/
hook.go
147 lines (123 loc) · 3.98 KB
/
hook.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
//go:build windows
// +build windows
package etwlogrus
import (
"errors"
"sort"
"github.com/sirupsen/logrus"
"github.com/Microsoft/go-winio/pkg/etw"
)
const DefaultEventName = "LogrusEntry"
var ErrNoProvider = errors.New("no ETW registered provider")
// HookOpt is an option to change the behavior of the Logrus ETW hook
type HookOpt func(*Hook) error
// Hook is a Logrus hook which logs received events to ETW.
type Hook struct {
provider *etw.Provider
closeProvider bool
// allows setting the entry name
getName func(*logrus.Entry) string
// returns additional options to add to the event
getEventsOpts func(*logrus.Entry) []etw.EventOpt
}
// NewHook registers a new ETW provider and returns a hook to log from it. The
// provider will be closed when the hook is closed.
func NewHook(providerName string, opts ...HookOpt) (*Hook, error) {
opts = append(opts, WithNewETWProvider(providerName))
return NewHookFromOpts(opts...)
}
// NewHookFromOpts creates a new hook with the provided options.
// An error is returned if the hook does not have a valid provider.
func NewHookFromOpts(opts ...HookOpt) (*Hook, error) {
h := defaultHook()
for _, o := range opts {
if err := o(h); err != nil {
return nil, err
}
}
return h, h.validate()
}
func defaultHook() *Hook {
h := &Hook{}
return h
}
func (h *Hook) validate() error {
if h.provider == nil {
return ErrNoProvider
}
return nil
}
// Levels returns the set of levels that this hook wants to receive log entries
// for.
func (h *Hook) Levels() []logrus.Level {
return logrus.AllLevels
}
var logrusToETWLevelMap = map[logrus.Level]etw.Level{
logrus.PanicLevel: etw.LevelAlways,
logrus.FatalLevel: etw.LevelCritical,
logrus.ErrorLevel: etw.LevelError,
logrus.WarnLevel: etw.LevelWarning,
logrus.InfoLevel: etw.LevelInfo,
logrus.DebugLevel: etw.LevelVerbose,
logrus.TraceLevel: etw.LevelVerbose,
}
// Fire receives each Logrus entry as it is logged, and logs it to ETW.
func (h *Hook) Fire(e *logrus.Entry) error {
// Logrus defines more levels than ETW typically uses, but analysis is
// easiest when using a consistent set of levels across ETW providers, so we
// map the Logrus levels to ETW levels.
level := logrusToETWLevelMap[e.Level]
if !h.provider.IsEnabledForLevel(level) {
return nil
}
name := DefaultEventName
if h.getName != nil {
if n := h.getName(e); n != "" {
name = n
}
}
opts := make([]etw.EventOpt, 0, 3)
opts = append(opts, etw.WithLevel(level))
if h.getEventsOpts != nil {
opts = append(opts, h.getEventsOpts(e)...)
}
// Sort the fields by name so they are consistent in each instance
// of an event. Otherwise, the fields don't line up in WPA.
names := make([]string, 0, len(e.Data))
hasError := false
for k := range e.Data {
if k == logrus.ErrorKey {
// Always put the error last because it is optional in some events.
hasError = true
} else {
names = append(names, k)
}
}
sort.Strings(names)
// Reserve extra space for the message and time fields.
fields := make([]etw.FieldOpt, 0, len(e.Data)+2)
fields = append(fields, etw.StringField("Message", e.Message))
fields = append(fields, etw.Time("Time", e.Time))
for _, k := range names {
fields = append(fields, etw.SmartField(k, e.Data[k]))
}
if hasError {
fields = append(fields, etw.SmartField(logrus.ErrorKey, e.Data[logrus.ErrorKey]))
}
// Firing an ETW event is essentially best effort, as the event write can
// fail for reasons completely out of the control of the event writer (such
// as a session listening for the event having no available space in its
// buffers). Therefore, we don't return the error from WriteEvent, as it is
// just noise in many cases.
h.provider.WriteEvent(name, opts, fields)
return nil
}
// Close cleans up the hook and closes the ETW provider. If the provder was
// registered by etwlogrus, it will be closed as part of `Close`. If the
// provider was passed in, it will not be closed.
func (h *Hook) Close() error {
if h.closeProvider {
return h.provider.Close()
}
return nil
}