Minor fixes for ETW input

elastic · Oct 27, 2023 · e854e35 · e854e35
1 parent 2a35f77
commit e854e35
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/x-pack/filebeat/input/etw/config.go b/x-pack/filebeat/input/etw/config.go
@@ -2,6 +2,8 @@
 // or more contributor license agreements. Licensed under the Elastic License;
 // you may not use this file except in compliance with the Elastic License.
 
+//go:build windows
+
 package etw_input
 
 import (

diff --git a/x-pack/filebeat/input/etw/input.go b/x-pack/filebeat/input/etw/input.go
@@ -2,6 +2,8 @@
 // or more contributor license agreements. Licensed under the Elastic License;
 // you may not use this file except in compliance with the Elastic License.
 
+//go:build windows
+
 package etw_input
 
 import (
@@ -92,10 +94,10 @@ func (e *etw_input) Run(ctx input.Context, publisher stateless.Publisher) error
 
 	// Define callback that will process ETW events
 	// Callback which receives every ETW event from the reading source
-	eventReceivedCallback := func(er *etw.EventRecord) {
+	eventReceivedCallback := func(er *etw.EventRecord) uintptr {
 		if er == nil {
 			e.log.Error("received null event record")
-			return
+			return 1
 		}
 
 		e.log.Debugf("received event %d with length %d", er.EventHeader.EventDescriptor.Id, er.UserDataLength)
@@ -107,7 +109,7 @@ func (e *etw_input) Run(ctx input.Context, publisher stateless.Publisher) error
 			event["EventProperties"] = data
 		} else {
 			e.log.Errorf("failed to read event properties: %s", err)
-			return
+			return 1
 		}
 
 		evt := beat.Event{
@@ -119,7 +121,7 @@ func (e *etw_input) Run(ctx input.Context, publisher stateless.Publisher) error
 		}
 		publisher.Publish(evt)
 
-		return
+		return 0
 	}
 
 	e.etwSession.Callback = syscall.NewCallback(eventReceivedCallback)