After installing the permanent license for Kiwi Syslog server the Syslog service will not start. It started without problems when running as the trial version. No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error: The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure. I can't find anything in the Kiwi Syslog documentation about having to login. The OS is Windows 2008 R2. I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator. Is this a known problem? Thanks, Glenn
↧
Can't start Kiwi Syslog Service - Logon Failure
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
↧
Any known issues with D-Link DSL-2500U?
Or am I doing something wrong? If so, I can't figure out what. I have the DSL router feeding a dedicated ClearOS firewall which in turn feeds my LAN. Both networks have Private IP addresses, not a situation that has ever caused any sort of problem in many years or in the many similar sites I have set up. This is the second time I've installed Kiwi Syslog, but the other time was a decade ago and if memory serves both server and monitored device(s) were on the same side of the firewall in that scenario. Now I have the Syslog set up "inside" the firewall and I'm trying to monitor the DSL router wich is of course "outside".
1. The router is set up with
- logging enabled
- logging level "debug"
- log mode "both" (i.e. local + remote)
- Server IP address: the firewall's outside address. (I have also tried this with the syslog server's address, on the other side of the firewall, assuming the f/w would know how to route it. Made no difference)
- Server UDP port: 514
2. The firewall is set up with
- firewall: allowed incoming connection: UDP port 514
- NAT port forwarding: UDP ports from 514 to 514 ip address = Syslog server
3. The Kiwi installation is set up (on a Win 8.1 pro 64 PC)
- Receive messages from: I put in the firewall inside address (as far as I am concerned, the only one I should need to set up) as well the DSL router (its inside address, i.e. facing the firewall) AND the firewall outside address
- [check] Listen for UDP Syslog messages - port 514
4. The PC itself:
- Avast Internet Security firewall: enabled allow Syslog UDP(protocol 17) in/out local port 514
- Windows firewall (don't ask why Avast didn't turn this off) also allowing ALL UDP incoming from ALL IP addresses, edge traversal Allowed
...and nothing ever shows up in Syslog. Nothing. Ever.
Any suggestions at this stage, however mundane or obvious, will be worth looking into... Tks
↧
Kiwi Syslog Service hanging
1st time starting a discussion.
1st time working with Kiwi Syslog.
Let me know if I'm in the wrong place.
I am very new to Syslog Servers.
I'm a Route/Switch type guy.
We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.
This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.
We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.
This issue started after the copy/move of the Kiwi Syslog
No IP addresses were changed, it's on the same network as before.
It starts up, logs are being received, and then they stop.
If you try to start the service, it tells you it's already running.
At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.
Looking at the correct folder I can see the logs are no longer being received.
If I stop the service and start the service it starts.
There is a script that tells it to restart every morning at 4am, and it will do this.
Below is the error event seen when it stopped last time.
Windows Server 2012 R2
64 -bit OS
Has anyone seen this type of issue before?
Any help would be greatly appreciated,
Mhaley
↧
Sporadic entries in KIWI ErrorLog
While browsing the KIWI ErrorLog I noticed these lines pop up but at apparently random times. Sometimes multiple times a day, sometimes not for days at a time. Can't seem to find any reference to them. It's not that the messages are cryptic in and of themselves, but why do they show up in the Error log at such random intervals. Is it a resources utilization event that triggers these actions?
2015-04-08 10:45:04 ShutDownNicely :
2015-04-08 10:45:04 Syslogd_Unload :
Just curious if anyone else has noticed this.
Thanks
BobL.
Oh, BTW, am running v9.3x
↧
↧
LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS
We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6
↧
Cisco IPS appliances SDEE support
Dears,
It is a noticeable that Kiwi Syslog Server does not support log collection in SDEE format sent by Cisco IPS appliances and modules, like IPS 4270.
CISCO IOS IPS supports sending syslog messages, however Cisco IPS appliances only support sending messages in SDEE format, which make their collection impossible.
We are wondering if it's in the scope for Kiwi Syslog Server to support SDEE format in its coming versions.
Thanks,
Roland Daccache.
↧
Kiwi Syslog Console Crashing Constantly After Upgrading 9.5.0 To 9.5.1
After upgrading to v9.5.1, from v9.5.0, we started experiencing constant crashing on our console. Other than a few minor quirks and annoyances, the previous version had not really crashed too often after we applied the hotfix.
Windows Server 2012
Virtual
4 CPUs(2 Cores per Socket, 2 Sockets)
24 GB RAM
150 GB Hard Disk
Kiwi Syslog Server, Installed as a Service
I began to notice the message buffer would quickly drop down from 100%, shortly after starting up the console. Sometimes we would only reach 43K MPH before crashing, while other times we made it up around 350K+ MPH before crashing. And, every time it would crash, the message buffer would be far away from 100%. Previously, the message buffer rarely, if ever, dropped under 100% free.
After reading through various other user issues of the past, I found something that mentioned the "MsgBufferSize" settings in the registry. I went looking into the registry for those settings, however, "MsgBufferSize" was nowhere to be found. I added the "MsgBufferSize" with the value of "10000000", which is shown to be the max value. After adding the settings into the registry, and restarting everything, our system appears to be running fairly smooth, so far. Currently, we are roughly around 430K MPH, with a full 100% buffer free.
Previously posted thread regarding the "MsgBufferSize" registry entry:
Does the Kiwi Syslog buffer with SQL Server
Registry values documentation:
Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties
Value (STRING): MsgBufferSize
Registered mode:
Min value: 100
Max value: 10000000 (10 million)
Default value: 500000
Type: Maximum number of message buffer entries
So, did something change from 9.5.0 to 9.5.1 that would have removed those settings from the registry? If not, then what else would have removed the entry altogether? Or, has the "MsgBufferSize" registry entry been removed all along, and the documentation just not updated? If it has been removed, and is not used anymore, then why would adding the entry back into the registry make everything suddenly start working again?
Thank you,
-Will
↧
Syslog Server is Unable to Capture Logs
Hi Team,
We have newly installed Kiwi Syslog Server (Version 9.6) on or environment.
Earlier it was working properly but now after some days, no logs are reported on that.
I have reinstalled it but still not working.
Need urgent help regarding this.
Thank You,
Ankur Gadwal
↧
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
SolarWinds.SyslogServer.Engine.log
Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
↧
Syslog Server is Unable to Capture Logs
Hi Team,
We have newly installed Kiwi Syslog Server (Version 9.6) on or environment.
Earlier it was working properly but now after some days, no logs are reported on that.
I have reinstalled it but still not working.
Need urgent help regarding this.
Thank You,
Ankur Gadwal
↧
Procurve switches not sending syslog messages in KIWI syslog
Hi all,
New here, searched for discussions but found no entry on procurve switch(es).
The Procurve switches will not send any syslog messages (wiresharked the server)
Turned on logging on the switch: logging 'ip-address'
show debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server
Protocol = UDP
Port = 514
Facility = user
Severity = info
System Module = all-pass
Priority Desc =
tried facility 'syslog' still nothing.
Only the Procurve switches will not send any syslog messages.
Other devices such as Cisco ASA's work fine.
Anyone ideas to solve this?
TIA Jaap
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
Kiwi Syslog not capturing syslogs
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
↧
↧
Klog input file
Having an issue with the klog.exe -i parameter.
The input file contains data across numerous line breaks (example below), however, when logged into Kiwi Syslog Service Manager (9.5) they are displayed as several separate log entries.
Date/Time
Source
User
Message
The data source is from Windows Event Viewer as the Event Log Forwarder doesn't actually forward events in real time for me, so this is a workaround.
What I'd like is for KSSM to treat the above input as 1 message rather than 4 separate messages.
Is this possible? I haven't configured any of the additional settings in KSSM so if this is down to a setting in there I can easily adjust.
↧
Hourly log file rotation (Kiwi Syslog)
Hello,
I''ve tried searching the forum but was unable to find an answer to this specific issue. I just setup Kiwi Syslogd (paid) and have been testing logging from some firewalls. While I have no problem creating the log files and directory structure, log files are being created about every minute. I thought I'd modified this behavior by enabling Log File Rotation (under the Log to File action) with Total number of log files set to "2" and Maximum log file age set to "1 hour", but I am still seeing a log file being created every minute and I do not understand why. Yes I am using AutoSplit Values within the pathname btw (I saw this mentioned in another post), but I'm not sure why this would still generate a file each minute. I'm clearly lost so thank you in advance for pointing me in the right direction.
-l4d
↧
Kiwi Syslog Service Keeps crashing
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
↧