2013-08-08 Ramon Novoa <rnovoa@artica.es>

* modules/pandora_module_logevent.h: Updated the EventID mask. The
	  Windows Event Log Viewer seems to ignore the most significant 16
	  bits of the event id.

	* modules/pandora_module_logevent.cc: Do not discard existing
	  events when running in debug mode.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8644 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_agents/win32/ChangeLog

@@ -1,3 +1,12 @@
+2013-08-08  Ramon Novoa  <rnovoa@artica.es>
+
+	* modules/pandora_module_logevent.h: Updated the EventID mask. The
+	  Windows Event Log Viewer seems to ignore the most significant 16
+	  bits of the event id.
+
+	* modules/pandora_module_logevent.cc: Do not discard existing
+	  events when running in debug mode.
+
 2013-06-26 Miguel de Dios <miguel.dedios@artica.es>
 
 	* bin/pandora_agent.conf: restored the remote_config as disabled

pandora_agents/win32/modules/pandora_module_logevent.cc

@@ -213,8 +213,10 @@ Pandora_Module_Logevent::openLogEvent () {
 
     // Discard existing events the first time the module is executed
     if (this->first_run == 1) {
-        this->getLogEvents (event_list, 1);
+		this->first_run = 0;
-	this->first_run = 0;
+		if (Pandora::getPandoraDebug() == false) {
+			this->getLogEvents (event_list, 1);
+		}
     }
 
     return this->log_event;

pandora_agents/win32/modules/pandora_module_logevent.h

@@ -34,7 +34,10 @@
 
 // The EventID property equals the InstanceId with the top two bits masked off.
 // See: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.eventid.aspx
-#define EVENT_ID_MASK 0x3FFFFFFF
+//#define EVENT_ID_MASK 0x3FFFFFFF
+
+// The Windows Event Log Viewer seems to ignore the most significant 16 bits.
+#define EVENT_ID_MASK 0x0000FFFF
 
 // Types for pointers to Wevtapi.dll functions
 typedef EVT_HANDLE WINAPI (*EvtQueryT) (EVT_HANDLE Session, LPCWSTR Path, LPCWSTR Query, DWORD Flags);