Log files which KIWI Syslog generate is in text format. Is it possible to encrypte this file or change the format of log files some how?
↧
Security of log files
↧
Changing the userid for Syslog Web Access
During installation of Syslog Web Access, you are prompted for a userid and password. The password can be changed at any time easily.
But how does one change the userid? Where is it stored?
We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again. But having already asked us once, it did not ask us again.
Thanks,
-Ken
↧
↧
kiwi syslog - why is my filename called %hostname and not the actual hostname
hi,
my files are created with the %hostname and look like this:
%hostname--2014-12-09
I have tried ip addresses in the hosts file and can ping -a to which resolves to a name.
I have checked that the DNS settings "resolve the IP address of the sending device"
Can anyone offer some more information. I am looking to purchase this but only using the 5 limit free download at the moment.
Cheers
Chris
↧
Log Forwarder for Windows (available to all Kiwi customers on maint)
What it does:
Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server
- Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
- Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
- Enables definition of filters that describe which events are forwarded
How to get it:
If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.
Try it out and let us know what you think!
↧
Problem with filtering in Kiwi Syslog
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
Any suggestions are appreciated.
Ron
↧
↧
Kiwi - Palo Alto User ID agent
I have written a perl script to take data from Kiwi, parse out some information and pass it into our Palo Alto UserID agent. It runs fine when I pass the message in on the command line but when I have kiwi run it (so to pull the data from kiwi) it fails with an error:
Error Info: invalid charater on line 1
My script looks like this:
sub Main() {
use PAN::API;
$string = Fields.VarCleanMessageText;
$SERVER = '127.0.0.1';
#Extract user and IP from string
if ($string =~ /(\w+)([.+]|(\s))(\w+)(\s|\+|.)(\d+\.\d+\.\d+\.\d+)/) {
$delim = ($3 eq "+") ? " " : $3;
$username = "$1\\$2$delim$5";
$ip_address = $7;
}
print "$username : $ip_address \n";
# Create User ID API connection
$uid=PAN::API::UID->new($SERVER);
#Post data to agent
$uid->add('login',$name,$address);
$uid->submit();
return "OK"; #return value for Kiwi
}
Thanks for any guidance.
Kevin
↧
Difference found in comparing running config for Cisco ASA firewall
I am running a comparison report on the startup config and running config on a Cisco ASA firewall.
It keeps reporting that there is a difference. On closer look it actually report the change on the display. Attached is the screenshot.
Please advice
Thanks.
Alex
↧
messages text regex
I'm using kiwi syslog ver 9.3. I'm getting the following syslog message that I'd like to modify before it displays on my screen.
Nov 19 16:17:38 opchmon0001 %OrionAlertEngine: .blu-c01-trd-csw02 is Down
All I care about is things after the colon, so essentially just blu-c01-trd-csw02 is Down
I created a regex filter to include ": .*" but this still doesn't work, but it seems like ti should. Does anyone have an suggestion to get this to work?
Thanks for looking,
Pete
↧
Maximum number of TCP connections has been reached. Not accepting connection.
KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.
Why? Thanks..
↧
↧
HOWTO exclude on keyword(s) with windows logforwarder
I saw a posting back in May 2009 that was answered saying this isn't possible yet but was expected to be included in the next release.
Is there now a way to exclude events from being forwarded based on keywords in the message text? I'd like to reduce the "noise" level by not logging extremely routine events such as logins by my monitoring service account. Excluding by event id won't work for me as I only want to exclude certain logins.
TIA
Bill
↧
SNMP Traps
My Kiwi syslog server will only receive snmp traps if I have both 'SNMP Traps' and 'UDP syslog' inputs selected. When the messages are received, they are not being translated which makes me think they are not going through the 'SNMP Trap' input and only being processed by the UDP input. The MIB database has the correct MIBs loaded for the messages being sent.
I have no filters running on the rule and the network device is configured correctly. What am I missing?
↧
KIWI EMail Alerts
Hello,
I have been working with Kiwi and trying to setup custom email alerts for a number of devices and have ran into an issue and wondering if anyone has any insight for me.
For Example if I setup the following email alerting Rule Set:
Critical Devices
+ Filters
+ IP Range = 192.168.0.1 - 192.168.0.55
+ Priority = All Facilities (Emerg + Alert)
+ Flags/Counters = Time Interval (60 Minutes)
+ Actions
+ E-Mail Message (MyEmail@email.com)
So with the above example I am just looking to get alerts for my critical devices, in this example they are all in the sub-net above, and the time interval is set to ensure that I am not getting bombarded with a ton of alerts in a short period of time.
The issue:
If I have two different devices that are triggering critical events at the same point in time, I will only get alerts from one of those devices based on the rule set above.
The Question:
Is there a way to configure ONE rule set to alert on a series of devices, and the flags and counters will only come into effect if its the SAME device sending the critical message within the time frame specified? Without creating a separate rule set for each critical device?
My Thoughts:
My Assumption is no this is not possible without creating different rule sets. If this is the case, I was thinking maybe the only way to accomplish what I want is VIA a script, my only issue would be is that if I create a script, I am unsure what command I would use to get Kiwi to stop processing the actions.
Ex. If critical alert comes in
check if alert has been processed in last 60 minutes
if yes
Exit
else
Send alert
end if
end if
Obviously that is very basic, but perhaps it can get the idea across. My issue is that I have no idea what I can do VIA script to tell Kiwi to stop processing actions after my script if my script determines the alerts have been sent in the last 60 minutes.
Sorry if this is confusing, please let me know if I should clarify anything.
Jamie
↧
Kiwi SysLog Web Access Not Working after Upgradeing WhatsUpGold
Both applications have been running on the same server for several years. This is a Windows 2008 R2 64 bit machine, running the Army AGM.
WuG is now working 16.x
One of the things IPSwitch had me try to do, to fix WuG was install SQL Server Express 2008 R2
Kiwi Syslog (KSL) is version 9.3.4, the Kiwi Syslog Server Console "Is" working, only Web Access is down.
I tried to reinstall KSL, it worked, but somehow then WuG web access went down, I had to repair IIS and .NET
WuG uses 443, trying to get KSL to use 8088 (previously used) or 8888
When I try to access (even just Browse Web Site from IIS) I get:
"Error An unknown error occurred requesting resource /
Click here to log in"
When I click the link:
"Error An unknown error occurred requesting resource
/Gateway.aspx
Click here to log in"
At this point it just loops.
In IIS, I deleted the original website and created a new one. Path I used is:
C:\Program Files (x86)\SolarWinds\Kiwi Syslog Web Access\html
↧
↧
KIWI SYSLOG lost its license & will not run after win 2k8r2 fixes update
Case #727763
Hello:
i need some help
After the server kiwi syslog server was updated for new MS security fixes. The kiwi syslog s/w lost it’s license.
When I tried to reinstall the license , we get another error telling us that “ we do not have enough privileges to active a license”
we are running a full system user that has full privileges
we then uninstall the kiwi syslog sw.
reboot the win 2008 R2 server
we than try to install “ Kiwi_Syslog_Server_9.3.4.setup” with web server click on
we get another error “the error code is 2869”
we then uninstall the kiwi syslog sw.
reboot the win 2008 R2 server
we than try to install “ Kiwi_Syslog_Server_9.3.4.setup” without web server clicks
we get another error telling us that “ we do not have enough privileges to active a license”
THE FOLLOWING INTERNAL PROGRAM ERROR HAS OCCURRED:
even though the version is 9.3.4 this error shows 9.3.3
Standard Version 9.3.4
Error Number: -2146233088
Description: Automation error
Module Name: License.cls
Procedure Name: Class_Initialize
Line Number: 50
Date and time: 04/12/2014 9:26:21 PM
i tried run v 9.4.1 it starts and then it ends
↧
Perl script to parse SNMP trap and set VarCustom01
I was trying the following script but I get no variable when trying to parse this way:
sub Main{
$source = $Fields->{VarRawMessageText};
my ($IP) = $source =~ /^\S+/;
$Fields->{VarCustom01} = $IP;
return "OK";
}
The VarRawMessageText should be the following: 127.0.0.1 1.2.131.24.14.1 etc etc
If I remove tags the agent_ip= is not that and the above regex should be correct but the script is not parsing it. I am using 8.3 of Kiwi (I do intend to upgrade but it's a production box)
I created a rule to run this script in the action and then I am calling %VarCustom01 to forward as the originator IP. The reason is I am forwarding SNMP traps from Cisco Prime to Kiwi and then to NCM. (there's some crazy logic as to why)
↧
kiwi syslog service crashes
I successfully installed Kiwi Syslog server (latest version) and successfully received 18.8 million logs in 5 – 6 hours and after that the application crashes and every time I re-start the service it keeps crashing. I too would like to know if this issue has been resolvable? and if so how was it done. We are required to log these messages because of audit regulations and we have multiple firewalls logging to this one server. If Kiwi cannot keep up kindly let us know or suggest any other option.
following are the system events:
Faulting application name: Syslogd_Service.exe, version: 9.4.0.1, time stamp: 0x5256d794
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000552a2
Faulting process id: 0x49c
Faulting application start time: 0x01cfedd553cc3c0b
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 98b25655-59c8-11e4-8349-005056bb1e35
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Service.exe
P2: 9.4.0.1
P3: 5256d794
P4: ntdll.dll
P5: 6.1.7601.18247
P6: 521ea8e7
P7: c0000005
P8: 000552a2
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d
Analysis symbol:
Rechecking for solution: 0
Report Id: 98b25655-59c8-11e4-8349-005056bb1e35
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Service.exe
P2: 9.4.0.1
P3: 5256d794
P4: ntdll.dll
P5: 6.1.7601.18247
P6: 521ea8e7
P7: c0000005
P8: 000552a2
P9:
P10:
Attached files:
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d
Analysis symbol:
Rechecking for solution: 0
Report Id: 98b25655-59c8-11e4-8349-005056bb1e35
Report Status: 0
↧
Manager always crashes on 2008 R2 x64
Hello,
I just installed 9.1 on a 2008 R2 x64 server. I installed it in service mode and when I run the manager, it just crashes immediately. When I install it in application mode, it works fine.
Here's the error info, any help would be appreciated, thanks!!
Problem signature:
Problem Event Name: APPCRASH
Application Name: Syslogd_Manager.exe
Application Version: 9.1.0.0
Application Timestamp: 4b78631b
Fault Module Name: StackHash_5b2b
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 02fe194e
OS Version: 6.1.7600.2.0.0.274.10
Locale ID: 1033
Additional Information 1: 5b2b
Additional Information 2: 5b2b4bbe2374c240b72f833a3ef7e30e
Additional Information 3: f660
Additional Information 4: f660de6916f397fec31d7584f0e23743
↧
↧
Adding devices to the Kiwi Syslog free version
Prior to receiving syslogs from the 5 devices (this is the limit in the free version) they will need to added under Setup\Inputs section. See below:
↧
Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!
Hello , kiwi friends!
I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.
I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.
http://knowledgebase.solarwinds.com/kb/questions/4386/
I have the following errors in the windows event viewer!
Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion
Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?
Thanks in advance.
↧
Syslogd_Service.exe crash - out of stack space
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
Log Name: Application
Source: Application Error
Date: 3/15/2012 10:42:42 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
<EventRecordID>2945</EventRecordID>
<Channel>Application</Channel>
<Computer>************</Computer>
<Security />
</System>
<EventData>
<Data>Syslogd_Service.exe</Data>
<Data>9.2.0.1</Data>
<Data>4d069c0f</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000a</Data>
<Data>91d0</Data>
<Data>01cd02c944ab6d53</Data>
<Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
<Data>unknown</Data>
<Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>
---------------------------
The following was in the Syslogd Errorlog.txt:
2012-03-15 09:32:52 Command line license key accepted.
2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------
I have opened SolarWinds case #323438 regarding this.
↧