I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
↧
log forwarder and dhcp auditing?
↧
Kiwi Syslog Server 9.4.1 - Active Directory Settings
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
- Domain URL: <Free Form Box> My domain prepopulated correctly.
- Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
- User Groups: <Free Form Box> Does the format need to be LDAP based?
↧
↧
How to Split Log Files by IP Address and Date in Kiwi Syslog Server
SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server. Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders. (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")
External link to Jing: autosplit - justinfinley's library
Video Guide:
- 0:00 Opening Kiwi Syslog's configuration dialog
- 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
- 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date
Remember to "LIKE" this if you find it useful - that helps other find it too!
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
How to search all log files
Hi everyone,
Can someone confirm that both the Kiwi Syslog Service Manager console and the Kiwi Syslog Web Access will only display messages for current log files. Therefore, a find or filter will only bring up hits for the most current log files, correct?
Assuming that is the case, I found a thread that mentions WinGREP as a freeware to search all log files on your hard drive. Wouldn't it be helpful for this capability to be integrated into Kiwi Syslog Server?
For example, I am importing all Windows Security events from all domain controllers into Kiwi Syslog Server. I want to be able to search for a username and the phrase "user account is locked out" for as far back as I have logs. How do I do this easily?
Thanks,
Tony
↧
↧
The list of Windows Update that conflicts with Kiwi Syslog Server
Hi,
I use Kiwi Syslog Server on Windows Server 2016.
I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.
1) Performed on April 26, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.5.2
The following patchs were installed by Windows Update successfully.
KB4015217
KB890830
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
2) Performed on May 19, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.1
The following patchs were installed by Windows Update successfully.
KB3150513
KB4019472
KB890830
KB4013418
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.
---------------------------
[Resolution]
Both cases, I uninstalled and re-installed Kiwi Syslog Server.
Please refer:
3) Performed on June 21, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.1
The following patchs were installed by Windows Update successfully.
(KB3186568)
(KB4023834)
(KB4022715)
(KB890830)
(KB3150513)
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
メッセージ編集者:
Date: June 28, 2017
JTC Osaka
After Windows Update(2017-June-21), KSS can not start again.
↧
Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0
After upgrade, when I start the Kiwi Syslog app I get a box that comes up and says "Trial version of ActiveSkin control" and I need to click OK. Anyone else see this?
Debbi
↧
Kiwi Syslog and Dropbox
Hi
I use a hosted server to run Kiwi Syslog
My main problem is storage space
Is it possible to move Kiwi Syslog data files to Dropbox ?
thanks
yann
↧
how to configure kiwi 9.4 syslog server for mikrotik in windows 7
Dear All,
I try to configure kiwi 9.4 syslog server for mikrotik but failed. Would you please help to provide a step by step configuration method?
↧
↧
'How much traffic can Kiwi Syslog Server handle?'
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
This blog says to split out your busiest syslog source...
But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls
↧
Automate SolarWinds Event Log Forwarder?
Hi all,
Is there away to setup an automated install of SolarWinds Event Log Forwarder? I'm planning on deploying it via SCCM and wanted to know if there's a way to automate the install and configuration of the program?
Any help would be grateful!!!
Thanks in advance.
↧
Bad format from MAC Address
Hello ITs,
We are getting SNMP traps from differents WLC 2504 (Cisco Wifi Controller) to our Kiwi Syslog Server (version 9.5.1.59) deployed on Windows Server 2012 64bits. The following problem it was discovered when we saw all MAC-addresses appears in bad format (see file attached below). We need to change the file format from cldcClientIPAddress.0 to Hex String. How can I change this field from "Messange Text"? I captured the SNMP trap and appears in well format.
Thanks you and best regards.
↧
how to setup snort-log link to syslog server?
how to setup snort-log link to syslog server?
in snort.conf (windows 7 32 bits)
output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT
command :
snort -i 1 -c c:\snort\etc\snort.conf -s
then get a file in c:\snort\log\snort.log.1493058792.
please tell me, how to send log to syslog server?
thank you
↧
↧
syslog is not getting captured for few routers
HI All,
we have cisco routers where in many of the device loggs are not being captured in syslog server from last one month.
Earlier everything was working fine. Device level configuration is also fine.
pls check and suggest.
↧
Daily syslog statistics email
Hi all. Noob here.
I want to receive a daily syslog statistics email but it always sends it at midnight.
Is there a way to receive this email at 7am. There is nothing in the Gui that lets me change this.
I also understand that it does this at midnight because that's when it finishes populating that days log.
Any thoughts on how I can make this email us in the morning for yesterdays statistics?
↧
Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!
Hello , kiwi friends!
I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.
I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.
http://knowledgebase.solarwinds.com/kb/questions/4386/
I have the following errors in the windows event viewer!
Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion
Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?
Thanks in advance.
↧
Windows 2012 error for Kiwi Manager
Has anyone else ever run into this issue?
I'm receiving the following error whenever I try to open the Kiwi Syslog Manager (Console).
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.2, time stamp: 0x54fda0df
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x043c05b8
Faulting process id: 0x780
Faulting application start time: 0x01d0b3331378b7a3
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report Id: 51d9622d-1f26-11e5-80eb-0050569a06c7
Faulting package full name:
Faulting package-relative application ID:
This is on a fresh physical Windows 2012 server and is running as a local system service. The service runs, collects logging, and we have web access working. However, whenever I try to open the Kiwi Manager, it crashes. I do have a support ticket in place but as of now, it has been sent up to the developers. It's frustrating for the syslog catchall files because we can't filter what we want.
What's weird is that it run perfectly fine on Windows 2003 Storage Server.
Before install i did the following:
Disabled UAC
Disabled any HIPS / HBSS so that doesn't block the install.
Set a different TMP / TEMP directory with read/write privileges.
Tried a dedicated local admin-account to run the service and tried just local system.
Any help or information in this regards would be a HUGE help. I'm pretty stumped at the moment.
↧
↧
Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?
I tried to install v9.6.1 on Windows Server 2008 R2.
I had already installed ".NET Framework 3.5 SP1" on this system.
When I executed v9.6.1 installer, I got the following message.
----------------------
Kiwi Syslog Server 9.6.1 Installer
Microsoft .Net Framework 4.0 is not installed on this system
[OK]
----------------------
I can not install v9.6.1.
I got the same message, when I tried to install v9.6.0.
SolarWinds discribed the System Requirements as below:
NET Framework: .NET Framework 3.5 SP1
http://www.kiwisyslog.com/kiwi-syslog-server
http://www.solarwinds.com/ja/kiwi-syslog-server#requirements
Question:
Do Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" or Higher?
Best Regards,
↧
Kiwi Syslog not capturing syslogs
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
↧
Variable data bleeding in from previous log/script runs.
Our 14 day trial is almost up and I'm having a big problem. We've vbscripted Kiwi to parse the Syslog data and email alerts. I discovered that the alerts were containing some data from previous log that was processed. For example the previous alert would come to us saying ABC Company Alert then the next log would be for XYZ company but would say ABC Company. I suspected that maybe the logs were being processed too fast or simultaneously but it even happens if there is 5+ minutes between alerts. I tried generating email alerts via the built in action as well directly from the vbscript, same result.
To confirm the issue I added a line at the bottom of my vbscript, after it emails the alert, that sets all the variables to the string "null" and sure enough I sporadically get the word null in messages instead of the actual data that was in the message. I tried restarting the kiwi service, restarting the computer, etc.
I tried using my own varibles instead of the Fields.VarCustom01 type and the same thing occurs. What's even stranger is that I have a variable that has, say, a username in it... Kevin. My script builds the email using that varibale in two spots (subject and body) and it may show up in the subject incorrectly but the body correctly... from the same variable.
I'm very confused. It's like it's not isolating memory space between script executions or there is a memory leak/bleed going on. I can't seem to nail it down. Running 9.5.2.5 as a service on a dedicated Windows 7 Pro 64-bit machine.
I contacted support but they told me to post here since I am in the trial. I need to make this work before I pay for the product.
Need help! Thanks!
↧