This field is not populated and I am bit hesitant to change the default template. That will probably break a number of running configurations. Also, I can not reliably populate that field due to the variety of different ways a process ID is expressed...
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Andre Lorbach > Sent: Wednesday, June 08, 2011 11:43 AM > To: rsyslog-users > Subject: Re: [rsyslog] createDB.sql shipped with rsyslog-5.8.1 doesn'tconform > to table type monitorware in loganalyzer-3.2.1 ? > > The ProcessID field is more or less an optional, so having a NULL value in it is > fine. > Populating it with the ProcessID field will be useful for filtering within > LogAnalyzer. > > However as far as I know, the default template does not include the > ProcessID field, but it can be easily extended. > > Best regards, > Andre Lorbach > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Kaiwang Chen > > Sent: Dienstag, 7. Juni 2011 19:34 > > To: rsyslog-users > > Subject: Re: [rsyslog] createDB.sql shipped with rsyslog-5.8.1 doesn't > > conform to table type monitorware in loganalyzer-3.2.1 ? > > > > Will the default output template of rsyslog fill the new procid field? > > Looks like leaving it NULL should work as well. > > > > Thanks, > > Kaiwang > > > > 2011/6/7 Andre Lorbach <[email protected]>: > > > Hi, > > > > > > the ProcessID field was added for LogAnalyzer. It wasn't in > > > MonitorWare either. > > > But LogAnalyzer will automatically add missing fields into the > > > logstream databases, if the database user has sufficient rights to > > > the table. So granting the database user sufficient rights would > > > solve the > > problem for now. > > > > > > > > > Apparently adding this field into the default database schema of > > > MonitorWare and RSyslog was lost in communication somewhere. > > > > > > Best regards, > > > Andre Lorbach > > > > > >> -----Original Message----- > > >> From: [email protected] [mailto:rsyslog- > > >> [email protected]] On Behalf Of Kaiwang Chen > > >> Sent: Dienstag, 7. Juni 2011 16:04 > > >> To: rsyslog-users > > >> Subject: [rsyslog] createDB.sql shipped with rsyslog-5.8.1 doesn't > > >> conform > > > to > > >> table type monitorware in loganalyzer-3.2.1 ? > > >> > > >> Hello, > > >> > > >> In Step 7 of installation process, "Create the first source for > > >> syslog messages", selecting Table type: MonitorWare (the other is > > >> SyslogNG) would load $dbmapping['mnoitorware'] in > > >> include/constants_logstream.php, resulting in SQL like this: > > >> > > >> SELECT id, devicereportedtime, facility, priority, fromhost, > > >> syslogtag, processid, infounitid, message FROM SystemEvents ORDER > > >> BY id DESC LIMIT > > >> 100 > > >> > > >> In the case of syslog, the fields are mapped from > > >> ./include/functions_config.php: > > >> > > >> 501 $CFG['Views']['SYSLOG']= array( > > >> 502 > > >> 'ID' => "SYSLOG", > > >> 503 > > >> 'DisplayName' =>"Syslog Fields", > > >> 504 > > >> 'Columns' => array ( SYSLOG_DATE, SYSLOG_FACILITY, S > > >> YSLOG_SEVERITY, SYSLOG_HOST, SYSLOG_SYSLOGTAG, > > SYSLOG_PROCESSID, > > >> SYSLOG_MESSAGETYPE, SYSLOG_MESSAGE ), > > >> 505 > > >> 'userid' => null, > > >> 506 > > >> 'groupid' => null, > > >> 507 > > >> ); > > >> > > >> Columns array: > > >> [0] => timereported > > >> [1] => syslogfacility > > >> [2] => syslogseverity > > >> [3] => FROMHOST > > >> [4] => syslogtag > > >> [5] => procid > > >> [6] => IUT > > >> [7] => msg > > >> > > >> > > >> Finally, I got a error prompt like this: > > >> > > >> No syslog records found - Error Details: > > >> > > >> No syslog records found > > >> > > >> > > >> The CreateDB.sql shipped with rsyslog-5.8.1 contains(Notice the > > >> processid filed is missing) > > >> > > >> CREATE TABLE SystemEvents > > >> ( > > >> ID int unsigned not null auto_increment primary key, > > >> CustomerID bigint, > > >> ReceivedAt datetime NULL, > > >> DeviceReportedTime datetime NULL, > > >> Facility smallint NULL, > > >> Priority smallint NULL, > > >> FromHost varchar(60) NULL, > > >> Message text, > > >> NTSeverity int NULL, > > >> Importance int NULL, > > >> EventSource varchar(60), > > >> EventUser varchar(60) NULL, > > >> EventCategory int NULL, > > >> EventID int NULL, > > >> EventBinaryData text NULL, > > >> MaxAvailable int NULL, > > >> CurrUsage int NULL, > > >> MinUsage int NULL, > > >> MaxUsage int NULL, > > >> InfoUnitID int NULL , > > >> SysLogTag varchar(60), > > >> EventLogType varchar(60), > > >> GenericFileName VarChar(60), > > >> SystemID int NULL > > >> ); > > >> > > >> > > >> So, what should I do? I heard of monitorware schema, and assumed it > > >> to be what shipped with rsyslog. > > >> > > >> > > >> Thanks, > > >> Kaiwang > > >> _______________________________________________ > > >> rsyslog mailing list > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> http://www.rsyslog.com > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
