forensic_rs/notifications/macros.rs
1/// Alerts of a suspicious evidence found during the processing of an artifact.
2/// ```rust
3/// use forensic_rs::prelude::*;
4/// notify_informational!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
5/// ```
6#[macro_export(local_inner_macros)]
7macro_rules! notify_informational {
8 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::Informational, $typ, $($arg)+))
9}
10/// Alerts of a suspicious evidence found during the processing of an artifact.
11/// ```rust
12/// use forensic_rs::prelude::*;
13/// notify_info!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
14/// ```
15#[macro_export(local_inner_macros)]
16macro_rules! notify_info {
17 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::Informational, $typ, $($arg)+))
18}
19
20/// Alerts of a suspicious evidence found during the processing of an artifact.
21/// ```rust
22/// use forensic_rs::prelude::*;
23/// notify_low!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
24/// ```
25#[macro_export(local_inner_macros)]
26macro_rules! notify_low {
27 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::Low, $typ, $($arg)+))
28}
29
30/// Alerts of a suspicious evidence found during the processing of an artifact.
31/// ```rust
32/// use forensic_rs::prelude::*;
33/// notify_medium!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
34/// ```
35#[macro_export(local_inner_macros)]
36macro_rules! notify_medium {
37 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::Medium, $typ, $($arg)+))
38}
39/// Alerts of a suspicious evidence found during the processing of an artifact.
40/// ```rust
41/// use forensic_rs::prelude::*;
42/// notify_high!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
43/// ```
44#[macro_export(local_inner_macros)]
45macro_rules! notify_high {
46 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::High, $typ, $($arg)+))
47}
48/// Alerts of a suspicious evidence found during the processing of an artifact.
49/// ```rust
50/// use forensic_rs::prelude::*;
51/// notify_critical!(NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
52/// ```
53#[macro_export(local_inner_macros)]
54macro_rules! notify_critical {
55 // trace!("a {} event", "log")
56 ($typ:expr, $($arg:tt)+) => (notify!($crate::notifications::Priority::Critical, $typ, $($arg)+))
57}
58/// Alerts of a suspicious evidence found during the processing of an artifact.
59/// ```rust
60/// use forensic_rs::prelude::*;
61/// notify!(Priority::High, NotificationType::AntiForensicsDetected, "The artifact {} has been tampered: filled with zeros.", r"C:\Windows\Prefetch\POWERSHELL.EXE-AE8EDC9B.pf")
62/// ```
63#[macro_export(local_inner_macros)]
64macro_rules! notify {
65 // log!( Level::Info; "a {} event", "log");
66 ($priority:expr, $typ:expr, $($arg:tt)+) => ({
67 let priority = $priority;
68 let typ = $typ;
69 let _ = $crate::notifications::NOTIFIER.with(|v| {
70 let notifier = v.borrow();
71 notifier.notify(priority,typ, std::module_path!(), std::file!(), std::line!(), std::borrow::Cow::Owned(std::format!($($arg)+)));
72 });
73 });
74}