extensions/windows-event-log/ConsumeWindowsEventLog.h - nifi-minifi-cpp - Git at Google

 /**
  * @file ConsumeWindowsEventLog.h
  * ConsumeWindowsEventLog class declaration
  *
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #pragma once

 #include "core/Core.h"
 #include "wel/WindowsEventLog.h"
 #include "FlowFileRecord.h"
 #include "concurrentqueue.h"
 #include "core/Processor.h"
 #include "core/ProcessSession.h"
 #include "pugixml.hpp"
 #include <winevt.h>
 #include <sstream>
 #include <regex>
 #include <codecvt>
 #include "utils/OsUtils.h"
 #include <Objbase.h>
 #include <mutex>

 namespace org {
 namespace apache {
 namespace nifi {
 namespace minifi {
 namespace processors {

 struct EventRender {
 	std::map<std::string, std::string> matched_fields_;
 	std::string text_;
 	std::string rendered_text_;
   std::wstring bookmarkXml_;
 };

 class Bookmark;

 //! ConsumeWindowsEventLog Class
 class ConsumeWindowsEventLog : public core::Processor
 {
 public:
   //! Constructor
   /*!
   * Create a new processor
   */
   ConsumeWindowsEventLog(const std::string& name, utils::Identifier uuid = utils::Identifier());

   //! Destructor
   virtual ~ConsumeWindowsEventLog();

   //! Processor Name
   static const std::string ProcessorName;

   //! Supported Properties
   static core::Property Channel;
   static core::Property Query;
   static core::Property RenderFormatXML;
   static core::Property MaxBufferSize;
   static core::Property InactiveDurationToReconnect;
   static core::Property IdentifierMatcher;
   static core::Property IdentifierFunction;
   static core::Property ResolveAsAttributes;
   static core::Property EventHeaderDelimiter;
   static core::Property EventHeader;
   static core::Property OutputFormat;
   static core::Property BatchCommitSize;
   static core::Property BookmarkRootDirectory;

   //! Supported Relationships
   static core::Relationship Success;

 public:
   /**
   * Function that's executed when the processor is scheduled.
   * @param context process context.
   * @param sessionFactory process session factory that is used when creating
   * ProcessSession objects.
   */
   void onSchedule(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSessionFactory> &sessionFactory) override;
   //! OnTrigger method, implemented by NiFi ConsumeWindowsEventLog
   virtual void onTrigger(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSession> &session) override;
   //! Initialize, overwrite by NiFi ConsumeWindowsEventLog
   virtual void initialize(void) override;
   virtual void notifyStop() override;


 protected:
   bool subscribe(const std::shared_ptr<core::ProcessContext> &context);
   void unsubscribe();
   int processQueue(const std::shared_ptr<core::ProcessSession> &session);
   wel::WindowsEventLogHandler getEventLogHandler(const std::string & name);
   bool insertHeaderName(wel::METADATA_NAMES &header, const std::string &key, const std::string &value);
   void LogWindowsError();
   void processEvent(EVT_HANDLE eventHandle);
   bool processEventsAfterBookmark(EVT_HANDLE hEventResults, const std::wstring& channel, const std::wstring& query);

   static constexpr const char * const XML = "XML";
   static constexpr const char * const Both = "Both";
   static constexpr const char * const Plaintext = "Plaintext";

 private:

   // Logger
   wel::METADATA_NAMES header_names_;
   std::string header_delimiter_;
   std::string channel_;
   std::string query_;
   std::shared_ptr<logging::Logger> logger_;
   std::string regex_;
   bool resolve_as_attributes_;
   bool apply_identifier_function_;
   moodycamel::ConcurrentQueue<EventRender> listRenderedData_;
   std::string provenanceUri_;
   std::string computerName_;
   int64_t inactiveDurationToReconnect_{};
   EVT_HANDLE subscriptionHandle_{};
   uint64_t maxBufferSize_{};
   DWORD lastActivityTimestamp_{};
   std::shared_ptr<core::ProcessSessionFactory> sessionFactory_;
   std::mutex cache_mutex_;
   std::map<std::string, wel::WindowsEventLogHandler > providers_;
   uint64_t batch_commit_size_;

   bool writeXML_;
   bool writePlainText_;
   std::unique_ptr<Bookmark> pBookmark_;
   std::mutex onTriggerMutex_;
 };

 REGISTER_RESOURCE(ConsumeWindowsEventLog, "Windows Event Log Subscribe Callback to receive FlowFiles from Events on Windows.");

 } /* namespace processors */
 } /* namespace minifi */
 } /* namespace nifi */
 } /* namespace apache */
 } /* namespace org */
	/**
	* @file ConsumeWindowsEventLog.h
	* ConsumeWindowsEventLog class declaration
	*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#pragma once

	#include "core/Core.h"
	#include "wel/WindowsEventLog.h"
	#include "FlowFileRecord.h"
	#include "concurrentqueue.h"
	#include "core/Processor.h"
	#include "core/ProcessSession.h"
	#include "pugixml.hpp"
	#include <winevt.h>
	#include <sstream>
	#include <regex>
	#include <codecvt>
	#include "utils/OsUtils.h"
	#include <Objbase.h>
	#include <mutex>

	namespace org {
	namespace apache {
	namespace nifi {
	namespace minifi {
	namespace processors {

	struct EventRender {
	std::map<std::string, std::string> matched_fields_;
	std::string text_;
	std::string rendered_text_;
	std::wstring bookmarkXml_;
	};

	class Bookmark;

	//! ConsumeWindowsEventLog Class
	class ConsumeWindowsEventLog : public core::Processor
	{
	public:
	//! Constructor
	/*!
	* Create a new processor
	*/
	ConsumeWindowsEventLog(const std::string& name, utils::Identifier uuid = utils::Identifier());

	//! Destructor
	virtual ~ConsumeWindowsEventLog();

	//! Processor Name
	static const std::string ProcessorName;

	//! Supported Properties
	static core::Property Channel;
	static core::Property Query;
	static core::Property RenderFormatXML;
	static core::Property MaxBufferSize;
	static core::Property InactiveDurationToReconnect;
	static core::Property IdentifierMatcher;
	static core::Property IdentifierFunction;
	static core::Property ResolveAsAttributes;
	static core::Property EventHeaderDelimiter;
	static core::Property EventHeader;
	static core::Property OutputFormat;
	static core::Property BatchCommitSize;
	static core::Property BookmarkRootDirectory;

	//! Supported Relationships
	static core::Relationship Success;

	public:
	/**
	* Function that's executed when the processor is scheduled.
	* @param context process context.
	* @param sessionFactory process session factory that is used when creating
	* ProcessSession objects.
	*/
	void onSchedule(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSessionFactory> &sessionFactory) override;
	//! OnTrigger method, implemented by NiFi ConsumeWindowsEventLog
	virtual void onTrigger(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSession> &session) override;
	//! Initialize, overwrite by NiFi ConsumeWindowsEventLog
	virtual void initialize(void) override;
	virtual void notifyStop() override;


	protected:
	bool subscribe(const std::shared_ptr<core::ProcessContext> &context);
	void unsubscribe();
	int processQueue(const std::shared_ptr<core::ProcessSession> &session);
	wel::WindowsEventLogHandler getEventLogHandler(const std::string & name);
	bool insertHeaderName(wel::METADATA_NAMES &header, const std::string &key, const std::string &value);
	void LogWindowsError();
	void processEvent(EVT_HANDLE eventHandle);
	bool processEventsAfterBookmark(EVT_HANDLE hEventResults, const std::wstring& channel, const std::wstring& query);

	static constexpr const char * const XML = "XML";
	static constexpr const char * const Both = "Both";
	static constexpr const char * const Plaintext = "Plaintext";

	private:

	// Logger
	wel::METADATA_NAMES header_names_;
	std::string header_delimiter_;
	std::string channel_;
	std::string query_;
	std::shared_ptr<logging::Logger> logger_;
	std::string regex_;
	bool resolve_as_attributes_;
	bool apply_identifier_function_;
	moodycamel::ConcurrentQueue<EventRender> listRenderedData_;
	std::string provenanceUri_;
	std::string computerName_;
	int64_t inactiveDurationToReconnect_{};
	EVT_HANDLE subscriptionHandle_{};
	uint64_t maxBufferSize_{};
	DWORD lastActivityTimestamp_{};
	std::shared_ptr<core::ProcessSessionFactory> sessionFactory_;
	std::mutex cache_mutex_;
	std::map<std::string, wel::WindowsEventLogHandler > providers_;
	uint64_t batch_commit_size_;

	bool writeXML_;
	bool writePlainText_;
	std::unique_ptr<Bookmark> pBookmark_;
	std::mutex onTriggerMutex_;
	};

	REGISTER_RESOURCE(ConsumeWindowsEventLog, "Windows Event Log Subscribe Callback to receive FlowFiles from Events on Windows.");

	} /* namespace processors */
	} /* namespace minifi */
	} /* namespace nifi */
	} /* namespace apache */
	} /* namespace org */