Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am
$
0
0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

  • Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
  • Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
  • Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Search

kiwi-syslog-server-fails-to-start-and-only-shows-a-small-window

May 4, 2010, 7:38 am
$
0
0

I am getting this error on my Win 2K3 box and cannot seem to fix the problem.  It first appeared when I was trying to make the server more secure, and I believe it has something to do with scripting.  However, when I tried re-installing windows script components, it did not fix the problem.  Has anyone run into a similar issue?

Thanks in advance!

Nathan

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm
$
0
0

I am setting up a kiwi syslog server.  Running into a problem with the filtering not working the way I would expect.  I have used Kiwi but that was several years ago.  I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch. 

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2".  On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup.  I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem.  Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.


Ron

Kiwi Syslog Complex Text Parsing

September 21, 2012, 5:26 am
$
0
0

I am trying to quiet down my kiwi syslog server a bit. I have reporting working well for several functions.

 

I have it alerting on any service "entered the stopped state" but this is making my server noisy.

 

I want to exclude "The Application Experience service" from sending an alert, but can't seem to get the text to parse properly to do this.

 

I have made my rule like so, but it's not working properly.

 

kiwi.JPG

 

Am I doing this right, or should I be doing this another way?

 

Does anyone else notify on services stopping?

 

Thanks.og_setup

Forward to another host ?

December 30, 2012, 3:56 am
$
0
0

Hello, ser

 

I am using kiwi syslog server 9.3.3.

I have installed log forwarder and configured it to send log number 528 Security log form event viewer.
I am getting the log inside the kiwi syslog server and stored in a text file as well .

 

 

The kiwi is configured for 3  Actions .

 

1.Forward to another host - doesn work
2.Display -works
3.log to file -works

 

Forward to another host doesnt work , i am not getting the log to out SIEM(Using Qradar)
Though when i use the test button and send a test log to the siem i do get the test log.

 

I Have no idea why test log works and the reguler doesnt get sent to the SIEM .

Please help me

1.jpg2.jpg

SNMP forwarding

July 5, 2010, 5:55 am
$
0
0

All

I have setup my KIWI syslog server to listen for SNMP traps, successfully.  Is there a way to setp KIWI, or an available action to forward the SNMP traps to other SNMP trap receivers as KIWI receives them.

Thanks

KIWI New Guy

Kiwi Syslog - Filtering "Message" Using RegEx Not Responding

March 21, 2012, 2:34 pm
$
0
0

I'm trying to set a MESSAGE filter looking for the string "src=10.1.1." - then I want to append a regex to limit the IP Addresses in this Rule.

For example, the field input I use is:

"src=10.1.1."[1-9]|[1-4][0-9] (src=10.1.1.1 thru src=10.1.1.149)

but all IP's are visible.

For testing, I use "src=10.1.1."[2], and make sure the test string IP Address is 10.1.1.2 - test passes.

So I change the string to "src=10.1.1."[4], and force an event on that server. It appears in the messages - but so still do all the other IP's.

Can someone identify why this regex is not working?

Thx

Filtering out certain messages in Kiwi Syslog...

January 10, 2013, 8:12 am
$
0
0

Hello,

 

I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this:

 

"port D10-High collision or drop rate."

 

D10 is a device bay in a chassis and that is what we are really interested in here. There are 16 device bays so it can be D1, D2, D3....D16.

 

The only problem is that there is no space between D10 and "-High"

 

And we WOULD like to keep getting messaged that dont have the Dx part in it so we cant just filter out "collision or drop rate."

 

Is the only way to do this by putting 16 separate filters like so: ...?

 

"D1-High"

"D2-High"

"D3-High"

...."D16-High"

 

or is there a wildcard we can put in place of the number? Catch is that sometimes it could be a single digit (1-9) or it could be a double digit (10-16).

 

You input is appreciated. Thank you.

Search

Kiwi Syslog - Microsoft IIS 7 Integration Documentation

May 3, 2012, 1:47 pm
$
0
0

Hi Everyone,

 

I was wondering whether or not detailed documentation exists covering the integration of Kiwi Syslog and Microsoft IIS 7.  I have noted the following how to:  "TIPS HOW TO - Kiwi Syslog Web Server with SSL and IIS 7", however it doesn't cover the complete installation process with both components from start to finish.  For reasons outside of the scope of this topic, we are unable to leverage the Ultidev Cassini web server and any assistance or direction to documentation would be greatly appreciated.

Freeware Kiwi Syslog Server v9.3.1

May 15, 2012, 7:40 pm
$
0
0

Hi,

 

How can I use Kiwi Syslog Server v9.3.1 Freeware version?

 

I've downloaded the Free Trial program and installed it by "Kiwi_Syslog_Server_9.3.1.Eval.setup.exe".

After the evaluation period, Kiwi Syslog Server turned to "Unlicensed version", not "Freeware version".

I remember the previous version turned to "Freeware version" after the expiration of the trial or when  installed by the installer from our customer portal.

But I cannot use v9.3.1 Freeware mode...

 

If there's information about it, please let me know.

 

Thank you.

Chito

Syslog Message Logging to MYSQL DB

September 14, 2012, 3:03 pm
$
0
0

I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.

But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.

 

Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.

 

2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5

 

Only the following things needs to be extracted and logged to DB.

 

MsgDate:  2012-09-01

MsgTime:  10:37:14

MsgHostname: HQ-IPS-01

AttackId:   300000

AttackType: Intrusions

AttackDesc: BO-WINXP

AttackSrc: ACCTS-C-PC1

AttackDst: ACCTS-C-PC2


The number of such logs that needs parsing by the script will be more.

Request provide me guidance in configuring this.

 

Any help on this would be greatly appreciated!

 

Thanks all...

Log forwarder for windows

October 23, 2012, 12:31 am
$
0
0

We are using licensed copy of Kiwi Syslog server with it's Log Forwarder for windows.

 

I am interested if I configure two log servers on the Log Forwarder for Windows and enable both of them will log forwarder send logs to both syslog servers at the same time?

 

We need logs to be sent to the Kiwi Syslog server and to another syslog server simultaneously.

 

We were able to configure the log forwarder itself and added both syslog servers but we see different number of matches on the firewall and this is the reason why I am asking this question.

 

Thank you

How to delete old records from Kiwi Syslog Web Access?

September 4, 2009, 8:18 am
$
0
0

How to delete records from the Kiwi Syslog Web Access?

Thanks.

I can't install Kiwi Syslog Web Access

July 21, 2010, 4:56 pm
$
0
0

Hi all,

I can't install Kiwi Syslog Web Access. Syslog server is installing fine but Web Access is just says that there is an error and rolls back. I had evaluated version installed before and now trying to install licensed.

Kiwi Syslog 9.3.3 is Now Generally Available

October 24, 2012, 8:23 am
$
0
0

Kiwi Syslog v9.3.3 is now available for download in your customer portal, for those of you who have an active maintenance.

 

Below is a list of the changes in this version.

 

We hope you enjoy this new release of Syslog!

Adds

  • Product maintenance renewal notifications
  • Support for Windows 2012
  • Support for Windows8
  • Support for SQL Server 2012
  • Support for Internet Explorer 10
  • Support for SolarWinds Licensing

Fixes

  • Fixes for the issue of Email text containing "< and >" being stripped out

Known Issue

  • Sound will not play in alert actions when set to play once. The suggested workaround is to enable the sound to play from 2 to 200 times.
Search

Windows event log forwarder for Windows NT

October 25, 2012, 3:11 am
$
0
0

arHi

 

I have been looking for user manual for windows event log forwarder, but no success so far, basically I just want to find out if windows event log forwarded is compatible with Windows NT Server/Workstation

 

 

Thanks

Kiwi Syslog 9.3.4 is Now Generally Available

November 8, 2012, 2:29 am
$
0
0

Kiwi Syslog v9.3.4 is now available for download in your customer portal, for those of you who have an active maintenance.

 

Below is a list of the changes in this version.

 

Fixes

  • Resolution for daily statistics and alarm emails in HTML format garbled
  • Resolution for changes in setup not effective until service restart


Note

Please note that due to technical reasons, the version that can be downloaded for evaluation purposes is still 9.3.3.

If you are evaluating Kiwi Syslog and need to have the above problems fixed, please let us know and we will provide you with v9.3.4.


Changing the userid for Syslog Web Access

October 13, 2009, 2:06 pm
$
0
0

During installation of Syslog Web Access, you are prompted for a userid and password.  The password can be changed at any time easily.

But how does one change the userid?  Where is it stored?

We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again.  But having already asked us once, it did not ask us again.

Thanks,

 

-Ken

Kiwi Syslog Service Keeps crashing

March 19, 2010, 11:05 am
$
0
0

We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day.  We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network.  We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's.  We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often. 

Has anyone else seen this problem and if so, what kinds of things did you try/do?  Is this box just getting pegged so hard that it's causing the service to malfunction and trip up?  I'm not a Windows guy but is this issue even Windows related?  The only other application we have running on this server is CatTools and it runs clean with no service issues.  The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself. 

Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.

 

Thankyou in advance!

Parsing syslog message to database

October 25, 2010, 2:08 pm
$
0
0

I've got a script to parse elements of the syslog message into Fields.VarCustom01 and 02 (tested and working.)  I've also got a rule to log to SQL server and setup a custom DB format for the two custom fields (tested and working.)   How do I get the Fields.VarCustom0X value to go to the MsgCustom0X field in the database?   The action are setup to run the script then log to the database. 

Thanks in advance for any suggestions
Bill

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>