Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

October 2, 2013, 4:10 am
$
0
0

Hello , kiwi friends!

 

I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.

I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.

http://knowledgebase.solarwinds.com/kb/questions/4386/

 

 

I have the following errors in the windows event viewer!

Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion

Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.

 

Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?

 

Thanks in advance.

Search

How to Migrate Kiwi Syslog server and viewer to Another system

April 28, 2010, 12:15 am
$
0
0

Current system on which Kiwi Syslog Server and viewer are installed is not working properly and we need to migrate to another system,
And SolarWinds License Manager does not reset Kiwi, ipMonitor, or LANsurveyor product licenses.

Kindly Solve the issue.

 

Thanks

Imran

uable to receive logs from configured firewalls

August 7, 2015, 6:57 am
$
0
0

hello everyone,

 

i have setup kiwi syslog in windows server. The test message seems to be working fine but, I'm unable to receive logs from the configured firewalls. 

 

below is my log error messages 

 

An error occured while checking for  available software updates. [10060] connection timed out [25061]

 

please see the attachment for further details

 

Kind Regards,

Rahul

 

Kiwi Syslog Server service has stopped with Error when I send a SNMP Trap(v1) to KSS v9.5 RC2.

August 6, 2015, 11:02 pm
$
0
0

Hello,

 

When KSS v9.5 RC2 received a SNMP Trap(v1), Kiwi Syslog Server service has stopped with Error.

 

Kiwi Syslog Server Version: v9.5 RC2(v9.5.0.323)

OS: Windows Server 2008 R2 SP1

 

Errorlog.txt:

2015-08-06 15:29:18 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***

2015-08-06 15:29:18 Service Version 9.5.0.323 | Error Number: 6 | Description: Overflow | Module Name: Syslogd.frm | Procedure Name: SNMPMgr_Trap | Line Number: 770 | Date and time: 2015/08/06 15:29:18

 

I can re-start it by Manage>Start the Syslogd service.

When KSS received the SNMP Trap again, Kiwi Syslog Server service has stopped with Error.

 

Please fix this problem.

 

Best Regards,

System Requirements for Kiwi Syslog Server with Kiwi Syslog Web Access

January 26, 2011, 4:35 am
$
0
0

We would like to know the minimum System Requirements for Kiwi Syslog Server when we install Kiwi Syslog Web Access.


I know there is "System Requirements for Kiwi Syslog Server " on the following page:


http://solarwinds.ie/products/kiwi_syslog_server/


Is it the same requirements even if we install Kiwi Syslog Web Access?

No "log to file" saved

August 13, 2015, 9:41 am
$
0
0

I am using the free version 9.4 of Kiwi Syslog.  I have it setup to "log to file" D:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-%DateISO.txt

 

The problem i am seeing now is that when I go to the location where the log file should be saved:

D:\Program Files (x86)\Syslogd\Logs\

I can only see log files for those date that I launched the Kiwi Syslog Server application.  I thought with that setting, regardless if I launch the Kiwi Syslog Server application or not, the log file should still be collected and saved.

 

Anyone get any idea?

syslog upgrade from 9.0

February 2, 2015, 12:31 pm
$
0
0

Hello, I have Kiwi Syslog version 9.0.

What upgrade path must I follow to get to the latest.

 

Thanks

E

Does Kiwi syslog server support TLS 1.2? If so how to enable it?

August 21, 2015, 6:46 am
$
0
0

I am trying to connect to kiwi syslog server in secure TCP mode. From my client side (c# code) I try to connect to kiwi syslog sever using TLS 1.2 protocol. But SSL Handshake from server is set to TLS 1.0

I installed kiwi server in Windows 7 SP1 and enabled TLS 1.2 in the system by modifying the system registry.

 

SSL handshakes captured using Network monitor are given below

 

Client HandShake

 

Client HandShake.png

 

Server HandShake

server handshake.png

 

Client side code( c#)

 

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

var tcpClient = new TcpClient(hostname, port);

var tcpClientStream = tcpClient.GetStream();

var sslStream = new SslStream(tcpClientStream, false, ValidateServerCertificate)

{

        ReadTimeout = timeout,

        WriteTimeout = timeout

};

sslStream.AuthenticateAsClient(hostname, new X509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);

Search

Kiwi syslog IPv6 support roadmap

August 15, 2012, 8:19 pm
$
0
0

Does Kiwi syslog support IPv6 at future version?

Kiwi Free version 9.4.2 all UTC times

May 26, 2015, 2:37 pm
$
0
0

Hello,

 

I just installed free version 9.4.2.

 

All is working well except the logged time stamps are all UTC.

 

I created my output logfile with date and hour in the filename (to split the log every hour). The output logfile date and hour are also UTC.

 

How do I set both to use local time (-7 hours from UTC)?

 

(BTW, the syslog message window shows the local system time on the bottom right, it's correct.)

 

Thank you for any help.

 

Kind regards.

DBCache folder accumulation (log to database action)

June 30, 2015, 1:08 pm
$
0
0

I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?

 

Thanks,
Caleb

 

Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.

Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD

SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server

How can a c# .Net client application detect when server connection is lost by closing Kiwi Syslog Server application

August 14, 2015, 8:54 am
$
0
0

I am sending messages to kiwi syslog server from c# .net client application using TCP.

 

The issue scenario is as given below.

1. Connect to kiwi syslog server from client app.

2. Close kiwi syslog server.

3. Now send 2 messages from client app to kiwi server.

4. First message is sent successfully without any exception

5. Second message is not sent and it throws an exception " Unable to write data to the transport connection: An established connection was aborted by the software in your host machine." (which is the desired behavior).

 

I expect the exception for the first message also since I closed the kiwi syslog server before sending both messages.

Is there a way to detect the connection loss immediately in client side when kiwi server is closed?

 

Code snippet

 

//Connection to kiwi server is established using this method

public void Connect()

{

     var tcpClient = new TcpClient(hostname, port);

     tcpClientStream = tcpClient.GetStream();

}.

 

//Message is send using the below method.

public void Send(SyslogMessage message, IMessageSerializer serializer)

{

     tcpClientStream.Write(datagramBytes, 0, datagramBytes.Length);

     tcpClientStream.Flush();

}

Log forwarder fail to start on windows server 2012

July 7, 2015, 1:27 pm
$
0
0

Hi

 

today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:

 

after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)

and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''

 

did you ever faced something like this?

how do i have to procede?

 

thanks a lot

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Syslog not gathering data

June 8, 2015, 7:21 am
$
0
0


I have installed Syslog 9.4.2 on a Windows 2012 domain server.  No antivirus yet, and the firewall is turned off for all networks.  The syslog program will send messages to me and it records the keep-alive messages just fine.  When I check the netstat -nao it used to show 0.0.0.0:514 with the pid belonging to the syslogd service.  I then changed it to bind to the ip address for the syslog and it shows 172.x.x.x:514 again with the pid belonging to the syslogd service.  When I generate traffic from the sysloggen on the server - it does not show on the screen or in the logs.  I am wondering if I installed the correct application.  It shows as Kiwi Syslog Server 9.4.2 (Service Edition).  Also, I noticed that there does not seem to be any entries in the registry for the application.?!

Search

SYSLOG error with windows server 2012

June 9, 2015, 12:24 am
$
0
0

Hi

 

i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog   6   Application   127   lun giu 08 17.03.41 2015   1003   Microsoft-Windows-Security-SPP      N/A   Information   srv-av.astergenova.it   0   The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."

do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed

Kiwi Syslog Service slow to start, possibly causing install to fail

April 15, 2013, 12:44 pm
$
0
0

Hello, I ran the Kiwi Syslog trial previously with no problems at all on a virtual server running Windows Server 2008 R2 64 bit.  When I came to upgrade it to a registered version, the install failed at the end, at the part where the Kiwi Syslog server gets started. 

 

The error is: Kiwi Syslog Server Service Installation failed.  The Kiwi Syslog Server Service could not be installed using account.  Please run the installer again and try another user account (eg. LocalSystem or a member of the local Administrators group).

 

Sometimes the error is: Kiwi Syslog Server Service failed to start.  Please try installing the service again using a member of the Administrators group.

 

I ran the setup application as administrator, using a domain user account which is in a security group in the local administrators group.  I chose LocalSystem as the account to run it as.

I also tried using the local administrator, with the same results.

 

If I try to start the service manually, it eventually starts, but takes about 40 or so seconds.  But it doesn't stay up for long.

 

The Windows Event Viewer doesn't seem to log anything when the service quits.

 

I had no such problems with the evaluation copy.  Perhaps a clean install is required?  How would I go about doing this?  I've uninstalled, then deleted C:\Program Files (x86)\syslogd, then deleted c:\Program Data\solarwinds and also HKLM\Software\Wow6432Node\SolarWinds.  Have I missed anything?

 

Thank you.

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm
$
0
0

Hi There,

 

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log.  When I click on the Security Log I don't see Audit Success or Audit Failure as an event type.  It just has Error, Warning and Information.  If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change.  Am I doing something wrong?  How can I see Audit Failure as an Event Type?

 

Thanks,

SNMP forwarding

July 5, 2010, 5:55 am
$
0
0

All

I have setup my KIWI syslog server to listen for SNMP traps, successfully.  Is there a way to setp KIWI, or an available action to forward the SNMP traps to other SNMP trap receivers as KIWI receives them.

Thanks

KIWI New Guy

snmptrap -> syslog, garbled MACaddress

August 24, 2015, 1:31 am
$
0
0

Hi.

 

We use the snmp trap feature of syslogd, receiving and forwarding SNMP traps as syslog messages.

The following problem was discovered with syslogd 9.4.x. It is still present in 9.5.0, but slightly different. See update below.

 

The attached file shows two network packets captured with wireshark. Both packets appears to be completely valid packets, and also decodes perfectly with the appropriate mibs loaded in wireshark.

 

Kiwi syslogd somehow manages to mistreat one of the packets. This is illustrated below, where you can see that cldcClientMacAddress.0 reads as ‘L?XÉöh’ in one case, and ‘Hex String=70 18 8B 44 B3 4F’ in the other. Obviously, we prefer the latter parsing of the data.

 

This problem is very visible to us, as approximately one third to one half of all client MAC addresses are unintelligible in our logs.

 

The source of the messages are SNMPtraps from a Cisco WLC wireless controller.

The captured packets (in the attachment) are taken from the inbound snmptraps to the KIWI syslog server.

The Kiwi Display function shows the same corrupted MAC as shown below.

We have not managed to figure out any pattern in corrupted/noncorrupted packets.

Also the AP MAC address shows the same corruption. There is no obvious correlation between corruption of one or the other.

(I.e. if a client MAC  is corrupted this does not imply that the AP MAC is corrupted and vice versa.)

We *think* a MAC address coming through as corrupted always comes through as corrupted.

 

UPDATE:

After having updated syslogd to 9.5.0, *all* MAC-addresses now arrives garbled. I do prefer consistency over randomness. But still....

I have found no way to decode the received text as a valid MAC address.

None of the options in the options under 'Input | SNMP' appear to have any impact on this issue.

 

Is this a bug, or an intended feature? If the latter, how am I meant to parse the received data?

 

 

From kiwi syslogd:

 

Client 4c:bb:58:90:94:68/10.115.170.85:

 

13:02:25 | community=kiwi201, enterprise=1.3.6.1.4.1.9.9.599.0.4, enterprise_mib_name=ciscoLwappDot11ClientMovedToRunState, uptime=2013100, agent_ip=10.120.5.205, version=Ver2, cldcClientMacAddress.0=L?XÉöh, cLApName.0=H-BERGEN-NGV-AP30, cldcApMacAddress.0=³¹¹?Ä, cLApDot11IfSlotId.0=0, cldcClientIPAddress.0=10.115.170.85, 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=username, 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0=HFK-Skole

 

Client 70:18:8b:44:b3:4f/10.114.58.15:

 

13:05:59 | community=kiwi201, enterprise=1.3.6.1.4.1.9.9.599.0.4, enterprise_mib_name=ciscoLwappDot11ClientMovedToRunState, uptime=2034500, agent_ip=10.120.5.205, version=Ver2, cldcClientMacAddress.0="Hex String=70 18 8B 44 B3 4F", cLApName.0=H-LINDAS-KNV-AP38, cldcApMacAddress.0="Hex String=70 10 5C 93 D4 E0", cLApDot11IfSlotId.0=1, cldcClientIPAddress.0=10.114.58.15, 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=anotherusername, 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0=HFK-Skole

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>