Struct s4lib::data::evtx::Evtx

pub struct Evtx { /* private fields */ }

A Evtx holds information taken from an EvtxRecord, a Windows Event Log record.

Here is an example EVTX Event written by crate evtx as XML:

<?xml version="1.0" encoding="utf-8"?>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="OpenSSH" Guid="C4BB5D35-0136-5BC3-A262-37EF24EF9802">
    </Provider>
    <EventID>2</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2023-03-16T20:20:23.130640Z">
    </TimeCreated>
    <EventRecordID>3</EventRecordID>
    <Correlation>
    </Correlation>
    <Execution ProcessID="25223" ThreadID="30126">
    </Execution>
    <Channel>OpenSSH</Channel>
    <Computer>host1</Computer>
    <Security UserID="S-1-2-20">
    </Security>
  </System>
  <EventData>
    <Data Name="process">sshd.exe</Data>
    <Data Name="payload">error: kex_exchange_identification: Connection closed by remote host</Data>
  </EventData>
</Event>

Implementations

impl Evtx

pub fn from_resultserializedrecord(record: &ResultEvtxRS) -> Result<Evtx, Error>

Create a new Evtx.

pub fn from_evtxrs(record: &EvtxRS) -> Evtx

Create a new Evtx.

pub fn len(self: &Evtx) -> usize

Length of this Evtx in bytes.

pub fn is_empty(self: &Evtx) -> bool

Clippy recommends fn is_empty since there is a len().

pub const fn id(self: &Evtx) -> RecordId

pub const fn dt(&self) -> &DateTimeL

Return a reference to self.dt (DateTimeL).

pub const fn dt_beg_end(&self) -> &DtBegEndPairOpt

pub fn as_bytes(&self) -> &[u8]

pub fn ends_with_newline(self: &Evtx) -> bool

Does this Evtx end in a newline character?

By default, “yes”, but it’s nice to provide this.

Trait Implementations

impl Clone for Evtx

fn clone(&self) -> Evtx

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Evtx

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Hash for Evtx

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Ord for Evtx

fn cmp(&self, other: &Evtx) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized + PartialOrd,

Restrict a value to a certain interval.

impl PartialEq for Evtx

fn eq(&self, other: &Evtx) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for Evtx

fn partial_cmp(&self, other: &Evtx) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl Eq for Evtx

impl StructuralPartialEq for Evtx