Re: [rsyslog] loganalyser

Tue, 09 Aug 2011 02:55:40 -0700 

InfoUnitID is set to '1' for all my records.

Checking at the database records I notice that all syslogtags are empty (for 
some reason, it is like this in the original syslog message)
Maybe it can mess the message type detection?
Here are samples for the db:

 id | customerid |     receivedat      | devicereportedtime  | facility | 
priority |            fromhost            |                                     
             message                                                   | 
ntseverity | importance | eventsource | eventuser | eventcategory | eventid | 
eventbinarydata | maxavailable | currusage | minusage | maxusage | infounitid | 
syslogtag | eventlogtype | genericfilename | systemid
----+------------+---------------------+---------------------+----------+----------+--------------------------------+------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------
  3 |            | 2011-08-06 07:06:30 | 2011-08-06 07:06:24 |        0 |       
 3 | 223.77.90.202.dial.dyn.mana.pf |  (172.17.70.24/Quickspot_26) 
openvpn[582]: Connection reset, restarting [-1]                               | 
           |            |             |           |               |         |   
              |              |           |          |          |          1 |   
        |              |                 |
  4 |            | 2011-08-06 07:06:30 | 2011-08-06 07:06:24 |        0 |       
 5 | 223.77.90.202.dial.dyn.mana.pf |  (172.17.70.24/Quickspot_26) 
openvpn[582]: /etc/route-down.sh tun0 1500 1543 172.17.70.24 172.17.70.1 init | 
           |            |             |           |               |         |   
              |              |           |          |          |          1 |   
        |              |                 |
  5 |            | 2011-08-06 07:06:30 | 2011-08-06 07:06:24 |        0 |       
 5 | 223.77.90.202.dial.dyn.mana.pf |  (172.17.70.24/Quickspot_26) 
openvpn[582]: SIGHUP[soft,connection-reset] received, process restarting      | 
           |            |             |           |               |         |   
              |              |           |          |          |          1 |   
        |              |                 |
  6 |            | 2011-08-06 07:06:30 | 2011-08-06 07:06:24 |        0 |       
 5 | 223.77.90.202.dial.dyn.mana.pf |  (172.17.70.24/Quickspot_26) 
openvpn[582]: OpenVPN 2.1_rc4 mipsel-linux [SSL] [EPOLL] built on Dec 17 2007 | 
           |            |             |           |               |         |   
              |              |           |          |          |          1 |   
        |              |                 |


I hope it will be readable enough.

Le 09/08/2011 11:48, Andre Lorbach a écrit :

Hi,

oh I am sorry I indeed misunderstood. Can you post some sample data records
from your database?
There is an message ID field (InfoUnitID) which LogAnalyzer uses to detect
what kind of message the data record has.
The only thing I can imagine right now is, that this field is filled with the
wrong value.

Best regards,
Andre Lorbach


-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Alexandre Chapellon
Sent: Dienstag, 9. August 2011 11:46
To: [email protected]
Subject: Re: [rsyslog] loganalyser

Thank you for your answer, but i think you missunderstood me.
I see records only if I choose EventLog or Webserver view. When I select

Syslog

I get 'the following messages: No syslog records found

That's weird... but that's what I get.

Le 09/08/2011 11:43, Andre Lorbach a écrit :

Hi,

the Eventlog View is meant for Windows Eventlog related messages.
Those can be filled into a monitorware schema database using Adiscon
EventReporter for example.
However this view is not meant for any Syslog related data, that is
the reason you are not seeing any data when using this view.

Best regards,
Andre Lorbach


-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Alexandre Chapellon
Sent: Dienstag, 9. August 2011 11:19
To: [email protected]
Subject: [rsyslog] loganalyser

Hello,

I have a problem with Adiscon loganalyser. Not sure if it's the right
place

to

post... if not please let me know where to.

I have a bunch of rsyslog servers doing database logging in pgsql DB
using
:ompgsql: and the monitorware database schema.
Records are inserted in the DB as expected. My problem is that
Adiscon loganalyser reports "No syslog records found" when opening the

webface.

IF I select "Syslog Fields" as "View" in the upper right corner, the
events recorded in the database are correctly displayed.
Unfortunately the

Eventlog

View is not what I expect and contains empty fields as the messages
in the database are pure syslog messages (mostly generated by
sysklogd and relayed by rsyslogd)

Is there any explanation for this?

Best regards.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

--
<http://www.horoa.net>

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com


--
<http://www.horoa.net>

<<attachment: a_chapellon.vcf>>

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Reply via email to