I noticed that Ultidev has a version of that webserver newer than the one distributed with Kiwi Syslog 9.4.2. Has anyone update the Ultiweb separately from the Kiwi bundle?
↧
Has anyone upgraded the Ultidev web server that is bundled with Kiwi Syslog?
↧
SYSLOG error with windows server 2012
Hi
i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog 6 Application 127 lun giu 08 17.03.41 2015 1003 Microsoft-Windows-Security-SPP N/A Information srv-av.astergenova.it 0 The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."
do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed
↧
↧
syslog server backup and restore
Hi,
I am in the process of moving kiwi syslog server v9 from one system to other system. want to check if there is a simple process to migrate all settings instead of reconfiguring.
Thanks,
Sridhar
↧
Syslog Manager fails to start on win 8.1
syslog_manager.exe 9.4.0.1 will not open correctly on windows 8.1. The process starts and can be seen in task manager, but closes a few second later. No GUI is seen at all not even the splash screen or the notification area icon.
there are no logs inside:
C:\Program Files (x86)\Syslogd\Dated logs
C:\Program Files (x86)\Syslogd\Logs
i tried calling (Service – Debug start-up: www.kiwisyslog.com/help/syslogd7/index.html?adv_reg_servicedebugstart_up.htm):
syslog_manager.exe DEBUGSTART
syslog_manager.exe /DEBUGSTART
syslog_manager.exe -DEBUGSTART
syslog_manager.exe --DEBUGSTART
but still no log or debug log files are created in the C:\Program Files (x86)\Syslogd directory or any of its sub directories.
i checked the window event log and found the same four error reoccurring every time the syslog_manager.exe is started up
==============================
Error 1
==============================
Fault bucket -339880763, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Manager.exe
P2: 9.4.0.1
P3: 5256d7ac
P4: StackHash_4527
P5: 0.0.0.0
P6: 00000000
P7: c000041d
P8: PCH_1C_FROM_actskn43+0x00014197
P9:
P10:
Attached files:
C:\Users\user\AppData\Local\Temp\WER7A1F.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Syslogd_Manager._1c26be14be8bc7e884ee84c763454f0becaea_d6be21d2_0a3f7cfe
Analysis symbol:
Rechecking for solution: 0
Report ID: 89cea6aa-4b23-11e3-befa-001b63a57b6a
Report Status: 0
Hashed bucket: ee82e4cf87c028d8fde4d29d457939f8
==============================
Error 2
==============================
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.1, time stamp: 0x5256d7ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x040705b8
Faulting process ID: 0xbe0
Faulting application start time: 0x01cedf304b48bb7b
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report ID: 89cea6aa-4b23-11e3-befa-001b63a57b6a
Faulting package full name:
Faulting package-relative application ID:
==============================
Error 3
==============================
Fault bucket 50, type 5
Event Name: BEX
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Manager.exe
P2: 9.4.0.1
P3: 5256d7ac
P4: StackHash_f2c9
P5: 0.0.0.0
P6: 00000000
P7: PCH_3D_FROM_ntdll+0x0003C1AC
P8: c0000005
P9: 00000008
P10:
Attached files:
C:\Users\user\AppData\Local\Temp\WER7676.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Syslogd_Manager._4bac366436d77f4150a9f635e3ff4264d568c57d_d6be21d2_070f7973
Analysis symbol:
Rechecking for solution: 0
Report ID: 893e635c-4b23-11e3-befa-001b63a57b6a
Report Status: 0
Hashed bucket: 18c71da6583848b95798fbf0fc6b19c1
==============================
Error 4
==============================
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.1, time stamp: 0x5256d7ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x040705b8
Faulting process ID: 0xbe0
Faulting application start time: 0x01cedf304b48bb7b
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report ID: 893e635c-4b23-11e3-befa-001b63a57b6a
Faulting package full name:
Faulting package-relative application ID:
↧
New - Kiwi Filtering
New to Kiwi,
Trying to filter a single IP.
Using Hostname "10.10.0.201" (with case sensitive/without substring).
Messages are already being recorded and displayed in a CatchAll Rule filter but aren't being picked up by a separate rule with a single filter displaying to a different display screen.
Any suggestions are appreciated.
↧
↧
DBCache folder accumulation (log to database action)
I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?
Thanks,
Caleb
Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.
Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD
SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server
↧
Not Able to forward logs from Unix device to syslog server
Configured the syslog.conf file successfully, restarted services, checked IP tables - IPtable disabled, Logs are getting generated in the mount point, still logs are not getting delivered to syslog server. Why ?
Please suggest.
↧
Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c
Hello Everybody.
I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.
Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.
Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.
Can anyone help?
I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.
Thank you very much.
↧
Syslog messages format
Why, when I send to Kiwi Syslog Server a message like "<25>Jul 10 18.04.33 Hostname Appname Message", it only understand the priority, but the timestamp and hostname has ignored and the log look like "2015-07-10 18:04:33 127.0.0.1 Daemon.Alert Jul 10 18.04.33 Hostname Appname Message"
↧
↧
Problem with filtering in Kiwi Syslog
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
Any suggestions are appreciated.
Ron
↧
Filtering out certain messages in Kiwi Syslog...
Hello,
I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:
"port D10-High collision or drop rate."
D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.
The only problem is that there is no space between D10 and "-High"
And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."
Is the only way to do this by putting 16 separate filters like so: ...?
"D1-High"
"D2-High"
"D3-High"
...."D16-High"
or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).
You input is appreciated. Thank you.
↧
Sending events from Cisco 3750 switch
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
↧
Kiwi SysLog Web Access Not Working after Upgradeing WhatsUpGold
Both applications have been running on the same server for several years. This is a Windows 2008 R2 64 bit machine, running the Army AGM.
WuG is now working 16.x
One of the things IPSwitch had me try to do, to fix WuG was install SQL Server Express 2008 R2
Kiwi Syslog (KSL) is version 9.3.4, the Kiwi Syslog Server Console "Is" working, only Web Access is down.
I tried to reinstall KSL, it worked, but somehow then WuG web access went down, I had to repair IIS and .NET
WuG uses 443, trying to get KSL to use 8088 (previously used) or 8888
When I try to access (even just Browse Web Site from IIS) I get:
"Error An unknown error occurred requesting resource /
Click here to log in"
When I click the link:
"Error An unknown error occurred requesting resource
/Gateway.aspx
Click here to log in"
At this point it just loops.
In IIS, I deleted the original website and created a new one. Path I used is:
C:\Program Files (x86)\SolarWinds\Kiwi Syslog Web Access\html
↧
↧
Kiwi Syslog WebAccess Installation Error (error code is 2869)
*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit
Our client encountered a Kiwi Syslog WebAccess installation error.
The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.
*The client stopped Anti-Virus service before the installation.
Are there some information to resolve the problem?
↧
Kiwi Syslog Server Web Access can't start
Hello!
I install Kiwi Syslog Server & Web Access.
Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:
"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"
What's problem?
Version 9.2
↧
How to load-balance Kiwi Syslog servers
I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).
The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).
So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.
Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.
Thanks!
- Leon
↧
RFC 5424 support?
Currently Kiwi Syslog Server 9.x release supports syslog based on RFC 3164. Are there any plans to add support for RFC 5424 in a future release?
Thank you,
David
↧
↧
Not Able to forward logs from Unix device to syslog server
Configured the syslog.conf file successfully, restarted services, checked IP tables - IPtable disabled, Logs are getting generated in the mount point, still logs are not getting delivered to syslog server. Why ?
Please suggest.
↧
Syslog alert mails - frequency option? (3000+ mails from same device)
Hi all!
I cannot find an option to choose a mail output frequency for a syslog alert.
Over the weekend we get the same error 3000- times from one host .
Is it possible to minimize those mail flooding?
Actually every incoming syslog alert from the same host produces 1 mail.
My teammates are not amused about this, i can only turn off manually the whole mail action of my rule .
Pls, this is urgent.
Thank you very much!
lankienen
↧
Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.
Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log
is see the below message repeating itself:
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 13:37:56 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
↧