Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Kiwi Syslog Server not displaying messages

September 18, 2009, 12:12 pm
$
0
0

We have installed on Kiwi Syslog Server in a workstation in the hopes of displaying syslog messages from our Cisco Catalyst 3560G switch. We entered the following commands into the 3560G switch to turn logging on and direct those messages to the Kiwi Syslog server. The Cisco IOS commands we entered were as follows:

Enable mode

config t

logging <IP Address of the workstation that Kiwi syslog server is installed on>

logging trap 7

End

Wr mem

Everything appears to be set up properly but there are no syslog messages displayed in the Kiwi Syslog Server. We are trying to capture all messages from the switch because we are trying to troubleshoot an issue with it. Does anyone have an idea as to why we aren't getting any messages in Syslog Server.

 

Thanks,

Ben

Search

Kiwi Syslog Service Keeps crashing

March 19, 2010, 11:05 am
$
0
0

We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day.  We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network.  We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's.  We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often. 

Has anyone else seen this problem and if so, what kinds of things did you try/do?  Is this box just getting pegged so hard that it's causing the service to malfunction and trip up?  I'm not a Windows guy but is this issue even Windows related?  The only other application we have running on this server is CatTools and it runs clean with no service issues.  The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself. 

Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.

 

Thankyou in advance!

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Kiwi Web Access authentication methods ?

October 16, 2012, 6:13 am
$
0
0

Does anyone know if there are plans to be able to use external authentication for Kiwi Syslog Web Access ?  Rather than be restricted to 5 accounts wouldnt it be a good idea to be able to hand off the authentication to an external source like LDAP, AD etc... ?

 

Cheers

 

Florrie

Connectivity Issue

May 6, 2013, 9:38 pm
$
0
0

As a system Engineer, I'm wanting to record the logs from a Cisco 877 router (troubleshooting) that is connected to my workstation via a USB-Serial connection and the rollover cable. Can this be done? Or should I configure one of the ethernet ports of the router to match our internal network? We prefer the 1st method if possible.

In general we do not want clients routers or their gear on our network, also if something should go bump in the process the ethernet ports will shutdown.  the problem with the router is that it shuts off sporadically after about 5-15 minutes of uptime.  Would like to see the las bit of information in the logs.



Thanks

Not receiving Secure (TLS) Syslog messages

August 8, 2012, 1:23 am
$
0
0

Hi community,

 

I'm having a problem with the Kiwi Syslog Server. I want to establish a connection over Secure (TLS) Sylog over TCP between a Cisco ASA 5550 and the Syslog Server 9.3.2 running on a Windows Server 2008 R2. But I can't recieve any messages. It works only with UDP.

The Server is configured as in this tutorial described: http://www.kiwisyslog.com/help/syslog/index.html?inputs___secure_tls_syslog.htm

I've created my certificate with makecert.bat from Xampp and it's selected in the Kiwi certificate browser. This certificate is also imported in the Cisco ASA.

 

I hope somebody can help me.

Thanks

Martin

Kiwi syslog server service can't start

August 30, 2012, 3:37 am
$
0
0

Hi everyone,

 

I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.

 

Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.

 

I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.

 

I've raised a support ticket but with no results till now.

 

Do you have any idea what's the problem here?

 

Regards, O


Question on Modifiers

October 23, 2012, 1:17 am
$
0
0

We are using KIWI Syslog server v9.3. As a Log storage we use MS SQL 2005 Database. We have some problems with modifiers which is described below and I am interested if there is workaround for this.

 

In our infrastructure we store logs on the MS SQL Database and forward logs from KIWI Syslog server to the third party log collector. Third party performs parsing of and review of the logs.

 

 

We have enabled in the modifiers section:

Replace non printable characters with <ASCII value> and Remove CR/LF from the end of the massage

We enabled this options as Kiwi syslog collector was not able to record all the logs to the SQL database and there were too many errors in the Errorlog.txt. But after we enabled this option forwarded logs also are modified and our third party asks us to forward logs to them without any modification as in case when logs are modified they are not able to process them properly.

 

My question is - Is it possible to configure the system in the way that it did not make any changes to the logs that are forwarded and at the same time modify (Replace non printable characters with <ASCII value> and Remove CR/LF from the end of the massage) logs only when they are recorded to the local database? The best solution would be not to use Replace non printable characters with <ASCII value> function at all as <009> and others are very unfriendly when reading logs from the SQL database.

 

Thank you

Search

Kiwi - Palo Alto User ID agent

January 30, 2013, 1:33 pm
$
0
0

I have written a perl script to take data from Kiwi, parse out some information and pass it into our Palo Alto UserID agent.  It runs fine when I pass the message in on the command line but when I have kiwi run it (so to pull the data from kiwi) it fails with an error:

 

Error Info: invalid charater on line 1

 

My script looks like this:

 

sub Main() {

  use PAN::API;

  $string = Fields.VarCleanMessageText;

  $SERVER = '127.0.0.1';

 

  #Extract user and IP from string

  if ($string =~ /(\w+)([.+]|(\s))(\w+)(\s|\+|.)(\d+\.\d+\.\d+\.\d+)/) {

       $delim = ($3 eq "+") ? " " : $3;

       $username = "$1\\$2$delim$5";

       $ip_address = $7;

  }

  print "$username : $ip_address \n";

 

  # Create User ID API connection

  $uid=PAN::API::UID->new($SERVER);

 

  #Post data to agent

  $uid->add('login',$name,$address);

  $uid->submit();

 

  return "OK"; #return value for Kiwi

}

 

Thanks for any guidance.

 

Kevin

Log Forwarder Event Log Formatting

July 30, 2009, 4:21 pm
$
0
0

I've setup the Solarwinds Log Forwarder to send to a Kiwi Syslog box but the messages are getting extra characters added:

Bad:
Jul 30 2009 04:06:36 RHCFILE01 %Security: Security : Successful Network Logon:<013><010><013><010><009>User Name:<009>RHC-74X1SH1$<013><010><013><010><009>Domain:<009><009>REDHAWK<013><010><013><010><009>Logon ID:<009><009>(0x0,0x519E523F)<013><010><013><010><009>Logon Type:<009>3<013><010><013><010><009>Logon Process:<009>Kerberos<013><010><013><010><009>Authentication Package:<009>Kerberos<013><010><013><010><009>Workstation Name:<009><013><010><013><010><009>Logon GUID:<009>{c8240591-1ba0-e617-a909-569d830ada64}<013><010><013><010><009>Caller User Name:<009>-<013><010><013><010><009>Caller Domain:<009>-<013><010><013><010><009>Caller Logon ID:<009>-<013><010><013><010><009>Caller Process ID: -<013><010><013><010><009>Transited Services: -<013><010><013><010><009>Source Network Address:<009>172.16.22.28<013><010><013><010><009>Source Port:<009>0

Good:
Security: 540: REDHAWK\RHC-54J1NH1-LT$: Successful Network Logon: User Name: RHC-54J1NH1-LT$ Domain: REDHAWK Logon ID: (0x0,0x4FE6C2FF) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {7f0bd825-0e9f-8f8a-5a4d-e5227e264dbe} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.16.22.148 Source Port: 0

Any ideas what could be causing this?

Kiwi Syslog Server service starts then stops

August 29, 2011, 2:29 pm
$
0
0

When attempting to start the Kiwi Syslog Server service (on Windows 2008 R2), I get the message "The Kiwi Syslog Server service on [my server name] started and then stopped.  Some services stop automatically if they are not in use by other services or programs."  Any ideas what could be causing this?

Cassini web server accidentally deleted

April 8, 2013, 7:54 am
$
0
0

The Cassini web server, was accidentally uninstalled on our log server. using the Kiwi Syslog Web Access repair fails with a cannot find file error. is there a way to re-install Cassini with out re-installing all of Kiwi?

 

.thanks

.rick..

Kiwi Syslog Service slow to start, possibly causing install to fail

April 15, 2013, 12:44 pm
$
0
0

Hello, I ran the Kiwi Syslog trial previously with no problems at all on a virtual server running Windows Server 2008 R2 64 bit.  When I came to upgrade it to a registered version, the install failed at the end, at the part where the Kiwi Syslog server gets started. 

 

The error is: Kiwi Syslog Server Service Installation failed.  The Kiwi Syslog Server Service could not be installed using account.  Please run the installer again and try another user account (eg. LocalSystem or a member of the local Administrators group).

 

Sometimes the error is: Kiwi Syslog Server Service failed to start.  Please try installing the service again using a member of the Administrators group.

 

I ran the setup application as administrator, using a domain user account which is in a security group in the local administrators group.  I chose LocalSystem as the account to run it as.

I also tried using the local administrator, with the same results.

 

If I try to start the service manually, it eventually starts, but takes about 40 or so seconds.  But it doesn't stay up for long.

 

The Windows Event Viewer doesn't seem to log anything when the service quits.

 

I had no such problems with the evaluation copy.  Perhaps a clean install is required?  How would I go about doing this?  I've uninstalled, then deleted C:\Program Files (x86)\syslogd, then deleted c:\Program Data\solarwinds and also HKLM\Software\Wow6432Node\SolarWinds.  Have I missed anything?

 

Thank you.

Will Kiwi Syslog Server run on a 64 bit Windows 2008 Server

March 4, 2010, 10:31 am
$
0
0

I am going to migrate Kiwi Syslog Server to a new Virtual Machine running Windows 2008 Server and am wondering if Syslog server will run in 64 bit.
It is currently running on a Windows XP machine.
Is it an issue to move from 32bit OS to 64bit OS?

Has anyone done this and had any issues?

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Search

Syslogd_Service.exe crash - out of stack space

March 15, 2012, 4:28 pm
$
0
0

I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service.  Here is the hardware platform:

HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1

I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:


Log Name:      Application
Source:        Application Error
Date:          3/15/2012 10:42:42 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
    <EventRecordID>2945</EventRecordID>
    <Channel>Application</Channel>
    <Computer>************</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Syslogd_Service.exe</Data>
    <Data>9.2.0.1</Data>
    <Data>4d069c0f</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>0000000a</Data>
    <Data>91d0</Data>
    <Data>01cd02c944ab6d53</Data>
    <Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
    <Data>unknown</Data>
    <Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
  </EventData>
</Event>

---------------------------

The following was in the Syslogd Errorlog.txt:

2012-03-15 09:32:52    Command line license key accepted.
2012-03-15 10:42:41    *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41    Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------

I have opened SolarWinds case #323438 regarding this.

Automating Installation

May 7, 2013, 11:59 am
$
0
0

Hello,

 

I would like to automate the installation of the Kiwi Syslog  Server as a service  and  have a few questions:

 

1.  I only want to install  the Kiwi Syslog Server  if the version about to be installed is a newer release of Kiwi Syslog Server.  To get the current version of Kiwi Syslog Server installed , Windows registry under "SolarWinds\Syslogd\Options\Current Version" contains the current version. (ex "9.2.1").  Is  this the best/robust method? 

 

2. Assuming that I only have the file name of a possible newer version of Kiwi Syslog Server (ex. "Kiwi_Syslog_Server_9.2.1.setup"), is it safe to  parse the file name and extract the version,  in this case "9.2.1"?

 

3.  Can a newer version of Kiwi  Syslog Server be installed without uninstalling the older version?  What is a good method for preserving settings over Kiwi Syslog Server installations?

 

Thank you!
Dave

Kiwi Syslog Server Web Access can't start

November 26, 2010, 4:44 am
$
0
0

Hello!

I install Kiwi Syslog Server & Web Access.

 Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:

"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"

What's problem?

Version 9.2

Syslogd service failed to respond

December 23, 2010, 2:04 am
$
0
0

Hi,

 

Sometimes, I have an important issue: everything works then the syslog server don't receive any logs (i don't see them in a SQL database, a txt file or a display).

When i ping the service, it responds "the syslogd service failed to respond." nevertheless the syslogd service is already started...

 

Did you already have this issue?

 

I must reboot the server if i want that the syslog works again...

 

Thanks everyone!

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am
$
0
0

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>