[receiver/windowseventlog] Add Windows Event Log Receiver (open-telem…

…etry#9228)

* initial commit

added functionality for windows-log-event

* fixed go.sum files

* updated README

* added windows event log to receivers_test

* go mod tidy and added build flags

* updated package name

* dummy implementation created

* updated versions.yaml and codeowners

* updated logs received time

* updated changelog with windoweventlogreceiver

* cleaned up dependencies

* initial commit

added functionality for windows-log-event

* fixed go.sum files

* updated README

* added windows event log to receivers_test

* go mod tidy and added build flags

* updated package name

* updated xml_test to expect an array of interfaces

* updated wait time for receiving event logs

* fix winperfcounters

* updated go.mod to point to latest otel-log-collection

* removed otel log collection dependency

* go mod tidy

* added changes to go.sum and reordered file naming/organization

* ran make gotidy

* updated internal stanza version

* updated pkg/stanza for WEL

* added go.sum changes

* make gotidy

.github/CODEOWNERS

@@ -163,6 +163,7 @@ receiver/syslogreceiver/ @open-telemetry/collector-c
 receiver/tcplogreceiver/ @open-telemetry/collector-contrib-approvers @djaglowski
 receiver/udplogreceiver/ @open-telemetry/collector-contrib-approvers @djaglowski
 receiver/wavefrontreceiver/ @open-telemetry/collector-contrib-approvers @pjanotti
+receiver/windowseventlogreceiver/ @open-telemetry/collector-contrib-approvers @djaglowski @armstrmi
 receiver/windowsperfcountersreceiver/ @open-telemetry/collector-contrib-approvers @dashpole
 receiver/zipkinreceiver/ @open-telemetry/collector-contrib-approvers @pmm-sumo
 receiver/zookeeperreceiver/ @open-telemetry/collector-contrib-approvers @djaglowski

CHANGELOG.md

@@ -70,6 +70,7 @@
 - `schemaprocessor`: Starting the initial work to allow from translating from semantic convention to another (#8371)
 - `saphanareceiver`: Added implementation of SAP HANA Metric Receiver (#8827)
 - `logstransformprocessor`: Add implementation of Logs Transform Processor (#9335)
+- `windowseventlogreceiver` Added implementation of Windows Event Log Receiver (#9228)
 
 ### 💡 Enhancements 💡
 

cmd/configschema/go.mod

@@ -386,6 +386,7 @@ require (
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tcplogreceiver v0.52.0 // indirect
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/udplogreceiver v0.52.0 // indirect
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/wavefrontreceiver v0.52.0 // indirect
+ github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver v0.52.0 // indirect
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowsperfcountersreceiver v0.52.0 // indirect
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zipkinreceiver v0.52.0 // indirect
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zookeeperreceiver v0.52.0 // indirect
@@ -841,6 +842,8 @@ replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/udplo
 
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/wavefrontreceiver => ../../receiver/wavefrontreceiver
 
+replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver => ../../receiver/windowseventlogreceiver
+
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowsperfcountersreceiver => ../../receiver/windowsperfcountersreceiver
 
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zipkinreceiver => ../../receiver/zipkinreceiver

go.mod

@@ -133,6 +133,7 @@ require (
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tcplogreceiver v0.52.0
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/udplogreceiver v0.52.0
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/wavefrontreceiver v0.52.0
+ github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver v0.52.0
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowsperfcountersreceiver v0.52.0
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zipkinreceiver v0.52.0
  github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zookeeperreceiver v0.52.0
@@ -843,6 +844,8 @@ replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/udplo
 
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/wavefrontreceiver => ./receiver/wavefrontreceiver
 
+replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver => ./receiver/windowseventlogreceiver
+
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowsperfcountersreceiver => ./receiver/windowsperfcountersreceiver
 
 replace github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zipkinreceiver => ./receiver/zipkinreceiver

internal/components/components.go

@@ -153,6 +153,7 @@ import (
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tcplogreceiver"
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/udplogreceiver"
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/wavefrontreceiver"
+ "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver"
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowsperfcountersreceiver"
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zipkinreceiver"
  "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/zookeeperreceiver"
@@ -240,6 +241,7 @@ func Components() (component.Factories, error) {
  sqlserverreceiver.NewFactory(),
  statsdreceiver.NewFactory(),
  wavefrontreceiver.NewFactory(),
+ windowseventlogreceiver.NewFactory(),
  windowsperfcountersreceiver.NewFactory(),
  zookeeperreceiver.NewFactory(),
  syslogreceiver.NewFactory(),

internal/components/receivers_test.go

@@ -253,6 +253,10 @@ func TestDefaultReceivers(t *testing.T) {
  receiver: "wavefront",
  skipLifecyle: true, // Depends on carbon receiver to be running correctly
  },
+ {
+ receiver: "windowseventlog",
+ skipLifecyle: true, // Requires a running windows process
+ },
  {
  receiver: "windowsperfcounters",
  skipLifecyle: true, // Requires a running windows process

receiver/windowseventlogreceiver/Makefile

@@ -0,0 +1 @@
+include ../../Makefile.Common

receiver/windowseventlogreceiver/README.md

@@ -0,0 +1,73 @@
+## Windows Log Event Receiver
+
+Tails and parses logs from windows event log API using the [opentelemetry-log-collection](https://github.com/open-telemetry/opentelemetry-log-collection) library.
+
+Supported pipeline types: logs
+
+> :construction: This receiver is in alpha and configuration fields are subject to change.
+
+### Configuration Fields
+
+| Field | Default | Description |
+| --- | --- | --- |
+| `channel` | required | The windows event log channel to monitor |
+| `max_reads` | 100 | The maximum number of records read into memory, before beginning a new batch |
+| `start_at` | `end` | On first startup, where to start reading logs from the API. Options are `beginning` or `end` |
+| `poll_interval` | 1s | The interval at which the channel is checked for new log entries. This check begins again after all new bodies have been read. |
+| `attributes` | {} | A map of `key: value` pairs to add to the entry's attributes. |
+| `resource` | {} | A map of `key: value` pairs to add to the entry's resource. |
+| `operators` | [] | An array of [operators](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/README.md#what-operators-are-available). See below for more details |
+| `converter` | <pre lang="jsonp">{<br> max_flush_count: 100,<br> flush_interval: 100ms,<br> worker_count: max(1,runtime.NumCPU()/4)<br>}</pre> | A map of `key: value` pairs to configure the [`entry.Entry`][entry_link] to [`pdata.LogRecord`][pdata_logrecord_link] converter, more info can be found [here][converter_link] |
+
+### Operators
+
+Each operator performs a simple responsibility, such as parsing a timestamp or JSON. Chain together operators to process logs into a desired format.
+
+- Every operator has a `type`.
+- Every operator can be given a unique `id`. If you use the same type of operator more than once in a pipeline, you must specify an `id`. Otherwise, the `id` defaults to the value of `type`.
+- Operators will output to the next operator in the pipeline. The last operator in the pipeline will emit from the receiver. Optionally, the `output` parameter can be used to specify the `id` of another operator to which logs will be passed directly.
+- Only parsers and general purpose operators should be used.
+
+## Additional Terminology and Features
+
+- An [entry](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/types/entry.md) is the base representation of log data as it moves through a pipeline. All operators either create, modify, or consume entries.
+- A [field](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/types/field.md) is used to reference values in an entry.
+- A common [expression](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/types/expression.md) syntax is used in several operators. For example, expressions can be used to [filter](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/filter.md) or [route](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/operators/router.md) entries.
+- [timestamp](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/types/timestamp.md) parsing is available as a block within all parser operators, and also as a standalone operator. Many common timestamp layouts are supported.
+- [severity](https://github.com/open-telemetry/opentelemetry-log-collection/blob/main/docs/types/severity.md) parsing is available as a block within all parser operators, and also as a standalone operator. Stanza uses a flexible severity representation which is automatically interpreted by the stanza receiver.
+
+### Example Configurations
+
+#### Simple
+
+Configuration:
+```yaml
+- type: windowseventlog
+ channel: application
+```
+
+Output entry sample:
+```json
+{
+ "channel": "Application",
+ "computer": "computer name",
+ "event_id":
+ {
+ "id": 10,
+ "qualifiers": 0
+ },
+ "keywords": "[Classic]",
+ "level": "Information",
+ "message": "Test log",
+ "opcode": "Info",
+ "provider":
+ {
+ "event_source": "",
+ "guid": "",
+ "name": "otel"
+ },
+ "record_id": 12345,
+ "system_time": "2022-04-15T15:28:08.898974100Z",
+ "task": ""
+}
+```

receiver/windowseventlogreceiver/doc.go

@@ -0,0 +1,17 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http:https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package stanzareceiver implements a receiver that can be used by the
+// Opentelemetry collector to receive logs using the stanza log agent
+package windowseventlogreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver"

receiver/windowseventlogreceiver/go.mod

@@ -0,0 +1,50 @@
+module github.com/open-telemetry/opentelemetry-collector-contrib/receiver/windowseventlogreceiver
+
+go 1.17
+
+require (
+ github.com/open-telemetry/opentelemetry-collector-contrib/internal/stanza v0.52.0
+ github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza v0.52.0
+ github.com/stretchr/testify v1.7.1
+ go.opentelemetry.io/collector v0.52.0
+ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
+ gopkg.in/yaml.v2 v2.4.0
+)
+
+require (
+ github.com/antonmedv/expr v1.9.0 // indirect
+ github.com/davecgh/go-spew v1.1.1 // indirect
+ github.com/gogo/protobuf v1.3.2 // indirect
+ github.com/golang/protobuf v1.5.2 // indirect
+ github.com/json-iterator/go v1.1.12 // indirect
+ github.com/knadh/koanf v1.4.1 // indirect
+ github.com/mitchellh/copystructure v1.2.0 // indirect
+ github.com/mitchellh/mapstructure v1.5.0 // indirect
+ github.com/mitchellh/reflectwalk v1.0.2 // indirect
+ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+ github.com/modern-go/reflect2 v1.0.2 // indirect
+ github.com/observiq/ctimefmt v1.0.0 // indirect
+ github.com/pelletier/go-toml v1.9.4 // indirect
+ github.com/pmezard/go-difflib v1.0.0 // indirect
+ go.opencensus.io v0.23.0 // indirect
+ go.opentelemetry.io/collector/pdata v0.52.0 // indirect
+ go.opentelemetry.io/otel v1.7.0 // indirect
+ go.opentelemetry.io/otel/metric v0.30.0 // indirect
+ go.opentelemetry.io/otel/trace v1.7.0 // indirect
+ go.uber.org/atomic v1.9.0 // indirect
+ go.uber.org/multierr v1.8.0 // indirect
+ go.uber.org/zap v1.21.0 // indirect
+ golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
+ golang.org/x/text v0.3.7 // indirect
+ gonum.org/v1/gonum v0.11.0 // indirect
+ google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c // indirect
+ google.golang.org/grpc v1.46.2 // indirect
+ google.golang.org/protobuf v1.28.0 // indirect
+ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)
+
+replace github.com/open-telemetry/opentelemetry-collector-contrib/internal/stanza => ../../internal/stanza
+
+replace github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza => ../../pkg/stanza
+
+replace github.com/open-telemetry/opentelemetry-collector-contrib/extension/storage => ../../extension/storage