Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Syslog and linux

October 16, 2014, 4:55 am
$
0
0

I'm currently using linux (as network device) and manually generated syslog messages for testing SolarWinds syslog messages.

 

I'm receiving syslog messages normally (there is some text in message field) but there is no information in sysname, community, tag, vendor etc...I'm aware that SolarWinds uses RFC 3164 format for syslog messages, but I don't know how to add those few fields in the same syslog message.

 

How SolarWinds does pick up those from the syslog message? How to add vendor, community etc to there..

 

message.PNG

 

Thanks..

Search

Help with kiwi snmp trap

October 21, 2014, 5:12 am
$
0
0

Hi

 

I testing kiwi and its look like its not translate the traps OID to text like in NPM trap viewer

 

10-21-201414:10:00Local7.Debug10.50.94.204community=LAB, enterprise=1.3.6.1.6.3.1.1.5.4, enterprise_mib_name=linkUp, uptime=2066020600, agent_ip=10.250.8.77, version=Ver2, ifIndex.1073741824=1073741824, ifAdminStatus.1073741824=testing, ifOperStatus.1073741824=7, 1.3.6.1.4.1.11307.10.10=10.50.94.204

 

 

Sure like the interface name and Up time in text.

:-)

traffic capture

November 6, 2014, 6:49 am
$
0
0

I've been tasked with looking into a method of capturing any traffic traversing a particular router interface to have it forwarded via syslog to secureworks for monitoring. Does anyone have any ideas on how to set this up? I was thinking of port mirroring on the switch but not sure where to go from there.

 

Thanks,

 

Larry

Syslog alerts

November 26, 2014, 7:30 am
$
0
0

Looking for a tool to send a real-time email alert when the number of builds to a specific IP address from any single machine exceeds 100 in a minute.  Does anyone have experience with a tool that can accomplish this?

 

We are the paid version Kiwi Syslog to filter the log and output interesting traffic to a file.

 

Walt

Kiwi syslog - how to export syslog Defense Center 3500 to kiwi syslog server

December 11, 2014, 10:52 pm
$
0
0

Hi,

I'm looking for a guide/documentation for exporting syslog from Sourcefire DC 3500 to kiwi syslog server. This is my first time using kiwi syslog  server. I'm requesting guidance from all of you because I would like to see how this product working.

Kiwi Syslog WebAccess Installation Error (error code is 2869)

October 27, 2010, 8:29 pm
$
0
0

*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit

Our client encountered a Kiwi Syslog WebAccess installation error.

The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.

*The client stopped Anti-Virus service before the installation.

 

Are there some information to resolve the problem?

Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0

September 12, 2013, 5:15 am
$
0
0

After upgrade, when I start the Kiwi Syslog app I get a box that comes up and says "Trial version of ActiveSkin control" and I need to click OK.  Anyone else see this?

 

Debbi

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am
$
0
0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

  • Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
  • Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
  • Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Search

Filtering out certain messages in Kiwi Syslog...

January 10, 2013, 8:12 am
$
0
0

Hello,

 

I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:

 

"port D10-High collision or drop rate."

 

D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.

 

The only problem is that there is no space between D10 and "-High"

 

And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."

 

Is the only way to do this by putting 16 separate filters like so: ...?

 

"D1-High"

"D2-High"

"D3-High"

...."D16-High"

 

or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).

 

You input is appreciated. Thank you.

What are Your Favorite Kiwi Syslog Server Highlighting Rules? (Non-Web)

May 3, 2013, 3:21 pm
$
0
0

Many of us still use Kiwi Syslog Server's GUI "Service Manager" to watch logs rather than Kiwi's web interface.  Over time

 

My Favorite Highlighting Rules

 

This is my favorite set of Highlighting Rules in action:

 

KiwiSyslog_Final_NoIcons.png

 

Notice that I don't use Kiwi's icons.  If you don't use them either, you can turn off all icons by unchecking "View | Show/Hide Columns | Icons" from the main Service Manager menu. 

 

To implement this configuration on your Kiwi Syslog Server, make sure the following lines are in the INI file you import into Kiwi Syslog Server.  (See next section for instructions.)

 

[Highlighting]

HighlightCount=8

H001=MAkyCUVtZXJnCTE2Nzc3MjE1CTQ5MzI4NDQJMAkwCTAJMQkxCTEJMAkwCWtzZF9Qcmlvcml0eUljb24y

H002=MAkyCUFsZXJ0CTAJNDkzMjg0NAkwCTAJMAkxCTEJMQkwCTAJa3NkX1ByaW9yaXR5SWNvbjI=

H003=MAkyCUNyaXQJMAk0NjI5NzQ4CTAJMAkwCTEJMQkxCTAJMAlrc2RfUHJpb3JpdHlJY29uMg==

H004=MAkyCUVycm9yCTAJMzIxMDQ5MgkwCTAJMAkxCTEJMQkwCTAJa3NkX1ByaW9yaXR5SWNvbjQ=

H005=MAkyCVdhcm4JMAk0Nzc5MjU2CTAJMAkwCTEJMQkwCTAJMAlrc2RfUHJpb3JpdHlJY29uNA==

H006=MAkyCU5vdGljZQkxNjc3NzIxNQk3MDYxODU0CTAJMAkwCTEJMQkwCTAJMAlrc2RfQmxhbms=

H007=MAkyCUluZm8JMTQzMjY4NDcJMTY3NzcyMTUJMAkwCTAJMQkxCTAJMAkwCWtzZF9CbGFuaw==

H008=MAkyCURlYnVnCTEyNjMyMjU2CTE2Nzc3MjE1CTAJMAkwCTEJMQkwCTAJMAlrc2RfQmxhbms=

...

[Properties]

DisplayColumnsEnabled=223

 

How to Import/Export Service Manager Highlighting Rules

 

Although the Service Manager doesn't include a facility to import/export Highlighting Rules, it does include a facility to import/export the entire Kiwi Syslog Server configuration as an INI file.  To use this to import/export your Highlighting Rules:

  1. Stop the Kiwi Syslog Service.
  2. Select "File | Export settings to INI file" from the Service Manager's main menu.  Save the INI file.
  3. Make a copy of the exported INI file in case as a backup (in case the import of your modified file doesn't work). 
  4. Open the INI file with notepad or an appropriate text editor.
  5. Find the [Highlighting] tag. Make the necessary changes, and double-check your value of "HighlightCount".
  6. Optionally, find the [Properties] tag and the "DisplayColumnsEnabled" property just below it.  Make changes.  (Or set/reset to "255" to turn everything back on.) 
  7. Save the INI file.
  8. Select "File | Import settings from INI file" and import your modified file. 
  9. Close and relaunch the Service Manager application.  (Optionally, select "View | Highlighting options" after relaunching to see if your INI file changes worked.) 
  10. Start the Kiwi Syslog Service. 

 

Remember also that Highlighting Rules only work in the Syslog Server Comparison | Kiwi Free vs Kiwi Commercial.  You can apply INI files to the Free Edition, but Highlighting Rules will be ignored.

 

Default Highlighting Rules

 

The default Highlighting Rules in action:

KiwiSyslog_Original.png

 

To implement (or reset) this configuration, make sure the following lines are in the INI file you import into Kiwi Syslog Server. 

 

[Highlighting]

HighlightCount=8

H001=MAkyCUVtZXJnCTY1NTM1CTI1NQkwCTAJMAkxCTEJMAkwCTAJa3NkX1ByaW9yaXR5SWNvbjA=

H002=MAkyCUFsZXJ0CTYyOTE0NTYJNTA0MzEJMAkwCTAJMQkxCTAJMAkwCWtzZF9Qcmlvcml0eUljb24x

H003=MAkyCUNyaXQJNjI5MTQ1Ngk2NTUzNQkwCTAJMAkxCTEJMAkwCTAJa3NkX1ByaW9yaXR5SWNvbjI=

H004=MAkyCUVycm9yCTIxMwkxMjkxMDU5MQkwCTAJMAkxCTEJMAkwCTAJa3NkX1ByaW9yaXR5SWNvbjM=

H005=MAkyCVdhcm4JMAkxNTI2Mzk3NgkwCTAJMAkxCTEJMAkwCTAJa3NkX1ByaW9yaXR5SWNvbjQ=

H006=MAkyCU5vdGljZQk0MjEwNzUyCTE2Nzc3MjE1CTAJMAkwCTEJMQkwCTAJMAlrc2RfUHJpb3JpdHlJY29uNQ==

H007=MAkyCUluZm8JODM4ODYwOAkxNjc3NzIxNQkwCTAJMAkxCTEJMAkwCTAJa3NkX1ByaW9yaXR5SWNvbjY=

H008=MAkyCURlYnVnCTI0NTc2CTE2Nzc3MjE1CTAJMAkwCTEJMQkwCTAJMAlrc2RfUHJpb3JpdHlJY29uNw==

...

[Properties]

DisplayColumnsEnabled=255

 

Discussion

 

What are YOUR favorite Kiwi Syslog Server highlighting rules?  Please paste a screenshot and the [Highlighting] section from your Kiwi INI export below. 

Maximum number of TCP connections has been reached. Not accepting connection.

July 9, 2014, 7:38 am
$
0
0

KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.

Why? Thanks..

Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

March 18, 2011, 4:43 am
$
0
0

Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log

is see  the below message repeating itself:

 

 

2011-03-18 10:54:01     Licensed action was found in settings and disabled.

2011-03-18 10:54:01     Licensed action was found in settings and disabled.

2011-03-18 13:37:56     Licensed action was found in settings and disabled.

2011-03-18 13:37:57     Licensed action was found in settings and disabled.

2011-03-18 13:37:57     Licensed action was found in settings and disabled.

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm
$
0
0

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2.  Trying to capture syslog from a Cisco ASA 5510.  I have confirmed that the syslog events are hitting the server with Wireshark.  Nothing is coming through to Kiwi Syslog.  Current settings are all default.  No filters in place.  Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

Syslog alerts

November 26, 2014, 7:30 am
$
0
0

Looking for a tool to send a real-time email alert when the number of builds to a specific IP address from any single machine exceeds 100 in a minute.  Does anyone have experience with a tool that can accomplish this?

 

We are the paid version Kiwi Syslog to filter the log and output interesting traffic to a file.

 

Walt

Search

Kiwi Syslog Web Access Filter Wildcard?

December 9, 2009, 11:47 am
$
0
0

My question is - in creating a Kiwi (v9.0.3) Syslog Web Access filter to filter on a certain string within the Syslog message text, is there a wildcard character that I can use?  Thanks for any help! bp

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server.  Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders.  (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

 

 

External link to Jing: autosplit - justinfinley's library

 

Video Guide:

  • 0:00 Opening Kiwi Syslog's configuration dialog
  • 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
  • 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

 

Remember to "LIKE" this if you find it useful - that helps other find it too!

How to load-balance Kiwi Syslog servers

December 23, 2013, 12:31 pm
$
0
0

I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).

 

The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).

 

So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.

 

Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.

 

Thanks!

- Leon

Kiwi Syslog Server 9.4 Free Collecting SNMP from GNS3 Cloud

September 15, 2014, 1:20 pm
$
0
0

This is probably me being silly.

I have defined a cloud MS loopback from GNS3 emulated router. Wireshark can see the packet. If I replace Kiwi with a quick VB programme it can see the record but I can not get Kiwi to display the record.

 

Regards Conwyn

 

Waiting for broadcast

Received broadcast from 10.10.10.1:65347 :

0j☻☺ ♦♠public?]♠        +♠☺♦☺           +☻@♦

☺☻☺♠☻☺☺C♥6"[0?0‼♠♫+♠☺♦☺         +☺☺♠☺♥‼☻☺☺0‼♠♫+♠☺♦☺             +☺☺♠☺♦‼☻☺☻0‼♠♫+♠

☺♦☺             +☺☺♠☺♣‼☻☺♥

Waiting for broadcast

 

Here is Kiwi

How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

May 31, 2013, 9:50 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to resolve IP addresses into hostnames in Kiwi Syslog Server.

 


External link to Jing: DNS Resolution - justinfinley's library

 

Video Guide:

  • 0:00 Watching traffic come in with unresolved IP addresses
  • 0:10 Turning on IP address resolution (this affects what appears in the "Hostname" column)
  • 0:20 Turning on in-message IP address resolution (this is optional, can be slow, and affects what appears in the "Message" column)
  • 0:27 A quick glance at the DNS server settings (which DNS server to use, whether NetBIOS is to be used, etc.)
  • 0:29 A quick glance at the DNS cache settings
  • 0:30 Turning on resolution of frequently-uses IPs from a local hosts file (this is very fast, but ignores changes to DNS servers)
  • 0:35 How to edit the hosts file
  • 1:30 Watching traffic come in with properly resolved IP addresses

 

Remember to "LIKE" this if you find it useful - that helps others find it too!

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>