Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
How to export Kiwi syslogs
↧
Problem with filtering in Kiwi Syslog
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
Any suggestions are appreciated.
Ron
↧
↧
web filtering rules and export
I have Kiwi syslog and setup a filter to find all VPN authentication requests.
I'm looking to accomplish two things.
#1. Run this weekly and auto report / email this data to myself.
#2. Only report this information from the last week. The filter right now searches all logs from the beginning of time. I only want to look at information from the last week.
Thank you!
↧
SCRIPT SEND LOGS TO A QUEUE STORAGE AZURE
Hi all, I need to send the log files from my virtual machine with kiwi syslog to a storage of microsoft azure automatically, is there any way to be able to direct to the cloud? through some script or some other form? thank you very much
↧
Can't start Kiwi Syslog Service - Logon Failure
After installing the permanent license for Kiwi Syslog server the Syslog service will not start. It started without problems when running as the trial version. No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error: The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure. I can't find anything in the Kiwi Syslog documentation about having to login. The OS is Windows 2008 R2. I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator. Is this a known problem? Thanks, Glenn
↧
↧
How to Migrate Kiwi Syslog Server
There are 3 things that you need to consider when migrating Kiwi Syslog Server:
- Configuration - to back them up, simply open the Kiwi Syslog Server Manager and click "File -> Export Settings to INI" .
- Logs - Manually copy Syslog messages log files. Under Setup, look for all Log to file - action and take note of the path and file name.
- License - Deactivate the license from the old server using License Manager Tool first so that you can transfer the license to the new server. Please take note that Activation Key will be different once the license is deactivated. You can refer to the following video for more detail information:
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
log forwarder and dhcp auditing?
I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
↧
Kiwi Syslog not capturing syslogs
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
↧
↧
How to encrypt syslog from cisco switch or router into Kiwi syslog?
I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.
I read somewhere I can use syslog tls or snmp trap v3
Is that possible using Kiwi Syslog
thanks
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
SolarWinds.SyslogServer.Engine.log
Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
Kiwi Syslog "Check for update..." error
We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".
We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.
From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:
<?xml version="1.0"?>
-<KiwiSyslogServerVersionManifest Version="1">
<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>
</KiwiSyslogServerVersionManifest>
I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).
Has anyone experienced the same issue or know how to fix it?
Thanks!
↧
↧
Does Kiwi syslog server support TLS 1.2? If so how to enable it?
I am trying to connect to kiwi syslog server in secure TCP mode. From my client side (c# code) I try to connect to kiwi syslog sever using TLS 1.2 protocol. But SSL Handshake from server is set to TLS 1.0
I installed kiwi server in Windows 7 SP1 and enabled TLS 1.2 in the system by modifying the system registry.
SSL handshakes captured using Network monitor are given below
Client HandShake
Server HandShake
Client side code( c#)
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var tcpClient = new TcpClient(hostname, port);
var tcpClientStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpClientStream, false, ValidateServerCertificate)
{
ReadTimeout = timeout,
WriteTimeout = timeout
};
sslStream.AuthenticateAsClient(hostname, new X509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);
↧
Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind
The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.
Kiwi Syslog Server [Registered] Version 9.0.3
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------
+ Messages received - Total: 1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour: 996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour: 101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average: 996804
+ Messages forwarded: 769810
+ Messages logged to disk: 1194581
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 2
+ Errors - Oversize message: 309
+ Disk space remaining on drive E: 41554 MB
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 0 | 0.00% |
| 1 - Alert | 2753 | 0.25% |
| 2 - Critical | 496 | 0.05% |
| 3 - Error | 5745 | 0.52% |
| 4 - Warning | 103603 | 9.43% |
| 5 - Notice | 42938 | 3.91% |
| 6 - Info | 775902 | 70.62% |
| 7 - Debug | 167316 | 15.23% |
+--------------------+------------+------------+
Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0
End of Report.
DNS Cache size 20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits 0
DNS Cache misses 0
DNS Cache TTL 1440 minutes
Total DNS Lookups 0
Successful cache hits 0%
IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static
Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count: 19932
Message Count Max: 20000
Percentage free: 1
E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count: 0
Message Count Max: 13
Percentage free: 100
↧
sys log server errors "FormatMessage failed with 1815" help please!!
Good day Community,
I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.
Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.
I would really appreciate your humble assistance or comments.
Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015
4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544
The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be
found. Either the component that raises this event is not installed on your local computer or
the installation is corrupted. You can install or repair the component on the local computer.If
the event originated on another computer, the display information had to be saved with the
event.The following information was included with the event: S-1-0-0. FormatMessage failed with
error 1815, The specified resource language ID cannot be found in the image file.
↧
Kiwi Syslog Server 9.4.1 - Active Directory Settings
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
- Domain URL: <Free Form Box> My domain prepopulated correctly.
- Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
- User Groups: <Free Form Box> Does the format need to be LDAP based?
↧
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Log forwarder fail to start on windows server 2012
Hi
today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:
after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)
and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''
did you ever faced something like this?
how do i have to procede?
thanks a lot
↧
kiwi syslog 9.5 database
I just installed kiwi syslog 9.5, I would like to have log actions to a sql database. I have created the table but the syslog server won't log the traffic to the database,when I click the test button the syslogd service stops. It does this every time, how do I make this syslog server log to the database?
↧