Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am
$
0
0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

  • Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
  • Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
  • Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Search

Mail Error Type Mismatch

February 13, 2013, 8:36 pm
$
0
0

Hi

 

I was wondering if any one has come across this error before, I am unable to find the cause

 

Errorlog.txt

2013-02-14 12:27:04    Mail error: Type mismatch

2013-02-14 12:27:04    Requeuing 2 e-mail messages. Will retry in 1 minute.

 

SendMailLog.txt

02-14-2013    12:27:04    PI    SMTP Server:   smtp.X.X.X.X

02-14-2013    12:27:04    PI    SMTP Port:   

02-14-2013    12:27:04    PI    SMTP Timeout:  30

02-14-2013    12:27:04    PI    Message to:   X@email.com

02-14-2013    12:27:04    PI    Message from: y@email.com

02-14-2013    12:27:04    PI    Subject:      Syslog message from HOST

02-14-2013    12:27:04    PI    Date:         Thu, 14 Feb 2013 12:27:04 +1000

02-14-2013    12:27:04    PI    Mail error: Type mismatch

 

I think it is resulting in delay in receiving emails and retransmissions

Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am
$
0
0

Hey all,

 

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior.  However, I can't seem to move the file.

 

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

 

Current configuration:

Log to Log File

Path and file name:  C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

 

If I test the configuration, I can see the test messages in the location noted about.  However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

 

There are three local users, all of which show the same configuration.

 

I have tried deleting and recreating the Log to Log File rule.  No change.

I have tried starting and stopping the service.  No change.

I have tried exporting the system settings, and then reimporting them.  No change.

I have tried searching the registery for the old location.  Nothing found.

 

I have two theories.

1.  The settings are locked for some reason.

2.  The settings are stored somewhere else.

 

Any help would be great.

 

Thanks,

 

Aaron

Solarwinds Padawan

SDEE compatibility with Kiwi Syslog Server

May 29, 2009, 10:31 am
$
0
0

Dear all,

As far as I know, the Kiwi Syslog Server won't support the SDEE packets generated by Cisco IPS before the version 9.1.0

However, until launching this version, does anyone have any idea how to collect the SDEE packets from the Cisco IPS and convert them to syslog packets in order to be saved under the Kiwi Syslog Server?

 

Thank you

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm
$
0
0

I am setting up a kiwi syslog server.  Running into a problem with the filtering not working the way I would expect.  I have used Kiwi but that was several years ago.  I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch. 

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2".  On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup.  I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem.  Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.


Ron

Syslog 9.1 log to sql database error

October 11, 2010, 2:10 pm
$
0
0

Hello all,

I keep getting the below errors when trying to send info to our SQL database.

2010-10-10 16:49:39     DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]

I have setup the the log to database using the built in sql file format as well as creating one from scratch.  What I don't get is that every time I use the debug command, the table gets updated properly without any errors.  But when I apply my settings the log file gets filled with errors.  I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.  

 

Any help would be greatly appreciated.

 

Thank you,

Giuseppe

Changing the userid for Syslog Web Access

October 13, 2009, 2:06 pm
$
0
0

During installation of Syslog Web Access, you are prompted for a userid and password.  The password can be changed at any time easily.

But how does one change the userid?  Where is it stored?

We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again.  But having already asked us once, it did not ask us again.

Thanks,

 

-Ken

Kiwi Syslog Server Web Access can't start

November 26, 2010, 4:44 am
$
0
0

Hello!

I install Kiwi Syslog Server & Web Access.

 Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:

"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"

What's problem?

Version 9.2

Search

DBLogger error message question

January 6, 2011, 7:09 am
$
0
0

Good morning all.  I'm using SYSLOG version 9.1 to forward a syslog web filter output to a MSSQL 2005 Enterprise SQL Server, and am getting the following errors in the SYSLOG error log.  

I spent about 90 minutes on the phone with KIWI tech support in a webex troubleshooting this yesterday, to no avail.   What we found is...

No errors in any of the SQL logs
Periodic = on and off population of records to the target table.

No clear reason why this error is being generated, or why the table is not being consistently populated.

Any thoughts on how to further troubleshoot this would be appreciated!

Thanks...

 

2011-01-05 22:43:37 DBLogger.ClearQueue aborted with error: Database error executing SQL statement: [Microsoft][ODBC SQL Server Driver][SQL Server]The statement has been terminated. [Syslogd_TaskEngine.exe 2.5.151] (-2147217833) INSERT INTO SyslogA (MsgDate, MsgTime, MsgPriority, MsgHostname, Type, Protocol, Time, Action, IP, Profile, UserName, Bandwidth, URL, Rating, Duration, Method, Status, Mime) VALUES ('2011-01-05','10:17:07','Local4.Info','10.0.1.11','Jan  5 10:17:07 iprism: WEB','http','1/5/2011 6:17:07 PM','P','10.32.40.150','Staff','cksduser\louannd','1058','http://www.bing.com/travel/data/airAutoComplete?c=hou&a=SEA&o=false&random=1294251418430','travel','0','HTTPGET','200','text/javascript') : C:\Program Files\Syslogd\DBCache\dfc0f4f563aa972e8e5c70976c366c3f [Line:580]

How can i make report of nodes synched with syslog server???

February 18, 2013, 3:22 am
$
0
0

I want to make a report which shows the devices of a region synched with the syslog server. How can i do that kindly tell me if anyone knows????

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Syslog Server Vs .GFI Event manager

August 16, 2010, 6:04 am
$
0
0

Hi,

Kindly share with me the difference between Syslog Server Vs .GFI Event manager.

 

Reg,

B.Patturaj

Unable to login to KiwiSyslog Webaccess

December 7, 2010, 12:32 am
$
0
0

Hi all !

past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:

" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.

Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "

I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:

2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)

2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!

Do you have any suggestions for me?

Thanks in advance!

Dan

Auto Purge Kiwi Database

February 24, 2011, 4:21 pm
$
0
0

I recently had my Kiwi Syslog server DBCache folder filled with over 20GB of cache files.

This was resolved by purging the cache with the "Purge Database Cache" button on the Kiwi menu, however I would love to do this daily or on a schedule when needed.


Is there an easy way to do this or is there an .exe file in the Syslogd folder that I can call on a schedule to perform this task ?

 

Thanks,

Kiwi syslog server and windows cluster.

June 7, 2011, 9:53 pm
$
0
0

Hi,

I have a cluster of 2 windows 2008 servers. I don't know anything about windows clustering but am wondering if I can install kiwi syslog server onto the cluster so it can failover from one box to the other? I could then point my network devices at the floating address I'd hope?

Might anyone be able to advise please?

Thanks a lot.

Search

Kiwi Syslog failed to start - error code 1053 - System local account

November 21, 2011, 10:22 am
$
0
0

Hi people !

 

I am testing Kiwi Syslog Server Service edition with Evaluation Version....

I am running Kiwi on a 2008r2 SP1 (R2 is x64).

 

I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:

"  The service did not respond to the start or control request in a timely fashion "

 

I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.

I created the debugging value to see what happening on startup, but i have only :

2011-11-21 18:50:19    Start-up file Initialized.
2011-11-21 18:50:19    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 18:50:19    Service Starting - NTServiceSetup

--

When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :

2011-11-21 19:03:44    Start-up file Initialized.
2011-11-21 19:03:44    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 19:03:44    Service Starting - NTServiceSetup
2011-11-21 19:03:44    Service startup triggered. Parameters:
2011-11-21 19:03:45    Startup entered
2011-11-21 19:03:45    About to initialise sockets
2011-11-21 19:03:45    Listening on InterApp TCP port 3300
2011-11-21 19:03:45    Listening on UDP port 514
2011-11-21 19:03:46    Message check timer started
2011-11-21 19:03:46    Startup completed

 

But for security reason i can't use an admin Account, i need to use the local system account.

--

I ran procmon to see what's wrong ; no errors about File/Registry denied access.

 

When using Local system account, the process stops here :

 

--

When using an Admin account , the process starts, and "hits" an .INI file (KRDP_Sessions.ini) :

 

--

 

Can you have any information on this ?

 

Regards,

Windows event log forwarder for Windows NT

October 25, 2012, 3:11 am
$
0
0

arHi

 

I have been looking for user manual for windows event log forwarder, but no success so far, basically I just want to find out if windows event log forwarded is compatible with Windows NT Server/Workstation

 

 

Thanks

Filtering out certain messages in Kiwi Syslog...

January 10, 2013, 8:12 am
$
0
0

Hello,

 

I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:

 

"port D10-High collision or drop rate."

 

D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.

 

The only problem is that there is no space between D10 and "-High"

 

And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."

 

Is the only way to do this by putting 16 separate filters like so: ...?

 

"D1-High"

"D2-High"

"D3-High"

...."D16-High"

 

or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).

 

You input is appreciated. Thank you.

Kiwi Syslog fails to work properly unless service runs as Domain Admin

October 12, 2012, 1:18 am
$
0
0

    Hi All,

 

I hope somebody can help, as I have been pulling my hair out trying to understand what is going on.

I am completely new to Syslog, and was asked to replace or log server recently.

Eagerly I setup a new Server 2008R2 VM, and installed our version of Syslog: (Version 8.3.48 - Registered but out of support)

 

I exported our config from the old box, imported it into the new machine and switched IPs. Straight away, logs started appearing, and I thought all would be well.

 

Now, the logging works, but here is where the problems occur:

 

We use log file rotation set to 1 day max age.

We run verious schedules which move log files to a file server. One schedule copies the locally aged logs to our file server. The other copies performance logs from another server to the file server.

We then also run a prune and clean up task on the file servers log store.

 

When I use a service account with domain admin membership (As well as domain user and backup operator) this all works fine. The log files are rotated, the prune tasks take place and the log files are moved. The email alerts also work for each task.

 

We are trying to do away with service accounts which are domain admins, so I created a service account with just Domain user and backup operator membership. I then made this account local admin on all servers it needs to carry out tasks on, and set it to have access to all the shares.

 

However, when using this account nothing appears to work.

 

Log file rotation:

The log files do not rotate. Sometimes there is a load of entries in the log saying something to the effect of "Log file rotation ignored. Registered version feature"

 

Schedules:

Only 1 of the schedules runs, and even this is temperamental. Some mornings it has run others it has not.

The prune tasks do not run.

It appears to just ignore the tasks.

 

 

So, I guess the question really is, what access does Kiwi Syslog require? Why does nothing appear to work when using a local admin account as opposed to a domain account.

 

Thanks for reading

KIWI syslog service manager vs. syslog webaccess

February 12, 2013, 8:11 am
$
0
0

Hello group!

Is there a difference between what we see in the KIWI Syslog Service Manager and what we see in the KIWI Syslog Web Access? We currently have one of our appliances sending SNMP traps to KIWI, however I am trying to run a script that is looking for a particular attribute in the SNMP trap which is cldcClientIPAddress.0

What is strange is, I see this information in the KIWI Syslog Web Access monitor but I do not see it in the KIWI Syslog Service Manager. I have gone through all of the options within the service manager and cannot figure this one out.

 

Any assistance would be appreciated!

 

GMF

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>