Class: Fluent::WinEvtLog::WindowsLogWatcher

Inherits:
Object
  • Object
show all
Defined in:
lib/fluent/plugin/in_winevtlog.rb

Defined Under Namespace

Classes: TimerWatcher

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(interval, ch, pe, &receive_lines) ⇒ WindowsLogWatcher

Returns a new instance of WindowsLogWatcher.



133
134
135
136
137
138
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 133

def initialize(interval, ch, pe, &receive_lines)
  @ch = ch
  @pe = pe || MemoryPositionEntry.new
  @receive_lines = receive_lines
  @timer_trigger = TimerWatcher.new(interval, true, &method(:on_notify))
end

Instance Attribute Details

#chObject (readonly)

Returns the value of attribute ch.



140
141
142
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 140

def ch
  @ch
end

#peObject

Returns the value of attribute pe.



142
143
144
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 142

def pe
  @pe
end

#unwatchedObject

Returns the value of attribute unwatched.



141
142
143
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 141

def unwatched
  @unwatched
end

Instance Method Details

#attach(loop) ⇒ Object 



144
145
146
147
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 144

def attach(loop)
  @timer_trigger.attach(loop)
  on_notify
end

#closeObject 



153
154
155
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 153

def close
  detach
end

#detachObject 



149
150
151
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 149

def detach
  @timer_trigger.detach if @timer_trigger.attached?
end

#on_notifyObject 



157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/fluent/plugin/in_winevtlog.rb', line 157

def on_notify
  el = EventLog.open(@ch)
  rl_sn = [el.oldest_record_number, el.total_records]
  pe_sn = [@pe.read_start, @pe.read_num]
  # if total_records is zero, oldest_record_number has no meaning.
  if rl_sn[1] == 0
    return
  end
  
  if pe_sn[0] == 0 && pe_sn[1] == 0
    @pe.update(rl_sn[0], rl_sn[1])
    return
  end

  cur_end = rl_sn[0] + rl_sn[1] -1
  old_end = pe_sn[0] + pe_sn[1] -1

  if (rl_sn[0] < pe_sn[0])
    # may be a record number rotated.
    cur_end += 0xFFFFFFFF
  end

  if (cur_end < old_end)
    # something occured.
    @pe.update(rl_sn[0], rl_sn[1])
    return
  end

  read_more = false
  begin
    numlines = cur_end - old_end

    winlogs = el.read(Win32::EventLog::SEEK_READ | Win32::EventLog::FORWARDS_READ, old_end + 1)
    @receive_lines.call(@ch, winlogs, pe_sn)

    @pe.update(pe_sn[0], pe_sn[1])
    old_end = pe_sn[0] + pe_sn[1] -1
  end while read_more
  el.close
  
end