Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am

≫ Next: SSL support for Kiwi Syslog server

≪ Previous: Kiwi Syslog Server Web Interface Very Slow

Hey all,

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

Current configuration:

Log to Log File

Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

There are three local users, all of which show the same configuration.

I have tried deleting and recreating the Log to Log File rule. No change.

I have tried starting and stopping the service. No change.

I have tried exporting the system settings, and then reimporting them. No change.

I have tried searching the registery for the old location. Nothing found.

I have two theories.

1. The settings are locked for some reason.

2. The settings are stored somewhere else.

Any help would be great.

Thanks,

Aaron

Solarwinds Padawan

↧

SSL support for Kiwi Syslog server

March 9, 2015, 2:23 am

≫ Next: SYSLOG error with windows server 2012

≪ Previous: Kiwi Syslog Server Log Location won't change.

Hi All,

Few months back we bought Kiwi Syslog Server license version because of the SSL feature only. I enabled the option Secured TCP option. But unfortunately it is unable to bind the port itself.

It says "invalid certificate provided". We use the same SSL certificate for other products with no issues. If use the same port for TCP or UDP only then it is working fine. I could not find what is the exact issue.

I contacted the SolarWinds customer portal few months back. They are not able tell what is exactly going on. Can you some one help me in fixing the problem?

Regards,

Abdun

↧

SYSLOG error with windows server 2012

June 9, 2015, 12:24 am

≫ Next: Kiwi Syslog WebServer - Disable Session Timeout

≪ Previous: SSL support for Kiwi Syslog server

i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog 6 Application 127 lun giu 08 17.03.41 2015 1003 Microsoft-Windows-Security-SPP N/A Information srv-av.astergenova.it 0 The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."

do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed

↧

Kiwi Syslog WebServer - Disable Session Timeout

April 26, 2017, 6:17 am

≫ Next: Kiwi Syslog not capturing syslogs

≪ Previous: SYSLOG error with windows server 2012

Hi,

We are using the webserver on a display screen for monitoring purpose but we issue timeout problem.

After reading this article Kiwi Syslog Web Access I have a question:

Is it possible to disable WebServer session timeout ?

Thank's

↧

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm

≫ Next: Administrator Password Missed; Other way to login

≪ Previous: Kiwi Syslog WebServer - Disable Session Timeout

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

↧

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am

≫ Next: Kiwi Syslog Server limitations

≪ Previous: Kiwi Syslog not capturing syslogs

Hi,

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

Thanks,

Syed

↧

Kiwi Syslog Server limitations

July 28, 2017, 9:00 am

≫ Next: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

≪ Previous: Administrator Password Missed; Other way to login

Hi everyone,

I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?

I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)

Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?

Another question:

Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?

Thanks in advance!

↧

Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

March 18, 2011, 4:43 am

≫ Next: Event Log Forwarder - Where is the Audit Failure Type?

≪ Previous: Kiwi Syslog Server limitations

Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log

is see the below message repeating itself:

2011-03-18 10:54:01 Licensed action was found in settings and disabled.

2011-03-18 13:37:56 Licensed action was found in settings and disabled.

2011-03-18 13:37:57 Licensed action was found in settings and disabled.

↧

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm

≫ Next: no log shows on Kiwi Syslog Web Access

≪ Previous: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

Hi There,

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?

Thanks,

↧

no log shows on Kiwi Syslog Web Access

August 25, 2015, 11:44 am

≫ Next: Syslog web access filter

≪ Previous: Event Log Forwarder - Where is the Audit Failure Type?

I am having kiwi syslog 9.5 installed.

I choose to install as service and also installed the web access.

The syslog console opened fine and I see logs on displayed and also to file.

However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.

But I still see no log on web access.

1) I tried to uncheck all the "Log to Syslog Web Access".

2) Closed the Console Manager and reopened it

3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.

4) Opened and log in to web access -> Still see nothing.

any idea?

↧

Syslog web access filter

April 4, 2016, 10:43 pm

≫ Next: how to setup snort-log link to syslog server?

≪ Previous: no log shows on Kiwi Syslog Web Access

Hi all,

I trying to create filter for my kiwi syslog server, web access filter. I'm using this criteria, Date and severity Levels. For severity levels, I will need to set it asCritical and Emergency, but I was unable to find a way to do it in one filter. Any advice and suggestions will be greatly appreciated.

↧

how to setup snort-log link to syslog server?

April 24, 2017, 12:31 pm

≫ Next: Kiwi collecting from Samsung OfficeServ 7070

≪ Previous: Syslog web access filter

how to setup snort-log link to syslog server?

in snort.conf (windows 7 32 bits)

output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT

command :

snort -i 1 -c c:\snort\etc\snort.conf -s

then get a file in c:\snort\log\snort.log.1493058792.

please tell me, how to send log to syslog server?

thank you

↧

Kiwi collecting from Samsung OfficeServ 7070

September 20, 2017, 5:49 am

≫ Next: Problem with Syslog Message Delay and out of Order.

≪ Previous: how to setup snort-log link to syslog server?

Has anyone managed to get CDR data from an OfficeServ 7070 to a Kiwi Syslog server? It seems as if for this PABX the application must actively fetch the data rather than listen for it on UDP or TCP/IP, I do not have all the PABX info but from everything I've managed to find on the net this seems to be the case.

We need to either get this PABX to push through the records to the Kiwi Server or if possible to make the Kiwi Server an active client that will get the data from the PABX, not too sure if either are possible?

Thank You

↧

Problem with Syslog Message Delay and out of Order.

September 2, 2010, 7:37 am

≫ Next: Integration to WhatsUp Gold in iFrame?

≪ Previous: Kiwi collecting from Samsung OfficeServ 7070

Has anyone experienced a problem where their Syslogs messages are delayed and out of order?
Note the time the time it was queued and then the time it was sent. Sent at 8:31, but the message came into the syslog server at 7:28.

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.5.0.2: 3552813: Aug 24 07:28:31.274: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan600 from F

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: Ospf-Syslog

2010-08-24 08:31:25 PI Subject: 10.128.254.230: 49512: 049509: Aug 24 07:28:31: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan60

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

2010-08-24 08:31:25 PI Message to: networkadmin@removed.net

2010-08-24 08:31:25 PI Message from: HSRP-Syslog

2010-08-24 08:31:25 PI Subject: HSRP message from 10.7.4.2

2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400

↧

Integration to WhatsUp Gold in iFrame?

June 2, 2010, 2:35 am

≫ Next: Kiwi Syslog Server limitations

≪ Previous: Problem with Syslog Message Delay and out of Order.

Hi all together.

I am running WhatsUp Gold, but WuG's syslog and eventlog management is very weak.

And ipswitch has no good product for this with a webinterface.

As I only have to monitor approx. 20 servers, I don't want to buy a $$$$-solution. Kiwi syslog server would do it fine.

But for a quick overview on a device, I would like to integrate the informations from Kiwi syslog server into WuG.

WuG does allow; it's possible to insert iframes and insert custom html or a link.

(For further informations: look at http://www.plixer.com/products/netflow-sflow/scrutinizer-whatsupgold.php , there is also a pdf which explains this in detail.
It's for scrutinizer, but should work with every webpage).

I now would like to insert (in the device-report of WuG) a link to the webinterface of Kiwi.

To achieve a smooth operation, I will have to include some informations in the link.

I think this will be:

i) the login + password for the Kiwi Web Access

(Kiwi would be installed on the same machine or a machine in the same subnet; Wug and Kiwi won't be accessible from the web, only from the LAN).

ii) the IP or NetBiosName for the device of interest (on the reports-per-device, I only want to see the device-specific messages)

iii) if possible: Also some sort of filter string; for example to show only Messages from Service ABCD (running on the particular machine).

Question A)

Can I access a Kiwi Syslog Server - Webpage directly by a link including this informations?

If yes - how would such a link look like (I have found nothing on the web).

Are there any guides, how-to's, tips, experiences for this integration?

Question B)

Opening severals reports in WuG would fire several accesses to the Kiwi-Pages using the same login+password combo.

Does this cause any problems on Kiwi?

Kind regards to all,

↧

Kiwi Syslog Server limitations

July 28, 2017, 9:00 am

≫ Next: Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

≪ Previous: Integration to WhatsUp Gold in iFrame?

Hi everyone,

I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?

Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?

Another question:

Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?

Thanks in advance!

↧

Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

September 27, 2017, 4:21 am

≫ Next: Procurve switches not sending syslog messages in KIWI syslog

≪ Previous: Kiwi Syslog Server limitations

Hello Everyone,

First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs 6005, 6006, 6008, 6009 and 1074.

I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.

Any tips on how to collect these logs?

Windows 2012R2 and Windows 7 Enviorment

Using Kiwi Syslog Server 9.6 and Event log Forwarder

↧

Procurve switches not sending syslog messages in KIWI syslog

July 25, 2013, 6:58 am

≫ Next: Custom Stats...What are you tracking?

≪ Previous: Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

Hi all,

New here, searched for discussions but found no entry on procurve switch(es).

The Procurve switches will not send any syslog messages (wiresharked the server)

Turned on logging on the switch: logging 'ip-address'

show debug

Debug Logging

Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server

       Protocol = UDP
       Port     = 514
     Facility = user
     Severity = info
     System Module = all-pass
     Priority Desc =

tried facility 'syslog' still nothing.

Only the Procurve switches will not send any syslog messages.

Other devices such as Cisco ASA's work fine.

Anyone ideas to solve this?

TIA Jaap

↧

Custom Stats...What are you tracking?

April 29, 2015, 12:25 pm

≫ Next: Kiwi Syslog "Check for update..." error

≪ Previous: Procurve switches not sending syslog messages in KIWI syslog

Hello all,

Trying to get a little deeper into the KIWI Syslog waters and looking for some ideas on what to configure for the Custom Stats in the Daily Syslog e-mail.

↧

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm

≫ Next: Forescout NAC & syslog

≪ Previous: Custom Stats...What are you tracking?

We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".

We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).

Has anyone experienced the same issue or know how to fix it?

Thanks!

↧