bakaid commented on a change in pull request #741: MINIFICPP-1139 Implemented.
URL: https://github.com/apache/nifi-minifi-cpp/pull/741#discussion_r386302485
##########
File path: extensions/windows-event-log/ConsumeWindowsEventLog.cpp
##########
@@ -391,322 +463,122 @@ void
ConsumeWindowsEventLog::substituteXMLPercentageItems(pugi::xml_document& do
doc.traverse(treeWalker);
}
-void ConsumeWindowsEventLog::processEvent(EVT_HANDLE hEvent) {
+bool ConsumeWindowsEventLog::createEventRender(EVT_HANDLE hEvent, EventRender&
eventRender) {
DWORD size = 0;
DWORD used = 0;
DWORD propertyCount = 0;
- if (!EvtRender(NULL, hEvent, EvtRenderEventXml, size, 0, &used,
&propertyCount)) {
- if (ERROR_INSUFFICIENT_BUFFER == GetLastError()) {
- if (used > maxBufferSize_) {
- logger_->log_error("Dropping event %x because it couldn't be rendered
within %ll bytes.", hEvent, maxBufferSize_);
- return;
- }
-
- size = used;
- std::vector<wchar_t> buf(size / 2 + 1);
- if (!EvtRender(NULL, hEvent, EvtRenderEventXml, size, &buf[0], &used,
&propertyCount)) {
- logger_->log_error("!EvtRender error: %d.", GetLastError());
- return;
- }
-
- std::string xml = wel::to_string(&buf[0]);
-
- pugi::xml_document doc;
- pugi::xml_parse_result result = doc.load_string(xml.c_str());
-
- if (!result) {
- logger_->log_error("Invalid XML produced");
- return;
- }
- // this is a well known path.
- std::string providerName =
doc.child("Event").child("System").child("Provider").attribute("Name").value();
- wel::MetadataWalker
walker(getEventLogHandler(providerName).getMetadata(), channel_, hEvent,
!resolve_as_attributes_, apply_identifier_function_, regex_);
-
- // resolve the event metadata
- doc.traverse(walker);
-
- EventRender renderedData;
-
- if (writePlainText_) {
- auto handler = getEventLogHandler(providerName);
- auto message = handler.getEventMessage(hEvent);
-
- if (!message.empty()) {
-
- for (const auto &mapEntry : walker.getIdentifiers()) {
- // replace the identifiers with their translated strings.
- utils::StringUtils::replaceAll(message, mapEntry.first,
mapEntry.second);
- }
- wel::WindowsEventLogHeader log_header(header_names_);
- // set the delimiter
- log_header.setDelimiter(header_delimiter_);
- // render the header.
- renderedData.rendered_text_ = log_header.getEventHeader(&walker);
- renderedData.rendered_text_ += "Message" + header_delimiter_ + " ";
- renderedData.rendered_text_ += message;
- }
- }
-
- if (writeXML_) {
- substituteXMLPercentageItems(doc);
-
- if (resolve_as_attributes_) {
- renderedData.matched_fields_ = walker.getFieldValues();
- }
-
- wel::XmlString writer;
- doc.print(writer, "", pugi::format_raw); // no indentation or
formatting
- xml = writer.xml_;
-
- renderedData.text_ = std::move(xml);
- }
-
- if (pBookmark_) {
- std::wstring bookmarkXml;
- if (pBookmark_->getNewBookmarkXml(hEvent, bookmarkXml)) {
- renderedData.bookmarkXml_ = bookmarkXml;
- }
- }
-
- listRenderedData_.enqueue(std::move(renderedData));
- }
+ EvtRender(NULL, hEvent, EvtRenderEventXml, size, 0, &used, &propertyCount);
+ if (ERROR_INSUFFICIENT_BUFFER != GetLastError()) {
+ logger_->log_error("!EvtRender error %d.", GetLastError());
+ return false;
}
-}
-bool ConsumeWindowsEventLog::processEventsAfterBookmark(EVT_HANDLE
hEventResults, const std::wstring& channel, const std::wstring& query) {
- if (!EvtSeek(hEventResults, 1, pBookmark_->bookmarkHandle(), 0,
EvtSeekRelativeToBookmark)) {
- logger_->log_error("!EvtSeek error %d.", GetLastError());
+ if (used > maxBufferSize_) {
+ logger_->log_error("Dropping event %x because it couldn't be rendered
within %ll bytes.", hEvent, maxBufferSize_);
Review comment:
@amarmer the `%x` is still not replaced, please see my previous comment here
about why it is necessary.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
