This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 94%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Hi
I wonder why syslog collected in Linux does not have PID information.
Is there any way to collect PID and PPID information from Linux?
For example, in Windows, SecurityEvent log include information about PID (i.e., which command is executed), so that users can trace back which process is called by which process.
Maybe it can be possible by configuring something, but I don't see this in Linux.
Anyone can give me a help?
Is creating custom log only way to do this?
Also, then, do you know why it is not provided in Linux by default?
Hello CJ Jung
Just checking in to see if you got a chance to see previous response.
If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
Hello CJ Jung
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
In Linux, syslog does not include PID information by default.
You have to use a custom log to collect PID and PPID information.
Hope that helps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@CJ Jung, Thanks for posting in Q&A. From your description, I know the issue is with Linux which we are not familiar. Then I go to do some research, But I don't find the method to include PID and PPID into syslog. In fact, a process will likely have a different PID every time you launch it. As a workaround, you can run commands to get the PID and PPID when we see the log generated. Here is a link with the commands to get PID and PPID:
Note: Non-Microsoft link, just for the reference.
You can also contact your Linux OS supporting to see if they can help on this.
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.