Class: Winevt::EventLog::Bookmark

Inherits:

Object

• Object
• Winevt::EventLog::Bookmark

Defined in:

ext/winevt/winevt_bookmark.c,
lib/winevt/bookmark.rb,
ext/winevt/winevt_bookmark.c

Overview

Bookmark for querying/subscribing Windows EventLog progress.

Examples:

require 'winevt'

@query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
@bookmark = Winevt::EventLog::Bookmark.new
@query.each do |xml|
  @bookmark.update(@query)
end

puts @bookmark.render

Instance Method Summary

• #initailize(options = {}) ⇒ Bookmark constructor

  Initalize Bookmark class.

• #render ⇒ String

  This method renders bookmark class content.

• #update(event) ⇒ Bookmark

  This method updates bookmark and returns Bookmark instance.

Constructor Details

#initailize(options = {}) ⇒ Bookmark

Initalize Bookmark class. Receive XML string or nil.

Options Hash (options):

• XML (String) —

  rendered Bookmark string.

# File 'ext/winevt/winevt_bookmark.c', line 62

static VALUE
rb_winevt_bookmark_initialize(int argc, VALUE* argv, VALUE self)
{
  PWSTR bookmarkXml;
  VALUE wbookmarkXmlBuf;
  DWORD len;
  struct WinevtBookmark* winevtBookmark;

  TypedData_Get_Struct(
    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);

  if (argc == 0) {
    winevtBookmark->bookmark = EvtCreateBookmark(NULL);
  } else if (argc == 1) {
    VALUE rb_bookmarkXml;
    rb_scan_args(argc, argv, "10", &rb_bookmarkXml);
    Check_Type(rb_bookmarkXml, T_STRING);

    // bookmarkXml : To wide char
    len = MultiByteToWideChar(
      CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len + 1);
    MultiByteToWideChar(CP_UTF8,
                        0,
                        RSTRING_PTR(rb_bookmarkXml),
                        RSTRING_LEN(rb_bookmarkXml),
                        bookmarkXml,
                        len);
    bookmarkXml[len] = L'\0';
    winevtBookmark->bookmark = EvtCreateBookmark(bookmarkXml);
    ALLOCV_END(wbookmarkXmlBuf);
  }

  return Qnil;
}

Instance Method Details

#render ⇒ String

This method renders bookmark class content.

Returns:

• (String)

# File 'ext/winevt/winevt_bookmark.c', line 127

static VALUE
rb_winevt_bookmark_render(VALUE self)
{
  struct WinevtBookmark* winevtBookmark;

  TypedData_Get_Struct(
    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);

  return render_to_rb_str(winevtBookmark->bookmark, EvtRenderBookmark);
}

#update(event) ⇒ Bookmark

This method updates bookmark and returns Bookmark instance.

Parameters:

• event (Query)

Returns:

• (Bookmark)

# File 'ext/winevt/winevt_bookmark.c', line 104

static VALUE
rb_winevt_bookmark_update(VALUE self, VALUE event)
{
  struct WinevtQuery* winevtQuery;
  struct WinevtBookmark* winevtBookmark;

  winevtQuery = EventQuery(event);

  TypedData_Get_Struct(
    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);

  for (int i = 0; i < winevtQuery->count; i++) {
    if (!EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->hEvents[i]))
      return Qfalse;
  }
  return Qtrue;
}