
|
|
410
|
+
self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
411
|
+
|
|
412
|
+
winevtQuery->preserveQualifiers = RTEST(rb_preserve_qualifiers);
|
|
413
|
+
|
|
414
|
+
return Qnil;
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
/*
|
|
418
|
+
* This method returns whether preserving qualifiers or not.
|
|
419
|
+
*
|
|
420
|
+
* @since 0.7.3
|
|
421
|
+
* @return [Integer]
|
|
422
|
+
*/
|
|
423
|
+
static VALUE
|
|
424
|
+
rb_winevt_query_get_preserve_qualifiers_p(VALUE self)
|
|
425
|
+
{
|
|
426
|
+
struct WinevtQuery* winevtQuery;
|
|
427
|
+
|
|
428
|
+
TypedData_Get_Struct(
|
|
429
|
+
self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
430
|
+
|
|
431
|
+
return winevtQuery->preserveQualifiers ? Qtrue : Qfalse;
|
|
432
|
+
}
|
|
433
|
+
|
|
397
434
|
void
|
|
398
435
|
Init_winevt_query(VALUE rb_cEventLog)
|
|
399
436
|
{
|
|
@@ -451,4 +488,12 @@ Init_winevt_query(VALUE rb_cEventLog)
|
|
|
451
488
|
rb_define_method(rb_cQuery, "each", rb_winevt_query_each, 0);
|
|
452
489
|
rb_define_method(rb_cQuery, "render_as_xml?", rb_winevt_query_render_as_xml_p, 0);
|
|
453
490
|
rb_define_method(rb_cQuery, "render_as_xml=", rb_winevt_query_set_render_as_xml, 1);
|
|
491
|
+
/*
|
|
492
|
+
* @since 0.7.3
|
|
493
|
+
*/
|
|
494
|
+
rb_define_method(rb_cQuery, "preserve_qualifiers?", rb_winevt_query_get_preserve_qualifiers_p, 0);
|
|
495
|
+
/*
|
|
496
|
+
* @since 0.7.3
|
|
497
|
+
*/
|
|
498
|
+
rb_define_method(rb_cQuery, "preserve_qualifiers=", rb_winevt_query_set_preserve_qualifiers, 1);
|
|
454
499
|
}
|
|
@@ -89,6 +89,7 @@ rb_winevt_subscribe_initialize(VALUE self)
|
|
|
89
89
|
winevtSubscribe->currentRate = 0;
|
|
90
90
|
winevtSubscribe->renderAsXML = TRUE;
|
|
91
91
|
winevtSubscribe->readExistingEvents = TRUE;
|
|
92
|
+
winevtSubscribe->preserveQualifiers = FALSE;
|
|
92
93
|
|
|
93
94
|
return Qnil;
|
|
94
95
|
}
|
|
@@ -339,7 +340,7 @@ rb_winevt_subscribe_render(VALUE self, EVT_HANDLE event)
|
|
|
339
340
|
if (winevtSubscribe->renderAsXML) {
|
|
340
341
|
return render_to_rb_str(event, EvtRenderEventXml);
|
|
341
342
|
} else {
|
|
342
|
-
return render_system_event(event);
|
|
343
|
+
return render_system_event(event, winevtSubscribe->preserveQualifiers);
|
|
343
344
|
}
|
|
344
345
|
}
|
|
345
346
|
|
|
@@ -517,6 +518,42 @@ rb_winevt_subscribe_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
|
|
|
517
518
|
return Qnil;
|
|
518
519
|
}
|
|
519
520
|
|
|
521
|
+
/*
|
|
522
|
+
* This method specifies whether preserving qualifiers key or not.
|
|
523
|
+
*
|
|
524
|
+
* @since 0.7.3
|
|
525
|
+
* @param rb_render_as_xml [Boolean]
|
|
526
|
+
*/
|
|
527
|
+
static VALUE
|
|
528
|
+
rb_winevt_subscribe_set_preserve_qualifiers(VALUE self, VALUE rb_preserve_qualifiers)
|
|
529
|
+
{
|
|
530
|
+
struct WinevtSubscribe* winevtSubscribe;
|
|
531
|
+
|
|
532
|
+
TypedData_Get_Struct(
|
|
533
|
+
self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
534
|
+
|
|
535
|
+
winevtSubscribe->preserveQualifiers = RTEST(rb_preserve_qualifiers);
|
|
536
|
+
|
|
537
|
+
return Qnil;
|
|
538
|
+
}
|
|
539
|
+
|
|
540
|
+
/*
|
|
541
|
+
* This method returns whether preserving qualifiers or not.
|
|
542
|
+
*
|
|
543
|
+
* @since 0.7.3
|
|
544
|
+
* @return [Integer]
|
|
545
|
+
*/
|
|
546
|
+
static VALUE
|
|
547
|
+
rb_winevt_subscribe_get_preserve_qualifiers_p(VALUE self)
|
|
548
|
+
{
|
|
549
|
+
struct WinevtSubscribe* winevtSubscribe;
|
|
550
|
+
|
|
551
|
+
TypedData_Get_Struct(
|
|
552
|
+
self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
553
|
+
|
|
554
|
+
return winevtSubscribe->preserveQualifiers ? Qtrue : Qfalse;
|
|
555
|
+
}
|
|
556
|
+
|
|
520
557
|
void
|
|
521
558
|
Init_winevt_subscribe(VALUE rb_cEventLog)
|
|
522
559
|
{
|
|
@@ -549,4 +586,14 @@ Init_winevt_subscribe(VALUE rb_cEventLog)
|
|
|
549
586
|
rb_cSubscribe, "render_as_xml?", rb_winevt_subscribe_render_as_xml_p, 0);
|
|
550
587
|
rb_define_method(
|
|
551
588
|
rb_cSubscribe, "render_as_xml=", rb_winevt_subscribe_set_render_as_xml, 1);
|
|
589
|
+
/*
|
|
590
|
+
* @since 0.7.3
|
|
591
|
+
*/
|
|
592
|
+
rb_define_method(
|
|
593
|
+
rb_cSubscribe, "preserve_qualifiers?", rb_winevt_subscribe_get_preserve_qualifiers_p, 0);
|
|
594
|
+
/*
|
|
595
|
+
* @since 0.7.3
|
|
596
|
+
*/
|
|
597
|
+
rb_define_method(
|
|
598
|
+
rb_cSubscribe, "preserve_qualifiers=", rb_winevt_subscribe_set_preserve_qualifiers, 1);
|
|
552
599
|
}
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -497,7 +497,7 @@ cleanup:
|
|
|
497
497
|
}
|
|
498
498
|
|
|
499
499
|
VALUE
|
|
500
|
-
render_system_event(EVT_HANDLE hEvent)
|
|
500
|
+
render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
|
|
501
501
|
{
|
|
502
502
|
DWORD status = ERROR_SUCCESS;
|
|
503
503
|
EVT_HANDLE hContext = NULL;
|
|
@@ -572,11 +572,23 @@ render_system_event(EVT_HANDLE hEvent)
|
|
|
572
572
|
}
|
|
573
573
|
|
|
574
574
|
EventID = pRenderedValues[EvtSystemEventID].UInt16Val;
|
|
575
|
-
if (
|
|
576
|
-
|
|
577
|
-
|
|
575
|
+
if (preserve_qualifiers) {
|
|
576
|
+
if (EvtVarTypeNull != pRenderedValues[EvtSystemQualifiers].Type) {
|
|
577
|
+
rb_hash_aset(hash, rb_str_new2("Qualifiers"),
|
|
578
|
+
INT2NUM(pRenderedValues[EvtSystemQualifiers].UInt16Val));
|
|
579
|
+
} else {
|
|
580
|
+
rb_hash_aset(hash, rb_str_new2("Qualifiers"), rb_str_new2(""));
|
|
581
|
+
}
|
|
582
|
+
|
|
583
|
+
rb_hash_aset(hash, rb_str_new2("EventID"), INT2NUM(EventID));
|
|
584
|
+
} else {
|
|
585
|
+
if (EvtVarTypeNull != pRenderedValues[EvtSystemQualifiers].Type) {
|
|
586
|
+
EventID = MAKELONG(pRenderedValues[EvtSystemEventID].UInt16Val,
|
|
587
|
+
pRenderedValues[EvtSystemQualifiers].UInt16Val);
|
|
588
|
+
}
|
|
589
|
+
|
|
590
|
+
rb_hash_aset(hash, rb_str_new2("EventID"), ULONG2NUM(EventID));
|
|
578
591
|
}
|
|
579
|
-
rb_hash_aset(hash, rb_str_new2("EventID"), LONG2NUM(EventID));
|
|
580
592
|
|
|
581
593
|
rb_hash_aset(hash,
|
|
582
594
|
rb_str_new2("Version"),
|
data/lib/winevt/version.rb
CHANGED
data/winevt_c.gemspec
CHANGED
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.add_development_dependency "bundler", [">= 1.16", "< 3"]
|
|
29
29
|
spec.add_development_dependency "rake", "~> 12.0"
|
|
30
30
|
spec.add_development_dependency "rake-compiler", "~> 1.0"
|
|
31
|
-
spec.add_development_dependency "rake-compiler-dock", "~> 0.
|
|
31
|
+
spec.add_development_dependency "rake-compiler-dock", "~> 1.0.0"
|
|
32
32
|
spec.add_development_dependency "test-unit", "~> 3.2"
|
|
33
33
|
spec.add_development_dependency "yard", "~> 0.9"
|
|
34
34
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-03-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -64,14 +64,14 @@ dependencies:
|
|
|
64
64
|
requirements:
|
|
65
65
|
- - "~>"
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: 0.
|
|
67
|
+
version: 1.0.0
|
|
68
68
|
type: :development
|
|
69
69
|
prerelease: false
|
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
71
|
requirements:
|
|
72
72
|
- - "~>"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: 0.
|
|
74
|
+
version: 1.0.0
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
76
|
name: test-unit
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|