blob: 2314611bfd225db4ee490cd76ab29e3dc2f5a1dc [file] [log] [blame]
* @file ConsumeWindowsEventLog.h
* ConsumeWindowsEventLog class declaration
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
#pragma once
#include "core/Core.h"
#include "wel/WindowsEventLog.h"
#include "FlowFileRecord.h"
#include "concurrentqueue.h"
#include "core/Processor.h"
#include "core/ProcessSession.h"
#include "pugixml.hpp"
#include <winevt.h>
#include <sstream>
#include <regex>
#include <codecvt>
#include "utils/OsUtils.h"
#include <Objbase.h>
#include <mutex>
#include <unordered_map>
namespace org {
namespace apache {
namespace nifi {
namespace minifi {
namespace processors {
struct EventRender {
std::map<std::string, std::string> matched_fields_;
std::string text_;
std::string rendered_text_;
std::wstring bookmarkXml_;
class Bookmark;
//! ConsumeWindowsEventLog Class
class ConsumeWindowsEventLog : public core::Processor
//! Constructor
* Create a new processor
ConsumeWindowsEventLog(const std::string& name, utils::Identifier uuid = utils::Identifier());
//! Destructor
virtual ~ConsumeWindowsEventLog();
//! Processor Name
static const std::string ProcessorName;
//! Supported Properties
static core::Property Channel;
static core::Property Query;
static core::Property RenderFormatXML;
static core::Property MaxBufferSize;
static core::Property InactiveDurationToReconnect;
static core::Property IdentifierMatcher;
static core::Property IdentifierFunction;
static core::Property ResolveAsAttributes;
static core::Property EventHeaderDelimiter;
static core::Property EventHeader;
static core::Property OutputFormat;
static core::Property BatchCommitSize;
static core::Property BookmarkRootDirectory;
//! Supported Relationships
static core::Relationship Success;
* Function that's executed when the processor is scheduled.
* @param context process context.
* @param sessionFactory process session factory that is used when creating
* ProcessSession objects.
void onSchedule(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSessionFactory> &sessionFactory) override;
//! OnTrigger method, implemented by NiFi ConsumeWindowsEventLog
virtual void onTrigger(const std::shared_ptr<core::ProcessContext> &context, const std::shared_ptr<core::ProcessSession> &session) override;
//! Initialize, overwrite by NiFi ConsumeWindowsEventLog
virtual void initialize(void) override;
virtual void notifyStop() override;
bool subscribe(const std::shared_ptr<core::ProcessContext> &context);
void unsubscribe();
int processQueue(const std::shared_ptr<core::ProcessSession> &session);
wel::WindowsEventLogHandler getEventLogHandler(const std::string & name);
bool insertHeaderName(wel::METADATA_NAMES &header, const std::string &key, const std::string &value);
void LogWindowsError();
void processEvent(EVT_HANDLE eventHandle);
bool processEventsAfterBookmark(EVT_HANDLE hEventResults, const std::wstring& channel, const std::wstring& query);
void substituteXMLPercentageItems(pugi::xml_document& doc);
static constexpr const char * const XML = "XML";
static constexpr const char * const Both = "Both";
static constexpr const char * const Plaintext = "Plaintext";
// Logger
wel::METADATA_NAMES header_names_;
std::string header_delimiter_;
std::string channel_;
std::string query_;
std::shared_ptr<logging::Logger> logger_;
std::string regex_;
bool resolve_as_attributes_;
bool apply_identifier_function_;
moodycamel::ConcurrentQueue<EventRender> listRenderedData_;
std::string provenanceUri_;
std::string computerName_;
int64_t inactiveDurationToReconnect_{};
EVT_HANDLE subscriptionHandle_{};
uint64_t maxBufferSize_{};
DWORD lastActivityTimestamp_{};
std::shared_ptr<core::ProcessSessionFactory> sessionFactory_;
std::mutex cache_mutex_;
std::map<std::string, wel::WindowsEventLogHandler > providers_;
uint64_t batch_commit_size_;
bool writeXML_;
bool writePlainText_;
std::unique_ptr<Bookmark> pBookmark_;
std::mutex onTriggerMutex_;
std::unordered_map<std::string, std::string> xmlPercentageItemsResolutions_;
HMODULE hMsobjsDll_{};
REGISTER_RESOURCE(ConsumeWindowsEventLog, "Windows Event Log Subscribe Callback to receive FlowFiles from Events on Windows.");
} /* namespace processors */
} /* namespace minifi */
} /* namespace nifi */
} /* namespace apache */
} /* namespace org */