The ProcessID field is more or less an optional, so having a NULL value in it is fine. Populating it with the ProcessID field will be useful for filtering within LogAnalyzer.
However as far as I know, the default template does not include the ProcessID field, but it can be easily extended. Best regards, Andre Lorbach > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Kaiwang Chen > Sent: Dienstag, 7. Juni 2011 19:34 > To: rsyslog-users > Subject: Re: [rsyslog] createDB.sql shipped with rsyslog-5.8.1 doesn't > conform to table type monitorware in loganalyzer-3.2.1 ? > > Will the default output template of rsyslog fill the new procid field? > Looks like leaving it NULL should work as well. > > Thanks, > Kaiwang > > 2011/6/7 Andre Lorbach <[email protected]>: > > Hi, > > > > the ProcessID field was added for LogAnalyzer. It wasn't in > > MonitorWare either. > > But LogAnalyzer will automatically add missing fields into the > > logstream databases, if the database user has sufficient rights to the > > table. So granting the database user sufficient rights would solve the > problem for now. > > > > > > Apparently adding this field into the default database schema of > > MonitorWare and RSyslog was lost in communication somewhere. > > > > Best regards, > > Andre Lorbach > > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of Kaiwang Chen > >> Sent: Dienstag, 7. Juni 2011 16:04 > >> To: rsyslog-users > >> Subject: [rsyslog] createDB.sql shipped with rsyslog-5.8.1 doesn't > >> conform > > to > >> table type monitorware in loganalyzer-3.2.1 ? > >> > >> Hello, > >> > >> In Step 7 of installation process, "Create the first source for > >> syslog messages", selecting Table type: MonitorWare (the other is > >> SyslogNG) would load $dbmapping['mnoitorware'] in > >> include/constants_logstream.php, resulting in SQL like this: > >> > >> SELECT id, devicereportedtime, facility, priority, fromhost, > >> syslogtag, processid, infounitid, message FROM SystemEvents ORDER BY > >> id DESC LIMIT > >> 100 > >> > >> In the case of syslog, the fields are mapped from > >> ./include/functions_config.php: > >> > >> 501 $CFG['Views']['SYSLOG']= array( > >> 502 > >> 'ID' => "SYSLOG", > >> 503 > >> 'DisplayName' =>"Syslog Fields", > >> 504 > >> 'Columns' => array ( SYSLOG_DATE, SYSLOG_FACILITY, S > >> YSLOG_SEVERITY, SYSLOG_HOST, SYSLOG_SYSLOGTAG, > SYSLOG_PROCESSID, > >> SYSLOG_MESSAGETYPE, SYSLOG_MESSAGE ), > >> 505 > >> 'userid' => null, > >> 506 > >> 'groupid' => null, > >> 507 > >> ); > >> > >> Columns array: > >> [0] => timereported > >> [1] => syslogfacility > >> [2] => syslogseverity > >> [3] => FROMHOST > >> [4] => syslogtag > >> [5] => procid > >> [6] => IUT > >> [7] => msg > >> > >> > >> Finally, I got a error prompt like this: > >> > >> No syslog records found - Error Details: > >> > >> No syslog records found > >> > >> > >> The CreateDB.sql shipped with rsyslog-5.8.1 contains(Notice the > >> processid filed is missing) > >> > >> CREATE TABLE SystemEvents > >> ( > >> ID int unsigned not null auto_increment primary key, > >> CustomerID bigint, > >> ReceivedAt datetime NULL, > >> DeviceReportedTime datetime NULL, > >> Facility smallint NULL, > >> Priority smallint NULL, > >> FromHost varchar(60) NULL, > >> Message text, > >> NTSeverity int NULL, > >> Importance int NULL, > >> EventSource varchar(60), > >> EventUser varchar(60) NULL, > >> EventCategory int NULL, > >> EventID int NULL, > >> EventBinaryData text NULL, > >> MaxAvailable int NULL, > >> CurrUsage int NULL, > >> MinUsage int NULL, > >> MaxUsage int NULL, > >> InfoUnitID int NULL , > >> SysLogTag varchar(60), > >> EventLogType varchar(60), > >> GenericFileName VarChar(60), > >> SystemID int NULL > >> ); > >> > >> > >> So, what should I do? I heard of monitorware schema, and assumed it > >> to be what shipped with rsyslog. > >> > >> > >> Thanks, > >> Kaiwang > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
