diff --git a/pandora_agents/win32/ChangeLog b/pandora_agents/win32/ChangeLog index 2e8b4dbd3c..f4ebda1db5 100644 --- a/pandora_agents/win32/ChangeLog +++ b/pandora_agents/win32/ChangeLog @@ -1,3 +1,12 @@ +2013-08-08 Ramon Novoa + + * modules/pandora_module_logevent.h: Updated the EventID mask. The + Windows Event Log Viewer seems to ignore the most significant 16 + bits of the event id. + + * modules/pandora_module_logevent.cc: Do not discard existing + events when running in debug mode. + 2013-06-26 Miguel de Dios * bin/pandora_agent.conf: restored the remote_config as disabled diff --git a/pandora_agents/win32/modules/pandora_module_logevent.cc b/pandora_agents/win32/modules/pandora_module_logevent.cc index 7556ca0bc4..2a42bd59ed 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.cc +++ b/pandora_agents/win32/modules/pandora_module_logevent.cc @@ -213,8 +213,10 @@ Pandora_Module_Logevent::openLogEvent () { // Discard existing events the first time the module is executed if (this->first_run == 1) { - this->getLogEvents (event_list, 1); - this->first_run = 0; + this->first_run = 0; + if (Pandora::getPandoraDebug() == false) { + this->getLogEvents (event_list, 1); + } } return this->log_event; diff --git a/pandora_agents/win32/modules/pandora_module_logevent.h b/pandora_agents/win32/modules/pandora_module_logevent.h index 810448c22f..8f33671775 100755 --- a/pandora_agents/win32/modules/pandora_module_logevent.h +++ b/pandora_agents/win32/modules/pandora_module_logevent.h @@ -34,7 +34,10 @@ // The EventID property equals the InstanceId with the top two bits masked off. // See: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.eventid.aspx -#define EVENT_ID_MASK 0x3FFFFFFF +//#define EVENT_ID_MASK 0x3FFFFFFF + +// The Windows Event Log Viewer seems to ignore the most significant 16 bits. +#define EVENT_ID_MASK 0x0000FFFF // Types for pointers to Wevtapi.dll functions typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);