From a36f4b89e82f14fdccc086258362e835d4714ad2 Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Thu, 8 Aug 2013 12:22:42 +0000 Subject: [PATCH] 2013-08-08 Ramon Novoa * modules/pandora_module_logevent.h: Updated the EventID mask. The Windows Event Log Viewer seems to ignore the most significant 16 bits of the event id. * modules/pandora_module_logevent.cc: Do not discard existing events when running in debug mode. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8644 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_agents/win32/ChangeLog | 9 +++++++++ pandora_agents/win32/modules/pandora_module_logevent.cc | 6 ++++-- pandora_agents/win32/modules/pandora_module_logevent.h | 5 ++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/pandora_agents/win32/ChangeLog b/pandora_agents/win32/ChangeLog index 2e8b4dbd3c..f4ebda1db5 100644 --- a/pandora_agents/win32/ChangeLog +++ b/pandora_agents/win32/ChangeLog @@ -1,3 +1,12 @@ +2013-08-08 Ramon Novoa + + * modules/pandora_module_logevent.h: Updated the EventID mask. The + Windows Event Log Viewer seems to ignore the most significant 16 + bits of the event id. + + * modules/pandora_module_logevent.cc: Do not discard existing + events when running in debug mode. + 2013-06-26 Miguel de Dios * bin/pandora_agent.conf: restored the remote_config as disabled diff --git a/pandora_agents/win32/modules/pandora_module_logevent.cc b/pandora_agents/win32/modules/pandora_module_logevent.cc index 7556ca0bc4..2a42bd59ed 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.cc +++ b/pandora_agents/win32/modules/pandora_module_logevent.cc @@ -213,8 +213,10 @@ Pandora_Module_Logevent::openLogEvent () { // Discard existing events the first time the module is executed if (this->first_run == 1) { - this->getLogEvents (event_list, 1); - this->first_run = 0; + this->first_run = 0; + if (Pandora::getPandoraDebug() == false) { + this->getLogEvents (event_list, 1); + } } return this->log_event; diff --git a/pandora_agents/win32/modules/pandora_module_logevent.h b/pandora_agents/win32/modules/pandora_module_logevent.h index 810448c22f..8f33671775 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.h +++ b/pandora_agents/win32/modules/pandora_module_logevent.h @@ -34,7 +34,10 @@ // The EventID property equals the InstanceId with the top two bits masked off. // See: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.eventid.aspx -#define EVENT_ID_MASK 0x3FFFFFFF +//#define EVENT_ID_MASK 0x3FFFFFFF + +// The Windows Event Log Viewer seems to ignore the most significant 16 bits. +#define EVENT_ID_MASK 0x0000FFFF // Types for pointers to Wevtapi.dll functions typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);