Quantcast
Channel: THWACK: Discussion List - Kiwi Syslog
Viewing all 745 articles
Browse latest View live

Parsing Kiwi Syslog Data

February 8, 2019, 1:02 pm
$
0
0

All,

 

I am trying to parse data that is received with Kiwi Syslog and then forward that parsed data to another syslog server that is viewed by other technicians. The issue I am having is that the server that sends the data is sending to much information that is not needed to the destination syslog server. I see that Kiwi Syslog does have the ability to do some parsing via VBscript. I was hoping someone could post a script that I could try that would parse the following data.

 

02-08-2019 14:25:19 User.Warning 172.16.0.145 Feb  8 20:25:19 Server1.penfield.edu ERAServer[743]: {"event_type":"Threat_Event","ipv4":"172.17.21.137","hostname":"Computer1.microsoft.com","source_uuid":"ecef5ff4-0535-42e2-9985-41110278b0db","occured":"08-Feb-2019 19:16:43","severity":"Warning","threat_type":"potentially unwanted application","threat_name":"JS/Spigot.B","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"18843 (20190208)","object_type":"file","object_uri":"file:///C:/Users/JDoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js","action_taken":"cleaned by deleting","threat_handled":true,"need_restart":false,"circumstances":"Event occurred on a newly created file.","firstseen":"08-Feb-2019 19:16:43","hash":"B19897AB34E780D9F53E6AC8BE78BE26094693FD"}

 

The only data I need to pass to the other syslog server from Kiwi server is the following data,

 

"hostname":"Computer1.microsoft.com"

"threat_name":"JS/Spigot.B"

"object_uri":"file:///C:/Users/Jdoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js"

"scanner_id":"Real-time file system protection"

 

The parts marked in red do change. Is this possible?

 

Thanks,

Mike

Search

List of Devices

February 20, 2019, 6:54 am
$
0
0

I have scanned the forums and I haven't stumbled upon any information regarding my question.

 

Is there a way to determine which devices are sending logs to the Kiwi Syslog Server?

 

Our maintenance ended already and I was assigned to this task of assessing our syslog server. I am trying to get information on how long the logs were retained and what devices are sending those. I have explored both the web access and server console to no avail.

 

Appreciate the help.

Strip OIDs / sysUpTime from trap message sent from Kiwi to Orion NPM

February 28, 2019, 3:33 am
$
0
0

Hi everyone,

 

We're using Kiwi Syslog Server to forward syslog events as traps to Orion NPM.

The syslog events are generated by a Powershell script which parses a log file and sends each matching row as an individual SNMP trap to Orion.

 

Is it possible to strip all of the OID information from the alert message?

The script we're using is this one: Send syslog using PowerShell

 

 

I appreciate any help or pointers

Thanks in advance!

The list of Windows Update that conflicts with Kiwi Syslog Server

May 22, 2017, 12:37 am
$
0
0

Hi,

I use Kiwi Syslog Server on Windows Server 2016.

 

I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.

 

1) Performed on April 26, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.5.2

 

The following patchs were installed by Windows Update successfully.

KB4015217

KB890830

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

 

2) Performed on May 19, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

 

The following patchs were installed by Windows Update successfully.

KB3150513

KB4019472

KB890830

KB4013418

 

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

 

[Resolution]

Both cases, I uninstalled and re-installed Kiwi Syslog Server.

 

Please refer:

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/KSS_error_Component_XceedZip_dll_or_one_of_its_dependencies_not_correctly_registered_a_file_is_missing_or_invalid

 

 

 

3) Performed on June 21, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

 

The following patchs were installed by Windows Update successfully.

(KB3186568)

(KB4023834)

(KB4022715)

(KB890830)

(KB3150513)

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

==================================

4) Performed on April 3, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

KB4089510

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

 

==================================

 

==================================

5) Performed on June 29, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

KB4284833

2018-06 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4284833)

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

==================================

 

メッセージ編集者: JTC Osaka After Windows Update(2018-June), KSS can not start again.

 

 

=========================================================

6)

Performed on Nov 22, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

--------------------------

2018-11 x64 ベース システム用 Windows Server 2016 更新プログラム (KB4465659)

2018-11 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4467691)

悪意のあるソフトウェアの削除ツール x64 - 2018 年 11 月 (KB890830)

--------------------------

 

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

メッセージ編集者: JTC Osaka  2018/11/29 15:31

 

==================================================================

7)

Performed on March 4, 2019

*Environment

- Windows Server 2012 R2

- Kiwi Syslog Server version 9.6.6.1

 

The following patchs were installed by Windows Update successfully.

--------------------------

- 2019-02 x64 用 Windows 8.1 および Server 2012 R2 の .NET Framework 3.5、4.5.2、4.6、4.6.1、4.6.2、4.7、4.7.1、4.7.2 用セキュリティおよび品質ロールアップ (KB4487080)

- 2019-02 x64 ベース システム用 Windows Server 2012 R2 向けセキュリティ マンスリー品質ロールアップ (KB4487000)

- 悪意のあるソフトウェアの削除ツール x64 - 2019 年 2 月 (KB890830)

--------------------------

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'ipdaem160.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

Error message:

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

メッセージ編集者: JTC Osaka 2019/03/04 10:44

Kiwi Syslog server would not start

March 4, 2019, 12:07 pm
$
0
0

I installed the free version of the Kiwi Syslog server (version 9.6) on Windows server 2016, and it would not start - please note that I do not have internet access on this Windows server.

Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder

March 26, 2019, 12:28 am
$
0
0

Server OS: Windows server 2016

Client OS: Windows 10 pro build 1511

Kiwi syslog service manager: Licensed 9.6

Kiwi syslog message generator: v2.2

Solarwinds event log forwarder: v1.2

Firewall status: both server and client are off.

 

I'm trying to use Solarwinds event log forwarder to forward client's event logs to server's syslog manager through TCP, but nothing shows up (Ports and IP address are done correctly). Activating license was my last resort, but result doesn't change.

 

I then tried using Kiwi syslog message generator, message finally received by syslog manager but after every one message was sent, TCP connection is constantly being cut off. Tried sending messages using UDP too, turns out UDP does nothing at all, no message no nothing (Again, ports are fine).  Tried this method Kiwi Syslog Server service is halting regularly - SolarWinds Worldwide, LLC. Help and Support , doesn't work. Tried reinstalling syslog manager, no luck.

 

I tried to install Splunk on the server pc, and I managed to connect successfully with client's pc through TCP, which means there were no issues with the ports and connection.

 

Any help would be appreciated!

Cannot login to web console after upgrade to 9.6.7

March 27, 2019, 5:54 pm
$
0
0

I just did a migration from Kiwi Syslog 9.6.1 to the latest 9.6.7. Now I cannot login to the web console at all, with any account. The error I receive is:

 

Exception of type 'System.Web.HttpUnhandledException' was thrown.

Status Code: 500        

 

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at _Event.Page_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   --- End of inner exception stack trace ---
   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.events_aspx.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx?ReturnUrl=/Events.aspx      

 

I attempted a reinstall of 9.6.7. I also rebooted the server.

 

I am dead in the water, so to speak and need to get back in to run audit reports. Any help would be incredibly appreciated.

KIWI Web Access Filter displaying just 7 days old events

January 28, 2019, 4:16 am
$
0
0

Hi,

I need information regarding filtering in KIWI Syslog Web Access. When i select filter in KIWI Web Access  and put device name or IP address of which events i want to see in filteration, then KIWI Web Access displays the 7 days old list of events of the specific device. My query is why KIWI Web Access just showing 7 days old events? Can we see more than 7 days old events?If yes, kindly guide me.

Search

Error changing web access settings

April 1, 2019, 10:23 am
$
0
0

In the web access settings page, when I try to modify the value of page refresh or anything under the "general settings" screen it pops up an error about changing the password.  I am not modifying anything under the "user settings" part or clicking "change password".  Any ideas?

Syslog Console Hangs

April 4, 2019, 3:09 am
$
0
0

Hi,

 

Then syslogd service runs fine on our windows server 2016 DC.

But if we open the console, it hangs. Memory and CPU load are ok.

Any idea what I can check ?

 

 

 

Best Regards,

 

Wouter Jinssen

Siemens

Kiwi Syslog Server HA (High Availability)

April 5, 2019, 5:51 am
$
0
0

Hi Folks, I am starting to evaulate Kiwi Syslog Server and one of the main requirements will be how we provision HA (High Availability)

I have seen some posts regarding the use of LB's (Load Balancers) but these posts are pretty old and don't go into that much detail.

 

I'm hoping that someone can point me in thr right direction.

 

If we use 2 LB's in a cluster (probably Netscalers) all clients will connect to the LB VIP.

I'm "guessing at this stage" that the LB's will send all trafiic to one of 2 Kiwi Syslog servers (lets call them Kiwi A and Kiwi B where Kiwi A is the current live server)

We are resilient against the loss of a LB (as theye are operating in a HA Cluster)

If we lose Kiwi A, traffic will be redirected to Kiwi B.

 

Thoughts/Comments

If we lose a LB, we will probably lose syslog records - I don't think its possible to avoid this (even if we use TCP)?

If we lose Kiwi A, syslog records will be redirected to Kiwi B by the LB (again, I think we could lose some syslog records)

If we need old logfiles on Kiwi A (that isn't now available) - I guess we can't unless Kiwi A writes to a CIFS share (that Kiwi B also writes to) ???

 

If we don't have access to a direct CIFS share, could we use Windows DFS (so that Kiwi A is replicating to Kiwi B and vice-versa) - again, I think we will miss records.

So basically, if we lose Kiwi A, and the LB starts writing to Kiwi B, Kiwi B will have the replicated records (via DFS from Kiwi A)

Kiwi B should pretty much have almost all of the records available (would need to test this against busy input devices)

 

Before we go down this road and start testing, It would be great if anyone has any information/feedback/comments  they could provide.

 

Many Thanks.

Kiwi Syslog Web Access: refresh problem

April 5, 2019, 12:03 am
$
0
0

Hi,

 

How can I update the refresh time on KWSA please? Everytime I click on "Save", I've got the password policy message.

 

Thanks

After upgrading Kiwi to 9.6.5 service crashes

April 10, 2019, 6:49 am
$
0
0

After we upgraded our Kiwi Syslog to 9.6.5 we have had an ongoing issue where any rule or config change crashes the syslog service. This happens on both of our Kiwi servers.

 

We ruled out McAfee AntiVirus and HBSS (uninstalled)

 

The error I see in the Application events shows:

 

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: exception code c0000096, exception address 0686733C

 

I have re-opened our case with support but I wanted to reach out to the community to see if anyone else is seeing behavior. We might have to roll back to an earlier version if we don't get something resolved soon.

 

Thanks

Kiwi syslog migration

April 10, 2019, 2:05 am
$
0
0

We have upgraded our kiwi syslog server to a new server with a new version of the OS.

 

I need to migrate the settings of the previous server to the new server, but I am unable to find a migration tool or guide on how to migrate the settings.

 

I dont need to migrate the files (logs) only the settings.


Can anyone help or advise, or point me to a guide?

Kiwi SyslogServer 9.6.6.1 is failing to stay up with TCP traffic on port 514

April 8, 2019, 11:55 pm
$
0
0

Hello Experts,

 

We have two instances of Kiwi 9.6.6.1(enterprise licensed) which are failing to stay up with TCP traffic over port 514. It fails with an unhandled exception "System.IndexOutofRangeException". If I try to send the normal burst messages using SyslogGen it works but for actual traffic it crashes. Tried to bind IP and disable UDP as well without luck.

 

We have DNS lookup disabled to achieve necessary speed. Our environment is Windows 2016.

 

Any suggestions would be of great help.

 

Thanks

Pradeep

Search

log file open issue

April 16, 2019, 8:41 am
$
0
0

Hi

 

I am using Kiwisys log server free ware tool to collecting the network device loggs. but file size is too bigg approx. 4 Gb in .txt file for 1 day , which is not able to open for analyzing it.

 

could you please suggest us that how to open it.

 

secondly could you please suggest us proper syslogg server tool so that we can easily open the file &  filter the network device on category base  like switch, router or firewall loggs.

 

 

Regards

Vinod Gupta

+919810966625

Kiwi Log Viewer Suggestion

April 18, 2019, 8:45 am
$
0
0

I apologize if this is the wrong forum for the log viewer.

 

Is it possible to add a checkbox for an audible alert to the highlighting options so we can be alerted when the highlighter matches a target phrase?

 

Thanks,

Mike

Can you push subscription and server configs?

April 25, 2019, 7:43 am
$
0
0

I'm in the middle of deploying the syslog forwarder across our network. I'm hoping to save time I can push the install followed by the syslog server and subscription information. Is that possible?

Kiwi Syslog doesn't work with python

April 29, 2019, 11:37 am
$
0
0

Hello,

I'm running into an issue where I have ActivePython installed, and I'm trying to use it with Kiwi Syslog Server, but I keep getting the same error:

Python is installed, Active python is installed.  I have tried creating a "Main()" function and a "main()" function to no avail.  My script is currently only doing the following:

 

def main():

     return "OK"

 

main()

 

I have tried a capitalized Main() as well.  Same error.

Any idea why this doesn't actually work?

 

We're considering purchasing the software, but only if we can get it to actually work with our pipeline.

Thanks in advance.

Can we use the Kiwi Syslog as a syslog forwarder.?

April 30, 2019, 3:12 am
$
0
0

Hi,

 

We have a Linux box running the SDN services and acting as a Gateway. The vendor who provided this Linux box says that the have a restriction that it can forward the Syslog messages to only one Syslog server / collector.

 

We are currently in a situation that we are looking for a syslog server which can receive the syslog messages from this Linux box and then forward them to other syslog servers/collectors.

 

Is it possible to use the Kiwi Syslog server as a syslog forwarder. ?

Viewing all 745 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>