Quantcast
Channel: THWACK: Discussion List - Kiwi Syslog
Viewing all 745 articles
Browse latest View live

Forward Event Viewer subscriptions with Event Log Forwarder for Windows

March 8, 2017, 1:45 pm
$
0
0

Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.

 

I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)

 

Thanks!

 

Jeremy

Search

Syslog with Logic?

July 24, 2019, 5:41 am
$
0
0

I'm hoping one of the SolarWinds products can do what I'm looking for.  I need something that can parse daily log file (.log) and look for the following lines:

08:49:15.416 ( 7528:11056) U-PE: 20000018 Hook:  1(OffHook)

09:26:41.618 ( 7528: 7820) U-PE: 2000017A State: 12(Established)

13:22:02.283 ( 7528:11056) U-PE: 20000156 Hook:  0(OnHook)

 

The first part is just standard time style formating.
The second part is always 5 numbers or 4 with a leading space, a colon, and 5 more numbers or 4 with a leading space.
The U-PE: is the event and the 8 alphanumeric ID that comes after that is uniquely bound to a user.  So, for the example above, that is actually the events from three different users.

What I hope can be done, is find every time there is a U-PE: OffHook event that does NOT have an Established U-PE: before the U-PE OnHook event, and report the time between the OffHook and OnHook event.

As for the 8 character User ID, there are about two or three hundred, but they are all unique.

Kiwi Syslog - Mail error: Interrupted

August 3, 2019, 12:08 am
$
0
0

The mail option is not working in kiwi syslog, when I try to send a test mail, it's showing below error.

 

Unable to send test message

 

Reason: mail error: Interrupted.

 

Can anyone help me to fix this issue?

Kiwi Syslog not receiving any message

October 2, 2014, 5:44 am
$
0
0

Hello,

 

I just installed Syslog on a Windows 8 VM (ESXi 5.5).

However... I don't received any message from the router (Cisco RV042G) I want to log.

 

I tried the generic troubleshhoting :

• Check network connectivity by pinging from the sending device to the Syslog Server machine  => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled

• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)

 

Do you have any idea about the cause of this issue ?

 

Thanks in advance for your help.

Need help setting up Kiwi Syslog Server

August 12, 2019, 2:56 pm
$
0
0

Hello everyone!

First post is, of course, a request for help!

I want to monitor my U-Verse router more closely. Unfortunately, even though the router is generating a syslog, my windows cannot see them.

router syslog

 

My kiwi input is set up as follows:

Kiwi input

 

The router address is 192.168.1.254 and the computer running kiwi is in a different subnet, 192.168.5.40. The wifi router between both computers is forwarding port 514.

I'm not sure what else to do. The 192.168.5.40 computer connects to the internet and to the router easily, so I don't think it is a routing issue...

 

Any guidance would be appreciated.

 

Diego

Getting an error message "Cannot specify a column width on data type text" when trying to create a table in SQL server.

October 3, 2018, 5:14 pm
$
0
0

Kiwi Syslog server, SQL2008R2 using a OBCC SQL connector.

 

Any thoughts?

Solarwinds Event Log Forwarder for Windows with 2 Kiwi Syslog Servers configured

August 18, 2019, 6:52 pm
$
0
0

Hello,

 

In the log forwarder, there are 2 kiwi syslog servers configured.
And we found that there is no syslog event receive on first syslog server.
What could be the root cause of this issue?

 

Thank you.

Windows event viewer log forwarder question

August 13, 2019, 4:18 pm
$
0
0

Sorry if this isn’t posted in the proper place, but I believe this is the most appropriate place to post my question. In short we are forwarding event viewer events via the aforementioned tool to a Sysco server. For the most part it works as intended but there are a handful of servers I don’t know how to tackle. In short a pair of servers has a single NIC and have their own unique IP address for management but there is a VIP that floats between them. The VIP is generated in a weird fashion where in the advanced properties of TCP/IP IPv4 they have the identical VIP IP assigned as a secondary. How can I specify in the log forwarder that a specific IP be used for log forwarding regardless? 

 

Similarly we have a handful of servers that have dual NICs. How can we specify a specific NIC be used for this function?  Thanks.

Search

KIWI 9.6.7 Installation Issue

August 21, 2019, 5:53 am
$
0
0

Trying to install Kiwi 9..6.7 on a new Windows 2016 server already running NPM and NCM. The install unpacks the installer and just stops no message no logs in anything.

Anyone run into this?

We have run Kiwi on multiple servers but never on another SolarWinds server is this an issue?

 

Thanks Tom

Atten All: Kiwi Syslog not show all logs on kiwi syslog web Access

August 27, 2019, 11:08 pm
$
0
0

Dear All Concerns and Experts,

 

I need you active and prompt response and reply in order to resolve the issue.

 

I have the following products,

 

Kiwi syslog Server 9.6.3.3

Kiwi syslog web Access v1.6.1

 

I have all logs of the month of August-2019, but on Kiwi syslog web access i am getting logs only 23-August-2019 till 28-August-2019 (till Today), Only 6 days logs.

 

Today, i need logs to review but i am unable to see any logs, let me tell you i have all the logs of previous month as well, but i am not able to see that on the kiwi syslog web access.

 

Please help me out, in order to resolve the issue.

 

Your kind collaboration is required in this regards.

 

Awaiting for your prompt and positive responses.

 

Please find the attached.

Device Name not displaying in Kiwi console

August 27, 2019, 11:35 am
$
0
0

We have upgraded Kiwi server to 9.6.7.1 from 9.4.1. We are monitoring some UPS devices and created alerts. After upgrading the alert on kiwi console doesn't show the name of the UPS but it shows the name of the Kiwi server. Could anybody help in this regards

Kiwi Syslog Manager 9.6.6.1 is failing to open

May 14, 2019, 2:10 am
$
0
0

Hello Team,

 

I tried to install Kiwi server on newly build WIndows 2016. The service starts successfully but console fails to start with below error. Is there something I need to do additional? Haven't seen this error with previous installs.

 

 

THE FOLLOWING INTERNAL PROGRAM ERROR HAS OCCURRED:

Manager Version = 9.6.6.1

Error Number: -2146234304

Description: Automation error

Module Name: Syslogd.frm

Procedure Name: Startup

Line Number: 2250

Date and time: 5/14/2019 2:08:00 AM

 

Thanks

Pradeep

syslog server will not start on windows 10

September 18, 2019, 4:10 am
$
0
0

Just tried to install 9.6.7 via RDP onto a windows 10 machine and while it installs it will not start as a service or as an application.

Error message in log file is

 

Faulting application name: Syslogd_Service.exe, version: 9.6.7.21, time stamp: 0x5d569328

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x036405b8

Faulting process id: 0x1788

Faulting application start time: 0x01d56e107e818acd

Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe

Faulting module path: unknown

Report Id: 12005b94-ffa4-40d8-bc14-5eba3589b65f

Faulting package full name:

Faulting package-relative application ID:

 

Trying to start as a service with local admin account returns

 

Windows could not start the Kiwi Syslog service on Local Computer.

Error 1067: The process terminated unexpectedly

 

Any body got any ideas ??

Forwarding SharePoint logs to Kiwi Syslog Server

September 19, 2019, 1:20 am
$
0
0

I am using SolarWinds Event Log Forwarder to forward mainly security and application logs from different server to a Kiwi Syslog Server (v9.5)

Management flagged out to me that one of the server which stored Microsoft SharePoint logs is full and discuss on forwarding SharePoint logs to the Syslog Server.

I am not getting much success using the Event Log Forwarder as the logs forwarded are unrelated so I suspect that the configuration needs to be done on the SharePoint itself to forward the logs. I have no experience with SharePoint

 

Anybody with experience with SharePoint that is able to help me on how to forward logs to the Syslog Server will be greatly appreciated.

SSL Certificate

October 11, 2019, 5:04 am
$
0
0

We have a Kiwi Syslog server running 9.6.7.1 which uses UltiDev Web Server v2.0.20.  i want to apply an SSL certifictae to this but the CSR will only generate using SHA-1, i need SHA256.  There is a later version of Ultidev v2.0.21 but i dont know if this is supported by Kiwi an di also suspect it will not be able to utilisse SHA256 regardless.

 

Can someone guide please on how i can get it to genearte a SHA256 CSR?

 

thanks

 

Ryan

Search

Kiwi syslog logs not working

October 13, 2019, 10:17 pm
$
0
0

I'm trying to setup Event Log Forwarder on Windows 2016 to log on my Syslog-ng Server.

 

No messages are going to my syslog.

 

Any ideas?

 

the server, UDP port are setup correctly. The EventLog filter also returns the information necessary.

Kiwi Syslog Server : Web Access Ultidev Server publish info on Unsecure Port 5677 and 7566

October 17, 2019, 5:53 pm
$
0
0

Kiwi Syslog server version 9.6.7 is running 'Ultidev Casini web server pro' as part of its application stack, however on ports 5677 and 7756 this application display debug and system information relating to the server.  This information include system names, application paths, and details on running applications.  Such information could be used by a malicious actor planning a man in the middle attack.

 

The release notes and System installation guide specifically mentions that port 7756 is no longer used. Excerpts from the release notes

 

"Versions of Kiwi Syslog Server prior to 9.2.1 are installed with the Ultidev Cassini Web Server Explorer, which uses an additional port TCP 0.0.0.0:7756. Kiwi Syslog Server no longer users Cassini Web Server Explorer and this port. "

 

 

 

 

This is contrary to the release notes and after I have installed version 9.6.7 , I can still see the listening port 5677 and 7566 is opened.

 

Is there a way to disable that?

 

Regards

Neeraj SHARMA



   
 
 
 
 
 
 
 
 
 
 
 






   
 
 
 
 
 
 
 
 
 
 
 






   
 
 
 
 
 
 
 
 
 
 
 





I'm interested in hearing about your Kiwi Syslog Experiences

October 23, 2019, 3:34 pm
$
0
0

We use Orion NPM syslog as the primary collector, but many devices have not been configured to send syslog to Orion yet. Recently, I was talking with the Director of IT I report up through regarding syslog. He was thinking that were we to increase our syslog sources by a thousand or so nodes, that doing so would cause Orion to slow down ore than it already is. What do you think of that point of view? Would it be better to off-load collection duties to another syslog collector?

 

We have a licensed version of Kiwi Syslog, which we have been using on a limited basis (and separate from our Orion installation). I have heard that some people use Kiwi Syslog as their primary syslog collection software, instead of using Orion NPM syslog as primary. What are the advantages and drawbacks you have experienced in using this method? I have heard that you can't view Kiwi Syslog logs from the Orion GUI. But, I have also heard that Kiwi can forward interesting log entries from it to Orion. However, that brings up a question, of how do you define interesting log entries for forwarding? What may not normally be interesting to some could be interesting to others, depending on what event I am looking for.

 

Anyway, if you use Kiwi Syslog Server as your primary collector, could you please share your input here?

Kiwi server not receiving logs from different networks

October 31, 2019, 1:20 am
$
0
0

We have 3 networks,  2(10.254.2.0)network 3(10.254.3.0) network, and 4(10.254.4.0) network. Kiwi server in 2 networks. From 2 network all servers logs are coming to kiwi server.3 and 4 servers log not coming. in the firewall, we opened all ports, then also not coming.

 

Kiwi ver 9.6  and SolarWinds log forwarder ver1.2.0.114

 

Anybody help to resolve this

Send log to Kiwi vs Save in a log file

October 31, 2019, 10:45 am
$
0
0

Hi there,

 

             I'm trying to figure out which way is better? Correct me if I'm wrong.

             Currently, I want to change log level from critical to notification. I tried to avoid fill up log storage in the swtich (e.g. 3850)

1. Kiwi: I need to change console log level in order to send notification logs to kiwi, which all the notification logs would store locally in the switch then.

2. Log file (logging logfile logfile-name severity-level [ size bytes ]):  I can just change saving log file level to notification, and still store critical logs locally in the switch.

 

           If I'm right about the concept, wouldn't it be better to store syslogs in a log file instead of sending to kiwi?

 

               Thank you!!

 

Best,

Lionel

Viewing all 745 articles
Browse latest View live
Search