Re: [go-nuts] Re: Reading Windows event logs
By the way, I found this repository which is solved my problem : https://github.com/0xrawsec/golang-evtx Regards, On 7 Nov 2018 Wed at 19:18 Samet Sazak wrote: > Thank you so much, I will ask to him. > > On 7 Nov 2018 Wed at 18:57 Robert Engels wrote: > >> I was referring to it because it lays out how to write the code to do it, >> or it appears the original poster has probably already written the code. >> WMI is a pain, lots of parsing. >> >> On Nov 7, 2018, at 9:51 AM, Samet Sazak wrote: >> >> Thank you for quick reply but it’s not related. I found elastic/beats >> using eventlog package but still didn’t solve the problem:) >> >> I will try WMI queries to get event logs. >> >> Thanks, >> >> On 7 Nov 2018 Wed at 18:03 Robert Engels wrote: >> >>> Btw I know it is the beginning of the thread, but if you read through >>> it, you will see what or how to do it. >>> >>> On Nov 7, 2018, at 8:59 AM, Robert Engels wrote: >>> >>> Maybe this... >>> https://grokbase.com/t/gg/golang-nuts/156jvs0e0p/go-nuts-reading-windows-event-logs >>> >>> On Nov 7, 2018, at 7:42 AM, smt...@gmail.com wrote: >>> >>> >>> Yes, anyone ? >>> >>> 13 Ocak 2016 Çarşamba 15:35:33 UTC+2 tarihinde Durgababu Neelam yazdı: >>>> >>>> Hi, >>>> >>>> can any one provide the code to read/query event logs in golang? >>>> >>>> thanks >>>> >>>> On Sunday, June 21, 2015 at 2:38:44 PM UTC+5:30, brainman wrote: >>>>> >>>>> On Saturday, 20 June 2015 18:49:29 UTC+10, pmo...@mozilla.com wrote: >>>>> > ... would it be possible to parse these to auto-generate a complete >>>>> set of syscalls in syscall_windows.go (link in previous message)? >>>>> >>>>> Sure you could generate something like that. We used to do in runtime >>>>> package - see defs_windows.go (it is not used at this moment) - for >>>>> Windows >>>>> data types and consts. Unfortunately it is not very useful for API calls - >>>>> these need to present Windows errors similar to other functions in Go. How >>>>> do you propose to handle Windows errors? >>>>> >>>>> Alex >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "golang-nuts" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to golang-nuts+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "golang-nuts" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to golang-nuts+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >> Samet Sazak >> >> -- > Samet Sazak > > -- Samet Sazak -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [go-nuts] Re: Reading Windows event logs
Thank you so much, I will ask to him. On 7 Nov 2018 Wed at 18:57 Robert Engels wrote: > I was referring to it because it lays out how to write the code to do it, > or it appears the original poster has probably already written the code. > WMI is a pain, lots of parsing. > > On Nov 7, 2018, at 9:51 AM, Samet Sazak wrote: > > Thank you for quick reply but it’s not related. I found elastic/beats > using eventlog package but still didn’t solve the problem:) > > I will try WMI queries to get event logs. > > Thanks, > > On 7 Nov 2018 Wed at 18:03 Robert Engels wrote: > >> Btw I know it is the beginning of the thread, but if you read through it, >> you will see what or how to do it. >> >> On Nov 7, 2018, at 8:59 AM, Robert Engels wrote: >> >> Maybe this... >> https://grokbase.com/t/gg/golang-nuts/156jvs0e0p/go-nuts-reading-windows-event-logs >> >> On Nov 7, 2018, at 7:42 AM, smt...@gmail.com wrote: >> >> >> Yes, anyone ? >> >> 13 Ocak 2016 Çarşamba 15:35:33 UTC+2 tarihinde Durgababu Neelam yazdı: >>> >>> Hi, >>> >>> can any one provide the code to read/query event logs in golang? >>> >>> thanks >>> >>> On Sunday, June 21, 2015 at 2:38:44 PM UTC+5:30, brainman wrote: >>>> >>>> On Saturday, 20 June 2015 18:49:29 UTC+10, pmo...@mozilla.com wrote: >>>> > ... would it be possible to parse these to auto-generate a complete >>>> set of syscalls in syscall_windows.go (link in previous message)? >>>> >>>> Sure you could generate something like that. We used to do in runtime >>>> package - see defs_windows.go (it is not used at this moment) - for Windows >>>> data types and consts. Unfortunately it is not very useful for API calls - >>>> these need to present Windows errors similar to other functions in Go. How >>>> do you propose to handle Windows errors? >>>> >>>> Alex >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "golang-nuts" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to golang-nuts+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "golang-nuts" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to golang-nuts+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> >> -- > Samet Sazak > > -- Samet Sazak -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [go-nuts] Re: Reading Windows event logs
Thank you for quick reply but it’s not related. I found elastic/beats using eventlog package but still didn’t solve the problem:) I will try WMI queries to get event logs. Thanks, On 7 Nov 2018 Wed at 18:03 Robert Engels wrote: > Btw I know it is the beginning of the thread, but if you read through it, > you will see what or how to do it. > > On Nov 7, 2018, at 8:59 AM, Robert Engels wrote: > > Maybe this... > https://grokbase.com/t/gg/golang-nuts/156jvs0e0p/go-nuts-reading-windows-event-logs > > On Nov 7, 2018, at 7:42 AM, smt...@gmail.com wrote: > > > Yes, anyone ? > > 13 Ocak 2016 Çarşamba 15:35:33 UTC+2 tarihinde Durgababu Neelam yazdı: >> >> Hi, >> >> can any one provide the code to read/query event logs in golang? >> >> thanks >> >> On Sunday, June 21, 2015 at 2:38:44 PM UTC+5:30, brainman wrote: >>> >>> On Saturday, 20 June 2015 18:49:29 UTC+10, pmo...@mozilla.com wrote: >>> > ... would it be possible to parse these to auto-generate a complete >>> set of syscalls in syscall_windows.go (link in previous message)? >>> >>> Sure you could generate something like that. We used to do in runtime >>> package - see defs_windows.go (it is not used at this moment) - for Windows >>> data types and consts. Unfortunately it is not very useful for API calls - >>> these need to present Windows errors similar to other functions in Go. How >>> do you propose to handle Windows errors? >>> >>> Alex >>> >> -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > > -- Samet Sazak -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
