SkillAgentSearch skills...

Eventwatcher

EventWatcher is an open-source library designed for real-time monitoring of Windows Event Logs. It offers an efficient solution for tracking system events, application logs, and other critical event sources. Ideal for debugging, auditing, and system management.

GenerateConvertImprove

Install / Use

/learn @auuunya/Eventwatcher
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

EventWatcher

Go Reference CI

Overview

EventWatcher is an open-source library designed for monitoring Windows Event Logs in real-time. It provides a robust and efficient solution for tracking and reacting to system events, application logs, and other important event sources. This library is particularly useful for developers and system administrators who need to monitor event logs for debugging, auditing, and system management purposes.

Usage

To use the EventWatcher library, you need to:

  1. Create an EventNotifier instance.
  2. Add event watchers for the logs you are interested in.
  3. Listen for event data on the EventLogChannel.
  4. Ensure a graceful shutdown by properly closing the EventNotifier.

Installation

To install the EventWatcher library, run:

go get github.com/auuunya/eventwatcher

Example

package main

import (
	"github.com/auuunya/eventwatcher"
)

func main() {
	ctx := context.Background()
	notify := eventwatcher.NewEventNotifier(ctx)
	defer notify.Close()

	channels := []string{"Application", "System", "Microsoft-Windows-Kernel-Dump/Operational"}
	for _, channel := range channels {
		err := notify.AddWatcher(channel)
		if err != nil {
			continue
		}
	}

	go func() {
		for ch := range notify.EventLogChannel {
			fmt.Printf("event entry: %v\n", ch)
		}
	}()

	quit := make(chan os.Signal, 1)
	signal.Notify(quit, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
	<-quit
}

Windows powershell add event

Write-EventLog -LogName "Application" -Source "TestSource" -EventID 1 -EntryType Information -Message "Application Test Info"

Windows cmd add event

eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO MYEVENTSOURCE /D "Test Application Infomation"

Cross-platform support

  • Windows: Uses native Windows Event Log APIs (original behavior). Windows-specific tests and implementations are build-tagged with //go:build windows.
  • macOS / Linux: A lightweight file-watching implementation using fsnotify is provided for Unix-like systems. On these platforms, call AddWatcher(path) where path is a file path (writing to the file will emit an event).
  • Notes: On non-Windows platforms, Windows-specific APIs return not-implemented errors; use the Unix watcher for most cross-platform needs.

Running tests & profiling

  • Run all tests: go test ./...
  • Run Unix watcher test (macOS/Linux): go test -run TestEventWatcherUnixFile -v
  • Run memory check: go test -run TestMemSpike -v (this logs runtime.MemStats before/after watcher start).

Contribution

Contributions are welcome! Feel free to open issues or submit pull requests on the GitHub repository.

License

This project is licensed under the MIT License. See the LICENSE file for details.

auuunya

View profile

View on GitHub
GitHub Stars11
CategoryDevelopment
Updated10d ago
Forks0
auuunya/eventwatcher

Languages

Go

Security Score

90/100

Audited on Mar 17, 2026

No findings