We are looking into sending messages to Kiwi Syslog from a few login scripts. I have seen some references to a command line utility named klog.exe as well as some DLLs (and other VB libraries). However, I cannot find a way to download them or find them on the Kiwi Syslog server. Are these tools still available? If so, where? If not, why?
I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back
on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.
Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
During installation of Syslog Web Access, you are prompted for a userid and password. The password can be changed at any time easily.
But how does one change the userid? Where is it stored?
We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again. But having already asked us once, it did not ask us again.
My first post, i wish to share you some tips i found.
My main goal was to have access to the kiwi web site working with SSL...
But looking at Cassinni Web Server, it wasn't possible.
After searching more on this forum I found a post about a Rewriting Module with Apache ; so why dont we do it with IIS ?
Here we go !
Setup
- Win 2008 R2 , IIS 7 (with auth modules etc ...) , at least a working SSL certificate for the HTTPS listener (this post will not cover how PKI works, certs installation etc .... sorry).
- We will use the ARR 2.0 module x64 for IIS... See References at bottom for DL link, install it.
- A running Kiwi Syslog Server and the Web Access working on port 8088. Access via a browser works on this port.
Goal
- Enable the rewrite/proxy module in IIS
- Create a new IIS Web Site with HTTPS Listener on TCP Port 8090
- Create a rule to rewrite requests from 8090 to 8088
Now you can access from an "admin desktop" to this new SSL web site ...
Configure your firewalls to forbid access on port 8088 to this server (or/and configure the internal Windows Firewall of this server to allow only Localhost connection on 8088).
If I were to install KiwiSyslog Server on an offline server without access to the Internet, How do I download the prerequisites? Where can I find them? Anyone has the exact location it would be great. I am installing it on a Windows Server 2008 64 Bit R2 Server.
Microsoft .NET Framework and C++ 2008 Redistributable package are easy to come by, but for the others, it's a little difficult to get it exactly.
Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server
Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
Enables definition of filters that describe which events are forwarded
How to get it:
If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.
I have setup my KIWI syslog server to listen for SNMP traps, successfully. Is there a way to setp KIWI, or an available action to forward the SNMP traps to other SNMP trap receivers as KIWI receives them.
I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
I am testing Kiwi Syslog Server Service edition with Evaluation Version....
I am running Kiwi on a 2008r2 SP1 (R2 is x64).
I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:
" The service did not respond to the start or control request in a timely fashion "
I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.
I created the debugging value to see what happening on startup, but i have only :
2011-11-21 18:50:19 Start-up file Initialized. 2011-11-21 18:50:19 Performing NT Service setup for Kiwi Syslog Server 2011-11-21 18:50:19 Service Starting - NTServiceSetup
--
When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :
2011-11-21 19:03:44 Start-up file Initialized. 2011-11-21 19:03:44 Performing NT Service setup for Kiwi Syslog Server 2011-11-21 19:03:44 Service Starting - NTServiceSetup 2011-11-21 19:03:44 Service startup triggered. Parameters: 2011-11-21 19:03:45 Startup entered 2011-11-21 19:03:45 About to initialise sockets 2011-11-21 19:03:45 Listening on InterApp TCP port 3300 2011-11-21 19:03:45 Listening on UDP port 514 2011-11-21 19:03:46 Message check timer started 2011-11-21 19:03:46 Startup completed
But for security reason i can't use an admin Account, i need to use the local system account.
--
I ran procmon to see what's wrong ; no errors about File/Registry denied access.
When using Local system account, the process stops here :
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7 2x AMD Opteron 6174 2.2GHz 12-core processors 32GB memory RAID-1 for OS/Syslog Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
2012-03-15 09:32:52 Command line license key accepted. 2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ *** 2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM ---------------------------
I have opened SolarWinds case #323438 regarding this.
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
I cannot find instructions anywhere for the recommended method of upgrading. Do I just run the setup? What about the log forwarder? The upgrade docs must be here somewhere and I just apparently am a failure when it comes to finding them.
I saw a posting back in May 2009 that was answered saying this isn't possible yet but was expected to be included in the next release.
Is there now a way to exclude events from being forwarded based on keywords in the message text? I'd like to reduce the "noise" level by not logging extremely routine events such as logins by my monitoring service account. Excluding by event id won't work for me as I only want to exclude certain logins.
With the massive amount of noise generated in Windows event logs it makes a lot of sense to limit the events sent by logforwarder to a central syslog server instead of sending everything and having it do all the filtering. Ideally regex for the filtering but even simple DOS-style wildcards would be useful, especially if a delimited list was allowed for 'OR' support. Filtering should support both include & exclude rules.