Skip to main content

EventLog

windows_erg::evt

Struct EventLog 

Source 
pub struct EventLog { /* private fields */ }
Expand description

Handle to an opened event log or log file.

Implementations§

Source§

impl EventLog

Source

pub fn open(channel_name: &str) -> Result<Self>

Open an event log channel by name.

Examples: “Security”, “System”, “Application”, “Windows PowerShell”, etc.

Source

pub fn open_file(path: &Path) -> Result<Self>

Open an event log file (.evtx, .evt, or .etl format).

Source

pub fn list_channels() -> Result<Vec<String>>

List available event log channels.

Source

pub fn list_channels_filtered(filter: ChannelFilter) -> Result<Vec<String>>

List event log channels with a specific filter.

Source

pub fn query(&self, builder: &QueryBuilder) -> Result<EventQueryResult>

Query events using a query builder.

This returns all matching events at once. For large result sets, prefer query_stream() with batch processing.

Source

pub fn query_stream(&self, xpath: &str) -> Result<EventQuery>

Query events in a streaming fashion with batch processing.

Returns an EventQuery handle for batch iteration with buffer reuse. Use query_stream() for processing large logs efficiently.

Trait Implementations§

Source§

impl Drop for EventLog

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.