Kiwi Syslog Service Keeps crashing

March 19, 2010, 11:05 am

≪ Previous: Changing the userid for Syslog Web Access

We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.

Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.

Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.

Thankyou in advance!

↧

No "log to file" saved

August 13, 2015, 9:41 am

≫ Next: Another copy of Kiwi Syslog Server Service manager is already running.

≪ Previous: Kiwi Syslog Service Keeps crashing

I am using the free version 9.4 of Kiwi Syslog. I have it setup to "log to file" D:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-%DateISO.txt

The problem i am seeing now is that when I go to the location where the log file should be saved:

D:\Program Files (x86)\Syslogd\Logs\

I can only see log files for those date that I launched the Kiwi Syslog Server application. I thought with that setting, regardless if I launch the Kiwi Syslog Server application or not, the log file should still be collected and saved.

Anyone get any idea?

↧

Another copy of Kiwi Syslog Server Service manager is already running.

August 13, 2015, 11:59 am

≫ Next: SNMP forwarding

≪ Previous: No "log to file" saved

If you get this message:

You can check the system tray:

If Kiwi Syslog Server does not show up, you will want to go into Task Manager and End task on Syslogd_Manager.exe:

↧

SNMP forwarding

July 5, 2010, 5:55 am

≫ Next: How can a c# .Net client application detect when server connection is lost by closing Kiwi Syslog Server application

≪ Previous: Another copy of Kiwi Syslog Server Service manager is already running.

All

I have setup my KIWI syslog server to listen for SNMP traps, successfully. Is there a way to setp KIWI, or an available action to forward the SNMP traps to other SNMP trap receivers as KIWI receives them.

Thanks

KIWI New Guy

↧

How can a c# .Net client application detect when server connection is lost by closing Kiwi Syslog Server application

August 14, 2015, 8:54 am

≫ Next: Kiwi Syslog WebAccess Installation Error (error code is 2869)

≪ Previous: SNMP forwarding

I am sending messages to kiwi syslog server from c# .net client application using TCP.

The issue scenario is as given below.

1. Connect to kiwi syslog server from client app.

2. Close kiwi syslog server.

3. Now send 2 messages from client app to kiwi server.

4. First message is sent successfully without any exception

5. Second message is not sent and it throws an exception " Unable to write data to the transport connection: An established connection was aborted by the software in your host machine." (which is the desired behavior).

I expect the exception for the first message also since I closed the kiwi syslog server before sending both messages.

Is there a way to detect the connection loss immediately in client side when kiwi server is closed?

Code snippet

//Connection to kiwi server is established using this method

public void Connect()

{

var tcpClient = new TcpClient(hostname, port);

tcpClientStream = tcpClient.GetStream();

//Message is send using the below method.

public void Send(SyslogMessage message, IMessageSerializer serializer)

{

tcpClientStream.Write(datagramBytes, 0, datagramBytes.Length);

tcpClientStream.Flush();

}

↧

Kiwi Syslog WebAccess Installation Error (error code is 2869)

October 27, 2010, 8:29 pm

≫ Next: How to Migrate Kiwi Syslog Server

≪ Previous: How can a c# .Net client application detect when server connection is lost by closing Kiwi Syslog Server application

*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit

Our client encountered a Kiwi Syslog WebAccess installation error.

The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.

*The client stopped Anti-Virus service before the installation.

Are there some information to resolve the problem?

↧

How to Migrate Kiwi Syslog Server

January 14, 2015, 10:55 am

≫ Next: Can not receive message from Cisco switch 3750

≪ Previous: Kiwi Syslog WebAccess Installation Error (error code is 2869)

There are 3 things that you need to consider when migrating Kiwi Syslog Server:

Configuration - to back them up, simply open the Kiwi Syslog Server Manager and click "File -> Export Settings to INI" .
Logs - Manually copy Syslog messages log files. Under Setup, look for all Log to file - action and take note of the path and file name.
License - Deactivate the license from the old server using License Manager Tool first so that you can transfer the license to the new server. Please take note that Activation Key will be different once the license is deactivated. You can refer to the following video for more detail information:
- http://knowledgebase.solarwinds.com/kb/questions/1915/How+Do+I+Use+License+Manager%3F

↧

Can not receive message from Cisco switch 3750

July 28, 2013, 11:37 pm

≫ Next: Syslog 9.1 log to sql database error

≪ Previous: How to Migrate Kiwi Syslog Server

Hello guys,

I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.

logging trap notifications

logging facility local5

logging 192.168.0.51

↧

Syslog 9.1 log to sql database error

October 11, 2010, 2:10 pm

≫ Next: Kiwi Syslog Server service has stopped with Error when I send a SNMP Trap(v1) to KSS v9.5 RC2.

≪ Previous: Can not receive message from Cisco switch 3750

Hello all,

I keep getting the below errors when trying to send info to our SQL database.

2010-10-10 16:49:39 DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]

I have setup the the log to database using the built in sql file format as well as creating one from scratch. What I don't get is that every time I use the debug command, the table gets updated properly without any errors. But when I apply my settings the log file gets filled with errors. I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.

Any help would be greatly appreciated.

Thank you,

Giuseppe

↧

Kiwi Syslog Server service has stopped with Error when I send a SNMP Trap(v1) to KSS v9.5 RC2.

August 6, 2015, 11:02 pm

≫ Next: No "log to file" saved

≪ Previous: Syslog 9.1 log to sql database error

Hello,

When KSS v9.5 RC2 received a SNMP Trap(v1), Kiwi Syslog Server service has stopped with Error.

Kiwi Syslog Server Version: v9.5 RC2(v9.5.0.323)

OS: Windows Server 2008 R2 SP1

Errorlog.txt:

2015-08-06 15:29:18 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***

I can re-start it by Manage>Start the Syslogd service.

When KSS received the SNMP Trap again, Kiwi Syslog Server service has stopped with Error.

Please fix this problem.

Best Regards,

↧

No "log to file" saved

August 13, 2015, 9:41 am

≫ Next: Event Log Forwarder - Where is the Audit Failure Type?

≪ Previous: Kiwi Syslog Server service has stopped with Error when I send a SNMP Trap(v1) to KSS v9.5 RC2.

I am using the free version 9.4 of Kiwi Syslog. I have it setup to "log to file" D:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-%DateISO.txt

The problem i am seeing now is that when I go to the location where the log file should be saved:

D:\Program Files (x86)\Syslogd\Logs\

Anyone get any idea?

↧

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm

≫ Next: Bind Kiwi Syslog Web Access to a specific IP address

≪ Previous: No "log to file" saved

Hi There,

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?

Thanks,

↧

Bind Kiwi Syslog Web Access to a specific IP address

July 13, 2015, 10:43 am

≫ Next: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

≪ Previous: Event Log Forwarder - Where is the Audit Failure Type?

You can use the UltiDev Web App Explorer to bind Kiwi Syslog Web Access to a specific IP address.

1. You will need to open the UltiDev Web App Explorer:

2. Click the Network Address tab:

3. Highlight the Host or IP address and click Edit:

4. Select Specify host name or IP address optioin, and enter the IP address to bind to, then click OK:

5. Finally you will want to Save the changes, and the stop and start the Monitoring Service:

↧

Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

April 13, 2015, 12:24 am

≫ Next: sys log server errors "FormatMessage failed with 1815" help please!!

≪ Previous: Bind Kiwi Syslog Web Access to a specific IP address

Hello Everybody.

I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.

Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.

Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.

Can anyone help?

I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.

Thank you very much.

↧

sys log server errors "FormatMessage failed with 1815" help please!!

April 8, 2015, 2:19 pm

≫ Next: Kiwi Syslog Server Log Location won't change.

≪ Previous: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

Good day Community,

I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.

Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.

I would really appreciate your humble assistance or comments.

Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015

4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544

The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be

found. Either the component that raises this event is not installed on your local computer or

the installation is corrupted. You can install or repair the component on the local computer.If

the event originated on another computer, the display information had to be saved with the

event.The following information was included with the event: S-1-0-0. FormatMessage failed with

error 1815, The specified resource language ID cannot be found in the image file.

↧

Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am

≫ Next: How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

≪ Previous: sys log server errors "FormatMessage failed with 1815" help please!!

Hey all,

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

Current configuration:

Log to Log File

Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

There are three local users, all of which show the same configuration.

I have tried deleting and recreating the Log to Log File rule. No change.

I have tried starting and stopping the service. No change.

I have tried exporting the system settings, and then reimporting them. No change.

I have tried searching the registery for the old location. Nothing found.

I have two theories.

1. The settings are locked for some reason.

2. The settings are stored somewhere else.

Any help would be great.

Thanks,

Aaron

Solarwinds Padawan

↧

How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

May 31, 2013, 9:50 am

≫ Next: Windows 2012 error for Kiwi Manager

≪ Previous: Kiwi Syslog Server Log Location won't change.

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to resolve IP addresses into hostnames in Kiwi Syslog Server.

External link to Jing: DNS Resolution - justinfinley's library

Video Guide:

0:00 Watching traffic come in with unresolved IP addresses
0:10 Turning on IP address resolution (this affects what appears in the "Hostname" column)
0:20 Turning on in-message IP address resolution (this is optional, can be slow, and affects what appears in the "Message" column)
0:27 A quick glance at the DNS server settings (which DNS server to use, whether NetBIOS is to be used, etc.)
0:29 A quick glance at the DNS cache settings
0:30 Turning on resolution of frequently-uses IPs from a local hosts file (this is very fast, but ignores changes to DNS servers)
0:35 How to edit the hosts file
1:30 Watching traffic come in with properly resolved IP addresses

Remember to "LIKE" this if you find it useful - that helps others find it too!

↧

Windows 2012 error for Kiwi Manager

June 30, 2015, 6:13 am

≫ Next: Kiwi Syslog not displaying Cisco ASA 5505 syslogs

≪ Previous: How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

Has anyone else ever run into this issue?

I'm receiving the following error whenever I try to open the Kiwi Syslog Manager (Console).

Faulting application name: Syslogd_Manager.exe, version: 9.4.0.2, time stamp: 0x54fda0df

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x043c05b8

Faulting process id: 0x780

Faulting application start time: 0x01d0b3331378b7a3

Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe

Faulting module path: unknown

Report Id: 51d9622d-1f26-11e5-80eb-0050569a06c7

Faulting package full name:

Faulting package-relative application ID:

This is on a fresh physical Windows 2012 server and is running as a local system service. The service runs, collects logging, and we have web access working. However, whenever I try to open the Kiwi Manager, it crashes. I do have a support ticket in place but as of now, it has been sent up to the developers. It's frustrating for the syslog catchall files because we can't filter what we want.

What's weird is that it run perfectly fine on Windows 2003 Storage Server.

Before install i did the following:

Disabled UAC

Disabled any HIPS / HBSS so that doesn't block the install.

Set a different TMP / TEMP directory with read/write privileges.

Tried a dedicated local admin-account to run the service and tried just local system.

Any help or information in this regards would be a HUGE help. I'm pretty stumped at the moment.

↧

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm

≫ Next: syslog server backup and restore

≪ Previous: Windows 2012 error for Kiwi Manager

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

↧

syslog server backup and restore

February 25, 2013, 7:33 am

≫ Next: Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

≪ Previous: Kiwi Syslog not displaying Cisco ASA 5505 syslogs

Hi,

I am in the process of moving kiwi syslog server v9 from one system to other system. want to check if there is a simple process to migrate all settings instead of reconfiguring.

Thanks,

Sridhar

↧