Hi all,
I am currently using kiwi syslog 9.1 in win2008 which i have been using for a few months.
Since yesterday i can see that for every minute a file name "192.168.x.x-515-connectionxxxx.bin" is generated under C:\program files (x86)\syslogd \cache
Each file has a size of 1MB.
I tried deleting the cache folder but after sometime this file generation thing comes back again.
Pls advise how this can be solved? Thks in advance.
We have a couple of Forescout NAC devices. They are configured to forward to our local Kiwi servers, and then rules on the Kiwi are supposed to be sending warning & above messages to the main Orion server. Unfortunately, I have oodles (technical term) of info messages showing in the main repository. I'm pretty sure the Kiwi rules are correct (they are working for other devices) but our on site security guy isn't a Forescout expert, so he hasn't been able to see anything wrong on the NAC itself. I'm thinking we have it set to forward directly to Orion under a different facility, but that's a pure guess. From what I've seen of the NAC's SYSLOG setup there aren't drop downs to look at different facilities.
Does anyone have experience with this? Thanks in advance!
I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?
Thanks,
Caleb
Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.
Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD
SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server
I have never used Syslogs before but was asked to setup one.
I am having trouble setting it up with my Cisco ASA 5505 security Device.
I can ping FROM the server to the Cisco ASA
I can ping FROM the ASA to the Server.
Things I have done.
Any ideas on why the syslog server isn't displaying the info?
Thanks so much in advance!
Hi all,
Is there a way that I am able to have Kiwi Syslog read from or import from a text file or CSV file that may be generated by a program that does not support Syslog?
Thanks.
I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.
logging trap errors
logging source-interface Ethernet0/0
logging 172.16.7.57
snmp-server community readmib RO
snmp-server enable traps snmp
snmp-server enable traps syslog
snmp-server host 172.16.7.57 traps writemib
!
Installed Kiwi syslog 9.5 in Windows 2012 R2 server(in Virtual Machine). We need to configure SNMP listner in Kiwi syslog , to recieve SNMP logs from application.
SNMP trap service is stopped & Windows Firewall is stopped.
Error : unable to bind snmp listner to any adaptor on specified port 162.
I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
I am setting up the Kiwi Log Forwarder for windows 2008R2 If i select all the logs ( the logical thing to do in my opinion) I get an "Invalid Subscription error" 
What is the fix for this as 23 event logs does not cover the list of secondary logs in windows 2008R2
Thank you
Hi all,
I trying to create filter for my kiwi syslog server, web access filter. I'm using this criteria, Date and severity Levels. For severity levels, I will need to set it asCritical and Emergency, but I was unable to find a way to do it in one filter. Any advice and suggestions will be greatly appreciated.
I have installed and configured the event log forwarder on a system, followed the documentation This all seems work except actually forwarding events to the Syslog that is setup. I did a wire shark dump and I don't see this occuring at all. I have generated test events and it still won't send anything. How long is the typical wait for this setup? Did i miss something ?
I have setup subscriptions in windows to test forwarding and collecting logs, which know that works just not the solarwinds "subscription"
Thanks
Set up Log Forwarder for the first time - SolarWinds Worldwide, LLC. Help and Support
During installation of Syslog Web Access, you are prompted for a userid and password. The password can be changed at any time easily.
But how does one change the userid? Where is it stored?
We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again. But having already asked us once, it did not ask us again.
Thanks,
-Ken
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
Hello guys...
I'm just evaluating Kiwi Syslog Server for collecting windows event logs (fed by snare agents).
Everything is working like a charm except creating own filters in web access.
I want to create a filter to show every event containing a special string (Logon Type: 3) in "Message Text".
filter field: message text
predicate: is
field operator: like
filter expression: Logon Type: 3
does not work: no filtering is done.
filter expression: Logon Type:
and
filter expression: Logon Type
work, just entries containing "Logon Type" are displayed.
Is there any possibility to filter for "Logon Type: 3"?
Thanks in advance, Jens
SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server. Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders. (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")
External link to Jing: autosplit - justinfinley's library
Video Guide:
Remember to "LIKE" this if you find it useful - that helps other find it too!
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
Currently Kiwi Syslog Server 9.x release supports syslog based on RFC 3164. Are there any plans to add support for RFC 5424 in a future release?
Thank you,
David
Hi,
We are looking into installing Kiwi Syslog Server or LEM for our log monitoring needs.
Currently comparing Kiwi Syslog Server and LEM and trying to find if one or both of them has feature that helps us to create service now ticket when we receive certain logs. We'd appreciate any information on this.
Regards,
Manish
1st time starting a discussion.
1st time working with Kiwi Syslog.
Let me know if I'm in the wrong place.
I am very new to Syslog Servers.
I'm a Route/Switch type guy.
We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.
This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.
We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.
This issue started after the copy/move of the Kiwi Syslog
No IP addresses were changed, it's on the same network as before.
It starts up, logs are being received, and then they stop.
If you try to start the service, it tells you it's already running.
At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.
Looking at the correct folder I can see the logs are no longer being received.
If I stop the service and start the service it starts.
There is a script that tells it to restart every morning at 4am, and it will do this.
Below is the error event seen when it stopped last time.
Windows Server 2012 R2
64 -bit OS
Has anyone seen this type of issue before?
Any help would be greatly appreciated,
Mhaley
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!