Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
SolarWinds.SyslogServer.Engine.log
↧
Kiwi Syslog Server Log Location won't change.
Hey all,
I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.
Kiwi Syslog Server 9.2.1 (Free version.)
Windows Server 2003 SP2 (WORKGROUP)(VM)
Current configuration:
Log to Log File
Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt
If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.
There are three local users, all of which show the same configuration.
I have tried deleting and recreating the Log to Log File rule. No change.
I have tried starting and stopping the service. No change.
I have tried exporting the system settings, and then reimporting them. No change.
I have tried searching the registery for the old location. Nothing found.
I have two theories.
1. The settings are locked for some reason.
2. The settings are stored somewhere else.
Any help would be great.
Thanks,
Aaron
Solarwinds Padawan
↧
↧
How to Split Logs to Multiple Displays in Kiwi Syslog Server
SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple displays in Kiwi Syslog Server.
External link to Jing: Multiple Displays - justinfinley's library
Video Guide:
- 0:00 Unfiltered display (Display 00)
- 0:10 Showing the rule that sends all messages to Display 00
- 0:20 Changing the unfiltered display from Display 00 to Display 05
- 0:25 Checking that the switch happened
- 0:35 Adding a new filter rule looking for the word "logon" and sending it to Display 01
- 1:20 Adding a new filter rule looking for the word "logoff" and sending it to Display 02
- 2:05 Checking that the new filters work
- 2:25 Renaming "Display 05" to "All Messages"
- 2:45 Renaming "Display 01" to "Logon" and "Display 02" to "Logoff"
- 3:10 Checking that the display renaming worked
Remember to "LIKE" this if you find it useful - that helps other find it too!
↧
Receive / Filter SNMP traps and forward only traps of interest
Just installed the licensed version based on the SNMP component to do some filtering/forwarding as a temporary work around.
From the product description it looked like this should be possible.
I've searched around the product doco, KB and THWACK but I couldn't find anything specific to receive and forward on specific traps, not all. Is this possible?
There was a similar question part of another thread which went unanswered Re: SNMP forwarding
I do have NPM and know it's possible there, however the amount of SNMP traps being sent is causing performance degradation on the <other vendors> alarming collector so it was intended to use a Solarwinds/Kiwi tool for the SNMP Trap filtering to help the other servers workload.
An NPM license to do just SNMP trap filtering is a bit of an overkill for a temporary solution whilst the customer modifies all their device configs over the next couple of months.
Thanks
↧
How to delete old records from Kiwi Syslog Web Access?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
↧
Forward syslog events to QRadar
I'm trying to forward events from Kiwi Syslog to QRadar SIEM.
In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.
The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.
I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.
Do I need to install a universal DSM on the Kiwi Syslog servers?
↧
'How much traffic can Kiwi Syslog Server handle?'
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
This blog says to split out your busiest syslog source...
But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Maximum number of TCP connections has been reached. Not accepting connection.
KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.
Why? Thanks..
↧
↧
Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!
Hello , kiwi friends!
I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.
I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.
http://knowledgebase.solarwinds.com/kb/questions/4386/
I have the following errors in the windows event viewer!
Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion
Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?
Thanks in advance.
↧
Can SolarWinds Log forwarder be use to parse and forward Radius logs
Hi,
I have a Windows NPS server, and I need to be able to forward the logs to a syslog server. Would Solarwinds log forwarder be able to do this?
Thank you
↧
Can't setup syslog with a Cisco ASA 5505
I have never used Syslogs before but was asked to setup one.
I am having trouble setting it up with my Cisco ASA 5505 security Device.
I can ping FROM the server to the Cisco ASA
I can ping FROM the ASA to the Server.
Things I have done.
- I have downloaded the Solarwind Kiwi Sylog server.
- I installed it as a service.
- I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
- In Kiwi Sys Log server I added the IP address of the Cisco ASA.
- File - Setup - Input - 192.168.200.1 (Server address)
- Inputs - UDP
- Made sure Port was set to 514
- Logged into the Cisco ADSM management.
- Went to:
- Configuration - Device Management - Logging
- Under Logging setup I selected "Enable"
- Logging filters
- I enabled Sys Log and selected "Severity:Warnings" for all event classes.
- Clicked on "Sys Log Server" from the menu. I added:
- Interface: Data (inside which the Sys Log is connected to)
- IP Address ( IP address of the Syslog server)
- UDP Port 514
- EMBLEM and Secure is set to "NO"
- Click on "Syslog Setup" on the ASA in the menu structure
- Include Timestamp in syslogs
- I applied the settings to the ASA and then committed the changes to flash.
Any ideas on why the syslog server isn't displaying the info?
Thanks so much in advance!
↧
Syslog message duplicated
I have an issue wherein syslog messages from one host are being duplicated. We have a Secure Tunnel client running at one site, with network devices set up to send syslog messages to this client. No syslog messages from any other network device at this site are duplicated. I have verified that this appears to be a Secure Tunnel issue by configuring the offending network device to send syslog messages directly to the Kiwi Syslog Server. When this is done, only one syslog message is logged. When I reconfigure the network device to log to the Secure Tunnel client, two identical syslog messages are logged. I have also verified that there is only one syslog configuration line in the network device (i.e. that it is not configured to send syslogs both directly to the Syslog Server and to the SecureTunnel client.) This is eating up twice as much filespace, obviously... any help would be appreciated.
↧
↧
System Requirements for Kiwi Syslog Server with Kiwi Syslog Web Access
We would like to know the minimum System Requirements for Kiwi Syslog Server when we install Kiwi Syslog Web Access.
I know there is "System Requirements for Kiwi Syslog Server " on the following page:
http://solarwinds.ie/products/kiwi_syslog_server/
Is it the same requirements even if we install Kiwi Syslog Web Access?
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
SYSLOG to SQL
Brand new KIWI 9.1 eval user... succeeded in getting my SYSLOG fed to a SQL table, but need to parse the msgtext field. I'm not a script writer, but hope there is a way to do this without scripting??? I've attached an exerpt from what ends up in the SQL table. The delimiter for the MSGText field is Binary 09 which I believe is a tab? Also, a screen shot of how my rules are currently set up (and feeding but not parsing...)
The actual log entry would look like this with the underlined bold part being the msgtext to be parsed.......
2010-11-05 13:22:11 Local4.Info 10.0.1.11 Nov 5 13:22:11 iprism: WEB<009>http<009>1288988531<009>P<009>10.31.40.248<009>CKHS_Students<009>cksduser\vollmer3861m<009>287<009>http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference<009>internet services<009>0<009>HTTPGET<009>200<009>image/gif
Any thoughts would be greatly appreciated!
Thanks all...
↧
How to backup Kiwi Syslog Server?
Dear all,
I would like to know how to backup a Kiwi Syslog Server. We are installing this in VM, but the environment only has NetBackup.
I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?
I am not able to find any reference in the Admin guide.
Best Regards,
Rayson Wong
↧
↧
how to configure kiwi 9.4 syslog server for mikrotik in windows 7
Dear All,
I try to configure kiwi 9.4 syslog server for mikrotik but failed. Would you please help to provide a step by step configuration method?
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
How to Split Logs to Multiple Displays in Kiwi Syslog Server
SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple displays in Kiwi Syslog Server.
External link to Jing: Multiple Displays - justinfinley's library
Video Guide:
- 0:00 Unfiltered display (Display 00)
- 0:10 Showing the rule that sends all messages to Display 00
- 0:20 Changing the unfiltered display from Display 00 to Display 05
- 0:25 Checking that the switch happened
- 0:35 Adding a new filter rule looking for the word "logon" and sending it to Display 01
- 1:20 Adding a new filter rule looking for the word "logoff" and sending it to Display 02
- 2:05 Checking that the new filters work
- 2:25 Renaming "Display 05" to "All Messages"
- 2:45 Renaming "Display 01" to "Logon" and "Display 02" to "Logoff"
- 3:10 Checking that the display renaming worked
Remember to "LIKE" this if you find it useful - that helps other find it too!
↧