Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Configuration Syslog

May 16, 2016, 7:18 am
$
0
0

Hello Dear!

 

I configured in some Nobreaks UPS the Syslog. I have the feature Kiwi Syslog Server for monitoring.

But when nobreak send a Week tests, the following error are displayed:

 

05/25/201522:58:48UPS: Restored the local network management interface-to-UPS communication.
05/25/201522:58:33System: Network service started. IPv6 address FE80::2C0:B7FF:FE96:4BAD assigned by link-local autoconfiguration.
05/25/201522:58:30System: Network service started. System IP is 192.168.42.143 from manually configured settings.
05/25/201522:58:24System: Network Interface restarted.
05/25/201522:58:30System: Network service started. System IP is 192.168.42.143 from manually configured settings.
05/25/201522:58:24System: Network Interface restarted.
05/25/201522:58:13System: Network service information. Detected duplicate IP address on D4 3D 7E 0A DD 49.

 

This problem just occurs on the nobreaks with the VLAN: 42. The others are working normally.

Can You help me?

 

Thank You in advance!

Regards Andre

Search

Windows Event Logs format with Kiwi Server & Snare

February 22, 2010, 7:31 am
$
0
0

Hi everyone :)

I'm currently testing Kiwi Syslog Server with Snare forwarding Windows events.

Here is what I obtain on Syslog Server :

As you can see, the Windows message isn't very clear and I hope to have something like this :

Can someone please help me with that ?

Thanks :)

Kiwi SyslogServer 9.2.0 (Eval) and WebAccess Error

December 22, 2010, 9:37 pm
$
0
0

Hi,

WebAccessdoes notwork for meinthetrial version.I getthe followingerrormessage.

"An error occurred while initializing this session.
The session has been abandoned.

Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline."

The serviceshave beencheckedandarestarted.

Can youprovidethisupdate (9.2.1) forthetrialversionis available, otherwiseIcannottestWebAccess.Thisisourdecision to buybutveryimportant.

Regards
Jochen

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server.  Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders.  (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

 

 

External link to Jing: autosplit - justinfinley's library

 

Video Guide:

  • 0:00 Opening Kiwi Syslog's configuration dialog
  • 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
  • 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

 

Remember to "LIKE" this if you find it useful - that helps other find it too!

Can not receive message from Cisco switch 3750

July 28, 2013, 11:37 pm
$
0
0

Hello guys,

 

I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.

 

logging trap notifications

logging facility local5

logging 192.168.0.51

Unable to login to KiwiSyslog Webaccess

December 7, 2010, 12:32 am
$
0
0

Hi all !

past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:

" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.

Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "

I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:

2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)

2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!

Do you have any suggestions for me?

Thanks in advance!

Dan

Kiwisyslog 9.5 GR memory leak?

September 2, 2015, 2:43 am
$
0
0

Hi

 

Any one on the new 9.5 GR and have a memory leak that stop  the service ?

 

/SJA

Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided

September 25, 2015, 11:27 am
$
0
0

I set up Secure TCP port 6514 in in Kiwi Syslog Server version 9.5.0.332.

I'm getting the following error :

Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided

 

I'm using a self-signed certificate that I created  in IIS.

Why doesn't the error message tell exactly what is wrong with the certificate?

Could somebody suggest a solution or a workaround?

Thanks!

Search

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

When is Kiwi Syslog v10 coming out?

March 11, 2016, 6:15 am
$
0
0

As you all may recall, it's been 7 months since Kiwi Syslog v9.5 was posted (see Kiwi Syslog 9.5 is now Available! ).  I am very much looking forward to a major release (i.e. v10).  What would this new version contain?  I have a few things in my wish-list...

 

  • Increased the of number of syslog messages and snmp traps that can Kiwi can handle. According to a posting on Geek Speak (How many messages can Kiwi Syslog manage?), Kiwi can handle between 400 and 600 messages per second.  I'd like to see that go all the way up to 2,000 messages (or more).
  • Rules Wizard (for the novice and those of us with diminished brain-cells due to age. 
  • Full web-based management option.  I don't know about other Thwackers, but I prefer not to use Win32 (via RDP) whenever possible.
  • Additional Polling Engine option for Kiwi.  This, so we can have multiple servers handle syslog messages and snmp traps.

 

I am sure that other Thwackers have many other items in their respective wish-list for Kiwi.  I'd like to hear from you.  And, of course, I'd like to hear from the Kiwi PM, to tell us what's in the Roadmap for the next Kiwi release.  Have a great day, everyone!!! 

How to backup Kiwi Syslog Server?

March 18, 2016, 2:03 am
$
0
0

Dear all,

 

I would like to know how to backup a Kiwi Syslog Server.  We are installing this in VM, but the environment only has NetBackup.

 

I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?

 

I am not able to find any reference in the Admin guide.

 

Best Regards,

Rayson Wong

Problem with Syslog Message Delay and out of Order.

September 2, 2010, 7:37 am
$
0
0

Has anyone experienced a problem where their Syslogs messages are delayed and out of order?
Note the time the time it was queued and then the time it was sent.   Sent at 8:31, but the message came into the syslog server at 7:28.

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.5.0.2: 3552813: Aug 24 07:28:31.274: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan600 from F

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.128.254.230: 49512: 049509: Aug 24 07:28:31: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan60

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: HSRP-Syslog

2010-08-24 08:31:25 PI Subject: HSRP message from 10.7.4.2

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

'How much traffic can Kiwi Syslog Server handle?'

January 3, 2016, 8:13 pm
$
0
0

according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning.   (That would support more than 500 machines each sending one message a second.)


This blog says to split out your busiest syslog source...

But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls

kiwi vs orion syslog

August 17, 2009, 10:05 am
$
0
0

What is the differencse between the two? Do i need both running?  Can i have both running on the same box?  Currently i have both installed on the same box.  the orion syslog is running but the kiwi gives error messages like "Unable to open UDP socket on port 514" or "Registered action was found in settings and disabled"

DBCache folder accumulation (log to database action)

June 30, 2015, 1:08 pm
$
0
0

I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?

 

Thanks,
Caleb

 

Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.

Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD

SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server

Search

AOA, how to add device in syslog server?

February 9, 2016, 9:37 pm
$
0
0

AOA, how to add device in syslog server?

Kiwi Syslog failed to start - error code 1053 - System local account

November 21, 2011, 10:22 am
$
0
0

Hi people !

 

I am testing Kiwi Syslog Server Service edition with Evaluation Version....

I am running Kiwi on a 2008r2 SP1 (R2 is x64).

 

I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:

"  The service did not respond to the start or control request in a timely fashion "

 

I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.

I created the debugging value to see what happening on startup, but i have only :

2011-11-21 18:50:19    Start-up file Initialized.
2011-11-21 18:50:19    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 18:50:19    Service Starting - NTServiceSetup

--

When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :

2011-11-21 19:03:44    Start-up file Initialized.
2011-11-21 19:03:44    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 19:03:44    Service Starting - NTServiceSetup
2011-11-21 19:03:44    Service startup triggered. Parameters:
2011-11-21 19:03:45    Startup entered
2011-11-21 19:03:45    About to initialise sockets
2011-11-21 19:03:45    Listening on InterApp TCP port 3300
2011-11-21 19:03:45    Listening on UDP port 514
2011-11-21 19:03:46    Message check timer started
2011-11-21 19:03:46    Startup completed

 

But for security reason i can't use an admin Account, i need to use the local system account.

--

I ran procmon to see what's wrong ; no errors about File/Registry denied access.

 

When using Local system account, the process stops here :

 

--

When using an Admin account , the process starts, and "hits" an .INI file (KRDP_Sessions.ini) :

 

--

 

Can you have any information on this ?

 

Regards,

Syslog stops logging with no notification

May 29, 2015, 4:18 am
$
0
0

I discovered this morning (only because I didn't receive the nightly report) that two of our Syslog servers stopped logging yesterday afternoon. The nightly archiving and cleanup jobs did not run. The service did not crash. The drive has 63 GB of free space. There are no entries under the Application or System logs in Windows. Under the Errorlog I see this for all of the reporting nodes ("ip.address.#" is placeholder for the actual values in the logs):

 

2015-05-28 15:38:59    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:38:59    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:38:59    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address1.txt

2015-05-28 15:39:00    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:00    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:00    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1..txt

2015-05-28 15:39:02    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:02    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:02    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.2.txt

2015-05-28 15:39:03    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.3.txt

2015-05-28 15:39:03    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:06    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:06    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:06    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:07    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:07    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:07    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.4.txt

2015-05-28 15:39:08    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:08    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:08    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:11    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:11    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:11    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16    Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16    Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.5.txt

 

     The log stops there. When I restart the service I see these additional entries in the Error log:

 

2015-05-29 07:17:16    Unable to open InterApp listening socket on TCP port 3300

2015-05-29 07:17:16    Unable to open UDP socket on port 514

2015-05-29 07:19:08    Service running, but Service/Manager comm link is not connecting.

2015-05-29 07:19:28    Unable to connect to Service socket on TCP port 3300

2015-05-29 07:19:38    Service running, but Service/Manager comm link is not connecting.

 

Any ideas?

vCenter Server Appliance syslog message levels

November 18, 2015, 10:05 am
$
0
0

My Kiwi Syslog server is receiving syslog messages from my vCSA.  I have not filtered the level of messages being sent.

 

Kiwi is reporting Emerg level messages being sent by vCSA, but looking inside the messages, they are all at INFO level.  This is causing concern.

 

Is there some configurations/settings, either on Kiwi or vCSA, that needs to be checked/changed/fixed?

 

Much appreciated.

J J

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server.  Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders.  (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

 

 

External link to Jing: autosplit - justinfinley's library

 

Video Guide:

  • 0:00 Opening Kiwi Syslog's configuration dialog
  • 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
  • 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

 

Remember to "LIKE" this if you find it useful - that helps other find it too!

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>