From 236ae2bd459f2ae79bd9a3dac65c06c5e160ae4b Mon Sep 17 00:00:00 2001 From: Reed Law Date: Wed, 2 Oct 2019 15:02:20 -0700 Subject: [PATCH] add function to create custom event log under Microsoft Event Viewer --- windows/svc/eventlog/install.go | 95 ++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 12 deletions(-) diff --git a/windows/svc/eventlog/install.go b/windows/svc/eventlog/install.go index c76a3760a4..ce8775be6a 100644 --- a/windows/svc/eventlog/install.go +++ b/windows/svc/eventlog/install.go @@ -20,7 +20,8 @@ const ( Error = windows.EVENTLOG_ERROR_TYPE ) -const addKeyName = `SYSTEM\CurrentControlSet\Services\EventLog\Application` +const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog` +const addKeyName = eventLogKeyName + `\` + `Application` // Install modifies PC registry to allow logging with an event source src. // It adds all required keys and values to the event log registry key. @@ -29,20 +30,10 @@ const addKeyName = `SYSTEM\CurrentControlSet\Services\EventLog\Application` // otherwise as REG_SZ. Use bitwise of log.Error, log.Warning and // log.Info to specify events supported by the new event source. func Install(src, msgFile string, useExpandKey bool, eventsSupported uint32) error { - appkey, err := registry.OpenKey(registry.LOCAL_MACHINE, addKeyName, registry.CREATE_SUB_KEY) + sk, err := createSubKey(registry.LOCAL_MACHINE, addKeyName, src) if err != nil { return err } - defer appkey.Close() - - sk, alreadyExist, err := registry.CreateKey(appkey, src, registry.SET_VALUE) - if err != nil { - return err - } - defer sk.Close() - if alreadyExist { - return errors.New(addKeyName + `\` + src + " registry key already exists") - } err = sk.SetDWordValue("CustomSource", 1) if err != nil { @@ -78,3 +69,83 @@ func Remove(src string) error { defer appkey.Close() return registry.DeleteKey(appkey, src) } + +// InstallCustomLog creates a custom event log under Microsoft Event Viewer. +func InstallCustomLog(name string, src string, eventsSupported uint32) error { + k, err := createSubKey(registry.LOCAL_MACHINE, eventLogKeyName, name) + if err != nil { + return errors.New(name + " subkey could not be created") + } + defer k.Close() + + err = k.SetDWordValue("TypesSupported", eventsSupported) + if err != nil { + return errors.New("TypesSupported could not be created") + } + + lk, err := createSubKey(registry.LOCAL_MACHINE, eventLogKeyName + `\` + name, name) + if err != nil { + return errors.New(name + " " + name + " subkey could not be created") + } + defer lk.Close() + + err = lk.SetExpandStringValue("EventMessageFile", "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\EventLogMessages.dll") + if err != nil { + return errors.New("EventMessageFile") + } + + sk, err := createSubKey(registry.LOCAL_MACHINE, eventLogKeyName + `\` + name, src) + if err != nil { + return err + } + defer sk.Close() + + err = sk.SetExpandStringValue("EventMessageFile", "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\EventLogMessages.dll") + if err != nil { + return err + } + + if err != nil { + return err + } + return nil +} + +// RemoveCustomLog deletes all registry elements installed by the correspondent InstallCustomLog. +func RemoveCustomLog(name string, src string) error { + appkey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName + `\` + name, registry.SET_VALUE) + if err != nil { + return err + } + defer appkey.Close() + err = registry.DeleteKey(appkey, name) + if err != nil { + return err + } + err = registry.DeleteKey(appkey, src) + if err != nil { + return err + } + key, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE) + if err != nil { + return err + } + defer key.Close() + return registry.DeleteKey(key, name) +} + +func createSubKey(key registry.Key, path string, keyName string) (registry.Key, error) { + k, err := registry.OpenKey(key, path, registry.CREATE_SUB_KEY) + if err != nil { + return k, errors.New(path + " path could not be opened") + } + defer k.Close() + sk, alreadyExist, err := registry.CreateKey(key, path + `\` + keyName, registry.SET_VALUE) + if err != nil { + return sk, errors.New(keyName + " key could not be created") + } + if alreadyExist { + return sk, errors.New(path + `\` + keyName + " registry key already exists") + } + return sk, nil +}