Skip to content

auuunya/eventwatcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
_example
_example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_ZH.md
README_ZH.md
 
 
channels.go
channels.go
 
 
channels_windows.go
channels_windows.go
 
 
enum.go
enum.go
 
 
event.go
event.go
 
 
event_windows.go
event_windows.go
 
 
eventnotifier.go
eventnotifier.go
 
 
eventparser.go
eventparser.go
 
 
eventparser_windows.go
eventparser_windows.go
 
 
eventwatcher.go
eventwatcher.go
 
 
eventwatcher_common.go
eventwatcher_common.go
 
 
eventwatcher_test.go
eventwatcher_test.go
 
 
eventwatcher_unix.go
eventwatcher_unix.go
 
 
eventwatcher_unix_test.go
eventwatcher_unix_test.go
 
 
eventwatcher_windows.go
eventwatcher_windows.go
 
 
go.mod
go.mod
 
 
memprofile_test.go
memprofile_test.go
 
 
typedef.go
typedef.go
 
 

Repository files navigation

EventWatcher

Go Reference CI

Overview

EventWatcher is an open-source library designed for monitoring Windows Event Logs in real-time. It provides a robust and efficient solution for tracking and reacting to system events, application logs, and other important event sources. This library is particularly useful for developers and system administrators who need to monitor event logs for debugging, auditing, and system management purposes.

Usage

To use the EventWatcher library, you need to:

  1. Create an EventNotifier instance.
  2. Add event watchers for the logs you are interested in.
  3. Listen for event data on the EventLogChannel.
  4. Ensure a graceful shutdown by properly closing the EventNotifier.

Installation

To install the EventWatcher library, run:

go get github.com/auuunya/eventwatcher

Example

package main

import (
	"github.com/auuunya/eventwatcher"
)

func main() {
	ctx := context.Background()
	notify := eventwatcher.NewEventNotifier(ctx)
	defer notify.Close()

	channels := []string{"Application", "System", "Microsoft-Windows-Kernel-Dump/Operational"}
	for _, channel := range channels {
		err := notify.AddWatcher(channel)
		if err != nil {
			continue
		}
	}

	go func() {
		for ch := range notify.EventLogChannel {
			fmt.Printf("event entry: %v\n", ch)
		}
	}()

	quit := make(chan os.Signal, 1)
	signal.Notify(quit, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
	<-quit
}

Windows powershell add event

Write-EventLog -LogName "Application" -Source "TestSource" -EventID 1 -EntryType Information -Message "Application Test Info"

Windows cmd add event

eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO MYEVENTSOURCE /D "Test Application Infomation"

Cross-platform support

  • Windows: Uses native Windows Event Log APIs (original behavior). Windows-specific tests and implementations are build-tagged with //go:build windows.
  • macOS / Linux: A lightweight file-watching implementation using fsnotify is provided for Unix-like systems. On these platforms, call AddWatcher(path) where path is a file path (writing to the file will emit an event).
  • Notes: On non-Windows platforms, Windows-specific APIs return not-implemented errors; use the Unix watcher for most cross-platform needs.

Running tests & profiling

  • Run all tests: go test ./...
  • Run Unix watcher test (macOS/Linux): go test -run TestEventWatcherUnixFile -v
  • Run memory check: go test -run TestMemSpike -v (this logs runtime.MemStats before/after watcher start).

Contribution

Contributions are welcome! Feel free to open issues or submit pull requests on the GitHub repository.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

EventWatcher is an open-source library designed for real-time monitoring of Windows Event Logs. It offers an efficient solution for tracking system events, application logs, and other critical event sources. Ideal for debugging, auditing, and system management.

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

 
 
 

Contributors

Languages