From 271fcc3b07db9e72f7939c93eca844f36674bc4c Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Sat, 2 Mar 2024 14:24:18 +0900
Subject: [PATCH 1/2] in_winevtlog: Display error on invalid subscription state

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 plugins/in_winevtlog/winevtlog.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/plugins/in_winevtlog/winevtlog.c b/plugins/in_winevtlog/winevtlog.c
index 09d3f962456..66c8ea233db 100644
--- a/plugins/in_winevtlog/winevtlog.c
+++ b/plugins/in_winevtlog/winevtlog.c
@@ -56,7 +56,7 @@ struct winevtlog_channel *winevtlog_subscribe(const char *channel, int read_exis
     }
     ch->query = NULL;
 
-    signal_event = CreateEvent(NULL, FALSE, FALSE, NULL);
+    signal_event = CreateEvent(NULL, TRUE, TRUE, NULL);
 
     // channel : To wide char
     len = MultiByteToWideChar(CP_UTF8, 0, channel, -1, NULL, 0);
@@ -492,6 +492,7 @@ static int winevtlog_next(struct winevtlog_channel *ch, int hit_threshold)
     DWORD status = ERROR_SUCCESS;
     BOOL has_next = FALSE;
     int i;
+    DWORD wait = 0;
 
     /* If subscription handle is NULL, it should return false. */
     if (!ch->subscription) {
@@ -503,6 +504,15 @@ static int winevtlog_next(struct winevtlog_channel *ch, int hit_threshold)
         return FLB_FALSE;
     }
 
+    wait = WaitForSingleObject(ch->signal_event, 0);
+    if (wait == WAIT_FAILED) {
+        flb_error("subscription is invalid");
+        return FLB_FALSE;
+    }
+    else if (wait != WAIT_OBJECT_0) {
+        return FLB_FALSE;
+    }
+
     has_next = EvtNext(ch->subscription, SUBSCRIBE_ARRAY_SIZE,
                        events, INFINITE, 0, &count);
 
@@ -514,6 +524,8 @@ static int winevtlog_next(struct winevtlog_channel *ch, int hit_threshold)
         if (ERROR_NO_MORE_ITEMS != status) {
             return FLB_FALSE;
         }
+
+        ResetEvent(ch->signal_event);
     }
 
     if (status == ERROR_SUCCESS) {

From fbaedef7689985a5c9bb5d2cf777a5d92f990b48 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Wed, 6 Mar 2024 11:57:59 +0900
Subject: [PATCH 2/2] in_winevtlog: Notify error code when a subscription is
 entered an invalid status

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 plugins/in_winevtlog/winevtlog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/in_winevtlog/winevtlog.c b/plugins/in_winevtlog/winevtlog.c
index 66c8ea233db..08af358df72 100644
--- a/plugins/in_winevtlog/winevtlog.c
+++ b/plugins/in_winevtlog/winevtlog.c
@@ -506,7 +506,7 @@ static int winevtlog_next(struct winevtlog_channel *ch, int hit_threshold)
 
     wait = WaitForSingleObject(ch->signal_event, 0);
     if (wait == WAIT_FAILED) {
-        flb_error("subscription is invalid");
+        flb_error("subscription is invalid. err code = %d", GetLastError());
         return FLB_FALSE;
     }
     else if (wait != WAIT_OBJECT_0) {