Class: Winevt::EventLog::Subscribe

Inherits:
Object
  • Object
show all
Defined in:
ext/winevt/winevt_subscribe.c,
lib/winevt/subscribe.rb,
ext/winevt/winevt.c,
ext/winevt/winevt_subscribe.c

Overview

Subscribe Windows EventLog channel.

Examples:

require 'winevt'

@subscribe = Winevt::EventLog::Subscribe.new
@subscribe.tail = true
@subscribe.rate_limit = 80
@subscribe.subscribe(
  "Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
)
while true do
  @subscribe.each do |eventlog, message, string_inserts|
    puts ({eventlog: eventlog, data: message})
  end
  sleep(0.1)
end

See Also:

Constant Summary collapse

RATE_INFINITE =

For Subscribe#rate_limit=. It represents unspecified rate limit.

Since:

  • 0.6.0

SUBSCRIBE_RATE_INFINITE

Instance Method Summary collapse

Constructor Details

#initializeSubscribe

Initalize Subscribe class.



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'ext/winevt/winevt_subscribe.c', line 79

static VALUE
rb_winevt_subscribe_initialize(VALUE self)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  winevtSubscribe->rateLimit = SUBSCRIBE_RATE_INFINITE;
  winevtSubscribe->lastTime = 0;
  winevtSubscribe->currentRate = 0;
  winevtSubscribe->renderAsXML = TRUE;
  winevtSubscribe->readExistingEvents = TRUE;

  return Qnil;
}

Instance Method Details

#bookmarkString

This method renders bookmark content which is related to Subscribe class instance.

Returns:

  • (String) 


430
431
432
433
434
435
436
437
438
439
 
# File 'ext/winevt/winevt_subscribe.c', line 430

static VALUE
rb_winevt_subscribe_get_bookmark(VALUE self)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  return render_to_rb_str(winevtSubscribe->bookmark, EvtRenderBookmark);
}

#each {|String, String, String| ... } ⇒ Object

Enumerate to obtain Windows EventLog contents.

This method yields the following: (Stringified EventLog, Stringified detail message, Stringified insert values)

Yields:

  • (String, String, String) 


412
413
414
415
416
417
418
419
420
421
422
423
 
# File 'ext/winevt/winevt_subscribe.c', line 412

static VALUE
rb_winevt_subscribe_each(VALUE self)
{
  RETURN_ENUMERATOR(self, 0, 0);

  while (rb_winevt_subscribe_next(self)) {
    rb_ensure(
      rb_winevt_subscribe_each_yield, self, rb_winevt_subscribe_close_handle, self);
  }

  return Qnil;
}

#nextBoolean

Handle the next values. Since v0.6.0, this method is used for testing only. Please use #each instead.

Returns:

  • (Boolean)

See Also:



289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
 
# File 'ext/winevt/winevt_subscribe.c', line 289

static VALUE
rb_winevt_subscribe_next(VALUE self)
{
  EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
  ULONG count = 0;
  DWORD status = ERROR_SUCCESS;
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  if (is_rate_limit_exceeded(winevtSubscribe)) {
    return Qfalse;
  }

  if (!EvtNext(winevtSubscribe->subscription,
               SUBSCRIBE_ARRAY_SIZE,
               hEvents,
               INFINITE,
               0,
               &count)) {
    status = GetLastError();
    if (ERROR_NO_MORE_ITEMS != status) {
      return Qfalse;
    }
  }

  if (status == ERROR_SUCCESS) {
    winevtSubscribe->count = count;
    for (int i = 0; i < count; i++) {
      winevtSubscribe->hEvents[i] = hEvents[i];
      EvtUpdateBookmark(winevtSubscribe->bookmark, winevtSubscribe->hEvents[i]);
    }

    update_to_reflect_rate_limit_state(winevtSubscribe, count);

    return Qtrue;
  }

  return Qfalse;
}

#rate_limitInteger

This method returns rate limit value.

Returns:

  • (Integer)

Since:

  • 0.6.0



447
448
449
450
451
452
453
454
455
456
 
# File 'ext/winevt/winevt_subscribe.c', line 447

static VALUE
rb_winevt_subscribe_get_rate_limit(VALUE self)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  return INT2NUM(winevtSubscribe->rateLimit);
}

#rate_limit=(rb_rate_limit) ⇒ Object

This method specifies rate limit value.

Parameters:

  • rb_rate_limit (Integer)

    rate_limit value

Since:

  • 0.6.0



464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
 
# File 'ext/winevt/winevt_subscribe.c', line 464

static VALUE
rb_winevt_subscribe_set_rate_limit(VALUE self, VALUE rb_rate_limit)
{
  struct WinevtSubscribe* winevtSubscribe;
  DWORD rateLimit;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  rateLimit = NUM2LONG(rb_rate_limit);

  if ((rateLimit != SUBSCRIBE_RATE_INFINITE) && (rateLimit < 10 || rateLimit % 10)) {
    rb_raise(rb_eArgError, "Specify a multiples of 10 or RATE_INFINITE constant");
  } else {
    winevtSubscribe->rateLimit = rateLimit;
  }

  return Qnil;
}

#read_existing_events=(rb_read_existing_events_p) ⇒ Object

This method specifies whether read existing events or not.

Parameters:

  • rb_read_existing_events_p (Boolean) 


101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'ext/winevt/winevt_subscribe.c', line 101

static VALUE
rb_winevt_subscribe_set_read_existing_events(VALUE self, VALUE rb_read_existing_events_p)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  winevtSubscribe->readExistingEvents = RTEST(rb_read_existing_events_p);

  return Qnil;
}

#read_existing_events?Boolean

This method returns whether read existing events or not.

Returns:

  • (Boolean) 


119
120
121
122
123
124
125
126
127
128
 
# File 'ext/winevt/winevt_subscribe.c', line 119

static VALUE
rb_winevt_subscribe_read_existing_events_p(VALUE self)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  return winevtSubscribe->readExistingEvents ? Qtrue : Qfalse;
}

#render_as_xml=(rb_render_as_xml) ⇒ Object

This method specifies whether render as xml or not.

Parameters:

  • rb_render_as_xml (Boolean)

Since:

  • 0.6.0



507
508
509
510
511
512
513
514
515
516
517
518
 
# File 'ext/winevt/winevt_subscribe.c', line 507

static VALUE
rb_winevt_subscribe_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  winevtSubscribe->renderAsXML = RTEST(rb_render_as_xml);

  return Qnil;
}

#render_as_xml?Boolean

This method returns whether render as xml or not.

Returns:

  • (Boolean)

Since:

  • 0.6.0



490
491
492
493
494
495
496
497
498
499
 
# File 'ext/winevt/winevt_subscribe.c', line 490

static VALUE
rb_winevt_subscribe_render_as_xml_p(VALUE self)
{
  struct WinevtSubscribe* winevtSubscribe;

  TypedData_Get_Struct(
    self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);

  return winevtSubscribe->renderAsXML ? Qtrue : Qfalse;
}

#subscribe(path, query, options = {}) ⇒ Boolean

Subscribe into a Windows EventLog channel.

Parameters:

  • path (String)

    Subscribe Channel

  • query (String)

    Query string for channel

Options Hash (options):

  • bookmark (Bookmark)

    Bookmark class instance.

Returns:

  • (Boolean) 


140
141
142
143
144
145
146
 
# File 'ext/winevt/winevt_subscribe.c', line 140

def subscribe(path, query, bookmark = nil)
  if bookmark.is_a?(Winevt::EventLog::Bookmark)
    subscribe_raw(path, query, bookmark.render)
  else
    subscribe_raw(path, query)
  end
end

#subscribe_rawObject 



4
 
# File 'lib/winevt/subscribe.rb', line 4

alias_method :subscribe_raw, :subscribe