I have not been able to setup Kiwi to look for this message:
"Warning !! Too Many Channels With Errors. Not all errors were displayed [Code:3a000]"
in the messages and then produce an email notification.
Is this not possible in syslog server?
↧
kiwi syslog server TRIGGER
↧
Kiwi syslog individual log file daily
I would like to configure Syslog to save the log in a seperate file every day. Is that doable or is this is a paid version feature only, not sure, please advise.
Thanks,
↧
↧
syslog server messages are intermittently truncating the IP address of messages received from some Hirschmann switches
The syslog server messages are intermittently truncating the IP address of messages received from some Hirschmann switches on the network e.g. message from 10.11.190.14 sometimes appear as 10.11.190.1 but sometimes as 10.11.190.14. The display field width is wide enough to show the whole address. We are using Toolkit V10.6 with hotfix 4 (10.6.0.84). Is this a known bug with syslog server supplied with Engineers toolkit?
↧
Syslog Message Logging to MYSQL DB
I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.
But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.
Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.
2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5
Only the following things needs to be extracted and logged to DB.
MsgDate: 2012-09-01
MsgTime: 10:37:14
MsgHostname: HQ-IPS-01
AttackId: 300000
AttackType: Intrusions
AttackDesc: BO-WINXP
AttackSrc: ACCTS-C-PC1
AttackDst: ACCTS-C-PC2
The number of such logs that needs parsing by the script will be more.
Request provide me guidance in configuring this.
Any help on this would be greatly appreciated!
Thanks all...
↧
Kiwi Syslog Server Log Location won't change.
Hey all,
I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.
Kiwi Syslog Server 9.2.1 (Free version.)
Windows Server 2003 SP2 (WORKGROUP)(VM)
Current configuration:
Log to Log File
Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt
If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.
There are three local users, all of which show the same configuration.
I have tried deleting and recreating the Log to Log File rule. No change.
I have tried starting and stopping the service. No change.
I have tried exporting the system settings, and then reimporting them. No change.
I have tried searching the registery for the old location. Nothing found.
I have two theories.
1. The settings are locked for some reason.
2. The settings are stored somewhere else.
Any help would be great.
Thanks,
Aaron
Solarwinds Padawan
↧
↧
How Do I add a Mac Address Field or Column?
Hello,
I am tracking dynamic IP computers. How can I add a field or column for MAC address so I know what which traffic belongs to which computer.
↧
URGENT: Could we use different port apart from 514 for Syslog in Solarwinds
I want to use TCP port in place of UDP port for Syslog in Solarwinds.
↧
Kiwi Syslog Service Keeps crashing
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
↧
How to send windows sever log to kiwi syslog sever
I already install kiwi syslog server windows sever 2008 its running good.
Now I want capture windows log from another windows server to kiwi syslog server?
(SNMP TRAP) My site already enable SNMP trap send to kiwi syslog server but I cant see any progress on that????
↧
↧
Forward to another host ?
Hello, ser
I am using kiwi syslog server 9.3.3.
I have installed log forwarder and configured it to send log number 528 Security log form event viewer.
I am getting the log inside the kiwi syslog server and stored in a text file as well .
The kiwi is configured for 3 Actions .
1.Forward to another host - doesn work
2.Display -works
3.log to file -works
Forward to another host doesnt work , i am not getting the log to out SIEM(Using Qradar)
Though when i use the test button and send a test log to the siem i do get the test log.
I Have no idea why test log works and the reguler doesnt get sent to the SIEM .
Please help me
↧
Filtering out certain messages in Kiwi Syslog...
Hello,
I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:
"port D10-High collision or drop rate."
D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.
The only problem is that there is no space between D10 and "-High"
And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."
Is the only way to do this by putting 16 separate filters like so: ...?
"D1-High"
"D2-High"
"D3-High"
...."D16-High"
or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).
You input is appreciated. Thank you.
↧
Changing the userid for Syslog Web Access
During installation of Syslog Web Access, you are prompted for a userid and password. The password can be changed at any time easily.
But how does one change the userid? Where is it stored?
We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again. But having already asked us once, it did not ask us again.
Thanks,
-Ken
↧
Kiwi Syslog 9.2 on Windows 2008 R2
Installed 9.2 on Windows Server 2008 R2 from and Windows 2003 R2 (8.2.8). Redirect Cisco ASA 5510 logs to new server, but the only time Kiwi logs anything is at about 10:00pm Sunday nights. If I point the ASA back to Windows 2003 server, it logs normally. I have exported and imported the configuration from the 8.2.8 version, as well. Nothing seems to get the new Windows 2008 R2 9.2 version to actually log. This is still in the evaluation mode. The 2008 R2 does not have a firewall running (and we even allowed it through before hand), nor any A/V software with a firewall. It is odd that it works at 10:00pm on two consecutive Sundays, but not at any other time.
↧
↧
Sending events from Cisco 3750 switch
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
HOWTO exclude on keyword(s) with windows logforwarder
I saw a posting back in May 2009 that was answered saying this isn't possible yet but was expected to be included in the next release.
Is there now a way to exclude events from being forwarded based on keywords in the message text? I'd like to reduce the "noise" level by not logging extremely routine events such as logins by my monitoring service account. Excluding by event id won't work for me as I only want to exclude certain logins.
TIA
Bill
↧
Log forwarder for windows
We are using licensed copy of Kiwi Syslog server with it's Log Forwarder for windows.
I am interested if I configure two log servers on the Log Forwarder for Windows and enable both of them will log forwarder send logs to both syslog servers at the same time?
We need logs to be sent to the Kiwi Syslog server and to another syslog server simultaneously.
We were able to configure the log forwarder itself and added both syslog servers but we see different number of matches on the firewall and this is the reason why I am asking this question.
Thank you
↧
↧
KIWI syslog service manager vs. syslog webaccess
Hello group!
Is there a difference between what we see in the KIWI Syslog Service Manager and what we see in the KIWI Syslog Web Access? We currently have one of our appliances sending SNMP traps to KIWI, however I am trying to run a script that is looking for a particular attribute in the SNMP trap which is cldcClientIPAddress.0
What is strange is, I see this information in the KIWI Syslog Web Access monitor but I do not see it in the KIWI Syslog Service Manager. I have gone through all of the options within the service manager and cannot figure this one out.
Any assistance would be appreciated!
GMF
↧
Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind
The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.
Kiwi Syslog Server [Registered] Version 9.0.3
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------
+ Messages received - Total: 1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour: 996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour: 101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average: 996804
+ Messages forwarded: 769810
+ Messages logged to disk: 1194581
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 2
+ Errors - Oversize message: 309
+ Disk space remaining on drive E: 41554 MB
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 0 | 0.00% |
| 1 - Alert | 2753 | 0.25% |
| 2 - Critical | 496 | 0.05% |
| 3 - Error | 5745 | 0.52% |
| 4 - Warning | 103603 | 9.43% |
| 5 - Notice | 42938 | 3.91% |
| 6 - Info | 775902 | 70.62% |
| 7 - Debug | 167316 | 15.23% |
+--------------------+------------+------------+
Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0
End of Report.
DNS Cache size 20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits 0
DNS Cache misses 0
DNS Cache TTL 1440 minutes
Total DNS Lookups 0
Successful cache hits 0%
IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static
Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count: 19932
Message Count Max: 20000
Percentage free: 1
E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count: 0
Message Count Max: 13
Percentage free: 100
↧
Support for more scripting functions
As an example, Kiwi scripting doesn't seem to support Jscript functions like GetMilliseconds().
↧