Empty field: ProcessID

You need additional help with phplogcon, then write into this forum.

Google Ads


Empty field: ProcessID

Postby dawn » Thu Feb 02, 2017 12:16 pm

Hello,

I've installed Loganalyzer 4.1.5 with Rsyslog 8.16.0 on an Ubuntu 16.04.1 LTS, but I can't display the ProcessID field, I have for example " CRON[2892]" in syslogtag field but no data in ProcessID.
I've applied the http://kb.monitorware.com/processid-empty-pid-syslogtag-t10015.html solution but it doesn't seems to work.

A table named "processid" in VARCHAR format was present, I deleted it and then recreate it with this command: ALTER TABLE `SystemEvents` ADD `ProcessID` SMALLINT( 6 ) UNSIGNED NULL ;

Added "$template dbFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, ProcessID) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag:R,ERE,1,FIELD:(.+)(\[[0-9]{1,5}\]).*--end%', '%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%')",sql" in /etc/rsyslog.d/mysql.conf

And finally verify that the "$dbmapping['monitorware'][SYSLOG_PROCESSID] = "ProcessID";" line was uncommented.

After restart of services and also the virtual machine, the field ProcessID is still empty.

Thinking I haven't well done the database configuration, I've done a dpkg-reconfigure rsyslog-mysql but the issue persist.

Can anybody help me on this issue?
Thank you in advance.
dawn
New
 
Posts: 1
Joined: Thu Feb 02, 2017 12:02 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Help

Who is online

Users browsing this forum: No registered users and 3 guests

cron