Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

sys log server errors "FormatMessage failed with 1815" help please!!

0
0

Good day Community,

 

I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.

 

Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.

 

I would really appreciate your humble assistance or comments.

 

 

 

Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015

4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544

The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be

found. Either the component that raises this event is not installed on your local computer or

the installation is corrupted. You can install or repair the component on the local computer.If

the event originated on another computer, the display information had to be saved with the

event.The following information was included with the event: S-1-0-0. FormatMessage failed with

error 1815, The specified resource language ID cannot be found in the image file.


Database Command Timeout

0
0

I am getting periodic timeouts writing to our external SQL DB (due to be upgraded).

I am running KIWI 9.3.3 and I went into the registry to modify the db command timeout key hoping it would help.

The help file for the installed KIWI daemon shows the following info:

 

Database Command Timeout

Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties

Value (STRING): DBCommandTimeout

Min value:        0 (No timeout - not recommended)

Max value:        120

Default value:        30

Type:                Timeout in seconds

 

This key does not exist. I assume I can just stop the daemon, add the key and reboot the server?

If the key is not there where is the KIWI service getting the timeout setting and is it still at the default of 30 sec?

 

Thanks,

BobL.

SYSLOG error with windows server 2012

0
0

Hi

 

i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog   6   Application   127   lun giu 08 17.03.41 2015   1003   Microsoft-Windows-Security-SPP      N/A   Information   srv-av.astergenova.it   0   The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."

do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed

Log forwarder fail to start on windows server 2012

0
0

Hi

 

today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:

 

after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)

and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''

 

did you ever faced something like this?

how do i have to procede?

 

thanks a lot

Event Log Forwarder - Where is the Audit Failure Type?

0
0

Hi There,

 

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log.  When I click on the Security Log I don't see Audit Success or Audit Failure as an event type.  It just has Error, Warning and Information.  If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change.  Am I doing something wrong?  How can I see Audit Failure as an Event Type?

 

Thanks,

Adding devices to the Kiwi Syslog free version

0
0

Prior to receiving syslogs from the 5 devices (this is the limit in the free version) they will need to added under Setup\Inputs section.  See below:

 

Syslog free.JPG

How to Migrate Kiwi Syslog Server

0
0

There are 3 things that you need to consider when migrating Kiwi Syslog Server:


  1. Configuration - to back them up, simply open the Kiwi Syslog Server Manager and click "File -> Export Settings to INI" .
  2. Logs - Manually copy Syslog messages log files. Under Setup, look for all Log to file - action and take note of the path and file name.
  3. License - Deactivate the license from the old server using License Manager Tool first so that you can transfer the license to the new server. Please take note that Activation Key will be different once the license is deactivated. You can refer to the following video for more detail information:

Parsing logs from Windows Event logs

0
0

Good day,

 

How can we get windows event logs to be stored in the database with there specific fields

 

  1. Event ID
  2. DATE and TIME
  3. EVENT DESCRIPTION
  4. AUDIT TYPE
  5. SERVER NAME
  6. ACCOUNT NAME
  7. DOMAIN NAME
  8. FAILURE CODE
  9. FAILURE REASON
  10. LOGON TYPE

  

Currently the information is stored in one (1) field. Is there a parse script or way to split the information as seen above and store in the database.

 

 

My project team is urgently awaiting a response to complete an overdue task. Can someone kindly provide some assistance, guidance or information.

 

Thanks in advance.

 

George

 


Not Able to forward logs from Unix device to syslog server

0
0

Configured the syslog.conf file successfully, restarted services, checked IP tables - IPtable disabled, Logs are getting generated in the mount point, still logs are not getting delivered to syslog server. Why ?

Please suggest.

Procurve switches not sending syslog messages in KIWI syslog

0
0

Hi all,

 

New here, searched for discussions but found no entry on procurve switch(es).

The Procurve switches will not send any syslog messages (wiresharked the server)

Turned on logging on the switch: logging 'ip-address'

 

show debug

 

Debug Logging

  Source IP Selection: Outgoing Interface
  Destination:
   Logging --
     'ip-address' Kiwi Syslog server

       Protocol = UDP
       Port     = 514
     Facility = user
     Severity = info
     System Module = all-pass
     Priority Desc =

 

tried facility 'syslog' still nothing.

 

Only the Procurve switches will not send any syslog messages.

Other devices such as Cisco ASA's work fine.

 

Anyone ideas to solve this?

 

TIA Jaap

RECOMMEND Kiwi Syslog ON SPREAD THE WORD FOR A $25 AMAZON GIFT CARD!

0
0

Let the community know how impressed you are with Kiwi Syslog and earn a $25 Amazon gift card!  Simply post your review in Spread The Word with the questions answered below:

 

  1.       What was life like before using SolarWinds? (Include what you were using and why you decided it was time for a change)
  2.        Which SolarWinds product(s) saved your bacon?
  3.        Did you consider other options, and why did you choose SolarWinds?
  4.       How has life been since you've rolled out SolarWinds in your environment?

Kiwi Free version 9.4.2 all UTC times

0
0

Hello,

 

I just installed free version 9.4.2.

 

All is working well except the logged time stamps are all UTC.

 

I created my output logfile with date and hour in the filename (to split the log every hour). The output logfile date and hour are also UTC.

 

How do I set both to use local time (-7 hours from UTC)?

 

(BTW, the syslog message window shows the local system time on the bottom right, it's correct.)

 

Thank you for any help.

 

Kind regards.

Make message queue persistent?

0
0

Is there a way to make the message queue persistent?  We have instances were an app will send an unusual amount of logs, sometimes filling the queue.  With potentially a million messages in the queue it would be nice to have this be persistent across service restarts.

Difference found in comparing running config for Cisco ASA firewall

0
0

I am running a comparison report on the startup config and running config on a Cisco ASA firewall.

It keeps reporting that there is a difference. On closer look it actually report the change on the display. Attached is the screenshot.

Please advice

Thanks.

Alex

Log forwarder fail to start on windows server 2012

0
0

Hi

 

today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:

 

after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)

and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''

 

did you ever faced something like this?

how do i have to procede?

 

thanks a lot


Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

0
0

Hello Everybody.

 

I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.

Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.

 

Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.

 

Can anyone help?

I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.

 

Thank you very much.

Kiwi Syslog Server does not display secure ASA syslogs

0
0

Hello to the community!

I have been confused with this for a while and i would like to get your help!

 

I have a network topology with an ASA 5520 and a Kiwi Syslog server 9.3.4-eval. I also have a CA server.

I have installed the root CA certificate on both the Kiwi Syslog Server and the ASA.

Also i have generated a certificate request for the Kiwi server which was signed by the CA server and also made a trustpoint on the ASA with that certificate (The signed one)

 

When i try to send syslogs it doesn't display anything.

 

I have installed Kiwi SyslogGen and have made some tests.

When i make a test with destination port 1468 (TCP default) it works and displays something on the Kiwi manager.

But when i make a test with destination port 6514 (Default Secure TCP) it fails.

 

On the command prompt i issued the following:

netstat -ano

there were the following entries regarding syslog:

TCP: 0.0.0.0 1468

UDP: 0.0.0.0:514

 

But nothing is listening to 6514

What can be the problem? Thank you very much in advance!!

 

Somethin i saw on the error log:

Unable to bind TCP listener to port 6514 There might be a problem with the certificate provided.

Here are some pictures of the settings:

Secure TCP.png

 

TCP.png

Modifiers.png

Kiwi Syslog Small Windows Environment

0
0

I'm looking to use Kiwi for a small windows environment and had a question regarding the collection.  I was wondering what best practice is for forwarding the events to the syslog server.  I would prefer to not install the windows event forwarder on all of the servers (about 25).  Is it possible to create a windows subscription and then forward all from that host to Kiwi?

 

Thank!

Kiwi syslog server service can't start

0
0

Hi everyone,

 

I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.

 

Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.

 

I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.

 

I've raised a support ticket but with no results till now.

 

Do you have any idea what's the problem here?

 

Regards, O


Kiwi Free version 9.4.2 all UTC times

0
0

Hello,

 

I just installed free version 9.4.2.

 

All is working well except the logged time stamps are all UTC.

 

I created my output logfile with date and hour in the filename (to split the log every hour). The output logfile date and hour are also UTC.

 

How do I set both to use local time (-7 hours from UTC)?

 

(BTW, the syslog message window shows the local system time on the bottom right, it's correct.)

 

Thank you for any help.

 

Kind regards.

Viewing all 15803 articles
Browse latest View live




Latest Images