(name string, count int)
| 138 | } |
| 139 | |
| 140 | func queryWindowsEvents(name string, count int) ([]windowsEvent, error) { |
| 141 | if _, err := exec.LookPath("wevtutil"); err != nil { |
| 142 | return nil, fmt.Errorf("Windows Event Log utility not found") |
| 143 | } |
| 144 | if count <= 0 { |
| 145 | count = 1 |
| 146 | } |
| 147 | q := fmt.Sprintf(`*[System[Provider[@Name="%s"]]]`, strings.ReplaceAll(name, `"`, `\"`)) |
| 148 | args := []string{ |
| 149 | "qe", "Application", |
| 150 | "/q:" + q, |
| 151 | "/f:text", |
| 152 | "/rd:true", |
| 153 | fmt.Sprintf("/c:%d", count), |
| 154 | } |
| 155 | out, err := exec.Command("wevtutil", args...).CombinedOutput() |
| 156 | if err != nil { |
| 157 | msg := strings.TrimSpace(string(out)) |
| 158 | if msg != "" { |
| 159 | return nil, fmt.Errorf("query windows logs: %s", msg) |
| 160 | } |
| 161 | return nil, fmt.Errorf("query windows logs: %w", err) |
| 162 | } |
| 163 | return parseWindowsEventText(string(out)), nil |
| 164 | } |
| 165 | |
| 166 | func parseWindowsEventText(out string) []windowsEvent { |
| 167 | var blocks []string |
no test coverage detected
searching dependent graphs…