Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fallback on LevelRaw If the Level is not in the RenderingInfo section of the event #4257

Merged
merged 3 commits into from
May 10, 2017
Merged

Fallback on LevelRaw If the Level is not in the RenderingInfo section of the event #4257

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f89e951
If the Level is not in the RenderingInfo section of the event, fallba…
LucasArona May 8, 2017
ac78430
minor changes
LucasArona May 9, 2017
c3a3925
Add entry to CHANGELOG.asciidoc
andrewkroh May 10, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions winlogbeat/eventlog/wineventlog.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/elastic/beats/libbeat/common"
"github.com/elastic/beats/libbeat/logp"
"github.com/elastic/beats/winlogbeat/sys"
"github.com/elastic/beats/winlogbeat/sys/wineventlog"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency, could you use the "aliased" import below for this package. It's just aliased to win.

win "github.com/elastic/beats/winlogbeat/sys/wineventlog"
"github.com/joeshaw/multierror"
"github.com/pkg/errors"
Expand Down Expand Up @@ -216,6 +217,11 @@ func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record,
e.RenderErr = recoveredErr.Error()
}

if e.Level == "" {
//Let's fallback on LevelRaw if the level is not set in the RenderingInfo
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please change this to

// Fallback on LevelRaw if the Level is not set in the RenderingInfo.

e.Level = wineventlog.EventLevel(e.LevelRaw).String()
}

if logp.IsDebug(detailSelector) {
detailf("%s XML=%s Event=%+v", l.logPrefix, string(x), e)
}
Expand Down
29 changes: 29 additions & 0 deletions winlogbeat/sys/wineventlog/syscall_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,35 @@ func (e EvtSystemPropertyID) String() string {
return s
}

// EventLevel identifies the six levels of events that can be logged
type EventLevel uint16

// EventLevel values.
const (
// Do not reorder.
EVENTLOG_LOGALWAYS_LEVEL EventLevel = iota
EVENTLOG_CRITICAL_LEVEL
EVENTLOG_ERROR_LEVEL
EVENTLOG_WARNING_LEVEL
EVENTLOG_INFORMATION_LEVEL
EVENTLOG_VERBOSE_LEVEL
)

// Mapping of event levels to their string representations.
var EventLevelToString = map[EventLevel]string{
EVENTLOG_LOGALWAYS_LEVEL: "Information",
EVENTLOG_INFORMATION_LEVEL: "Information",
EVENTLOG_CRITICAL_LEVEL: "Critical",
EVENTLOG_ERROR_LEVEL: "Error",
EVENTLOG_WARNING_LEVEL: "Warning",
EVENTLOG_VERBOSE_LEVEL: "Verbose",
}

// String returns string representation of EventLevel.
func (et EventLevel) String() string {
return EventLevelToString[et]
}

// Add -trace to enable debug prints around syscalls.
//go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go

Expand Down