Any known issues with D-Link DSL-2500U?

January 25, 2016, 12:12 am

≫ Next: Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

≪ Previous: Display original source of message when logs are aggregated through rsyslog server

Or am I doing something wrong? If so, I can't figure out what. I have the DSL router feeding a dedicated ClearOS firewall which in turn feeds my LAN. Both networks have Private IP addresses, not a situation that has ever caused any sort of problem in many years or in the many similar sites I have set up. This is the second time I've installed Kiwi Syslog, but the other time was a decade ago and if memory serves both server and monitored device(s) were on the same side of the firewall in that scenario. Now I have the Syslog set up "inside" the firewall and I'm trying to monitor the DSL router wich is of course "outside".

1. The router is set up with

- logging enabled

- logging level "debug"

- log mode "both" (i.e. local + remote)

- Server IP address: the firewall's outside address. (I have also tried this with the syslog server's address, on the other side of the firewall, assuming the f/w would know how to route it. Made no difference)

- Server UDP port: 514

2. The firewall is set up with

- firewall: allowed incoming connection: UDP port 514

- NAT port forwarding: UDP ports from 514 to 514 ip address = Syslog server

3. The Kiwi installation is set up (on a Win 8.1 pro 64 PC)

- Receive messages from: I put in the firewall inside address (as far as I am concerned, the only one I should need to set up) as well the DSL router (its inside address, i.e. facing the firewall) AND the firewall outside address

- [check] Listen for UDP Syslog messages - port 514

4. The PC itself:

- Avast Internet Security firewall: enabled allow Syslog UDP(protocol 17) in/out local port 514

- Windows firewall (don't ask why Avast didn't turn this off) also allowing ALL UDP incoming from ALL IP addresses, edge traversal Allowed

...and nothing ever shows up in Syslog. Nothing. Ever.

Any suggestions at this stage, however mundane or obvious, will be worth looking into... Tks

↧

Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

July 3, 2012, 1:35 am

≫ Next: Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

≪ Previous: Any known issues with D-Link DSL-2500U?

Hi guys,

I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back

on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.

Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.

Please help.

Thanks.

↧

Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

September 24, 2014, 2:45 pm

≫ Next: Trying to filter on a hostname that is an IP Address in Kiwi Syslog server.

≪ Previous: Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.

Thanks in advance.

↧

Trying to filter on a hostname that is an IP Address in Kiwi Syslog server.

September 30, 2015, 4:05 am

≫ Next: Maximum Rules in Kiwi Syslog Server

≪ Previous: Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

I am trying to filter on the hostname which happens to be an IP address. Kiwi syslog server gives me a red X whenever I attempt to test the filter. I can't convert it using DNS so I have to use the IP address. It keep telling me to put quotes around it but when I do it still doesn't work. I am trying to filter so I can dump this host in a separate LOG file. Any ideas?

↧

Maximum Rules in Kiwi Syslog Server

July 8, 2016, 5:39 am

≫ Next: Kiwi Syslog MSSQL log deletion

≪ Previous: Trying to filter on a hostname that is an IP Address in Kiwi Syslog server.

Hello,

i need to create more than the 100 possible rules.I found the documentation regarding the registry entry "MaxRuleCount" (http://www.kiwisyslog.com/help/syslog/index.html?rules_maximumrulecount.htm) However, i don't have the mentioned registry entry and also creating it did not help. Any ideas?

Thx, Robert

↧

Kiwi Syslog MSSQL log deletion

July 13, 2016, 6:03 am

≫ Next: Reliability of Kiwi sysloger when "Forward to remote host "action is specified

≪ Previous: Maximum Rules in Kiwi Syslog Server

I am trying to find out if Kiwi has the ability to delete syslogs in the MSSQL database after so many days? Or do I need to create a job on the SQL server to do that?

Thanks for any help you may be able to offer..

↧

Reliability of Kiwi sysloger when "Forward to remote host "action is specified

August 11, 2010, 1:26 pm

≫ Next: Problem with Syslog Message Delay and out of Order.

≪ Previous: Kiwi Syslog MSSQL log deletion

Hi,

I am evaluating Kiwi sysloger. I am wondering about the reliability of msg delivery when "Forward to remote host" action is specified.

I saw in the help section that there exists a KRDP protocol which can resend the logs msgs that didnt reach the remote host (lets say another syslog server running in linux box).

It would be great if someone can point me to the documents which will describe various possible option to ensure reliable delivery of msgs. And also if the answer is to use KRDP then what are the required changes in the remote host to enable reliable communication?

↧

Problem with Syslog Message Delay and out of Order.

September 2, 2010, 7:37 am

≫ Next: Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

≪ Previous: Reliability of Kiwi sysloger when "Forward to remote host "action is specified

Has anyone experienced a problem where their Syslogs messages are delayed and out of order?
Note the time the time it was queued and then the time it was sent. Sent at 8:31, but the message came into the syslog server at 7:28.

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.5.0.2: 3552813: Aug 24 07:28:31.274: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan600 from F

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.128.254.230: 49512: 049509: Aug 24 07:28:31: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan60

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: HSRP-Syslog

2010-08-24 08:31:25 PI Subject: HSRP message from 10.7.4.2

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

↧

Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

October 2, 2013, 4:10 am

≫ Next: Event Log Forwarder - Where is the Audit Failure Type?

≪ Previous: Problem with Syslog Message Delay and out of Order.

Hello , kiwi friends!

I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.

I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.

http://knowledgebase.solarwinds.com/kb/questions/4386/

I have the following errors in the windows event viewer!

Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion

Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.

Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?

Thanks in advance.

↧

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm

≫ Next: kiwi syslog service crashes

≪ Previous: Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

Hi There,

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?

Thanks,

↧

kiwi syslog service crashes

October 22, 2014, 4:10 am

≫ Next: Forward syslog events to QRadar

≪ Previous: Event Log Forwarder - Where is the Audit Failure Type?

I successfully installed Kiwi Syslog server (latest version) and successfully received 18.8 million logs in 5 – 6 hours and after that the application crashes and every time I re-start the service it keeps crashing. I too would like to know if this issue has been resolvable? and if so how was it done. We are required to log these messages because of audit regulations and we have multiple firewalls logging to this one server. If Kiwi cannot keep up kindly let us know or suggest any other option.

following are the system events:

Faulting application name: Syslogd_Service.exe, version: 9.4.0.1, time stamp: 0x5256d794

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000552a2

Faulting process id: 0x49c

Faulting application start time: 0x01cfedd553cc3c0b

Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe

Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Fault bucket , type 0

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: Syslogd_Service.exe

P2: 9.4.0.1

P3: 5256d794

P4: ntdll.dll

P5: 6.1.7601.18247

P6: 521ea8e7

P7: c0000005

P8: 000552a2

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d

Analysis symbol:

Rechecking for solution: 0

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Fault bucket , type 0

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: Syslogd_Service.exe

P2: 9.4.0.1

P3: 5256d794

P4: ntdll.dll

P5: 6.1.7601.18247

P6: 521ea8e7

P7: c0000005

P8: 000552a2

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d

Analysis symbol:

Rechecking for solution: 0

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Report Status: 0

↧

Forward syslog events to QRadar

January 13, 2016, 11:55 am

≫ Next: Syslogd_Service.exe crash - out of stack space

≪ Previous: kiwi syslog service crashes

I'm trying to forward events from Kiwi Syslog to QRadar SIEM.

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

Do I need to install a universal DSM on the Kiwi Syslog servers?

↧

Syslogd_Service.exe crash - out of stack space

March 15, 2012, 4:28 pm

≫ Next: Kiwi seems to lag behind

≪ Previous: Forward syslog events to QRadar

I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:

HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1

I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:

Log Name:      Application
Source:        Application Error
Date:          3/15/2012 10:42:42 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
    <EventRecordID>2945</EventRecordID>
    <Channel>Application</Channel>
    <Computer>************</Computer>
    <Security />
</System>
<EventData>
    <Data>Syslogd_Service.exe</Data>
    <Data>9.2.0.1</Data>
    <Data>4d069c0f</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>0000000a</Data>
    <Data>91d0</Data>
    <Data>01cd02c944ab6d53</Data>
    <Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
    <Data>unknown</Data>
    <Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>

---------------------------

The following was in the Syslogd Errorlog.txt:

2012-03-15 09:32:52    Command line license key accepted.
2012-03-15 10:42:41    *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41    Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------

I have opened SolarWinds case #323438 regarding this.

↧

Kiwi seems to lag behind

July 25, 2016, 5:05 am

≫ Next: How to encrypt syslog from cisco switch or router into Kiwi syslog?

≪ Previous: Syslogd_Service.exe crash - out of stack space

Running KIWI against a Barracuda WAF. The logging seems to work but it seems to lag behind by hours.

I don't see any message errors. In the console I see entries at the current date and time, but in my database then entries are hours behind what I see on the display.

Here's what my syslog buffer looks like:

Message Buffer Information

==========================

Message Queue Back: 131593

Message Queue Front: 131619

Message Queue Max Size: 500000

Message Queue overflow: 0

Message Count: 26

Message Count Max: 2553

Percentage free: 100

If I understand what I've read the queue overflow 0 means I haven't lost any messages, but it appears I'm behind almost 250,000?

Anyway to keep it from lagging so far behind?

I have RAM and CPU to spare--is there anyway to increase Kiwi's speed?

-Eric

↧

How to encrypt syslog from cisco switch or router into Kiwi syslog?

June 16, 2014, 4:01 am

≫ Next: Syslog Message Logging to MYSQL DB

≪ Previous: Kiwi seems to lag behind

I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.

I read somewhere I can use syslog tls or snmp trap v3

Is that possible using Kiwi Syslog

thanks

↧

Syslog Message Logging to MYSQL DB

September 14, 2012, 3:03 pm

≫ Next: Kiwi Syslog Server Log Location won't change.

≪ Previous: How to encrypt syslog from cisco switch or router into Kiwi syslog?

I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.

But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.

Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.

2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5

Only the following things needs to be extracted and logged to DB.

MsgDate: 2012-09-01

MsgTime: 10:37:14

MsgHostname: HQ-IPS-01

AttackId: 300000

AttackType: Intrusions

AttackDesc: BO-WINXP

AttackSrc: ACCTS-C-PC1

AttackDst: ACCTS-C-PC2

The number of such logs that needs parsing by the script will be more.

Request provide me guidance in configuring this.

Any help on this would be greatly appreciated!

Thanks all...

↧

Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am

≫ Next: Free Kiwi syslog server - on install shows "Evaluation Expired" on Web access screen

≪ Previous: Syslog Message Logging to MYSQL DB

Hey all,

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

Current configuration:

Log to Log File

Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

There are three local users, all of which show the same configuration.

I have tried deleting and recreating the Log to Log File rule. No change.

I have tried starting and stopping the service. No change.

I have tried exporting the system settings, and then reimporting them. No change.

I have tried searching the registery for the old location. Nothing found.

I have two theories.

1. The settings are locked for some reason.

2. The settings are stored somewhere else.

Any help would be great.

Thanks,

Aaron

Solarwinds Padawan

↧

Free Kiwi syslog server - on install shows "Evaluation Expired" on Web access screen

February 18, 2011, 2:39 pm

≫ Next: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

≪ Previous: Kiwi Syslog Server Log Location won't change.

I downloaded the the Free Kiwi syslog server ver 9.2.1, installed it on a Windows 2008 R2 64 bit server. The Kiwi Sysog Web access screen shows "Evaluation Expired" on the top right after the install. I thought it was free product!

I see alerts showing up on Kiwi Syslog Service Manager, but not on the Kiwi Syslog Web access.

Does anyone know if the Kiwi Sysog Web access screen is not showing because of the "Evaluation Expired" sign on the top right? If so, can someone give me some ideas to fix it.

Thanks !

↧