Page 1 of 1

Empty field: ProcessID

PostPosted: Thu Feb 02, 2017 12:16 pm
by dawn

I've installed Loganalyzer 4.1.5 with Rsyslog 8.16.0 on an Ubuntu 16.04.1 LTS, but I can't display the ProcessID field, I have for example " CRON[2892]" in syslogtag field but no data in ProcessID.
I've applied the solution but it doesn't seems to work.

A table named "processid" in VARCHAR format was present, I deleted it and then recreate it with this command: ALTER TABLE `SystemEvents` ADD `ProcessID` SMALLINT( 6 ) UNSIGNED NULL ;

Added "$template dbFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, ProcessID) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag:R,ERE,1,FIELD:(.+)(\[[0-9]{1,5}\]).*--end%', '%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%')",sql" in /etc/rsyslog.d/mysql.conf

And finally verify that the "$dbmapping['monitorware'][SYSLOG_PROCESSID] = "ProcessID";" line was uncommented.

After restart of services and also the virtual machine, the field ProcessID is still empty.

Thinking I haven't well done the database configuration, I've done a dpkg-reconfigure rsyslog-mysql but the issue persist.

Can anybody help me on this issue?
Thank you in advance.