I just setup an evaluation installation of the Kiwi Syslog Server and it's Web Access component. I have one relatively high volume system logging to it.
When I search for specific logs using filters in the Web Access, it takes a very long time fetching the events. If this is the case with only one system logging to it I am concerned about performance if I have a bunch more systems log to it.
Is this typical behavior for Kiwi Web Access?
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
We are having problems getting EMET to allow the kiwi syslog server service to run on an Windows 2012 R2 Server VM. We have case 999667 open and still haven't gotten it working. One of my partners working on this opened the case.
Hello All,
I am planning to Deploy a Kiwi Syslog server to my NPM Environment.
We are planning to enable snmp traps and syslog messages to be sent from other tools to SolarWinds NPM hoping to have one alert dashboard focused on SolarWinds NPM.
I don't want to flood the polling engine and peg the processing power dealing will all the additional noise.
Instead the Kiwi Syslog server will process the items and forward the actionable items to the SolarWinds Server to be alerted and ticketed.
Any thoughts, concerns , or tips are appreciated.
Thank you,
Raymond
Error Number: 6
Description: 溢出
Module Name: RC4Encryption.bas
Procedure Name: KiwiEnCryptLots
Line Number: 440
when setting syslog log to MS SQL server,then the program breakdown with the error message above.
Hi,
i never used syslog servers and i would like to setup a logging system for my meraki mr32 devices.
I tried to setup myself Kiwi with the mr32 but with no success.
Can someone help?
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
I just setup an evaluation installation of the Kiwi Syslog Server and it's Web Access component. I have one relatively high volume system logging to it.
When I search for specific logs using filters in the Web Access, it takes a very long time fetching the events. If this is the case with only one system logging to it I am concerned about performance if I have a bunch more systems log to it.
Is this typical behavior for Kiwi Web Access?
Log files which KIWI Syslog generate is in text format. Is it possible to encrypte this file or change the format of log files some how?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
I have installed and configured Kiwi Syslog, i recently started noticing the service stops randomly. after looking through event logs im finding that the app keeps crashing and i get the below. any ideas?
Faulting application name: Syslogd_Service.exe, version: 9.4.0.2, time stamp: 0x54fda0c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x064edf14
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Service.exe
P2: 9.4.0.2
P3: 54fda0c5
P4: unknown
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: 064edf14
P9:
P10:
Attached files:
C:\Windows\Temp\WER751C.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e\minidump.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e
Analysis symbol:
Rechecking for solution: 0
Report Id: e3d4b04b-1f3b-11e5-80de-005056aa628b
Report Status: 4
Hashed bucket:
Hello,
I'm currently trying to get the logs of where (what IP) and when (date and time) the Domain Administrator account information is used to log into one of three specific machines (2 DC's, and a Finance server). I'm having some trouble defining the subscription in the Kiwi Log Forwarder - Specifically, what boxes do I need to tick off and what event ID number do I need to include? I have the IP's for the three servers that I want AD to send the Admin login logs from. Thanks!
Hi all,
New here, searched for discussions but found no entry on procurve switch(es).
The Procurve switches will not send any syslog messages (wiresharked the server)
Turned on logging on the switch: logging 'ip-address'
show debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server
Protocol = UDP
Port = 514
Facility = user
Severity = info
System Module = all-pass
Priority Desc =
tried facility 'syslog' still nothing.
Only the Procurve switches will not send any syslog messages.
Other devices such as Cisco ASA's work fine.
Anyone ideas to solve this?
TIA Jaap
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.
I read somewhere I can use syslog tls or snmp trap v3
Is that possible using Kiwi Syslog
thanks
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
Dear all,
I would like to know how to backup a Kiwi Syslog Server. We are installing this in VM, but the environment only has NetBackup.
I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?
I am not able to find any reference in the Admin guide.
Best Regards,
Rayson Wong
We are having problems getting EMET to allow the kiwi syslog server service to run on an Windows 2012 R2 Server VM. We have case 999667 open and still haven't gotten it working. One of my partners working on this opened the case.
HI all,
My first post, i wish to share you some tips i found.
My main goal was to have access to the kiwi web site working with SSL...
But looking at Cassinni Web Server, it wasn't possible.
After searching more on this forum I found a post about a Rewriting Module with Apache ; so why dont we do it with IIS ?
Here we go !
- Win 2008 R2 , IIS 7 (with auth modules etc ...) , at least a working SSL certificate for the HTTPS listener (this post will not cover how PKI works, certs installation etc .... sorry).
- We will use the ARR 2.0 module x64 for IIS... See References at bottom for DL link, install it.
- A running Kiwi Syslog Server and the Web Access working on port 8088. Access via a browser works on this port.
- Enable the rewrite/proxy module in IIS
- Create a new IIS Web Site with HTTPS Listener on TCP Port 8090
- Create a rule to rewrite requests from 8090 to 8088
- When connecting on https://server:8090 , we would see Kiwi Web page.
"C:\Windows\System32\inetsrv\appcmd.exe" set config -section:system.webServer/proxy /enabled:"True" /commit:apphost
set syslogwebdir=c:\inetpub\syslog
set syslogsitename=SYSLOG
"C:\Windows\System32\inetsrv\appcmd.exe" add site /name:"%syslogsitename%" /id:15 /bindings:https/*:8090: /physicalPath:"%syslogwebdir%"
3.1 With batch/cmd line(copy/past to a BAT file)
set CERTHASH=EnterYourHashHere
netsh http add sslcert ipport=0.0.0.0:8090 certhash=%CERTHASH% appid={00000000-0000-0000-0000-000000000000}
3.2 With IIS Manager (if you don't know where to read Hash Certificate).
-Right Click on SYSLOG site, modify Bindings.
-Select https 8090 * Listener > Modify.
-On the "box" SSL Certificate, choose your certificate for the server.
-"OK"
set syslogsitename=SYSLOG
set syslogrulename="Rewrite to Kiwi localhost 8088"
:: Rewrite Rule creation
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /+[name='%syslogrulename%']
:: Rule Parameters (one line)
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /[name='%syslogrulename%'].action.type:"Rewrite" /[name='%syslogrulename%'].match.url:"(.*)" /[name='%syslogrulename%'].action.url:"http://localhost:8088/{R:1}"
Test with your browser https://localhost:8090/
Now you can access from an "admin desktop" to this new SSL web site ...
Configure your firewalls to forbid access on port 8088 to this server (or/and configure the internal Windows Firewall of this server to allow only Localhost connection on 8088).
6. Refs Used
http://learn.iis.net/page.aspx/489/using-the-application-request-routing-module/
---
At the beginning i was thinking to use http://mysite/syslog/ as a virtual directory, but I got some troubles with events.aspx and the rewrite module.
Inbound Rules was OK ; But Outbound Rules to rewrite URLS were not working as expected ; and filters in Kiwi were not working anymore.
That's why i decided to create a new site on another binding, with a root site ; so don't need to create Outbound Rules ...
---
Sorry for my English ... i'm french :)