Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Not receiving Secure (TLS) Syslog messages

August 8, 2012, 1:23 am
$
0
0

Hi community,

 

I'm having a problem with the Kiwi Syslog Server. I want to establish a connection over Secure (TLS) Sylog over TCP between a Cisco ASA 5550 and the Syslog Server 9.3.2 running on a Windows Server 2008 R2. But I can't recieve any messages. It works only with UDP.

The Server is configured as in this tutorial described: http://www.kiwisyslog.com/help/syslog/index.html?inputs___secure_tls_syslog.htm

I've created my certificate with makecert.bat from Xampp and it's selected in the Kiwi certificate browser. This certificate is also imported in the Cisco ASA.

 

I hope somebody can help me.

Thanks

Martin

Search

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server.  Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders.  (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

 

 

External link to Jing: autosplit - justinfinley's library

 

Video Guide:

  • 0:00 Opening Kiwi Syslog's configuration dialog
  • 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
  • 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

 

Remember to "LIKE" this if you find it useful - that helps other find it too!

Kiwi Syslog WebAccess Installation Error (error code is 2869)

October 27, 2010, 8:29 pm
$
0
0

*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit

Our client encountered a Kiwi Syslog WebAccess installation error.

The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.

*The client stopped Anti-Virus service before the installation.

 

Are there some information to resolve the problem?

System Requirements for Kiwi Syslog Server with Kiwi Syslog Web Access

January 26, 2011, 4:35 am
$
0
0

We would like to know the minimum System Requirements for Kiwi Syslog Server when we install Kiwi Syslog Web Access.


I know there is "System Requirements for Kiwi Syslog Server " on the following page:


http://solarwinds.ie/products/kiwi_syslog_server/


Is it the same requirements even if we install Kiwi Syslog Web Access?

Can't start Kiwi Syslog Service - Logon Failure

September 27, 2011, 7:23 am
$
0
0

After installing the permanent license for Kiwi Syslog server the Syslog service will not start.  It started without problems when running as the trial version.  No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error:

The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure.

I can't find anything in the Kiwi Syslog documentation about having to login.  The OS is Windows 2008 R2.  I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator.

Is this a known problem?

Thanks, Glenn

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm
$
0
0

Hi There,

 

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log.  When I click on the Security Log I don't see Audit Success or Audit Failure as an event type.  It just has Error, Warning and Information.  If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change.  Am I doing something wrong?  How can I see Audit Failure as an Event Type?

 

Thanks,

LogForwarderClient and EnforceFIPSPolicy

July 19, 2017, 11:21 pm
$
0
0

We have noticed that

enforceFIPSPolicy enabled=false under windows\logforwarderclient.exe.config

This may be problematic on our system - can this section be removed or be set to true ?

Thanks,

Tal

Kiwi 9.4.1 "** INTERNAL PROGRAM ERROR | Error Number: 401 | **"

April 27, 2016, 7:33 am
$
0
0

Hello

 

I don’t know if this is the proper place where looking for help about Kiwi syslog 9.4.1. Sorry if I wrong.

 

 

End customer is using free Kiwi Syslog 9.4. for interconnect a Cisco Call Manager Express with an Accounting Tool which read and processes syslog events sent by the CME

We faced that kiwi stopped processing received events. We found Error Number: 401 after rebooting the server because Kiwi was not processing any event.

 

And also, some times, and frequently, the same event stacks and is processed hundreds of times… and so the accounting tool shows the same call hundreds of times…

 

Seems that all is related.

 

Syslogd_TechSupport.zip attached

 

Thanks by advance for your help.

End customer is using free Kiwi Syslog 9.4. I don’t know if you can help me in any way.

Search

Kiwi syslog free edition won't install on Win 7

August 20, 2014, 5:08 pm
$
0
0

Run Kiwi_Syslog_Server_9.4.1.Freeware.setup.exe on Win 7 laptop. Answered "Yes" to user account control dialog (Do you want to allow the following program to make change to this computer...).  Setup program come up with something like "Please wait while setup is loading ... 70%" then it died off.

 

The setup run without problem on an older WinXP machine.

 

Any hint?

Procurve switches not sending syslog messages in KIWI syslog

July 25, 2013, 6:58 am
$
0
0

Hi all,

 

New here, searched for discussions but found no entry on procurve switch(es).

The Procurve switches will not send any syslog messages (wiresharked the server)

Turned on logging on the switch: logging 'ip-address'

 

show debug

 

Debug Logging

  Source IP Selection: Outgoing Interface
  Destination:
   Logging --
     'ip-address' Kiwi Syslog server

       Protocol = UDP
       Port     = 514
     Facility = user
     Severity = info
     System Module = all-pass
     Priority Desc =

 

tried facility 'syslog' still nothing.

 

Only the Procurve switches will not send any syslog messages.

Other devices such as Cisco ASA's work fine.

 

Anyone ideas to solve this?

 

TIA Jaap

Can not receive message from Cisco switch 3750

July 28, 2013, 11:37 pm
$
0
0

Hello guys,

 

I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.

 

logging trap notifications

logging facility local5

logging 192.168.0.51

How to load-balance Kiwi Syslog servers

December 23, 2013, 12:31 pm
$
0
0

I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).

 

The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).

 

So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.

 

Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.

 

Thanks!

- Leon

Syslogd service failed to respond

December 23, 2010, 2:04 am
$
0
0

Hi,

 

Sometimes, I have an important issue: everything works then the syslog server don't receive any logs (i don't see them in a SQL database, a txt file or a display).

When i ping the service, it responds "the syslogd service failed to respond." nevertheless the syslogd service is already started...

 

Did you already have this issue?

 

I must reboot the server if i want that the syslog works again...

 

Thanks everyone!

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm
$
0
0

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1?  Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

 

  • Domain URL: <Free Form Box>  My domain prepopulated correctly.
  • Authentication Type: <Free Form Box>.  Is this supposed to be NTLM, Kerberos, etc?
  • User Groups: <Free Form Box>  Does the format need to be LDAP based?
Search

Anyone have trouble with EMET not allowing kiwi syslog server to run on Windows 2012 R2?

August 8, 2016, 9:17 am
$
0
0

We are having problems getting EMET to allow the kiwi syslog server service to run on an Windows 2012 R2 Server VM.  We have case 999667 open and still haven't gotten it working.  One of my partners working on this opened the case.

I can't install Kiwi Syslog Web Access

July 21, 2010, 4:56 pm
$
0
0

Hi all,

I can't install Kiwi Syslog Web Access. Syslog server is installing fine but Web Access is just says that there is an error and rolls back. I had evaluated version installed before and now trying to install licensed.

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am
$
0
0

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

Kiwi Syslog Server - Status Code 500

November 1, 2011, 6:01 am
$
0
0

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

how to setup snort-log link to syslog server?

April 24, 2017, 12:31 pm
$
0
0

how to setup snort-log link to syslog server?

 

in snort.conf  (windows 7 32 bits)

output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT

 

command :

snort -i 1 -c c:\snort\etc\snort.conf -s

 

then get a file in c:\snort\log\snort.log.1493058792.

 

please tell me, how to send log to syslog server?

 

thank you

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>