libevtx/
event_id.rs

1use chrono::{DateTime, Utc, Duration};
2use evtx::SerializedEvtxRecord;
3
4
5#[derive(Eq, Hash, PartialEq, Clone)]
6pub struct EventId {
7    timestamp: DateTime<Utc>,
8    event_record_id: u64,
9    allowed_bias: Duration,
10}
11
12impl Default for EventId {
13    fn default() -> Self {
14        Self {
15            timestamp: Default::default(),
16            event_record_id: u64::default(),
17            allowed_bias: Duration::seconds(10)
18        }
19    }
20}
21
22impl Ord for EventId {
23    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
24        self.event_record_id.cmp(&other.event_record_id)
25
26        /* match self.timestamp.cmp(&other.timestamp) {
27            std::cmp::Ordering::Equal => self.event_record_id.cmp(&other.event_record_id),
28            ord => ord
29        } */
30    }
31}
32
33impl PartialOrd for EventId {
34    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
35        Some(self.cmp(other))
36    }
37}
38
39impl EventId {
40    #[allow(dead_code)]
41    pub fn from<T>(record: &SerializedEvtxRecord<T>) -> Self {
42        Self {
43            timestamp: record.timestamp,
44            event_record_id: record.event_record_id,
45            allowed_bias: Duration::seconds(10)
46        }
47    }
48
49    #[allow(dead_code)]
50    pub fn follows(&self, other: &Self) -> bool {
51        /*self.timestamp + self.allowed_bias >= other.timestamp && */ self.event_record_id == other.event_record_id + 1
52    }
53
54    pub fn timestamp(&self) -> &DateTime<Utc> {
55        &self.timestamp
56    }
57
58    pub fn event_record_id(&self) -> u64 {
59        self.event_record_id
60    }
61}
libevtx/event_id.rs

libevtx/
event_id.rs
