alorbach
commented
1 year ago Looks like the syslog format you have is not fully parsed correctly. Could you show a few sample log lines ?
Open rubenszolt opened 1 year ago
alorbach
commented
1 year ago Looks like the syslog format you have is not fully parsed correctly. Could you show a few sample log lines ?
rubenszolt
commented
1 year ago The server is an Debian GNU/Linux 11 (bullseye) base install
Jun 4 18:00:39 syslog systemd[1]: Created slice User Slice of UID 0. Jun 4 18:00:39 syslog systemd[1]: Starting User Runtime Directory /run/user/0... Jun 4 18:00:39 syslog systemd[1]: Finished User Runtime Directory /run/user/0. Jun 4 18:00:39 syslog systemd[1]: Starting User Manager for UID 0... Jun 4 18:00:39 syslog systemd[238016]: Queued start job for default target Main User Target. Jun 4 18:00:39 syslog systemd[238016]: Created slice User Application Slice. Jun 4 18:00:39 syslog systemd[238016]: Reached target Paths. Jun 4 18:00:39 syslog systemd[238016]: Reached target Timers. Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG network certificate management daemon. Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent (ssh-agent emulation). Jun 4 18:00:39 syslog systemd[238016]: Listening on GnuPG cryptographic agent and passphrase cache. Jun 4 18:00:39 syslog systemd[238016]: Reached target Sockets. Jun 4 18:00:39 syslog systemd[238016]: Reached target Basic System. Jun 4 18:00:39 syslog systemd[1]: Started User Manager for UID 0. Jun 4 18:00:39 syslog systemd[1]: Started Session 4092 of user root. Jun 4 18:00:39 syslog systemd[238016]: Reached target Main User Target. Jun 4 18:00:39 syslog systemd[238016]: Startup finished in 88ms. Jun 4 18:00:43 syslog postfix/smtpd[238045]: connect from localhost[127.0.0.1] Jun 4 18:00:43 syslog postfix/smtpd[238045]: 0A71F9B57: client=localhost[127.0.0.1] Jun 4 18:00:43 syslog postfix/cleanup[238048]: 0A71F9B57: message-id=20230604160043.0A71F9B57@syslog.exmaple.lan Jun 4 18:00:43 syslog postfix/qmgr[577]: 0A71F9B57: from=root@syslog.exmaple.lan, size=773, nrcpt=1 (queue active) Jun 4 18:00:43 syslog postfix/smtpd[238045]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
ponasromas
commented
4 months ago Any solution?
snuggles4553
commented
3 months ago If you're using the rsyslog mysql (ommysql) plugin, this may apply: the plugin doesn't appear to log the ProcessID. So it's perhaps a missing feature that should be implemented in the rsyslog ommysql plugin, in which case loganalyzer itself can't do anything about it. The official rsyslog source code includes the code for the ommysql plugin, and also a createDB.sql file to setup a monitorware SystemEvents database. You can see in that sql file that there is no ProcessID column either.
Running Latest version of LogAnalyzer: Version 4.1.13 and ProcessID field is missing.