Hopefully this makes sense. Barracuda has published a script in Perl that demonstrates how to parse the log. The items in the message field are separated by spaces. Barracuda shows the following in their script (the message field has been placed in the $info variable earlier in their scrip):

            if( $info =~ /([^\s]+)\s([^\s]+)\s([^\s]+)\s([-\.\d+]+)\s(\d+)\s(\d+)\s(.*)\sSUBJ:(.*)$/ )

            {

                  ($enc, $sender, $recip, $score, $action, $reason, $reason_extra, $subject) =

                    ($1, $2, $3, $4, $5, $6, $7, $8);

               }

What I would like to do is place these in the Custom variable 1-8. Going through the kiwi example that comes with the syslog server, that part seems relatively easy.

I am brand new to Perl and trying to get this accomplished in the Evaluation window of the Kiwi server to show proof of concept. Is Perl the best way to separate the message based on spaces? Is there a better way to do this? Or does someone have an example of how to do this in Perl or any other language that kiwi supports?

Cheers

How can we design Kiwi syslog server in High availability , Does it required cluster setup (or) Load balancer setting, or any in built  product HA capabilities available

Does anyone know of a way to import/export rules to/from KiWi Syslog Server via command line or other means?

We have a very heavily utilized LEM with a "farm" of KiWi syslog servers sitting behind a load balancer.  When ever we change the rule on one KiWi server, we need to manually export the rule and import it to the KiWi servers.

We would like to find a way to script this, but we cannot find any relevant CLI options in the admin guide.  If anyone has done this or has a suggestion, it would be greatly appreciated.

If this is not possible, then would anyone find interest in a supporting a feature request to have a centralized management console for large deployments of KiWi syslog servers?

Thanks!

Hi guys

I'm new on this forum and I need your help , I'm using Kiwi syslog server version 9.6.5 , I create a lot of rules for group of the equipments  that  feed my syslog server(switch, servers , firewall..), and I have different stakeholders to whom I have to give access through Kiwi syslog web acces but I want to restrict access to the context that everyone have to had access !without giving access to all logs.

When we create users account  on the console , there is no way to personalize profil to do that.

My question there is a way to do that?

Thanks

Hi,

I use Kiwi Syslog Server on Windows Server 2016.

I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.

1) Performed on April 26, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.5.2

The following patchs were installed by Windows Update successfully.

KB4015217

KB890830

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

2) Performed on May 19, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

The following patchs were installed by Windows Update successfully.

KB3150513

KB4019472

KB890830

KB4013418

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

[Resolution]

Both cases, I uninstalled and re-installed Kiwi Syslog Server.

Please refer:

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/KSS_error_Component_XceedZip_dll_or_one_of_its_dependencies_not_correctly_registered_a_file_is_missing_or_invalid

3) Performed on June 21, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

The following patchs were installed by Windows Update successfully.

(KB3186568)

(KB4023834)

(KB4022715)

(KB890830)

(KB3150513)

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

4) Performed on April 3, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

KB4089510

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

==================================

5) Performed on June 29, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

KB4284833

2018-06 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4284833)

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

メッセージ編集者: JTC Osaka After Windows Update(2018-June), KSS can not start again.

=========================================================

6)

Performed on Nov 22, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

--------------------------

2018-11 x64 ベース システム用 Windows Server 2016 更新プログラム (KB4465659)

2018-11 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4467691)

悪意のあるソフトウェアの削除ツール x64 - 2018 年 11 月 (KB890830)

--------------------------

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

メッセージ編集者: JTC Osaka  2018/11/29 15:31

I find my Kiwi Syslog Web access only displays logs for the most recent 5 days, how can I get the web access display the previous logs? thanks a lot.

Hi All,

I need to configure logs reporting in my KIWI syslog application through my SMTP server as attachments into my email.

Please let me know , how to proceed.

Thanks

Srikant

Hi,

We are looking into installing Kiwi Syslog Server or LEM for our log monitoring needs.

Currently comparing Kiwi Syslog Server and LEM and trying to find if one or both of them has feature that helps us to create service now ticket when we receive certain logs. We'd appreciate any information on this.

Regards,

Manish

I have a licensed version of Kiwi 9.6 installed on a Windows 2016 Server. I was specifically hoping to use the "Spoof Network Packet" feature to forward packets to a downstream server. The help file says the server needs to be licensed (Done!) and that WinPcap must be installed. The problem is, WinPcap is deprecated for some time now, and not compatible (or at least not suggested) with Windows 2016. I use Npcap, which is the recommended way to go for W2016. I have even installed Npcap with WinPcap compatibility (a requirement of Wireshark) and that works correctly (with Wireshark). Unfortunately, with regards to the Kiwi server, something is still missing. The tick box is now available, but I cannot select a network adapter. Saving this config as is results in no data being sent.

Hi folks,

I have not gone through any previous threads. Pardon me if this is a repeated query or clarification requested. Have started looking at trial version initially to make sure if this supports my requirements.

Have couple of queries, request to clarify these with request to secure tcp syslog server.

a. Currently seeing that although requested TLS version is set to v1.2 in client hello, Server negotiates back to v1.0. Is there a way to continue with TLSv1.2 protocol.

b. Also have CA signed certificates imported on both to Syslog server running on windows and also on corresponding router acting as a client. But Server doesnt request for Client certificate (as its optional) and unable to verify mutual authentication. Only server certificate is validated by the Client and connection is made. How to enforce mutual authentication where router to validates the client certificate.

c. Is there any IPv6 address support for Syslog server, or its only available in licensed version.

Thanks in advance.

-Gopal

Dear All Experts,

I am running Kiwi Syslog server for log events collection of different servers and currently i am in testing mode. the problem currently i am facing is that all the spurce server logs are displaying in the same page simultaneously. Logs of each server are not categorized and neither i found any search option in the dashboard where i can search the logs for the specific server. All logs are mixed.

What i want that is there any method to categorize the logs of each server at the dashboard i.e exchange server logs are displaying in exchange server logs option, domain controllers or esxi hosts are displaying in their respective sections to easy trace the errors and logs. Right now all logs and errors are mixing with each others.

Seeking the help in this regards.

Waiting for the response from experts here.

Thanks.

my company has the kiwi syslog server v 9.6.6.1 and today my kiwi automaticaly stopped. i received in application event viewer message

Application: Syslogd_Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IndexOutOfRangeException

Stack:

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon.ProcessTcpMessage(System.Net.Sockets.TcpListener, System.Text.Encoding, System.Collections.Generic.List`1<System.String>)

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon+<>c__DisplayClass11.<ReinitTcp>b__d()

   at SolarWinds.SyslogServer.Engine.Implementation.WatcherThread.<.ctor>b__0()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

and

Faulting application name: Syslogd_Service.exe, version: 9.6.6.1, time stamp: 0x5c013768

Faulting module name: KERNELBASE.dll, version: 6.3.9600.19178, time stamp: 0x5bc10573

Exception code: 0xe0434352

Fault offset: 0x00015ef8

Faulting process id: 0x%9

Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

Faulting package full name: %14

Faulting package-relative application ID: %15

what i do?

Hi guys,

Sorry for the lack of knowledge but i am a new syslog and kiwi world. I purchased kiwi server with the inter to monitor three areas of my network,

1 - failed login attempts on servers and workstations

2 - bandwidth spikes on the firewalls if all possible by service e.g. smtp (all sonicwalls)

3 - bandwidth spikes on workstation

Can someone guide me to where i can find any documentations to configure the server to alert on the above, or am i asking for too much out of the kiwi server.

Thanks

Rudy

Dear Thwack experts,

Our WAN is spread across 500 sites, connected via 5  Datacenters, Most are VPN connections btw Sites and DC's ,but few still have slow paced connections.

For NPM, We are planning to build our HA solution across DC1 and DC2, and will use APE at DC3,DC4 & Dc5, So that each polling engine can poll the devices at connected remote site.

Now speaking about Syslog monitoring Requirement, We felt Log manager for Orion has  lot  more feature , But may not fit into our environment.

Discussion points:

-In our case, Device at remote site, need to send syslog message to the centralized solution

1)Kiwi have below solution:
Kiwi Secure Tunnel receives, compresses, and securely transports, syslog messages from distributed network devices to the Kiwi Syslog Daemon.

Does Log manager for Orion can be used here.??

2) Kiwi also store the syslog and trap messages into Microsoft® SQL Server , Apart from Log tagging, how different can Log manager can help to our operations team,, any comparison between KIWI and LM would be more helpful

( please correct me, if I am wrong some where)

Hi,

We are unable to receive any Syslog messages from any of the nodes added in ORION. When checked with Kiwi Syslog, they are being received. So there's no issue of windows firewall block. Even we restarted the syslog and trap services.

When we are generating the Syslog locally on the orion server it is captured in ORION but nothing from remote.

Please guide.

So a few questions in regards to SolarWinds Event Log Forwarder... is there a guide for it other than the lacking help file?

Second, I'm running it on my DC's to forward some events from them however when I try to edit the Subscriptions it does not let me change them.

Running Server 2012r2, Event Log forwarder version 1.2.0.114

I could have sworn when i stood these up way back when i was able to adjust what they grab as far as which event type an even all of the other fields but for some reason I can't change or save the changes I am trying to make.

I've tried running as admin, stopping the service and neither resolves my issue.

Last, is there a way to change how often the logs are sent? I mean the interval the logs are forwarded seems to be every second which is great if i'm using kiwi for alerts but if i just want to store logs I'd rather get them every hour or day or some other interval that every second.

Hi,

I need information regarding filtering in KIWI Syslog Web Access. When i select filter in KIWI Web Access  and put device name or IP address of which events i want to see in filteration, then KIWI Web Access displays the 7 days old list of events of the specific device. My query is why KIWI Web Access just showing 7 days old events? Can we see more than 7 days old events?If yes, kindly guide me.

I had Kiwi Syslog Free version installed. Then I requested 14 day trial version of licensed software. I uninstalled free version and installed 14 day trial, but it still show that it is free version. I uninstalled again. Deleted everything from registry that had word 'kiwi' in it and then installed again. Still same issue. Please, help me have it working. Im really interested. If it works well, I'll be buying paid version.

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

Hello,

I'm trying to set up the email alerts in Kiwi Syslog Server Setup but when I hit the Test button it comes back.

Unable to send test message.

Reason: Mail Error: Server certificate verification failed.

Connection aborted.

Can anyone please help shed some light on how to resolve this?

Screen is below, the emails are valid emails in our exchange server. I have the server's IP address in that box.

In the security box TLS is the only one that got this far where it appears it contacted the server then aborted. The other choices didn't even make it that far.

Thanks,

Kevin L.