Hi,
I have a problem with python script, my script works fine when I run it outside Kiwi syslog with test data as you can see it in picture below
but when i try to run it inside kiwi syslog i get error as you can see in next pictures
this is the script:
there is very little info on python script usage in kiwi syslog, maybe I'm doing something wrong. Any help would be appreciated.
Thanks in advance.
Hi folks,
I have not gone through any previous threads. Pardon me if this is a repeated query or clarification requested. Have started looking at trial version initially to make sure if this supports my requirements.
Have couple of queries, request to clarify these with request to secure tcp syslog server.
a. Currently seeing that although requested TLS version is set to v1.2 in client hello, Server negotiates back to v1.0. Is there a way to continue with TLSv1.2 protocol.
b. Also have CA signed certificates imported on both to Syslog server running on windows and also on corresponding router acting as a client. But Server doesnt request for Client certificate (as its optional) and unable to verify mutual authentication. Only server certificate is validated by the Client and connection is made. How to enforce mutual authentication where router to validates the client certificate.
c. Is there any IPv6 address support for Syslog server, or its only available in licensed version.
Thanks in advance.
-Gopal
Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
After installing the permanent license for Kiwi Syslog server the Syslog service will not start. It started without problems when running as the trial version. No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error: The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure. I can't find anything in the Kiwi Syslog documentation about having to login. The OS is Windows 2008 R2. I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator. Is this a known problem? Thanks, Glenn
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.
Thanks in advance.
Hello,
We are looking to find the Windows file/folder location for where the Kiwi Syslog Web Access is pulling its records from?
We currently save events to the syslogd/logs location, as well as a SQL database. But when we setup in the Kiwi Syslog Console Service Manager to send forwarded events to the 'Log to Kiwi Syslog Web Access', we cannot find where it stores those records?
Thanks,
Mark
Hi,
We are using the Kiwi Syslog Web Access as a syslog for all the network and security devices. Due to this we are unable to fetch events for any specific filters applied on the Kiwi Syslog Web Access.
We alternatively go to the location: \Program Files (x86)\Syslogd\Logs and try to open the logs in text editor like notepad++.
The problem is:
1. That file size is too large (~700 MB) and we are unable to open via the text editor. Is there any way to limit the size.
2. On the Web Access, when a filter is applied, the software crashes with the error:
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Web.HttpException: Maximum request length exceeded.
at System.Web.HttpRequest.GetEntireRawContent()
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resource: http://10.240.22.194:8088/Events.aspx
Referrer: http://10.240.22.194:8088/Events.aspx
Click here to return to the previous page Click here to return to the login page
Please suggest.
Details: Kiwi Syslog Web Access ver 1.5.1
Thanks,
Richard
Hi,
I have a strange problem with Kiwi Syslog Server 9.03.
It started to receive messages with incorrect hostname IP-addresses. For example, a message would normally say that the host-IP is 192.168.0.55, but now the host-IP would become something like 192.168.0.4. I haven't quite figured out the pattern for this, but the tendency is that the last octet goes toward the beginning of the number series. It would seem that the incorrect IP-addressses are always addresses that are even not in use in our network. Attached is a screenshot from actual output. I dotted the false messages with green dot.
.
I managed to solve the cause for this; We have Solarwinds Engineer's toolset v10.1 installed on the same computer (Win2003 SRV SP2). After I upgraded it to v10.3 or v10.4, the problem started to appear. Uninstalling the toolset and reinstalling Kiwi Syslog Server does not help.
I even took a system state -backup with ntbackup and restored the system state prior to Engineer's toolset 10.3/10.4 installation, but it didn't help.
If I use the syslog server included in Engineer's Toolset, the problem does not appear.
TIA,
Sami
We use the syslog server to notify us of port security violations. Normally all messages will show the full IP address of what switch the message is coming from. Whenever there is a port about to violate, it will only show the ip up to the last number, ex...10.197.157.245 cshowed up as 10.197.157.24. is there a solution to this? We have the engineers toolset and syslog server both installed. thanks
I am curious if there is a known memory leak in the Kiwi Syslog system? I suspect it's due to the UltiDev Cassini Web Server based on my testing.
Windows doesn't show the UltiDev Cassini service using much memory; however, when I disable that service and restart the system I don't see the memory utilization problems making it the obvious culprit. No matter how much memory I give the system, it will always end up using all of it's memory (I stopped giving it more memory at 4 GB) if the UltiDev Cassini service is running.
Thoughts?
I'm using Kiwi Syslog free edition. I'm testing it to see if it does what I need, and I've already run into a snag.
I have to identical 2821 voice routers. They both are configured with the same logging setup.
logging trap debugging
logging facility local2
logging source-interface GigabitEthernet0/0
logging 10.2.100.235
On the syslog setup, I've specified the IP addresses of each router as "inputs"
The syslog messages are coming in as expected, but one of the 2 hosts always shows up as 127.0.0.1 in the hostname field.
I've double checked the source interfaces and they're correct.
Anyone have any idea why this is happening?
Thanks!
Hello Everybody.
I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.
Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.
Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.
Can anyone help?
I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.
Thank you very much.
Hello,
I have an issue with the migration of my kiwi syslog product.
I have got a new server and I want to migrate my kiwi syslog version on this new server (after deactivating it on the old one).
When I read the documentation it is said to install the licence manager tool.
But when I use it, the tool says "No licensed solarwinds products on your machine".
But my two products are well registered and I can see the licenses on my online account.
Is it possible to deactivate them manually ?
Thanks for your helpsyslog
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
Any suggestions are appreciated.
Ron
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
Log Name: Application
Source: Application Error
Date: 3/15/2012 10:42:42 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
<EventRecordID>2945</EventRecordID>
<Channel>Application</Channel>
<Computer>************</Computer>
<Security />
</System>
<EventData>
<Data>Syslogd_Service.exe</Data>
<Data>9.2.0.1</Data>
<Data>4d069c0f</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000a</Data>
<Data>91d0</Data>
<Data>01cd02c944ab6d53</Data>
<Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
<Data>unknown</Data>
<Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>
---------------------------
The following was in the Syslogd Errorlog.txt:
2012-03-15 09:32:52 Command line license key accepted.
2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------
I have opened SolarWinds case #323438 regarding this.
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
Hello to the community!
I have been confused with this for a while and i would like to get your help!
I have a network topology with an ASA 5520 and a Kiwi Syslog server 9.3.4-eval. I also have a CA server.
I have installed the root CA certificate on both the Kiwi Syslog Server and the ASA.
Also i have generated a certificate request for the Kiwi server which was signed by the CA server and also made a trustpoint on the ASA with that certificate (The signed one)
When i try to send syslogs it doesn't display anything.
I have installed Kiwi SyslogGen and have made some tests.
When i make a test with destination port 1468 (TCP default) it works and displays something on the Kiwi manager.
But when i make a test with destination port 6514 (Default Secure TCP) it fails.
On the command prompt i issued the following:
netstat -ano
there were the following entries regarding syslog:
TCP: 0.0.0.0 1468
UDP: 0.0.0.0:514
But nothing is listening to 6514
What can be the problem? Thank you very much in advance!!
Somethin i saw on the error log:
Unable to bind TCP listener to port 6514 There might be a problem with the certificate provided.
Here are some pictures of the settings:
hello everyone,
i have setup kiwi syslog in windows server. The test message seems to be working fine but, I'm unable to receive logs from the configured firewalls.
below is my log error messages
An error occured while checking for available software updates. [10060] connection timed out [25061]
please see the attachment for further details
Kind Regards,
Rahul
I am trying kiwi, and I have the log forwarder installed. I setup my subscription, the results show in the preview panel, setup the server but the events never show up in the syslog server. I am not sure where to look. The test never puts an event in the log on the server either...any ideas as to where to look.