1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
use chrono::{DateTime, Utc, Duration};
use evtx::SerializedEvtxRecord;
#[derive(Eq, Hash, PartialEq, Clone)]
pub struct EventId {
timestamp: DateTime<Utc>,
event_record_id: u64,
allowed_bias: Duration,
}
impl Default for EventId {
fn default() -> Self {
Self {
timestamp: Default::default(),
event_record_id: u64::default(),
allowed_bias: Duration::seconds(10)
}
}
}
impl Ord for EventId {
fn cmp(&self, other: &Self) -> std::cmp::Ordering {
self.event_record_id.cmp(&other.event_record_id)
}
}
impl PartialOrd for EventId {
fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
Some(self.cmp(other))
}
}
impl EventId {
#[allow(dead_code)]
pub fn from<T>(record: &SerializedEvtxRecord<T>) -> Self {
Self {
timestamp: record.timestamp,
event_record_id: record.event_record_id,
allowed_bias: Duration::seconds(10)
}
}
#[allow(dead_code)]
pub fn follows(&self, other: &Self) -> bool {
self.event_record_id == other.event_record_id + 1
}
pub fn timestamp(&self) -> &DateTime<Utc> {
&self.timestamp
}
pub fn event_record_id(&self) -> u64 {
self.event_record_id
}
}