Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set ETW event name and options for logrus hook #245

Merged
merged 2 commits into from Apr 27, 2022
Merged

Set ETW event name and options for logrus hook #245

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9495cf
ETW name and options functionality
helsaawy Mar 24, 2022
18de8a4
PR: export and comment
helsaawy Apr 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
74 changes: 61 additions & 13 deletions pkg/etwlogrus/hook.go
View file
Open in desktop
@@ -1,35 +1,73 @@
//go:build windows
// +build windows

package etwlogrus

import (
"errors"
"sort"

"github.com/Microsoft/go-winio/pkg/etw"
"github.com/sirupsen/logrus"

"github.com/Microsoft/go-winio/pkg/etw"
)

const DefaultEventName = "LogrusEntry"
helsaawy marked this conversation as resolved.
Show resolved Hide resolved

var ErrNoProvider = errors.New("no ETW registered provider")
helsaawy marked this conversation as resolved.
Show resolved Hide resolved

// HookOpt is an option to change the behavior of the Logrus ETW hook
type HookOpt func(*Hook) error

// Hook is a Logrus hook which logs received events to ETW.
type Hook struct {
provider *etw.Provider
closeProvider bool
// allows setting the entry name
getName func(*logrus.Entry) string
// returns additional options to add to the event
getEventsOpts func(*logrus.Entry) []etw.EventOpt
}

// NewHook registers a new ETW provider and returns a hook to log from it. The
// provider will be closed when the hook is closed.
func NewHook(providerName string) (*Hook, error) {
provider, err := etw.NewProvider(providerName, nil)
if err != nil {
return nil, err
}
func NewHook(providerName string, opts ...HookOpt) (*Hook, error) {
opts = append(opts, WithNewETWProvider(providerName))

return &Hook{provider, true}, nil
return NewHookFromOpts(opts...)
}

// NewHookFromProvider creates a new hook based on an existing ETW provider. The
// provider will not be closed when the hook is closed.
func NewHookFromProvider(provider *etw.Provider) (*Hook, error) {
return &Hook{provider, false}, nil
func NewHookFromProvider(provider *etw.Provider, opts ...HookOpt) (*Hook, error) {
kevpar marked this conversation as resolved.
Show resolved Hide resolved
opts = append(opts, WithExistingETWProvider(provider))

return NewHookFromOpts(opts...)
}

// NewHookFromOpts creates a new hook with the provided options.
// An error is returned if the hook does not have a valid provider.
func NewHookFromOpts(opts ...HookOpt) (*Hook, error) {
h := defaultHook()

for _, o := range opts {
if err := o(h); err != nil {
return nil, err
}
}
return h, h.validate()
}

func defaultHook() *Hook {
h := &Hook{}
return h
}

func (h *Hook) validate() error {
if h.provider == nil {
return ErrNoProvider
}
return nil
}

// Levels returns the set of levels that this hook wants to receive log entries
Expand Down Expand Up @@ -58,6 +96,19 @@ func (h *Hook) Fire(e *logrus.Entry) error {
return nil
}

name := DefaultEventName
if h.getName != nil {
if n := h.getName(e); n != "" {
name = n
}
}

opts := make([]etw.EventOpt, 0, 3)
helsaawy marked this conversation as resolved.
Show resolved Hide resolved
opts = append(opts, etw.WithLevel(level))
if h.getEventsOpts != nil {
opts = append(opts, h.getEventsOpts(e)...)
}

// Sort the fields by name so they are consistent in each instance
// of an event. Otherwise, the fields don't line up in WPA.
names := make([]string, 0, len(e.Data))
Expand Down Expand Up @@ -88,10 +139,7 @@ func (h *Hook) Fire(e *logrus.Entry) error {
// as a session listening for the event having no available space in its
// buffers). Therefore, we don't return the error from WriteEvent, as it is
// just noise in many cases.
h.provider.WriteEvent(
"LogrusEntry",
etw.WithEventOpts(etw.WithLevel(level)),
fields)
h.provider.WriteEvent(name, opts, fields)

return nil
}
Expand Down
53 changes: 53 additions & 0 deletions pkg/etwlogrus/opts.go
View file
Open in desktop
@@ -0,0 +1,53 @@
//go:build windows

package etwlogrus

import (
"github.com/sirupsen/logrus"

"github.com/Microsoft/go-winio/pkg/etw"
)

// etw provider

// WithNewETWProvider registers a new ETW provider and sets the hook to log using it.
// The provider will be closed when the hook is closed.
func WithNewETWProvider(n string) HookOpt {
return func(h *Hook) error {
provider, err := etw.NewProvider(n, nil)
if err != nil {
return err
}

h.provider = provider
h.closeProvider = true
return nil
}
}

// WithExistingETWProvider configures the hook to use an existing ETW provider.
// The provider will not be closed when the hook is closed.
func WithExistingETWProvider(p *etw.Provider) HookOpt {
return func(h *Hook) error {
h.provider = p
h.closeProvider = false
return nil
}
}

// WithGetName sets the ETW EventName of an event to the value returned by f
// If the name is empty, the default event name will be used.
func WithGetName(f func(*logrus.Entry) string) HookOpt {
return func(h *Hook) error {
h.getName = f
return nil
}
}

// WithAdditionalEventOpts allows additional ETW event properties (keywords, tags, etc.) to be specified
func WithEventOpts(f func(*logrus.Entry) []etw.EventOpt) HookOpt {
return func(h *Hook) error {
h.getEventsOpts = f
return nil
}
}