Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Search

Purging old logs

September 14, 2016, 4:23 am
$
0
0

One of those things we never look at until we get notified of disk space running out!!...

 

We have daily logs for each device (approx 400), each within their own folder based on device hostname.  Ive looked at log file rotation, but I dont think it will work for simply deleting any files older than a month or so, as the help file implies that it is per log, which is created daily.

 

Other than doing this manually, can syslog not delete old files beyond a specified time?

 

Shame you cant get the app to compress and archive old logs.

syslog question

February 23, 2017, 1:54 pm
$
0
0

We have been running our Solarwinds solution for a few years now, and I am just now getting around to fine tuning it.  We have a main App server in one environment and polling engines in others with firewalls between them.  We have rules to allow the databases to talk.  Today I was noticing that some of the network gear is configured to send syslogs to the polling engines.  It does not look like that is getting to the main syslog server on the main app server.  Is it true that the polling engines do not or will not forward syslog to the main Solarwind app server?

Where to store the log files?

May 4, 2017, 1:22 pm
$
0
0

I am a new to the Thwack Community and to Kiwi Syslog Software. I have installed the software and have it running. On the server, I put it on I have 2 partitions. One for the OS/Program and a larger one for Data. Is there a way to go in and make it default to use the Data partition for all log file storage?

 

Jessie

AutoSplit value based on Policy name

June 1, 2017, 2:38 am
$
0
0

My goal is to have diferent log files which names are unique for each policy name. Is this possible?

 

Path and filename of log file:

D:\KIWI\Logs\Syslog-%PolicyName.txt

 

Syslog message:

source-address="10.18.100.100" source-port="62394" destination-address="10.17.200.100" destination-port="443" policy-name="263" source-zone-name="Trust" destination-zone-name="Untrust"

 

How should I define  %PolicyName?

Traps forwarded from kiwi to orion show up as syslog instead

May 31, 2017, 11:33 am
$
0
0

I'm in the middle of major consolidation of 15 instances (of the full Orion platform) nationwide down to 4. Part of the plan is to turn down the 'noise' from both traps and syslogs by inserting a layer of kiwi in front of each regional instance and then using rules / actions to filter out and forward critical, actionable stuff on to Orion. What I'm seeing in testing though is a trap comes in to kiwi & is successfully (kinda) sent over to Orion. But it's showing up there under syslogs instead of alerts.

 

Any pointers on making this work correctly?

 

Would also love to hear experiences of anyone else doing something similar.

 

Thanks!

Kiwi Syslog not receiving any message

October 2, 2014, 5:44 am
$
0
0

Hello,

 

I just installed Syslog on a Windows 8 VM (ESXi 5.5).

However... I don't received any message from the router (Cisco RV042G) I want to log.

 

I tried the generic troubleshhoting :

• Check network connectivity by pinging from the sending device to the Syslog Server machine  => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled

• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)

 

Do you have any idea about the cause of this issue ?

 

Thanks in advance for your help.

The list of Windows Update that conflicts with Kiwi Syslog Server

May 22, 2017, 12:37 am
$
0
0

Hi,

I use Kiwi Syslog Server on Windows Server 2016.

 

I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.

 

1) Performed on April 26, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.5.2

 

The following patchs were installed by Windows Update successfully.

KB4015217

KB890830

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

 

2) Performed on May 19, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

 

The following patchs were installed by Windows Update successfully.

KB3150513

KB4019472

KB890830

KB4013418

 

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

 

[Resolution]

Both cases, I uninstalled and re-installed Kiwi Syslog Server.

 

Please refer:

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/KSS_error_Component_XceedZip_dll_or_one_of_its_dependencies_not_correctly_registered_a_file_is_missing_or_invalid

 

 

 

3) Performed on June 21, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1 

 

The following patchs were installed by Windows Update successfully.

(KB3186568)

(KB4023834)

(KB4022715)

(KB890830)

(KB3150513)

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

 

メッセージ編集者:

Date: June 28, 2017

JTC Osaka 

After Windows Update(2017-June-21), KSS can not start again.

Search

How to open old log files with Syslog Web Access?

August 25, 2015, 11:49 am
$
0
0

I have logs saved to separate files every day.  At the end of the quarter, I will need to look thru the logs to collect statistics for the report.

Is there a way for me to use Syslog Web Access to look thru the old log files and filter out information that I need?

 

I am using Syslog v9.5

Why some schedule job never start on kiwi server?

January 12, 2017, 6:49 pm
$
0
0

We want to move the log file to another location. some scheduled jobs can run , but some jobs never run, can anyone please advise? thanks in advance.

Kiwi Syslog Service Keeps crashing

March 19, 2010, 11:05 am
$
0
0

We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day.  We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network.  We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's.  We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often. 

Has anyone else seen this problem and if so, what kinds of things did you try/do?  Is this box just getting pegged so hard that it's causing the service to malfunction and trip up?  I'm not a Windows guy but is this issue even Windows related?  The only other application we have running on this server is CatTools and it runs clean with no service issues.  The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself. 

Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.

 

Thankyou in advance!

Filtering out certain messages in Kiwi Syslog...

January 10, 2013, 8:12 am
$
0
0

Hello,

 

I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:

 

"port D10-High collision or drop rate."

 

D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.

 

The only problem is that there is no space between D10 and "-High"

 

And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."

 

Is the only way to do this by putting 16 separate filters like so: ...?

 

"D1-High"

"D2-High"

"D3-High"

...."D16-High"

 

or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).

 

You input is appreciated. Thank you.

Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?

June 14, 2017, 10:04 pm
$
0
0

I tried to install v9.6.1 on Windows Server 2008 R2.

I had already installed ".NET Framework 3.5 SP1" on this system.

 

 

When I executed v9.6.1 installer, I got the following message.

----------------------

Kiwi Syslog Server 9.6.1 Installer

Microsoft .Net Framework 4.0 is not installed on this system

[OK]

----------------------

961_installer_.Net Framework 4.0 is not installed.png

 

I can not install v9.6.1.

I got the same message, when I tried to install v9.6.0.

 

SolarWinds discribed the System Requirements as below:

NET Framework: .NET Framework 3.5 SP1

 

http://www.kiwisyslog.com/kiwi-syslog-server

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/Kiwi_Syslog_Server_Installation_Guide/020_System_requirements_for_Kiwi_Syslog_Server

http://www.solarwinds.com/ja/kiwi-syslog-server#requirements

 

2017-0615_KSS_SystemRequirements_2.png

 

 

Question:

Do Kiwi Syslog Server v9.6.0/9.6.1 need  ".NET Framework 4.0" or Higher?

 

 

Best Regards,

Syslog message duplicated

August 3, 2009, 8:38 am
$
0
0

I have an issue wherein syslog messages from one host are being duplicated. We have a Secure Tunnel client running at one site, with network devices set up to send syslog messages to this client. No syslog messages from any other network device at this site are duplicated. I have verified that this appears to be a Secure Tunnel issue by configuring the offending network device to send syslog messages directly to the Kiwi Syslog Server. When this is done, only one syslog message is logged. When I reconfigure the network device to log to the Secure Tunnel client, two identical syslog messages are logged. I have also verified that there is only one syslog configuration line in the network device (i.e. that it is not configured to send syslogs both directly to the Syslog Server and to the SecureTunnel client.) This is eating up twice as much filespace, obviously... any help would be appreciated.

Syslog alert mails - frequency option? (3000+ mails from same device)

December 20, 2009, 9:11 am
$
0
0

Hi all!

 

I cannot find an option to choose a mail output frequency for a syslog alert.

Over the weekend we get the same error 3000- times from one host .

 

Is it possible to minimize those mail flooding?

Actually every incoming syslog alert from the same host produces 1 mail.

 

My teammates are not amused about this, i can only  turn off manually the whole mail action of my rule .

 

Pls, this is urgent.

Thank you very much!

 

lankienen

Search

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am
$
0
0

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

Kiwi Syslog not displaying Cisco ASA 5505 syslogs

April 2, 2011, 7:21 pm
$
0
0

I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.

I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.

I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.

I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.

Any ideas?

Can SolarWinds Log forwarder be use to parse and forward Radius logs

September 10, 2014, 9:08 am
$
0
0

Hi,

 

I have a Windows NPS server, and I need to be able to forward the logs to a syslog server. Would Solarwinds log forwarder be able to do this?

 

Thank you

SYSLOG error with windows server 2012

June 9, 2015, 12:24 am
$
0
0

Hi

 

i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog   6   Application   127   lun giu 08 17.03.41 2015   1003   Microsoft-Windows-Security-SPP      N/A   Information   srv-av.astergenova.it   0   The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."

do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed

Question about initial setup of Event Log Forwarder and Kiwi

October 21, 2016, 11:49 am
$
0
0

So, I want to try using the Event Log Forwarder on my desktops to send Logon/Logoff events over to Kiwi.

In Event Log Forwarder, I created a new Subscription, Selected Security, Event types of Error, Warning, and Info for included events 4624, 4634, and 4672

My default syslog facility is Local7

 

On the Kiwi side, I made a new rule, with message text filter "logon" and action to display to 02.

I also made a rule with message text file "logged off" and action to send to display 03.

In Kiwi, if I setup the Test message for text logon or logged off , I get the event, but I don't seem to be getting it from my desktop logon.

 

Can anyone point me in the right direction?

thanx,

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>