Hi all!
I cannot find an option to choose a mail output frequency for a syslog alert.
Over the weekend we get the same error 3000- times from one host .
Is it possible to minimize those mail flooding?
Actually every incoming syslog alert from the same host produces 1 mail.
My teammates are not amused about this, i can only turn off manually the whole mail action of my rule .
Pls, this is urgent.
Thank you very much!
lankienen
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
What programs should I uninstall when I would like to remove Kiwi Syslog Web Access and the related components?
Our customer had installed Kiwi Syslog Web Access, but they would like to remove it because they do not use.
Should we uninstall the following programs from Add/Remove programs?
Could you please advice me?
When attempting to start the Kiwi Syslog Server service (on Windows 2008 R2), I get the message "The Kiwi Syslog Server service on [my server name] started and then stopped. Some services stop automatically if they are not in use by other services or programs." Any ideas what could be causing this?
Hi again (youhou second Post :)
I wish to know how I can script a silent install of the Kiwi Syslog Server and specially Web Access Component.
I read the Online Help of the product, at part "Advanced Information > Automating install"
Where I am atm :
- I can install Kiwi Syslog Server with :
start "kiwisyslog" /wait "%syslogsourcedir%\%syslogsetupfile%" /S INSTALL=SERVICE /D="%sysloginstallpath%"
Setup is OK, but it doesn't launch the Web Access Installation when finished.
The subfolder Setup which contains WebAccess setup File isn't even created when i am using silent install.
Well, i launched a fresh install with the "click click world" (IE : install Wizard) ; I saw now the setup file for the Web Access. (KiwiSyslogWebAccess_1.3.1_Setup.exe)
I copy this setup file and try to launch it from command line and see how i can install it in silent mode...
But no way, i can't pass parameters like the HTTP port, and admin user name and password.
I saw that this file contains Two MSI files (syslogwebaccess.msi and and CassiniServer2Setup.msi ) + a Data1.cab
How can i Work with those files in order to fully automatised the install of the Syslog Web Access ?
Regards
Kiwi syslog service is getting stop and while restarting it, again after few sec it stop. Restarted the server but no luck. Do any one have idea what will be cuase of issue.
I want Kiwi Syslog component to read log files from disk. How can I configure it?
Hello,
I am trying to create a complex filter that will discard messages from a device and ports. For example
router name: "c-office-chg1"
Ports: "FastEthernet1/0/1" "FastEthernet1/0/2" "FastEthernet1/0/3"
and it seems not to be working.
I just installed Kiwi Syslog and have been receiving what intuitively seems like there might be a problem. I immediately started getting over 2000 Kernal.Alert Messages Per Hour and a few hours later it is now almost 6000 MPH. I've read that it's normal for numerous port scans to be encountered, which aren't anything to be concerned about, but I'm not sure what these would look like.
I'm hoping somebody can provide me with some sort of starting point for the number (and types) of messages I should be concerned about receiving from my router. Does any amount of these Kernal.Alert messages, which supposedly require immediate attention, mean there's an issue, or should I only be concerned if I receive a certain number of them?
Anyone know how to disable the Log Forwarder software from opening on the desktop upon login. Each time I login, the Log Forwarder configuration window opens and I have to click exit to close. Would like to have it running without window popping up each time.
V/R
Dear All,
We are planning to setup a syslog server. i.e, move from Orion inbuilt syslog to kiwi syslog.
We are not utilizing orion inbuilt at this point to fullest. Just few devices are configured to send logs to this inbuilt syslog
We have around 5 devices per centers across 60 location (13 Countries)
1) 2 Routers
2) 1 Bandwidth Shaper
3) 2 Switch Stacks
4) 1 WLC with 10 APs minimum
Total=250 Devices.
I would like to what is the best approach.
1) How many syslog license i should be looking at?
2) What kind of server configuration is required ?
3) We need a log retention policy of 15 days. Should I consider to setup a DB to for log storage?
4) Can the Orion inbuilt syslog write messages to external DB storage
Hi
Does anyone know where to delete the devices so I can add other to test while using the trial version?
thanks
Hello,
I used to have Syslog installed but removed it and now I am trying to reinstall it but I am running into an issue. The install goes smooth with no issues but after the install (using the service version and 9.5) I am unable to open the Manager. It says it is already running and to check the sys tray which it is not there. If I go to Task manager I can see it there running under my username but I cannot kill it (I am a Domain Admin) it just does nothing if I end task and if I "End Process Tree" I get a Access Denied.
Anyone else have an issue like this?
Hello,
my kiwi web access database is 4gb great. And i have some timeout errors executing filters.
I am trying to use an external MSSQL DB with kiwi syslog server.
Is possible for Web access to use this external DB?
Thanks
I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).
The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).
So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.
Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.
Thanks!
- Leon
Both applications have been running on the same server for several years. This is a Windows 2008 R2 64 bit machine, running the Army AGM.
WuG is now working 16.x
One of the things IPSwitch had me try to do, to fix WuG was install SQL Server Express 2008 R2
Kiwi Syslog (KSL) is version 9.3.4, the Kiwi Syslog Server Console "Is" working, only Web Access is down.
I tried to reinstall KSL, it worked, but somehow then WuG web access went down, I had to repair IIS and .NET
WuG uses 443, trying to get KSL to use 8088 (previously used) or 8888
When I try to access (even just Browse Web Site from IIS) I get:
"Error An unknown error occurred requesting resource /
Click here to log in"
When I click the link:
"Error An unknown error occurred requesting resource
/Gateway.aspx
Click here to log in"
At this point it just loops.
In IIS, I deleted the original website and created a new one. Path I used is:
C:\Program Files (x86)\SolarWinds\Kiwi Syslog Web Access\html
I am trying to filter on the hostname which happens to be an IP address. Kiwi syslog server gives me a red X whenever I attempt to test the filter. I can't convert it using DNS so I have to use the IP address. It keep telling me to put quotes around it but when I do it still doesn't work. I am trying to filter so I can dump this host in a separate LOG file. Any ideas?
Hi All!
I have a problem filtering succesfull security audits from Windows machines in Kiwi.
I have made a priority filter that excludes notices. Also made a message text filter (complex) with sub-string that excludes "Audit Success" and "Success"
However the server console keeps filling up with succesfull audits. Just installed this yesterday, so this is very new to me, sure im overlooking something.
Any suggestions would be very much appreciated! Thanks!
After installing the permanent license for Kiwi Syslog server the Syslog service will not start. It started without problems when running as the trial version. No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error: The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure. I can't find anything in the Kiwi Syslog documentation about having to login. The OS is Windows 2008 R2. I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator. Is this a known problem? Thanks, Glenn
Hi people !
I am testing Kiwi Syslog Server Service edition with Evaluation Version....
I am running Kiwi on a 2008r2 SP1 (R2 is x64).
I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:
" The service did not respond to the start or control request in a timely fashion "
I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.
I created the debugging value to see what happening on startup, but i have only :
2011-11-21 18:50:19 Start-up file Initialized.
2011-11-21 18:50:19 Performing NT Service setup for Kiwi Syslog Server
2011-11-21 18:50:19 Service Starting - NTServiceSetup
--
When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :
2011-11-21 19:03:44 Start-up file Initialized.
2011-11-21 19:03:44 Performing NT Service setup for Kiwi Syslog Server
2011-11-21 19:03:44 Service Starting - NTServiceSetup
2011-11-21 19:03:44 Service startup triggered. Parameters:
2011-11-21 19:03:45 Startup entered
2011-11-21 19:03:45 About to initialise sockets
2011-11-21 19:03:45 Listening on InterApp TCP port 3300
2011-11-21 19:03:45 Listening on UDP port 514
2011-11-21 19:03:46 Message check timer started
2011-11-21 19:03:46 Startup completed
But for security reason i can't use an admin Account, i need to use the local system account.
--
I ran procmon to see what's wrong ; no errors about File/Registry denied access.
When using Local system account, the process stops here :
--
When using an Admin account , the process starts, and "hits" an .INI file (KRDP_Sessions.ini) :
--
Can you have any information on this ?
Regards,
