loganalyzer icon indicating copy to clipboard operation
loganalyzer copied to clipboard

Published 20 hours ago verified publisher icon rsyslog

Missing ProcessID

Open rubenszolt opened this issue 2 years ago • 4 comments

Running Latest version of LogAnalyzer: Version 4.1.13 and ProcessID field is missing. image

rubenszolt avatar May 13 '23 22:05 rubenszolt

Looks like the syslog format you have is not fully parsed correctly. Could you show a few sample log lines ?

alorbach avatar Jun 02 '23 13:06 alorbach

The server is an Debian GNU/Linux 11 (bullseye) base install

Jun 4 18:00:39 syslog systemd[1]: Created slice User Slice of UID 0. Jun 4 18:00:39 syslog systemd[1]: Starting User Runtime Directory /run/user/0... Jun 4 18:00:39 syslog systemd[1]: Finished User Runtime Directory /run/user/0. Jun 4 18:00:39 syslog systemd[1]: Starting User Manager for UID 0... Jun 4 18:00:39 syslog systemd[238016]: Queued start job for default target Main User Target. Jun 4 18:00:39 syslog systemd[238016]: Created slice User Application Slice. Jun 4 18:00:39 syslog systemd[238016]: Reached target Paths. Jun 4 18:00:39 syslog systemd[238016]: Reached target Timers. Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG network certificate management daemon. Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache. Jun 4 18:00:39 syslog systemd[238016]: Reached target Sockets. Jun 4 18:00:39 syslog systemd[238016]: Reached target Basic System. Jun 4 18:00:39 syslog systemd[1]: Started User Manager for UID 0. Jun 4 18:00:39 syslog systemd[1]: Started Session 4092 of user root. Jun 4 18:00:39 syslog systemd[238016]: Reached target Main User Target. Jun 4 18:00:39 syslog systemd[238016]: Startup finished in 88ms. Jun 4 18:00:43 syslog postfix/smtpd[238045]: connect from localhost[127.0.0.1] Jun 4 18:00:43 syslog postfix/smtpd[238045]: 0A71F9B57: client=localhost[127.0.0.1] Jun 4 18:00:43 syslog postfix/cleanup[238048]: 0A71F9B57: message-id=[email protected] Jun 4 18:00:43 syslog postfix/qmgr[577]: 0A71F9B57: from=[email protected], size=773, nrcpt=1 (queue active) Jun 4 18:00:43 syslog postfix/smtpd[238045]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

rubenszolt avatar Jun 04 '23 16:06 rubenszolt

Any solution?

ponasromas avatar May 04 '24 12:05 ponasromas

If you're using the rsyslog mysql (ommysql) plugin, this may apply: the plugin doesn't appear to log the ProcessID. So it's perhaps a missing feature that should be implemented in the rsyslog ommysql plugin, in which case loganalyzer itself can't do anything about it. The official rsyslog source code includes the code for the ommysql plugin, and also a createDB.sql file to setup a monitorware SystemEvents database. You can see in that sql file that there is no ProcessID column either.

snuggles4553 avatar Jun 06 '24 11:06 snuggles4553