I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.
I read somewhere I can use syslog tls or snmp trap v3
Is that possible using Kiwi Syslog
thanks
↧
How to encrypt syslog from cisco switch or router into Kiwi syslog?
↧
syslog server crashing
we've recently built a new syslog server on a 2012 physical box. it has other solarwinds tools.
the syslog service will start, run for a brief amount of time, then crash. both kiwi and solarwinds syslog servers do this. the error for kiwi is something to the effect of 'error 13 type mismatch' which is usually when an insert into a db is done with the wrong type of data (text into an integer field for example).
only certain devices seem to crash the server. these are cisco nexus and 2921's. other devices such as an ASA 5525, a PIX, WAP's etc, do not crash the service. say for example i point router A to a test VM with kiwi on it. the test vm kiwi service will stay up and not crash. i then reconfigure router A to the new physical and it crashes almost immediately.
i've done packet captures and notice something very odd i cannot yet explain. on the test vm the incoming packets have a different format than on the physical server. specifically the date field is formatted different.
can anyone shed light on this? very odd. i'm wondering if it is a nic driver issue. this is on an HP proliant dl360G7 but the windows drivers for the nic's only go up to 2008. how on earth could the packets be arriving differently? i dont think they can, i think something is changing them or formatting them oddly.
↧
↧
Mail Error Type Mismatch
Hi
I was wondering if any one has come across this error before, I am unable to find the cause
Errorlog.txt
2013-02-14 12:27:04 Mail error: Type mismatch
2013-02-14 12:27:04 Requeuing 2 e-mail messages. Will retry in 1 minute.
SendMailLog.txt
02-14-2013 12:27:04 PI SMTP Server: smtp.X.X.X.X
02-14-2013 12:27:04 PI SMTP Port:
02-14-2013 12:27:04 PI SMTP Timeout: 30
02-14-2013 12:27:04 PI Message to: X@email.com
02-14-2013 12:27:04 PI Message from: y@email.com
02-14-2013 12:27:04 PI Subject: Syslog message from HOST
02-14-2013 12:27:04 PI Date: Thu, 14 Feb 2013 12:27:04 +1000
02-14-2013 12:27:04 PI Mail error: Type mismatch
I think it is resulting in delay in receiving emails and retransmissions
↧
Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!
Hello , kiwi friends!
I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.
I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.
http://knowledgebase.solarwinds.com/kb/questions/4386/
I have the following errors in the windows event viewer!
Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion
Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?
Thanks in advance.
↧
Modify when statistics are sent
We have an issue where the archiving and cleanup jobs are not finished running when the Statistics are being sent. The result is that we get inaccurate statistics as far as how much drive space is left because large logfiles haven't finished zipping and old archives haven't been deleted yet. Is there some way to modify when these are sent? All I've found so far is under Settings > Email > Send syslog statistics to: (whoever) for every X hours. This seems to always fire right after midnight, when the jobs haven't finished running.
↧
↧
Log forwarder fail to start on windows server 2012
Hi
today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:
after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)
and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''
did you ever faced something like this?
how do i have to procede?
thanks a lot
↧
Kiwi Syslog and Dropbox
Hi
I use a hosted server to run Kiwi Syslog
My main problem is storage space
Is it possible to move Kiwi Syslog data files to Dropbox ?
thanks
yann
↧
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
↧
How to Split Logs to Multiple Displays in Kiwi Syslog Server
SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple displays in Kiwi Syslog Server.
External link to Jing: Multiple Displays - justinfinley's library
Video Guide:
- 0:00 Unfiltered display (Display 00)
- 0:10 Showing the rule that sends all messages to Display 00
- 0:20 Changing the unfiltered display from Display 00 to Display 05
- 0:25 Checking that the switch happened
- 0:35 Adding a new filter rule looking for the word "logon" and sending it to Display 01
- 1:20 Adding a new filter rule looking for the word "logoff" and sending it to Display 02
- 2:05 Checking that the new filters work
- 2:25 Renaming "Display 05" to "All Messages"
- 2:45 Renaming "Display 01" to "Logon" and "Display 02" to "Logoff"
- 3:10 Checking that the display renaming worked
Remember to "LIKE" this if you find it useful - that helps other find it too!
↧
↧
Kiwi Grid Run-Time Error '0'
Installed Kiwi Syslog 9.2.1 on Windows 7 pro SP1 VM ESXI server. After the installation was complete and rebooted the computer. This error comes up when i log in.
I have searched, but have not found any solutions for this error.
↧
Kiwi syslog server service can't start
Hi everyone,
I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.
Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.
I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.
I've raised a support ticket but with no results till now.
Do you have any idea what's the problem here?
Regards, O
↧
How can a c# .Net client application detect when server connection is lost by closing Kiwi Syslog Server application
I am sending messages to kiwi syslog server from c# .net client application using TCP.
The issue scenario is as given below.
1. Connect to kiwi syslog server from client app.
2. Close kiwi syslog server.
3. Now send 2 messages from client app to kiwi server.
4. First message is sent successfully without any exception
5. Second message is not sent and it throws an exception " Unable to write data to the transport connection: An established connection was aborted by the software in your host machine." (which is the desired behavior).
I expect the exception for the first message also since I closed the kiwi syslog server before sending both messages.
Is there a way to detect the connection loss immediately in client side when kiwi server is closed?
Code snippet
//Connection to kiwi server is established using this method
public void Connect()
{
var tcpClient = new TcpClient(hostname, port);
tcpClientStream = tcpClient.GetStream();
}.
//Message is send using the below method.
public void Send(SyslogMessage message, IMessageSerializer serializer)
{
tcpClientStream.Write(datagramBytes, 0, datagramBytes.Length);
tcpClientStream.Flush();
}
↧
how to review syslog with kiwisyslog?
I am looking to review logs from specific device for the Aug 25th as example
I have Kiwisyslog 9.1 version. New to this product. Any help will be appreciated.
Thanks,
Vaibhav
↧
↧
Uninstall Syslog service.
Hi,
I'm trying to uninstall the 14 day trial of syslog server (9.4.1) eval. installed on Windows Server 2003.
There is no uninstall service on the management menu drop down. as per the instructions.
"Using the Service Manager, uninstall the service
Use the Manage | Uninstall the Syslogd service menu."
Some help required please.
Simon.
↧
Kiwi Syslog Server Rules diappearing.
I seem to have an issue where rules that I setup disappear in setup. I have ensured the rules were active.
↧
Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195
We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.
Thanks in advance.
↧
Administrator Password Missed; Other way to login
Hi,
I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.
Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.
Thanks,
Syed
↧
↧
Kiwi filter for dstip not working
Kiwi 9.5
I am trying to create a filter to look at the syslog message field and take action if a certain IP comes across. So far I can't get it to work and not sure why.
I have a simple filter using a Simple include of "dstip=172.16." and action is to go to a display.
Nothing comes across. I even moved it to the top of the list and yes, I cycled the syslog service just in case.
Ideas for something so simple?
↧
syslog server 9.5 log path incorrect
I've newly installed Kiwi syslog server 9.5 in Windows 7 and it is logging to an incorrect path.
The log file in setup is: "C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-%DateISO.txt".
I found a log file here: "C:/Users/gsmith/AppData/Local/VirtualStore/Program Files (x86)/Syslogd/Logs/SyslogCatchAll-2015-10-27.txt".
I'm using the free version and I don't see an obvious place to submit a bug report, so I'm posting here.
↧
Kiwi Syslog Web Access Problem
Hello,
I've got a registered version of Kiwi Syslog Server.
I've got the "Log To Syslog Web Access" Filters set up.
But I don't have any log in the web access.
The only little clue I have is when I do a Syslog_Diagnostics I've got this :
SolarWinds.KiwiSyslog.WebAccess.Data
====================================
Component not started.
And this error :
2010-06-01 20:26:46 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file is larger than the configured maximum database size. This setting takes effect on the first concurrent database connection only. [ Required Max Database Size (in MB; 0 if unknown) = 0 ]
Any Ideas ?
↧
