Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
Changing Kiwi Syslog web port
↧
How to delete old records from Kiwi Syslog Web Access?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
↧
Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195
We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.
Thanks in advance.
↧
Filtering out certain messages in Kiwi Syslog...
Hello,
I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:
"port D10-High collision or drop rate."
D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.
The only problem is that there is no space between D10 and "-High"
And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."
Is the only way to do this by putting 16 separate filters like so: ...?
"D1-High"
"D2-High"
"D3-High"
...."D16-High"
or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).
You input is appreciated. Thank you.
↧
Kiwi Syslog Server 9.4.1 - Active Directory Settings
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
- Domain URL: <Free Form Box> My domain prepopulated correctly.
- Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
- User Groups: <Free Form Box> Does the format need to be LDAP based?
↧
↧
how to setup snort-log link to syslog server?
how to setup snort-log link to syslog server?
in snort.conf (windows 7 32 bits)
output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT
command :
snort -i 1 -c c:\snort\etc\snort.conf -s
then get a file in c:\snort\log\snort.log.1493058792.
please tell me, how to send log to syslog server?
thank you
↧
Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0
After upgrade, when I start the Kiwi Syslog app I get a box that comes up and says "Trial version of ActiveSkin control" and I need to click OK. Anyone else see this?
Debbi
↧
Syslog of the Syslogger
I've poked around a bit, but haven't really found anything to answer my question. Then again, trying to phrase a search term to find the answer would be problematic given the product.
I've had error 28: Stack Space, issues lately. For the last few weeks, the system in question has been getting an excess of logs. I'm working on the other end of those logs to bring the rate down, as not to surpass the 2,000,000 per hour threshold. I know that Kiwi has the ability to send out hourly status emails, but I was wondering if there was the capability to save these files, or generate them locally. I'd like to be able to syslog the syslogger. An hour is a pretty wide timerange given the error. You can be at 20k MPH at minute 53, and then suddenly there is a DDoS that pushes you to 5,000,000 MPH, and crashes the syslogger. This leaves me without a way of seeing what happened through a 'View Statistics File' viewpoint.
Any ideas would be appreciated! Thanks!
↧
How to delete old records from Kiwi Syslog Web Access?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
↧
Log Forwarder .net error
We are testing LF and it's working so far on all our 2012 and 2016 servers.
Multiple 2008 servers with .net 1.1, 3.5 sp1, and 4.5.2, produce this error over and over:
Application: LogForwarder.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at LogForwarder.LogForwarderService.LoadConfigFile()
at LogForwarder.LogForwarderService.InitService()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
As I understood it, 4.5 was an inplace replacement for 4.0. Is this not correct? Or do I have to troubleshoot something else? Running the .net 4 installer says a higher version is installed.
Thanks!
↧
System Requirements for Kiwi Syslog Server with Kiwi Syslog Web Access
We would like to know the minimum System Requirements for Kiwi Syslog Server when we install Kiwi Syslog Web Access.
I know there is "System Requirements for Kiwi Syslog Server " on the following page:
http://solarwinds.ie/products/kiwi_syslog_server/
Is it the same requirements even if we install Kiwi Syslog Web Access?
↧
Procurve switches not sending syslog messages in KIWI syslog
Hi all,
New here, searched for discussions but found no entry on procurve switch(es).
The Procurve switches will not send any syslog messages (wiresharked the server)
Turned on logging on the switch: logging 'ip-address'
show debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server
Protocol = UDP
Port = 514
Facility = user
Severity = info
System Module = all-pass
Priority Desc =
tried facility 'syslog' still nothing.
Only the Procurve switches will not send any syslog messages.
Other devices such as Cisco ASA's work fine.
Anyone ideas to solve this?
TIA Jaap
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
↧
Kiwi Syslog "Check for update..." error
We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".
We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.
From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:
<?xml version="1.0"?>
-<KiwiSyslogServerVersionManifest Version="1">
<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>
</KiwiSyslogServerVersionManifest>
I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).
Has anyone experienced the same issue or know how to fix it?
Thanks!
↧
Kiwi Syslog Server Log Location won't change.
Hey all,
I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.
Kiwi Syslog Server 9.2.1 (Free version.)
Windows Server 2003 SP2 (WORKGROUP)(VM)
Current configuration:
Log to Log File
Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt
If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.
There are three local users, all of which show the same configuration.
I have tried deleting and recreating the Log to Log File rule. No change.
I have tried starting and stopping the service. No change.
I have tried exporting the system settings, and then reimporting them. No change.
I have tried searching the registery for the old location. Nothing found.
I have two theories.
1. The settings are locked for some reason.
2. The settings are stored somewhere else.
Any help would be great.
Thanks,
Aaron
Solarwinds Padawan
↧
SolarWinds.SyslogServer.Engine.log
Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS
We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6
↧
↧
Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server
Hello Everyone,
First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs 6005, 6006, 6008, 6009 and 1074.
I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.
Any tips on how to collect these logs?
Windows 2012R2 and Windows 7 Enviorment
Using Kiwi Syslog Server 9.6 and Event log Forwarder
↧
Aruba ClearPass and syslog messages truncated
Hello,
I have a problem with my Kiwi Syslog server and syslog messages received from my Aruba ClearPass Server. So I get the messages, no problem with that, but they are truncated. I mean, I don't get the full syslog message.
Here is an example : 10-09-2013 11:52:18 Local1.Debug 1.1.1.1 2013-10-09 10:48:42,270 1.1.0.1 Guest Access 66 1 0 RADIUS.Auth-Method=PAP,RADIUS.Auth-Source=Local:localhost,
Normally, here are all the information sent by Aruba ClearPass (and that should be present into the message) :
RADIUS.Acct-Authentic
RADIUS.Acct-Called-Station-Id
RADIUS.Acct-Calling-Station-Id
RADIUS.Acct-Delay-Time
RADIUS.Acct-Framed-IP-Address
RADIUS.Acct-Input-Octets
RADIUS.Acct-Input-Pkts
RADIUS.Acct-NAS-IP-Address
RADIUS.Acct-NAS-Port
RADIUS.Acct-NAS-Port-Type
RADIUS.Acct-Output-Octets
RADIUS.Acct-Output-Pkts
RADIUS.Acct-Service-Name
RADIUS.Acct-Session-Id
RADIUS.Acct-Session-Time
RADIUS.Acct-Status-Type
RADIUS.Acct-Termination-Cause
RADIUS.Acct-Timestamp
RADIUS.Acct-Username
RADIUS.Auth-Method
RADIUS.Auth-Source
As you can see, there are only the last 2 parameters which I can see on Kiwi Syslog. Is there something to setup in Kiwi ?
Thanks for you help.
Dimitri
↧
Forward Event Viewer subscriptions with Event Log Forwarder for Windows
Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.
I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)
Thanks!
Jeremy
↧